MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Similar documents
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Defend. Discover. Remediate. An Integrated Security Strategy. Gary Osland Business Development Manager Cisco Systems Inc.

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Copyright 2011 Trend Micro Inc.

Agile Security Solutions

Cisco Self Defending Network

Stopping Advanced Persistent Threats In Cloud and DataCenters

Title DC Automation: It s a MARVEL!

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

SYMANTEC DATA CENTER SECURITY

Build a Software-Defined Network to Defend your Business

Sichere Applikations- dienste

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

The Internet of Everything is changing Everything

Securing Your Most Sensitive Data

Securing Your Virtual World Harri Kaikkonen Channel Manager

Enterprise & Cloud Security

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

CloudSOC and Security.cloud for Microsoft Office 365

Cisco Firepower NGFW. Anticipate, block, and respond to threats

The Next Opportunity in the Data Centre

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Key Security Measures to Enable Next-Generation Data Center Transformation

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Changing face of endpoint security

Securing the Software-Defined Data Center

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Service Provider Security Architecture

McAfee Public Cloud Server Security Suite

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Qualys Cloud Platform

Microsoft Security Management

Juniper Sky Advanced Threat Prevention

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Qualys Cloud Platform

A Unified Threat Defense: The Need for Security Convergence

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Proactive Approach to Cyber Security

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

CSP 2017 Network Virtualisation and Security Scott McKinnon

Rethinking Security: The Need For A Security Delivery Platform

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Network Virtualization Business Case

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Strategies for a Successful Security and Digital Transformation

align security instill confidence

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Securing the Modern Data Center with Trend Micro Deep Security

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Cisco Cloud Application Centric Infrastructure

From Managed Security Services to the next evolution of CyberSoc Services

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Cisco Security Exposed Through the Cyber Kill Chain

Agenda: Insurance Academy Event

Security Vendor Line Card

The Evolution of Data Center Security, Risk and Compliance

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Building a More Secure Cloud Architecture

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Build application-centric data centers to meet modern business user needs

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Securing Cisco s Network

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Datacenter Security: Protection Beyond OS LifeCycle

Cybersecurity Roadmap: Global Healthcare Security Architecture

ForeScout ControlFabric TM Architecture

We are innovating in security

Stop Threats Before They Stop You

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Journey to Secure and Automated Multi-cloud

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Nuage Networks Product Architecture. White Paper

Cisco SD-WAN and DNA-C

Protecting Your Cloud

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

SDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

Transformation Through Innovation

Security in Cloud Environments

Transcription:

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1

Mobility Cloud Threat Customer centric market dynamics require an end to end security architecture 2

Physical Virtual Cloud Journey PHYSICAL WORKLOAD VIRTUAL WORKLOAD CLOUD WORKLOAD HYPERVISOR VDC-1 VDC-2 One app per Server Static Manual provisioning Many apps per Server Mobile Dynamic provisioning Multi-tenant per Server Elastic Automated Scaling CONSISTENCY: Policy, Features, Security, Management, Separation of Duties 3

Evolution of Data Center Distributed Fabric Based Application Driven Cloud Cloud Monitoring Apps Provisioning Apps Networking Apps End-User Apps Programmable Provisionable Fabric L2, L3 Compute Compute Storage Storage Services Services L2, L3 Compute Compute Storage Storage Services Services Integrated Fabric & Cloud World of Many Clouds Manual Provisioning Limited scaling Rack-wide VM mobility Policy-based Provisioning Scale Physical & Virtual/Cloud DC-wide/Cross-DC VM Mobility Service-centric Provisioning Flexible Anywhere, Anytime Cross-cloud VM Mobility 4

IT Megatrends are creating the Any to Any problem Infrastructure public Apps / Services hybrid tenan Workloads private Endpoint Proliferation Blending of Personal & Business Use Access Assets through Multiple Medians Services Reside In Many Clouds 5

The Threat Evolution Enterprise Response Anti-virus (Host based) IDS/IPS (Network Perimeter) Reputation (global) & Sandboxing Intelligence & Analytics (Cloud) SPYWARE / ROOTKITS APTs CYBERWARE INCREASED ATTACK SURFACE (MOBILITY & CLOUD) Threats WORMS 2000 2005 2010 Tomorrow 6

Anatomy of a Modern Threat Enterprise Internet & Cloud Apps Campus Public Network Perimeter Infection entry point occurs outside of the enterprise Advanced cyber threat bypasses perimeter defense Data Center Threat spreads & attempts to exfiltrate valuable data 7

WE RE ALL MOVING TO THE CLOUD BUT Securing the cloud is a massive transition Diminishing effectiveness of device and data center security Protection burden is shifting to service providers Service providers may not be able to deal with the threats Increased risks in the cloud Centralized services are consolidated targets Challenges with isolation and multi-tenancy Expansion of DDoS as a component of a multi-pronged attack

Implications for Security Functions need to work as a system Defend Discover Remediate Policy & Access Control Blocking Quarantine Re-routing Traffic Increased Content Inspection Behavior Anomaly Detection Advanced Threats Inside the Network Assess Environment & Threat Advanced Forensics Contain Fix

Integrated Platform for Defense, Discovery and Remediation Threat Aware Malware, APT Context Aware Identity, Data, Location Content Aware Applications Access Control Firewall Firewall Content Gateways Integrated Platform Virtual Cloud

CLOUD-BASED THREAT INTEL & DEFENSE ATTACKS APPLICATION REPUTATION SITE REPUTATION MALWARE GLOBAL LOCAL PARTNER API Infrastructure COMMON POLICY, MANAGEMENT & CONTEXT COMMON SHARED PARTNER MANAGEMENT POLICY ANALYTICS COMPLIANCE API IDENTITY APPLICATION DEVICE LOCATION TIME public Apps / Services hybrid tenants NETWORK ENFORCED POLICY ACCESS FW IPS VPN WEB EMAIL APPLIANCES ROUTERS SWITCHES WIRELESS VIRTUAL Workloads private

Software-Defined Networking Leverage Network Value Policy Orchestration Analytics Network

Programmability at Multiple Layers of the Network Flexibility in Deriving Abstractions Application Developer Environment Management and Orchestration Analysis and Monitoring, Performance and Security Network Services Harvest Network Intelligence Control Plane Forwarding Plane OpenFlow/ SDN Program for Optimized Experience Network Elements and Abstraction Transport / ASICs

Threat Defense and Intelligence CLOUD-BASED THREAT INTEL & DEFENSE Global Analytics Cloud Threat Intelligence ATTACKS APPLICATION Threat Portal REPUTATION SITE MALWARE REPUTATION Reputation Email Rep Web Rep IPS Rep GLOBAL LOCAL PARTNER API Global-Local Correlation Network Enforced Policy Threat Analytics Identity & Context Artificial Intelligence Network Telemetry Security Telemetry Global Security Intelligence Network Security WWW

MOVING TO THE CLOUD: RISKS AND OPPORTUNITIES Risk New attack surface Build chain of trust for network devices, controllers, and applications Create standards for security policies across multiple vendors Opportunities Improved visibility and control Unprecedented potential for intelligence analytics Embedded network enforcement end-to-end

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback