Protecting High-Value Applications: A New Approach John Westerman.

Slides:



Advertisements
Similar presentations
May 2007 Global Technology & Operations | Network Computing Group | Global Enterprise Access & Desktop Services | Network Services Document Release Level/Version:
Advertisements

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
SDN in Openstack - A real-life implementation Leo Wong.
Unified Logs and Reporting for Hybrid Centralized Management
Citrix Partner Update The Citrix Delivery Centre.
Cloud computing Tahani aljehani.
Cross Platform Mobile Backend with Mobile Services James
How to protect your Virtual Datacenter Michiel van den Bos.
Data Center Network Redesign using SDN
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
© 2013 VMware Inc. All rights reserved How Cloud is Remodeling Businesses T Srinivasan, Managing Director, VMware India & SAARC.
Randy Pagels, Developer Technology Specialist Microsoft Corporation Dev & Test in the Cloud.
Dell Connected Security Solutions Simplify & unify.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Network security Product Group 2 McAfee Network Security Platform.
Enterprise Cloud Computing
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.
Information Systems in Organizations 5.2 Cloud Computing.
Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.
Introduction to Avaya’s SDN Architecture February 2015.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
©2015 Cisco and/or its affiliates. All rights reserved. Welcome… to the Digital Age Let’s make Amazing Happen Rick Huijbregts yes, on
Enterprise Network Security Threats that are Overlooked.
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
Blue Coat Cloud Continuum
Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
Check Point vSEC STORY [Protected] Non-confidential content.
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
Stop Cyber Threats With Adaptive Micro-Segmentation
STEPS TO A CLOUD READY DATA CENTER
Organizations Are Embracing New Opportunities
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
How To Deliver Apps Faster And Secure Them The Microsoft Way
Microsoft Operations Management Suite Insight and Analytics
Partner Logo Veropath Offers a Next-Gen Expense Management SaaS Technology Solution, Built Specifically to Harness Big Data Analytics Capabilities in Azure.
Cloud Computing: Delivering Your Right Mix
How Smart Networks are Changing Corporate Networks
Best Practices for Securing Hybrid Clouds
Cisco’s Intelligent Automation for Cloud
Bill Banks | Security Engineer
Secure & Unified Identity
Yellowfin: An Azure-Compatible Business Intelligence Platform That Connects People with Their Data for Better Decision Making MICROSOFT AZURE APP BUILDER.
Logsign All-In-One Security Information and Event Management (SIEM) Solution Built on Azure Improves Security & Business Continuity MICROSOFT AZURE APP.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
AKAMAI INTELLIGENT PLATFORM™
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Data Security for Microsoft Azure
Is your deployment in pants-down mode?
Unitrends Enterprise Backup Solution Offers Backup and Recovery of Data in the Microsoft Azure Cloud for Better Protection of Virtual and Physical Systems.
ideas to mobile apps in record time,
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
MARMIND’s New Service Delivers a Single Centralized Marketing Plan That Connects Teams, Campaigns and Outcomes by Using the Power of the Azure Platform.
Automating Security in the Cloud
MICROSOFT AZURE ISV PROFILE: ONEBE
The Next Generation Cyber Security in the 4th Industrial Revolution
Secure once, run anywhere Simplify your security with Sophos
Abiquo’s Hybrid Cloud Management Solution Helps Enterprises Maximise the Full Potential of the Microsoft Azure Platform MICROSOFT AZURE ISV PROFILE: ABIQUO.
NSX Data Center for Security
Guarantee Hyper-V, System Center Performance and Autoscale to Microsoft Azure with Application Performance Control System from VMTurbo MICROSOFT AZURE.
Windows Azure Hybrid Architectures and Patterns
Presentation transcript:

Protecting High-Value Applications: A New Approach John Westerman

MISSIONFUNDING $142.5M from Andreessen Horowitz, General Catalyst (Steve Herrod, former CTO of VMware), Formation 8, BlackRock, Accel Partners, DCVC, John Thompson, Marc Benioff, Jerry Yang, and others TEAM WE SECURE THE 80% OF THE DATA CENTER AND CLOUD THE PERIMETER MISSES Leadership team from: VMware, Cisco, Nicira, McAfee, Juniper, Riverbed, and Ruckus November 2014: John Thompson (Chairman of MSFT) joins Illumio Board PRODUCTS & CUSTOMERS Pushed 14 versions in 22 months while in stealth (January 2013–October 2014) Stealth-mode engagement with 100 global enterprises Launch customers:

Strictly Confidential Distributed & Dynamic Firewall Problem # 3 Surface Area of Attack Problem # 1 Anywhere on Anything Problem # 2 Speed, Agility & DevOps Traditional Data Center Today’s Security Challenges

Strictly Confidential Moving Toward Infinite Attack Surface MAIN FRAME 1M Users MOBILE / CLOUD 200B+ Users PC 1B+ Users INTERNET OF THINGS ?

Strictly Confidential Billions have been spent on cyber security over the last 10 years and yet… Organized Crime Nation States Retail Financial Healthcare Technology Government …today’s leading security technologies are failing.

Strictly Confidential The Reality 86% of CIOs and execs don’t believe they can keep pace with attackers over the next five years. (Source: Wall Street Journal)

Strictly Confidential 7 Safeguard high-value applications Meet compliance requirements Secure big data apps Secure big data apps

Strictly Confidential 8 Security Today

Strictly Confidential Computing is beyond a human’s ability to manage Illumination

Strictly Confidential 10 Insanity: doing the same thing over and over again and expecting different results. —Albert Einstein Are we doing this with our cyber security?

Strictly Confidential 11 Enter Adaptive Security

Strictly Confidential 12

Strictly Confidential For security to be adaptive… 1.Granular Discovery & Visualization 2.Multi-Dimensional Policy Model 3.Continuous Policy Computation & Enforcement 4.API Driven 5.Infrastructure Aware 6.Operationally Sound 13

Strictly Confidential Illumio Adaptive Security Platform (ASP)™ Security Delivered in Any Environment Virtual Enforcement Node (VEN) Antenna installed or “baked in” to image Linux & Windows Policy Compute Engine (PCE) “Central Brain” Consumed via cloud or on premises Security Policy Context & Telemetry WORKLOADS Data Center

Strictly Confidential Web Tier App Tier Database Tier Today’s Policy = Networks & IPs 15 Firewalls Subnet / VLAN Zone #1 Dev Test Prod Firewalls Subnet / VLAN Zone #2 Firewalls Subnet / VLAN Zone #3  Segmentation  Enforcement  Security Policy  Access Controls (Static Policy Driven by Manual Change)

Strictly Confidential Web Tier App Tier Database Tier Step 1: R-A-E-L Labels 16 3 Roles  R = Role  A = Application  E = Environment  L = Location / Geo

Strictly Confidential ERP Web Tier App Tier Database Tier Step 1: R-A-E-L Labels 17 Application  R = Role  A = Application  E = Environment  L = Location / Geo

Strictly Confidential ERP / Prod Web Tier App Tier Database Tier Step 1: R-A-E-L Labels 18 Environment  R = Role  A = Application  E = Environment  L = Location / Geo

Strictly Confidential ERP / Prod / US Web Tier App Tier Database Tier Step 1: R-A-E-L Labels 19 Location  R = Role  A = Application  E = Environment  L = Location / Geo

Strictly Confidential Web Tier App Tier Database Tier Step 2: Relationships = Policy 20 ERP / Prod / US (Only Two Policy Statements)  Web → App  App → DB  Whitelist Model

Strictly Confidential Computing Security Policy Web Tier App Tier Database Tier Policy for Every Workload 21 WORKLOADS Data Center ERP / Prod / US

Strictly Confidential ERP / Prod / US Security Policy Provisioned to Every Workload Web Tier App Tier Database Tier Step 3: First Provision 22 WORKLOADS Data Center

Strictly Confidential ERP / Prod / US Web Tier App Tier Database Tier Step 4: Adapts to Change 23 WORKLOADS Data Center (Automatic)

Strictly Confidential Abstracting Policy 24 Application Database Web Database Web Application  Write policy in natural language  Apply policy with a single click  Decouple network dependencies

Strictly Confidential Illumio ASP: Services Illumination  Understand & visualize applications & workload relationships  Model & test security policies  Identify & alert on threats behind the firewall Enforcement  Enforce policy anywhere: data center, private & public cloud  Adapt to changes through continuous policy computation  Write policies in natural language; labels & relationships SecureConnect  Encrypt data-in-motion between any workloads or entire applications  Enable policy-driven encryption anywhere  Create on-demand IPsec connections Enforcement, Encryption, and Full Visibility

Strictly Confidential RINGFENCING HIGH-VALUE APPLICATIONS Back to the Top

Strictly Confidential Ringfencing High-Value Applications (HVAs) 27 Securing Big Data Applications Common Challenges of Ringfencing High-Value Applications:  Re-segmenting or changing the network (e.g., VLANs, zones) is difficult and takes time  Cost of ringfencing with firewalls and network is exorbitant  Cannot segment applications in the cloud; no control over the network Meeting Compliance Requirements Mitigating Risk for HVAs !

Strictly Confidential MITIGATING RISK FOR HVAS Illumio Adaptive Security Platform Back to Ringfencing

Strictly Confidential Step 1: Install VEN on Workloads 29  Illumio ASP VEN learns all processes, services and flows and gives information to the PCE  Illumio ASP PCE takes all VEN information from all workloads and automatically “visualizes” workload interactions  Illumio ASP draws a network map in real time.

Strictly Confidential Step 2: Label Application and Workloads 30  Label the application and the individual workloads  Traffic lines turn red to show that flows are not currently governed by policies Production

Strictly Confidential Step 3: Write Natural-Language Rules 31 Providing EntitiesServiceConsuming Entities WebAll ServicesAny All WorkloadsAll ServicesAll Workloads ApplicationEnvironmentLocation Asset ManagementProductionEU Rules Scope Asset Management Production Policy

Strictly Confidential The Application is now “Ringfenced” 32

Strictly Confidential Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.