Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Ready: The Benefits of Segmentation

Published byClement O’Neal’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Threat Ready: The Benefits of Segmentation"— Presentation transcript:

1

2 Threat Ready: The Benefits of Segmentation
Burwood Group, Inc. Threat Ready: The Benefits of Segmentation

3 Agenda Burwood Intro Segmentation Overview Perimeter Segmentation
Data Center Segmentation Micro-Segmentation Communication Restrictions vs Security Benefits 9/17/2018 The Benefits of Segmentation

4 Our Perspective: IT Trends
Increased demand for IT to add strategic value to the organization Focus on leveraging innovation and technology outside the enterprise (inside-out to outside-in) Increased data availability demands quantitative insights Heightened end-user technology expectations Impact of mobile device market explosion Demand for fast access to data and applications from any consumer device Move towards the cloud Move from traditional infrastructure to converged (or hyper-converged) infrastructure Cloud-platform adoption leads to security concerns Increased “as a service” technology consumption 9/17/2018 Burwood Group Overview

5 Our Point of View Burwood Group
Business Processes Knowledge Technology Ecosystem To achieve its strategic goals, an organization’s technology investments must lead directly to specific business and clinical outcomes. To achieve an outcome, the organization’s technology must be designed, built and managed to deliver knowledge to the end user. Burwood Group integrates an organization’s technology ecosystem and business processes and knowledge to enable its people to perform in the unique context of their environment. We KNOW that tech investments MUST lead directly to specific outcomes. The tech MUST be designed to deliver that “knowledge” to the end user. Burwood can integrate the tech ecosystem. 9/17/2018 Burwood Group Overview

6 Segmentation Overview
Credible Resource (Wikipedia) “Network segmentation in computer networking is the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.” Burwood Organizing your network based on applications, users, content, or business function Applying security to this organization by enforcing restrictions between network segments on a need to know basis All of this is based on zero-trust and CIA 9/17/2018 The Benefits of Segmentation

7 Zero Trust Secure Access All resources are accessed in a secure manner regardless of location Access Restrictions Least privilege or “need-to-know” restrictions Verify Ensure users, applications, and content are all legitimate Inspect & Log Record all access and user activity From Del – don’t have to limit to three zones, can subdivide

8 Segmentation Overview
What does this mean to your organization? Are you applying segmentation now? Are you applying security between your network segments? 9/17/2018 The Benefits of Segmentation

9 Perimeter Segmentation
Most organizations are already segmenting their perimeter The implementation of a DMZ is segmentation 9/17/2018 The Benefits of Segmentation

10 Perimeter Segmentation
Already utilizing the Zero-Trust Model Deny “Untrust” to “Trust” Restrict “Untrust” to “DMZ” Restrict “DMZ” to “Trust” Common practice and easy implementation 9/17/2018 The Benefits of Segmentation

11 Perimeter Segmentation
Securing all perimeter traffic from external threats Why is this only at the perimeter? Issues Only 20% of an organizations network traffic traverses the perimeter firewall This leaves 80% of traffic unfiltered, unrestricted, and insecure Arkin VMware reference 9/17/2018 The Benefits of Segmentation

12 Data Center Segmentation
This is where the most critical assets reside Malicious users know this and their end goal is the data center Malware is targeted and designed to spread 9/17/2018 The Benefits of Segmentation

13 Data Center Segmentation
Recent example of an outbreak that could have been prevented Healthcare customer hit with Qakbot Virus designed to spread through fileshares and and removable drives Steals information and opens a backdoor to the compromised machine Infected machines could be cleaned As soon as they were cleaned, they would be infected again by spreading of malware 9/17/2018 The Benefits of Segmentation

14 Data Center Segmentation
Initial infection may not have been prevented but propagation of malware could be Concept of network “bulkheads” 9/17/2018 The Benefits of Segmentation

15 Data Center Segmentation
Prevent the propagation of malware Increased visibility Granular traffic restrictions 9/17/2018 The Benefits of Segmentation

16 Data Center Segmentation
9/17/2018 The Benefits of Segmentation

17 Data Center Segmentation
Steady State Quarterly Review: Re-occurring Health-checks New Feature implementations Expanded Education Convert to App Restrictons Project Work: SSL Decryption Review policies and logs Convert to application enforcement Create custom applications Implement Next-Generation Security Security Cleanup and Management Review and Configure: Firewall Policy Cleanup Firewall documentation Security logging Centralized reporting Utilize Security Suite Configuration: Content ID Threat Prevention APT Protection URL Filtering User Restrictions Migrate/Transition Project Work: - Discover Current State - Migrate/Install NGFW - Design Migration Plan - Migrate/Cutover Test and Validate Operate/ Manage Stateful Inspection 9/17/2018 The Benefits of Segmentation 17

18 Micro Segmentation Data Center Segmentation is for North-South traffic
Micro Segmentation is for East-West traffic Traffic within a virtual environment Traffic on the same logical network (intra-VLAN inspection) 9/17/2018 The Benefits of Segmentation

19 Micro Segmentation Unconstrained communication
Little or no lateral controls inside perimeter Low priority systems are targeted first. Attackers can move freely around the data center. Internet Attackers then gather and exfiltrate data over weeks or even months. Data Center Perimeter The Benefits of Segmentation

20 Micro Segmentation Why can’t we have individual firewalls for every VM? With traditional technology, this is operationally infeasible. Expensive and protect North-South traffic and not East-West Physical firewalls Internet Slow, costly, and complicated Virtual firewalls Hypervisor VM Data Center Perimeter The Benefits of Segmentation

21 Micro Segmentation VDI - A converged infrastructure means virtual desktops run on the same infrastructure as servers VDI Data Center Perimeter Internet East West VMware NSX and Palo Alto Networks

22 Micro Segmentation Additional Benefits
Technologies that provide micro segmentation also provide data center automation Provide the first step for hybrid, public/private cloud environments 9/17/2018 The Benefits of Segmentation

23 Communication Restrictions and Security
Layer 3/4 vs Layer 7 firewall Virtually all manufacturers will agree that port and protocol is not enough security today Locking policies down to known applications communicating across known ports is paramount 9/17/2018 The Benefits of Segmentation

24 Communication Restrictions and Security
Context security includes more than network traffic Applications Content URL filtering, Antivirus, Anti-Spyware, IPS Users These items all work together to provide a secure zero-trust network architecture 9/17/2018 The Benefits of Segmentation

25 Benefits Segmentation allows us to organize and secure our networks
Creating network bulkheads to limit propagation Increased restrictions to comply with least privilege and Zero-Trust Micro segmentation provides visibility into areas of the network we previously could not see Implementing a phased approach to the installation of these services is key 9/17/2018 The Benefits of Segmentation

26 Contact Us Justin Flynn Manager, Sales Engineering Burwood Group, Inc.

Download ppt "Threat Ready: The Benefits of Segmentation"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
How to protect your Virtual Datacenter Michiel van den Bos.

How to protect your Virtual Datacenter Michiel van den Bos.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.

Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.

© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
VMware NSX and Micro-Segmentation

VMware NSX and Micro-Segmentation
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Micro segmentation with Next Generation Firewall and Vmware NSX

Micro segmentation with Next Generation Firewall and Vmware NSX
Security Vulnerabilities in A Virtual Environment

Security Vulnerabilities in A Virtual Environment
Understand Network Isolation Part 2 LESSON 3.3_B 98-367 Security Fundamentals.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Similar presentations

Ads by Google