Stop Cyber Threats With Adaptive Micro-Segmentation

Slides:



Advertisements
Similar presentations
B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
Advertisements

The Most Analytical and Comprehensive Defense Network in a Box.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Unified Logs and Reporting for Hybrid Centralized Management
MyCloudIT Removes the Complexity of Moving Cloud Customers’ Entire IT Infrastructures to Microsoft Azure – Including the Desktop MICROSOFT AZURE ISV: MYCLOUDIT.
How to protect your Virtual Datacenter Michiel van den Bos.
VMware NSX and Micro-Segmentation
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Flight is a SaaS Solution that Accelerates the Secure Transfer of Large Files and Data Sets Into and Out of Microsoft Azure Blob Storage MICROSOFT AZURE.
Protecting High-Value Applications: A New Approach John Westerman.
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
1 Implementing a Virtualized Dynamic Data Center Solution Jim Sweeney, Principal Solutions Architect, GTSI.
Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.
Check Point vSEC STORY [Protected] Non-confidential content.
READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.
Grow Your Business with the Security Leader
Chapter 6: Securing the Cloud
STEPS TO A CLOUD READY DATA CENTER
Organizations Are Embracing New Opportunities
Grow Your Business with the Security Leader
DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.
Cloud adoption NECOOST Advisory | June 2017.
Enterprise Security in Practice
IOT Critical Impact on DC Design
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
How To Deliver Apps Faster And Secure Them The Microsoft Way
Hybrid Management and Security
Ralleo Enterprise-Grade Solution for Managing Change and Business Transformation Provides Opportunities to Better Analyze Real-Time Data MICROSOFT AZURE.
Partner Logo Veropath Offers a Next-Gen Expense Management SaaS Technology Solution, Built Specifically to Harness Big Data Analytics Capabilities in Azure.
Configuring Windows Firewall with Advanced Security
Real-time protection for web sites and web apps against ATTACKS
New Heights by Guiding Them into the Cloud
The NPD Group - Enterprise DC Agenda
Best Practices for Securing Hybrid Clouds
Chapter 21: Cloud Computing and Related Security Issues
Veeam Backup Repository
Chapter 22: Cloud Computing Technology and Security
Threat Ready: The Benefits of Segmentation
Bill Banks | Security Engineer
VMware NSX and Micro-Segmentation
Cloud Security Planning
Practical Machine Learning for Cloud Intrusion Detection
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Company Overview & Strategy
Microsoft Azure P wer Lunch
Securing Cloud-Native Applications Jason Schmitt CEO
Healthcare Cloud Security Stack for Microsoft Azure
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Data Security for Microsoft Azure
Is your deployment in pants-down mode?
Unitrends Enterprise Backup Solution Offers Backup and Recovery of Data in the Microsoft Azure Cloud for Better Protection of Virtual and Physical Systems.
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
The Next Generation Cyber Security in the 4th Industrial Revolution
Secure once, run anywhere Simplify your security with Sophos
Abiquo’s Hybrid Cloud Management Solution Helps Enterprises Maximise the Full Potential of the Microsoft Azure Platform MICROSOFT AZURE ISV PROFILE: ABIQUO.
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
How to Mitigate the Consequences What are the Countermeasures?
Healthcare Cloud Security Stack for Microsoft Azure
NSX Data Center for Security
Last.Backend is a Continuous Delivery Platform for Developers and Dev Teams, Allowing Them to Manage and Deploy Applications Easier and Faster MICROSOFT.
4/3/2019 8:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
The Zero-Trust Model Redefining InfoSec.
Digitization complicates visibility Market demands have taken the network beyond your perimeter Threats are more numerous and complex Threats are using.
Presentation transcript:

Stop Cyber Threats With Adaptive Micro-Segmentation David Gurley Senior Systems Engineer - Texas david@illumio.com

Why Micro-Segmentation? What is Adaptive Micro-Segmentation? Agenda Why Micro-Segmentation? What is Adaptive Micro-Segmentation? Illumio’s Adaptive Security Platform Architecture Slow

Common Breach Methodology What is Driving Micro-Segmentation? Number of Breaches in 2016 Alone 2,260 months 3-6 Average Dwell Time Common Breach Methodology Step 1: Breach low value workload Step 2: Map paths and connections Step 3: Move to high value assets Two statistics typify the last decade: [Click]/[click] Attackers advantage at the perimeter, but Ds should have advantage in the interior. But that’s not what happens. – Why? I saw this pattern at NSC, and this drove me to transition to Illumio. #breaches: from 2016 Verizon Data Breach Report Dwell time: from 2015 Ponemon Advanced Threats study Nail down dwell time to a single statistic. Attackers think in graphs

What’s Happening Behind The Firewall? Internal data center communication aka East / West traffic

Complications of Traditional FWs for Internal Segmentation 59% of companies have little to no security visibility into traffic flows between applications 87% of companies have multiple outages resulting from configuration issues 4 hours to create a SINGLE firewall rule for a new application 75% of companies have no method to remove expired ACLs or firewall rules

What is Micro-Segmentation? ”Segmentation adds separation and defense in depth, which is needed to contain attacks and limit the impact of a successful exploit.” – Greg Young, Research VP, Gartner Stop the spread of unauthorized lateral movement Control Contain X ✓ A flexible and adaptable segmentation solution architected and designed for today’s modern data center and cloud

Adaptive Micro-Segmentation - Goals Stop Cyber Threats Container Bare-metal Virtual Machine Private DC Cloud Visibility into network-based communication Adapt to changes in data center and cloud Control lateral movement (aka East/West traffic) Reduce friction between Application / Security / Infrastructure teams Secure applications running anywhere on anything

Coarse Grained Segmentation Layers of Adaptive Micro-Segmentation x User-Segmentation Coarse Grained Segmentation Micro-segmentation Nano-segmentation Groups Users Entitlements Geo Environmental Zone Process Container Application Application Tier Workload (VM, Bare Metal) Course Grained Segmentation - Environmental Segmentation – segmenting environments such as development and production (Morgan Stanley) Micro Segmentation  – segmentation at the application or application tier level (Salesforce) Nano-segmentation – process level segmentation for dynamic applications like Active Directory (CAA) User Segmentation – dynamic enforcement of user connectivity to applications HR users only see HR apps These are the various levels of Adaptive Segmentation that translate into how customers use Illumio today….

Illumio Adaptive Security Platform (ASP)™ Collection/Enforcement Points Controller Labels Role Application Environment Location BARE-METAL SERVER VIRTUAL MACHINE CONTAINERS NETWORK AWS AND AZURE SECURITY GROUPS Context & Telemetry Workloads | IPs | Services | Flows Declarative Natural Language Policy API Policy Compute Engine Security Rules Policy State Idle Build/Test Enforce API

How Customer Are Using Adaptive Segmentation Flow Visibility & Application Dependency Mapping Segmenting & Protecting High-Value Applications Segmenting Environments Migrating Applications Active Directory Securing Hybrid Environments and / or Greenfield Data Centers User Segmentation

You Can’t Secure What You Can’t See Understand application dependencies and risk Model policy with visual feedback before enforcing Check compliance and identify threats

600+ Workloads, 1.2M Flows

Turns Into

Illumio: Capabilities "Illumio pioneered traffic flow visibility to allow you to accelerate your micro-segmentation strategy.” Neil MacDonald - VP Distinguished Analyst, Gartner Illumio: Capabilities Illumination Understand & visualize applications & workload relationships Model & test security policies Identify & alert on threats behind the firewall Enforcement Enforce policy anywhere: data center, private & public cloud Adapt to changes through continuous policy computation Write policies in natural language; labels & relationships SecureConnect Encrypt data-in-motion between any workloads or entire applications Enable policy-driven encryption anywhere Create on-demand IPsec connections Full Visibility, Enforcement, and Encryption

cara.epstein@illumio.com https://www.illumio.com/definitive-guide-to-security-segmentation

Thank You