Presentation is loading. Please wait.

Presentation is loading. Please wait.

Webinar Build Security Into Your Network’s DNA

Published byChristian Lindsey Modified over 6 years ago

Similar presentations

Presentation on theme: "Webinar Build Security Into Your Network’s DNA"— Presentation transcript:

1 Webinar Build Security Into Your Network’s DNA
John Kindervag, Principal Analyst March 6, Call in at 12:55 p.m. Eastern time

2 The new threat landscape
Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 2

3 The new threat landscape
Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 3

4 2011–2012 notable hacks Date Actor Attack type Motive Data Impact RSA
March 17, 2011 Advanced: state-sponsored APT — targeted malware Espionage — intellectual property RSA secure ID token source code Potentially opens customers to attack Epsilon April 1, 2011 Unknown Not disclosed Financial addresses Brand damage, could lead to spear phishing attacks Sony PSN April 19, 2011 “Anonymous” suspected Hacktivism Personally identifiable information: PII Sony PSN down: >$170M hard costs Lockheed Martin May 28, 2011 RSA secure ID exploited Corporate espionage Brand damage Danish government August 22, 2011 Government practices 1 million Danish biz records Unknown, perhaps compliance Zappos January 15, 2012 Cybercrime Customer data, credit card data Brand damage, compliance fines Symantec February 8, 2012 Unknown, perhaps “anonymous” Extortion Source code CIA February 10, 2012 “Anonymous” DDoS None Website offline Source: Elinor Mills, “Keeping up with the hackers (chart),” CNET, February 8, 2012 ( © 2013 Forrester Research, Inc. Reproduction Prohibited 4

5 Frequency of data breaches
25% of companies have experienced a breach during the last 12 months that they know of. Base: 1,319 IT security decision-makers; Source: Forrsights Security Survey, Q and November 9, 2011, “Planning For Failure” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 5

6 Data is the new oil. © 2013 Forrester Research, Inc. Reproduction Prohibited 6

7 “Selling fresh vergin wordwide cvv”
I need RDP UK US Germany To buy NOW VIA WMZ wana buy 9 GOOD OFFER SELLING hacked RDP GURANTED 24HOURS UP TIME ONLY 10$ Selling (worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...) © 2013 Forrester Research, Inc. Reproduction Prohibited 7

8 Big data security and control framework
Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 8

9 Big data security and control framework (cont.)
Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 9

10 Big data security and control framework (cont.)
Source: July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 10

11 The new threat landscape
Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 11

12 TechRadar™: Network Threat Mitigation, Q2 2012
Source: May 9, 2012, “Develop Your Road Map For Zero Trust Network Mitigation Technology” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 12

13 The network is an enforcement point
Web farm Server farm DB farm WAN Traditional FW and IPS combos only protect Internet threats. Create management headaches. © 2013 Forrester Research, Inc. Reproduction Prohibited 13

14 The network is an enforcement point (cont.)
Web farm Server farm DB farm WAN Consolidate existing gateway controls to ease management burden. Integrates mitigation Provides threat context © 2013 Forrester Research, Inc. Reproduction Prohibited 14

15 The network is an enforcement point (cont.)
Web farm Server farm DB farm WAN Wireless is an Internet. © 2013 Forrester Research, Inc. Reproduction Prohibited 15

16 The network is an enforcement point (cont.)
Web farm Server farm DB farm WAN All traffic must be inspected for threats. Control access to sensitive data from “internal” networks like your WAN. Architect your network based on flows. © 2013 Forrester Research, Inc. Reproduction Prohibited 16

17 The network is an enforcement point (cont.)
Web farm Server farm DB farm WAN Create choke points for data protection. © 2013 Forrester Research, Inc. Reproduction Prohibited 17

18 The network is an enforcement point (cont.)
Centralized management is key. Reduces operational costs High availability eliminates the mythical need for a “firewall sandwich.” Web farm Server farm DB farm WAN MGMT server © 2013 Forrester Research, Inc. Reproduction Prohibited 18

19 The new threat landscape
Agenda The new threat landscape Next-generation security architecture for traditional networks Zero Trust — the next-generation secure network © 2013 Forrester Research, Inc. Reproduction Prohibited 19

20 Trust, but verify. © 2013 Forrester Research, Inc. Reproduction Prohibited 20

21 Which one goes to the Internet?
Untrusted Trusted © 2013 Forrester Research, Inc. Reproduction Prohibited 21

22 Zero Trust Untrusted © 2013 Forrester Research, Inc. Reproduction Prohibited 22

23 Concepts of Zero Trust All resources are accessed in a secure manner regardless of location. Access control is on a “need-to-know” basis and is strictly enforced. Verify and never trust. Inspect and log all traffic. The network is designed from the inside out. © 2013 Forrester Research, Inc. Reproduction Prohibited 23

24 Building the traditional hierarchal network
Edge Core Distribution Access © 2013 Forrester Research, Inc. Reproduction Prohibited 24

25 Security is an overlay Edge FW IPS Core Email WCF WAF VPN DAM DLP
DB ENC Distribution IPS IPS WLAN GW FW NAC Access © 2013 Forrester Research, Inc. Reproduction Prohibited 25

26 Deconstructing the traditional network
Edge FW IPS Core WCF WAF VPN DAM DLP DB ENC Distribution IPS IPS WLAN GW FW NAC FW Access © 2013 Forrester Research, Inc. Reproduction Prohibited 26

27 Rebuilding the secure network
FW WLAN GW CRYPTO AM CF IPS WAF NAC FW IPS AC WCF DAM Packet-forwarding engine DLP DB ENC VPN © 2013 Forrester Research, Inc. Reproduction Prohibited 27

28 Segmentation gateway NGFW Very high speed Multiple 10G interfaces
IPS CF AC Crypto AM NGFW Very high speed Multiple 10G interfaces Builds security into the network DNA © 2013 Forrester Research, Inc. Reproduction Prohibited 28

29 Zero Trust drives future network design
MCAP: micro core and perimeter MCAP resources have similar functionalities and share global policy attributes. MCAPs are centrally managed to create a unified switching fabric. Management = backplane User MCAP WWW MCAP MGMT server © 2013 Forrester Research, Inc. Reproduction Prohibited 29

30 Zero Trust drives future network design (cont.)
All traffic to and from each MCAP is inspected and logged. User MCAP WWW MCAP MGMT server SIM NAV DAN MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 30

31 Zero Trust network is platform-agnostic and VM-ready
Creates VM-friendly L2 segments Aggregates similar VM hosts Secures VMs by default User MCAP MGMT server SIM NAV WWW DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 31

32 Zero Trust network architecture is compliant
MGMT server WWW WWW MCAP User MCAP SIM NAV DAN MCAP WL MCAP WW W WWW WWW © 2013 Forrester Research, Inc. Reproduction Prohibited 32

33 Zero Trust network architecture is scalable
MGMT server WWW MCAP WL MCAP User MCAP SIM NAV DAN MCAP DB MCAP APPS MCAP WW W © 2013 Forrester Research, Inc. Reproduction Prohibited 33

34 Zero Trust network architecture is segmented
WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP MGMT server SIM NAV WW W DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 34

35 Zero Trust network architecture is flexible
WL MCAP DB MCAP User MCAP APPS MCAP CHD MCAP WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 35

36 Zero Trust network architecture is extensible
WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP WAF WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 36

37 ZTNA supports the extended enterprise
WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP WAF WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 37

38 What about fabrics? © 2013 Forrester Research, Inc. Reproduction Prohibited 38

39 A traditional hierarchical network will evolve to a flatter, meshed topology
Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 39

40 A traditional hierarchical network will evolve to a flatter, meshed topology (cont.)
Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 40

41 Zero Trust network architecture is fabric-friendly
Source: December 15, 2010, “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network” Forrester report © 2013 Forrester Research, Inc. Reproduction Prohibited 41

42 Augment hierarchal networks with Zero Trust
IPS Server farm WWW farm DB farm WAN WAF DAM CHD MCAP MGMT server WL MCAP User MCAP SIM NAV DAN MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 42

43 Zero Trust multidimensionality
ZERO TRUST DATA IDENTITY: TREAT DATA AS IF IT’S LIVING User identity (UID) Application identity (AID) Network User Transport Application Identity Generates traffic Generates traffic Context Data Information Data Location Classification Type Data identity (DID) © 2013 Forrester Research, Inc. Reproduction Prohibited 43

44 Zero Trust multidimensionality (cont.)
ZERO TRUST DATA IDENTITY: TREAT DATA AS IF IT’S LIVING Network Transport User identity (UID) User Application identity (AID) Application Data identity (DID) Data Monitored via DAN/NAV Identity Context © 2013 Forrester Research, Inc. Reproduction Prohibited 44

45 Trust, but verify. Source: Fotolia (http://us.fotolia.com/)
© 2013 Forrester Research, Inc. Reproduction Prohibited 45

46 Verify and never trust. Source: Fotolia (http://us.fotolia.com/)
© 2013 Forrester Research, Inc. Reproduction Prohibited 46

47 Hard and crunchy WL MCAP DB MCAP User MCAP CHD MCAP APPS MCAP
WWW MGMT server SIM NAV DAN MCAP WWW MCAP © 2013 Forrester Research, Inc. Reproduction Prohibited 47

48 Summary Zero Trust: “Verify and never trust!”
Inspect and log all traffic. Design from the inside out. Design with compliance in mind. Embed security into network DNA. Untrusted © 2013 Forrester Research, Inc. Reproduction Prohibited 48

49 John Kindervag +1 469.221.5372 jkindervag@forrester.com
49

Download ppt "Webinar Build Security Into Your Network’s DNA"

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Zero Trust Network Architecture

Zero Trust Network Architecture
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Similar presentations

Ads by Google