Presentation is loading. Please wait.

Presentation is loading. Please wait.

Toward Distributed and Virtualized Enterprise Security

Published byЛеонид Армфельт Modified over 5 years ago

Similar presentations

Presentation on theme: "Toward Distributed and Virtualized Enterprise Security"— Presentation transcript:

1 Toward Distributed and Virtualized Enterprise Security
STR-T11 Toward Distributed and Virtualized Enterprise Security Dr. Edward G. Amoroso CEO TAG Cyber Stevens Institute of Technology, M&T Bank, Applied Physics Lab/JHU, New York University @hashtag_cyber

2 Recent Public Enterprise Hacks

3 How Many Darts to Fill the Bucket?

4 How Many Darts to Fill the Bucket?

5 Which Method Protects the Cookies Better?

6 Enterprise Perimeter – Theory

7 Disallow External Access

8 Allow Internal Access Disallow External Access Internal Asset Internal

9 Trusted Internal Lateral Traversal Trusted Internal Enterprise Access
IT Systems CFO Info/Data Marketing Product Sales HR Outsource Dev/Ops Corporate Records Trusted Internal Enterprise Access Disallow External Access

10 Unknown Gateway Email Gateway Outsource Access Gateway Unknown Gateway
IT Systems Outsource Access Gateway CFO Info/Data Marketing Product Sales Unknown Gateway HR Outsource Dev/Ops Corporate Records Unknown Gateway Partner Access Gateway Remote Access Gateway Web Gateway

11 Advanced Persistent Threat (APT)
Mistake 1: accepted from anyone with no regard for controls such as DMARC Gateway Mistake 2: Someone from Marketing clicks on a Phish Marketing Mistake 3: Easy lateral traversal across the enterprise LAN. Mistake 4: Web egress allowed to uncategorized Internet site Records Web Gateway

12 Enterprise Perimeter – Actual

13 Internal Asset A Internal Asset B Internal Asset C Internal Asset D

14 Internal Asset A Internal Asset B Internal Asset C Internal Asset D

15 Outsourcing Access Gateway Outsourcing Internal Asset A
Internal Asset B Outsourcing Internal Asset D

16 Outsourcing Access Gateway Cloud/vDC Outsourcing Internal Asset A
Internal Asset B Internal Asset D Cloud/vDC

17 Virtual Micro-Segment Policy Enforcement Cloud/vDC Outsourcing
Internal Asset A Outsourcing Internal Asset B Internal Asset D Cloud/vDC

18 Cloud/vDC Email Gateway Outsourcing Email Internal Asset A
Internal Asset B Cloud/vDC Gateway

19 Cloud/vDC Email Gateway Cloud/vDC Outsourcing Email Internal Asset A
Internal Asset B Cloud/vDC Gateway Cloud/vDC

20 Cloud/vDC Cloud/vDC Outsourcing Email Internal Asset A
Internal Asset B Cloud/vDC Cloud/vDC

21 Partner Gateway Cloud/vDC Cloud/vDC Partner Outsourcing Email
Internal Asset B Cloud/vDC Cloud/vDC

22 Cloud/vDC Partner Gateway Cloud/vDC Cloud/vDC Partner Outsourcing
Internal Asset B Cloud/vDC Cloud/vDC

23 Cloud/vDC Cloud/vDC Cloud/vDC Partner Outsourcing Email
Internal Asset B Cloud/vDC Cloud/vDC

24 Cloud/vDC Legacy Enterprise Cloud/vDC Cloud/vDC Partner Outsourcing
Internal Asset B Cloud/vDC Cloud/vDC

25 Partner Outsourcing Email
Internal Asset B

26 Partner Outsourcing Internal Asset B Policy Cloud/vDC

27 Partner Outsourcing Policy Email
Internal Asset B Policy

28 Asset A Asset C Asset B C&C Asset D

29 Asset A Asset C Asset B C&C Asset D

30 Node Node Node C&C Node

31 C&C/Node Node Node C&C Node

32 Node Node Node C&C Node

33 Node Node Node C&C Node

34 Node Node Node C&C Node

35

36 Distributed Micro-Segmented Enterprise Architecture
Logical Interaction Logical Interaction Isolated Micro-Segments

37 Warning: Global Perimeters are Not Secure
Attack Surface Perimeter Enterprise LAN Enterprise LAN Attack Surface Attack Surface

38 Isolating a Server from a Perimeter Makes it More Secure
Attack Surface Isolated Server Perimeter Enterprise LAN Enterprise LAN Attack Surface Attack Surface

39 Global Department of State Network

40 Global Department of State Perimeter is Not Secure

41 Global Department of State Perimeter is Not Secure
Bureaucratic Clinton Server

42 Isolating the Clinton Email Server Made it More Secure
Isolated Clinton Server

43 Applying Enterprise Cyber Security to Politics

44 Apply What You’ve Learned: Download the PDFs
@hashtag_cyber

Download ppt "Toward Distributed and Virtualized Enterprise Security"

Similar presentations

Stevens Institute of Technology Security Systems Engineering

Stevens Institute of Technology Security Systems Engineering
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.
Network Security Overview Tales from the trenches.

Network Security Overview Tales from the trenches.
Pg. 1 Intranets and Extranets in Business Internet and Business - strategic business applications. Internet and Business - strategic business applications.

Pg. 1 Intranets and Extranets in Business Internet and Business - strategic business applications. Internet and Business - strategic business applications.
Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.
The Internetworked E-Business Enterprise

The Internetworked E-Business Enterprise
E. business knowledge transfer for SMEs – experience from Lithuania Prof. Rimantas Gatautis, KTU

E. business knowledge transfer for SMEs – experience from Lithuania Prof. Rimantas Gatautis, KTU
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
ENTERPRISE COMPUTING QUIZ By: Lean F. Torida

ENTERPRISE COMPUTING QUIZ By: Lean F. Torida
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.

Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
VMware NSX and Micro-Segmentation

VMware NSX and Micro-Segmentation
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Similar presentations

Ads by Google