Embed Size (px)
Citation preview
Introduction to Cloud Security
Ayed Al QartahConsulting Systems Engineer – Security (GSSO)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
We Live in a Cloud-first World
81%Evaluating or using
public cloud
73%Have a hybrid cloud
strategy
84%Will use multiple
clouds
Source: IDC InfoBrief, sponsored by Cisco, Cloud Going Mainstream. All Are Trying, Some Are Benefiting; Few Are Maximsing Value. September 2016.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Organizations must Adapt to the Cloud due to Four Key Trends
Business apps move towards SaaS while application
development shifts
Branch offices have direct internet access
Critical infrastructure and data moves away from corporate data centers
Mobile workforce and BYOD proliferation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Adoption is Driving Specific Business Outcomes
Reduced Costs Enhanced ProductivityImproved Agility Increased Revenue
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Infrastructureas a Service (IaaS)
Platformas a Service (PaaS) SaaS
People People People
Data Data Data
Applications Applications Applications
Runtime Runtime Runtime
Middleware Middleware Middleware
Operating system Operating system Operating system
Virtual network Virtual network Virtual network
Hypervisor Hypervisor Hypervisor
Servers Servers Servers
Storage Storage Storage
Physical network Physical network Physical network
Cloud Shared Responsibility – SaaS/PaaS/IaaS
CSR responsibilityCustomer responsibility
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
“Cloud Security” Means Different Things
Security tothe cloud
“Secure my data and applications as they transition to or are accessed from the cloud”
Security forthe cloud
“Secure my cloud based workloads and applications”
Any security solution may be delivered from the cloud
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
A Portfolio of Capabilities is Needed
DNS
Anti-Malware NAC DNS Security Flow Analytics CASB
Malware Sandbox
Contextual Tags and Policy Web Security Firewall IPSWAF
Email Security
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
These Capabilities Handle Specific Threats
Anti-Malware NAC DNS Security Flow Analytics CASB
Malware Sandbox
Contextual Tags and Policy Web Security Firewall IPSWAF
Email Security
Malware distribution across
networks
Untrusted and compromised
devices
PhishingC&C
Insider ThreatsCompromised
Devices
UnauthorisedAccess & Data
Loss
SpamPhishing
Malicious Files
Polymorphic Threats
Content FilteringMalicious Destinations
UnauthorisedAccess and
malformed packets
Attacks against poorly coded apps
IntrusionUnauthorisedAccess and Lateral
Propagation
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Organizations Need to Focus on Two Key Cloud Security Areas
Public Cloud Applications (SaaS)
Public Cloud Workloads
Private Datacentre/Cloud
Public Cloud (IaaS/PaaS)
SalesforceBox
Office365 Servicenow
SlackDropBoxGSuite
Solarwindsmsp
Vmware
ExchangeAzure
SAP HANA
AWS
Exchange
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Malware and ransomware
Compromised accounts and malicious insiders
Gaps in visibility and coverage
Data breaches and compliance
Threats extend and evolve to fit new attack targets
Threats Fall Under 4 Main Categories
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Public Cloud Application Questions
ApplicationsDataAccess Control
▪ Who is doing what in my cloud applications?
▪ How do I detect accountcompromises?
▪ Are malicious insiders extracting information?
▪ Do I have toxic and regulated data in the cloud?
▪ Do I have data that is being shared inappropriately?
▪ How do I control movement of IP within and outside of SaaS?
▪ How can I monitor app usage and risk?
▪ How do I revoke/block risky apps? ▪ What native security controls are
available to me?
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Public Cloud Applications
Sanctioned Application
Unsanctioned Application
Home office user Traveling userExternal partner collaborator
IOT Security system
3rd Party application leveraging Office 365 data DocuSign
DropBoxOffice 365
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure Access to Sanctioned File RepositoryBDM Questions• Is this user who they say they are?
Insider ThreatsCompromised
Devices
Untrusted and compromised
devices
PhishingC&C
UnauthorisedAccess & Data
Loss
Rogue AccessZero Day
TDM Questions• How is access control extended from corporate
network to cloud applications? • How does this user’s behavior correspond to their
expected or baselined behavior?
Network Access Control
FlowAnalytics
NGFW
DNS
DNS Security
Office 365CASB
Polymorphic Threats
Malware Sandbox
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Managing Content within a Sanctioned File RepositoryBDM Questions• How do you enable sensitive content to live within
the cloud to support collaboration, yet still provide proper controls?
TDM Questions• How does your Data Security solution scale for the
cloud? • Malware from unmanaged devices or via
collaborators?
Untrusted and compromised
devices
Malicious file uploads and downloads
Content Filtering
UnauthorisedAccess & Data
Loss
Rogue Access
Polymorphic Threats
Network Access Control
Firewall WEB SecurityAnti-Malware
Office 365CASB
Malware Sandbox
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Applying Controls for an Unsanctioned ApplicationBDM Questions• Just because an application is unsanctioned
doesn’t mean it isn’t a potential security risk. • What is the pathway towards sanctioning a new
application?
TDM Questions• Out of band controls are not effective here, so how
can typical oob capabilities move in band?
Insider ThreatsCompromised
Devices
Untrusted and compromised
devices
PhishingC&C
Malicious & Risky Application
Usage
Rogue AccessZero Day
Content FilteringMalicious
Destinations
Network Access Control
FlowAnalytics
Firewall
DNS
DNS Security AVCWEB SecurityAnti-Malware
Malicious file uploads and downloads
DropBox
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Traveling User on a Sanctioned AppBDM Questions• With users spending more time away from the
office, network centric controls are not applicable without requiring VPN access, which can degrade performance of cloud applications.
• What is your BYOD policy?
TDM Questions• How to replicate the inband network (and possibly
endpoint controls for BYOD) using cloud and out of band capabilities?
FlowAnalytics
Anti-Malware
Same capabilities as the corporate user, but the pillars and form factors are likely completely different.
Office 365CASB
Malware Sandbox
DNS
DNS SecurityEmail Security
BRKSEC-1776
How Cisco Security Helps
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integrated Security Architecture
SimpleCisco built the network and internet standards and uses
pre-built integrations with customers’ existing footprints.
Open & automatedCisco’s open platforms use
security standards and turn-key integrations with
customers’ existing solutions.
Security
EffectiveCisco identifies, prevents, and detects more attacks
by using an integrated security architecture.
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Security Architecture - Three Focus Areas
Threat protection“Stop the breach”
Segmentation“Reduce the
attack surface”
Visibility“See everything”
Threat intelligence - Talos
Intent-based
Automation
Analytics
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Security Solutions – Focus Areas
• Visibility for Better Policy
• Visibility for Better Threat Detection (and Response)
VisibilityThreat protection• Intrusion Prevention• Advanced Malware
Protection (AMP)
Threat prevention• Baseline Policy• Incident Response
Policy
Segmentation
Integrated
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Security Solutions – Focus Areas
Network and application analytics• Stealthwatch / cloud• Tetration
VisibilityThreat protection• NGFW/NGIPS• Advanced Malware
Protection (AMP)
Threat preventionFirewall and access control• NGFW, ACI and
Tetration Policy Orchestration
• FMC and CloudCenter• APIC and ISE
Segmentation
Integrated
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Integrated Security Architecture
APPLIANCESFTD or ASA w/Firepower1
ISR or Meraki MXWeb and Email Gateway1
Stealthwatch
AGENTSAnyConnect
AMP for EndpointsMANAGEMENT
Meraki SM
CLOUD-HOSTED APPLIANCE/AGENTS
Cloud Email SecurityESAv ASAv WSAv
Threat GridStealthwatch Cloud
MULTI-TENANT SAASUmbrellaCloudlock
Umbrella InvestigateCTA
THREAT INTELTalos2
SECURITY MANAGEMENTDefence Orchestrator
SECURITY SERVICESManaged, Advisory,and ImplementationPOLICY AND ACCESS
ISE pxGrid TrustSec
1. Additional security management via FMC and SMA2. Talos is not a product
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Provides Offerings for Each Capability
DNS
Anti-Malware NAC DNS Security Flow & IaaS API Log Analytics CASB
Malware Sandbox
Contextual Tags and Policy Web Security Firewall IPSThreat Intel
Email Security
AMP ISE UmbrellaStealthwatch,
Tetration Cloudlock ESA
Threatgrid ISE, ACI, Trustsec, Pxgrid WSA Firepower FirepowerTALOS
BRKSEC-1776
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enforcement and Visibility Everywhere
Data Apps
Users Endpoints
UNMANAGED ENDPOINTS
Security for all edges
Security for all assets
Security via the cloud
MANAGED ENDPOINTS
MANAGED LOCATIONS
INTERNET
THE ERODING PERIMETER
CORPORATENETWORK(S)
UNMANAGED USERS / APPS
UNMANAGED LOCATIONS
FTD / ASA;Web / Email
Gateways Meraki MX / ISR
Data
Cloudlock;NGFWv; NGIPSv;Stealthwatch Cloud, Tetration
Users Data Apps
PUBLIC & PRIVATECLOUDS
Stealthwatch;ISE; pxGrid; TrustSec,
SDA
Firepower, ACI, Tetration,
Stealthwatch
DATA CENTRE
INTERNAL SUBNET/VLANS
Umbrella
AnyConnectAMP for Endpoints;
Cloud Email Security; Meraki SM; AMP; Threat Grid; CTA; Umbrella Investigate; Active Threat Analytics
CISCO SECURITY AS A SERVICE
BRKSEC-1776
Thank you
