Defending high value targets in the cloud using IP Reputation ThreatSTOP Tom Byrnes, Founder and CEO 1 1

Summary ThreatSTOP: Using Cloud derived intelligence to deliver IP block-lists to firewalls to protect against current threat sources. Sorteo Games: Private Virtualized cloud service providing mobile and online gaming, as well as back-end processing for regulated lottery games. Vyatta: Physical and Virtual firewalls providing infrastructure services to run both. 1/17/2019

Set up for Demo Placeholder 1/17/2019

Asymmetric Net-Warfare FireWall LB LAN FireWall LB Access Router Firewall HTML FTP Mail HTML FTP Mail LAN 1/17/2019

Sorteo Games Sorteo Games Games: leading provider of regulated server-based wireless, Web and electronic lottery systems and services in Latin America proprietary technology combining server-based gaming, with wireless connectivity currently holds two national lottery systems and distribution licenses and operates the leading government regulated revenue generating national lottery wireless & interactive channels and electronic lottery terminals in Mexico. 1/17/2019

Botnet Defense Cloud Enables firewalls to block all traffic to and from known criminal sites 1. Aggregate threat feeds from public and proprietary monitors 2. Produce predictive, real-time threat list by proprietary correlation engine 3. Deliver threat list to firewalls via DNS (patent-pending) 4. Firewalls block inbound/ outbound traffic 5. Customer logs become part of ThreatSTOP defense network 5 1 ThreatSTOP Botnet Defense Cloud service, uses IP reputation, updated in real-time and automatically distributed via DNS, enabling firewalls to: protect networks against botnets and criminal malware block outbound “call homes” to command and control block incoming reconnaissance and attacks prevents data theft increases network “goodput” reduce network load and attack surface reduce capital and operational costs 2 4 3 1/17/2019 6

Vyatta Vyatta : software-based, open-source, network operating system works on standard x86 hardware works on common virtualization platforms VMware Xen & XenServer Red Hat KVM AMI for Amazon provides a complete enterprise-class routing and security feature set capable of scaling from DSL to 20Gbps performance used by thousands of physical and virtual infrastructures around the world, from small enterprise to Fortune 500 customers 1/17/2019

Sorteo Games WAN 1/17/2019

The Problem Sorteo Games is a high value, high visibility target Needs to be well protected, and auditable Has to ensure compliance with regulations limiting geographic access Thousands of attack scans and password cracking attempts per day Needs to be accessible to consumers, mobile, and retail But How? 1/17/2019

The Solution We did this independently, but this slide, taken from Chris Brenton’s presentation on The Basics of Virtualization Security, available on the CSA website, describes the architecture we used, excluding the addition of ThreatSTOP https://cloudsecurityalliance.org/wp-content/uploads/2011/11/virtualization-security.pdf 1/17/2019

US Datacenter The US Datacenter provides backend processing and the web/wap servers as well as SMS gateway services. A cluster of Vyatta firewalls on Dell hardware firewall both the public and private IP address space, and provide internal VPN connections to other Sorteo Games sites. Separate hardware, still protected by the Vyatta cluster, provide the connections to payment processors. All connections are filtered through he Vyattas, and protected by ThreatSTOP. 1/17/2019

US Office The US Office provides typical Office Automation and Development services. All servers are virtualized and clustered. A cluster of Vyatta firewalls as VMs, one on each ESXi node firewall private IP address space, and provide internal VPN connections to other Sorteo Games sites. All connections are filtered through the Vyattas, and protected by ThreatSTOP. 1/17/2019

Mexico Datacenter The Mexico Datacenter handles the actual issuance of tickets and manages the interface to the lottery. The hosts are doubly secured by a hardware VPN to the US Datacenter and all, except the ESXi host and the Vyatta VM, are behind a Vyatta firewall, with strictly limited connections to only those systems absolutely needed. Security policy is enforced at both the Vyatta VM and the Vyattas in the US Datacenter. This location has no Internet access, and so does not run ThreatSTOP. 1/17/2019

Asymmetric Net-Warfare Firewall FireWall LB LAN FireWall LB Access Router HTML FTP Mail HTML FTP Mail LAN 1/17/2019

The Result Thanks to the “cloak of invisibility” attackers think there’s “nothing to see, move along now”, and so the average volume of attacks and scans decreased by a factor of 3, and attacks are far less persistent, so the baseline is even lower. 1/17/2019

Port Distribution 1/17/2019

Drilldowns 1/17/2019

In VPC 1/17/2019

Applications Proactive security Cost/Bandwidth reduction for hosted services Geographic Filtering Reporting across multiple locations and facility types Forensics 1/17/2019

Demo 1/17/2019

Summary Vyatta provides single platform that can be used across physical and virtual infrastructure, with same UI and feature set ThreatSTOP provides cloud service delivering security of the cloud, to the cloud Sorteo Games has a secure service enabling customers to play wherever, whenever, and however suits them NOTHING BUT NET! 1/17/2019

Thank You Tom Byrnes, CEO tomb@threatstop.com 760-542-1550 x 4242 Cell: 760-402-3999 1/17/2019