Webinar Build Security Into Your Network’s DNA

Slides:



Advertisements
Similar presentations
Palo Alto Networks Jay Flanyak Channel Business Manager
Advertisements

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
7 Effective Habits when using the Internet Philip O’Kane 1.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Zero Trust Network Architecture
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
MIGRATION FROM SCREENOS TO JUNOS based firewall
IBM Security Network Protection (XGS)
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Dell Connected Security Solutions Simplify & unify.
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Web Application Firewall (WAF) RSA ® Conference 2013.
Selling Security to the Business Peter Frøkjær ADP Global Security Organization In:dk.linkedin.com/in/froekjaer/  :
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
The Changing World of Endpoint Protection
Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.
IS3220 Information Technology Infrastructure Security
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
Blue Coat Cloud Continuum
Webinar Create An EIM Framework To Strengthen Your Information Value Alan Weintraub, Principal Analyst September 24, Call in 12:55 p.m. Eastern time.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
Webinar How To Choose The Right Technology To Make Your Website More Social Kim Celestre, Senior Analyst September 19, Call in at 12:55 p.m. Eastern.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.
Webinar Cloud Management For Cloud Admins – Take Control Of Cloud Dave Bartoletti, Senior Analyst July 16, Call in at 12:55 p.m. Eastern time.
Kurt Jung – Sr. Research Analyst KEMP Technologies
2017 Security Predictions from FortiGuard Labs
Zero Trust “Lite” Architecture to Securely Future-Proof your Network
Chapter 1: Exploring the Network
Stop Cyber Threats With Adaptive Micro-Segmentation
Real-time protection for web sites and web apps against ATTACKS
Securing the Network Perimeter with ISA 2004
WEBINAR Forrester Futurology Episode III: Trends For 2016 And Beyond
Threat Management Gateway
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Threat Ready: The Benefits of Segmentation
Virtualization & Security real solutions
Data protection in the “new threat” age
Secure & Unified Identity
بهترین راهکار را انتخاب کنید...
VMware NSX and Micro-Segmentation
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Company Overview & Strategy
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
AKAMAI INTELLIGENT PLATFORM™
Check Point Connectra NGX R60
Shifting from “Incident” to “Continuous” Response
William Band, Vice President, Principal Analyst
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
Cyber Security - Protecting Information
CIPSEC architecture CIPSEC workshop Frankfurt 16/10/2018
Security Trends and Threats Affecting Innovations in Technology
The Zero-Trust Model Redefining InfoSec.
AT&T Dedicated Internet (ADI)
In the attack index…what number is your Company?
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.
AT&T Firewall Battlecard
Presentation transcript:

Webinar Build Security Into Your Network’s DNA John Kindervag, Principal Analyst March 6, 2013. Call in at 12:55 p.m. Eastern time

The new threat landscape Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 2

The new threat landscape Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 3

2011–2012 notable hacks Date Actor Attack type Motive Data Impact RSA March 17, 2011 Advanced: state-sponsored APT — targeted malware Espionage — intellectual property RSA secure ID token source code Potentially opens customers to attack Epsilon April 1, 2011 Unknown Not disclosed Financial Email addresses Brand damage, could lead to spear phishing attacks Sony PSN April 19, 2011 “Anonymous” suspected Hacktivism Personally identifiable information: PII Sony PSN down: >$170M hard costs Lockheed Martin May 28, 2011 RSA secure ID exploited Corporate espionage Brand damage Danish government August 22, 2011 Government practices 1 million Danish biz records Unknown, perhaps compliance Zappos January 15, 2012 Cybercrime Customer data, credit card data Brand damage, compliance fines Symantec February 8, 2012 Unknown, perhaps “anonymous” Extortion Source code CIA February 10, 2012 “Anonymous” DDoS None Website offline Source: Elinor Mills, “Keeping up with the hackers (chart),” CNET, February 8, 2012 (http://news.cnet.com/8301-27080_3-20071830-245/keeping-up-with-the-hackers-chart/) © 2013 Forrester Research, Inc. Reproduction Prohibited 4

Frequency of data breaches 25% of companies have experienced a breach during the last 12 months that they know of. Base: 1,319 IT security decision-makers; Source: Forrsights Security Survey, Q2 2012 and November 9, 2011, “Planning For Failure” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 5

Data is the new oil. © 2013 Forrester Research, Inc. Reproduction Prohibited 6

“Selling fresh vergin wordwide cvv” I need RDP UK US Germany To buy NOW VIA WMZ wana buy 9 GOOD OFFER SELLING hacked RDP GURANTED 24HOURS UP TIME ONLY 10$ Selling (worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...) © 2013 Forrester Research, Inc. Reproduction Prohibited 7

Big data security and control framework Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 8

Big data security and control framework (cont.) Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 9

Big data security and control framework (cont.) Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 10

The new threat landscape Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 11

TechRadar™: Network Threat Mitigation, Q2 2012 Source: May 9, 2012, “Develop Your Road Map For Zero Trust Network Mitigation Technology” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 12

The network is an enforcement point Web farm Server farm DB farm WAN Traditional FW and IPS combos only protect Internet threats. Create management headaches. © 2013 Forrester Research, Inc. Reproduction Prohibited 13

The network is an enforcement point (cont.) Web farm Server farm DB farm WAN Consolidate existing gateway controls to ease management burden. Integrates mitigation Provides threat context © 2013 Forrester Research, Inc. Reproduction Prohibited 14

The network is an enforcement point (cont.) Web farm Server farm DB farm WAN Wireless is an Internet. © 2013 Forrester Research, Inc. Reproduction Prohibited 15

The network is an enforcement point (cont.) Web farm Server farm DB farm WAN All traffic must be inspected for threats. Control access to sensitive data from “internal” networks like your WAN. Architect your network based on flows. © 2013 Forrester Research, Inc. Reproduction Prohibited 16

The network is an enforcement point (cont.) Web farm Server farm DB farm WAN Create choke points for data protection. © 2013 Forrester Research, Inc. Reproduction Prohibited 17

The network is an enforcement point (cont.) Centralized management is key. Reduces operational costs High availability eliminates the mythical need for a “firewall sandwich.” Web farm Server farm DB farm WAN MGMT server © 2013 Forrester Research, Inc. Reproduction Prohibited 18

The new threat landscape Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 19

Trust, but verify. © 2013 Forrester Research, Inc. Reproduction Prohibited 20

Which one goes to the Internet? Untrusted Trusted © 2013 Forrester Research, Inc. Reproduction Prohibited 21

Zero Trust Untrusted © 2013 Forrester Research, Inc. Reproduction Prohibited 22

Concepts of Zero Trust All resources are accessed in a secure manner regardless of location. Access control is on a “need-to-know” basis and is strictly enforced. Verify and never trust. Inspect and log all traffic. The network is designed from the inside out. © 2013 Forrester Research, Inc. Reproduction Prohibited 23

Building the traditional hierarchal network Edge Core Distribution Access © 2013 Forrester Research, Inc. Reproduction Prohibited 24

Security is an overlay Edge FW IPS Core Email WCF WAF VPN DAM DLP DB ENC Distribution IPS IPS WLAN GW FW NAC Access © 2013 Forrester Research, Inc. Reproduction Prohibited 25

Deconstructing the traditional network Edge FW IPS Core Email WCF WAF VPN DAM DLP DB ENC Distribution IPS IPS WLAN GW FW NAC FW Access © 2013 Forrester Research, Inc. Reproduction Prohibited 26

Rebuilding the secure network FW WLAN GW CRYPTO AM CF IPS WAF NAC FW IPS AC Email WCF DAM Packet-forwarding engine DLP DB ENC VPN © 2013 Forrester Research, Inc. Reproduction Prohibited 27

Segmentation gateway NGFW Very high speed Multiple 10G interfaces IPS CF AC Crypto AM NGFW Very high speed Multiple 10G interfaces Builds security into the network DNA © 2013 Forrester Research, Inc. Reproduction Prohibited 28

Zero Trust drives future network design MCAP: micro core and perimeter MCAP resources have similar functionalities and share global policy attributes. MCAPs are centrally managed to create a unified switching fabric. Management = backplane User MCAP WWW MCAP MGMT server © 2013 Forrester Research, Inc. Reproduction Prohibited 29

Zero Trust drives future network design (cont.) All traffic to and from each MCAP is inspected and logged. User MCAP WWW MCAP MGMT server SIM NAV DAN MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 30

Zero Trust network is platform-agnostic and VM-ready Creates VM-friendly L2 segments Aggregates similar VM hosts Secures VMs by default User MCAP MGMT server SIM NAV WWW DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 31

Zero Trust network architecture is compliant MGMT server WWW WWW MCAP User MCAP SIM NAV DAN MCAP WL MCAP WW W WWW WWW © 2013 Forrester Research, Inc. Reproduction Prohibited 32

Zero Trust network architecture is scalable MGMT server WWW MCAP WL MCAP User MCAP SIM NAV DAN MCAP DB MCAP APPS MCAP WW W © 2013 Forrester Research, Inc. Reproduction Prohibited 33

Zero Trust network architecture is segmented WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP MGMT server SIM NAV WW W DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 34

Zero Trust network architecture is flexible WL MCAP DB MCAP User MCAP APPS MCAP CHD MCAP WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 35

Zero Trust network architecture is extensible WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP WAF WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 36

ZTNA supports the extended enterprise WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP WAF WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 37

What about fabrics? © 2013 Forrester Research, Inc. Reproduction Prohibited 38

A traditional hierarchical network will evolve to a flatter, meshed topology Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 39

A traditional hierarchical network will evolve to a flatter, meshed topology (cont.) Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 40

Zero Trust network architecture is fabric-friendly Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 41

Augment hierarchal networks with Zero Trust IPS Server farm WWW farm DB farm WAN WAF DAM CHD MCAP MGMT server WL MCAP User MCAP SIM NAV DAN MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 42

Zero Trust multidimensionality ZERO TRUST DATA IDENTITY: TREAT DATA AS IF IT’S LIVING User identity (UID) Application identity (AID) Network User Transport Application Identity Generates traffic Generates traffic Context Data Information Data Location Classification Type Data identity (DID) © 2013 Forrester Research, Inc. Reproduction Prohibited 43

Zero Trust multidimensionality (cont.) ZERO TRUST DATA IDENTITY: TREAT DATA AS IF IT’S LIVING Network Transport User identity (UID) User Application identity (AID) Application Data identity (DID) Data Monitored via DAN/NAV Identity Context © 2013 Forrester Research, Inc. Reproduction Prohibited 44

Trust, but verify. Source: Fotolia (http://us.fotolia.com/) © 2013 Forrester Research, Inc. Reproduction Prohibited 45

Verify and never trust. Source: Fotolia (http://us.fotolia.com/) © 2013 Forrester Research, Inc. Reproduction Prohibited 46

Hard and crunchy WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 47

Summary Zero Trust: “Verify and never trust!” Inspect and log all traffic. Design from the inside out. Design with compliance in mind. Embed security into network DNA. Untrusted © 2013 Forrester Research, Inc. Reproduction Prohibited 48

John Kindervag +1 469.221.5372 jkindervag@forrester.com Twitter: @Kindervag 49

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.