ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. © 2014 Solutionary, Inc. June 13, 2014 Does Security in the Cloud Get More or Less Complex? Jozef Krakora, Senior Product Manager October 7, 2014

Physical  Cloud - Benefits & Drawbacks InfrastructureBenefitsDrawbacks Physical Familiarity Reliable Known capacity & throughputs Security controls hardwired More expensive Long time for new hardware Long time for reconfigurations Cloud Elastic Cheaper Easier to manage Safer? Where is the Firewall & Perimeter? Where are my Assets? Where is the Data? Who controls what?

Which is Easier to keep Secure?

Solutionary Founded ActiveGuard ® V1 ActiveGuard 2 nd Patent Application & Database Security Monitoring Vigilant Minds Acquisition Buffer Zone (Cloud) Patent Inline Enrichment & Dynamic Correlation Advanced Detection Analytics ActiveGuard V4 Next-Gen Platform Gartner MQ Leader 2012 Trillionth Log Processed Acquired by NTT 2013 Big Data Analytics GTIR Published Raw Log Search GTIR Published 2014 Next Generation MSSP The Islands and the Ships Come and Go 4

But the Elements of Security Stay the Same Effectively plan and efficiently operate security controls –Broad experience, deep expertise to assist in planning and implementing security controls –Consistent, repeatable monitoring and management of security controls Continuously protect against threats –Harden your organization to maximize avoidable threats –Provide an advanced detective, investigative, and response capability to minimize the impact of threats Predict and prevent future threats through feedback –“Neighborhood watch” identifies threats before they can impact clients –Gather, analyze and validate global threat intelligence to create and deploy countermeasures 5

And Good Security Ties All the Pieces Together * Anti- Malware Endpoint IDS Firewall Asset Virus Malware Bytes-in Bytes-out Geography MHID User Compliance Criticality Internet AD xxxxx Incident Firewall, IDS Malware, Endpoint User Virus/Malware Asset Bytes in/out Geography Malicious * If you know where all the pieces are, what they are, and what they mean.....

55+M Pieces to be Exact  Into 7 Actionable Alerts Features Global Threat Intelligence — SERT Cross-device Correlation Advanced Threat Detection and Context-based Alerts Built-in Heuristics and Anomaly Detection Extension of the Internal Team Unparalleled, Passionate Customer Service 100% of collected logs are analyzed and retained for one year Analyzed by Security Experts 24/7 Portal Access with Industry, Compliance & Custom Reporting Benefits Peace of Mind Maximum Returns on Security Operations Investment or Spend Flexible, Easy-to-do Business with Partner Optimization of Existing Technology Investments Strengthened, Accelerated Security Program Reduced Cost of Security Eased Audits and Compliance Support Incident Response Preparedness (SERT CIR) 7 Events Alerted to Client Note: 15 minutes average per Event – 1 FTE = 2,080 hours

Today, Infrastructures Have At Least One Cloud 8 Regional Analyzer Internet Solutionary SOCs Cloud Environment WAN

Firewall & Perimeter PhysicalCloud Once place Fixed FW policy Fixed security log flow One FW administrator Many locations Many firewalls Numerous egress points Many security zones Constantly changing Numerous FW administrators

Malware & Intrusion Detection PhysicalCloud One egress Fixed internal networks Known DMZ and zones Known application pathways Limited threat pathways Many egress SDN  unpredictable number of internal networks and zones Difficult or impossible to cover all zones with malware and intrusion detection economically

Endpoint Security PhysicalCloud Fixed and knownInfinitely elastic Exponentially more risky

Users, Administrators and Domains PhysicalCloud Users known Administrators control user access to physical domains and endpoints Fixed and predictable domains with contents and perimeters easy to define and control # of users can be just as dynamic as # of endpoints Multiple administrators Legacy data center Cloud data center Virtualized infrastructure Dynamically growing applications and databases Dynamic domains with difficult to control perimeters and controls

Assets, Data and Compliance PhysicalCloud Assets are physical Data resides on Assets Compliance easy to map to Assets and Data Assets come and go Networks and perimeter dynamic Data is “swimming” from place to place Compliance becomes difficult to impossible to track without tremendous discipline

Geography PhysicalCloud Physical infrastructure is in one place With load balancing, virtual infrastructure, applications and data move from place to place Cloud providers guarantee locations to a degree, but the boat can still drift from one continent to another unless closely watched

Cloud Provisioning & Virtualization Administration PhysicalCloud n/aCloud Administrators (Amazon, Azure, etc.) Hypervisors and Host OSs Virtualization Management Consoles …

So, Is there Hope for Cloud Security? Despite the countless challenges that clouds introduce to security, with sufficient policy, process, discipline, and testing, cloud security can be achieved, and achieved at scale. But it is tricky!

And a Single Pain of Glass Helps

Additional Notes to work in Should have end to end visibility into and through the cloud Shouldn't be an island - ideally a single pane of glass to see what's happening where regardless of in the cloud or not You can outsource many things to a cloud provider But very hard to outsource risk and compliance requirements as they get more more detailed and involved with Still need to do all that you did before, Plus more SDN/virtual infrastructure admin monitoring, etc. Hacking the SDN admin console - increased risk…

ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. © 2014 Solutionary, Inc. June 13, 2014 Thank You!