Security The Network The Cloud Cloud University – 12/03/14 Intelisys Confidential – Do Not Distribute to Third Parties

Security

The NetworkThe Cloud

Cloud University – 12/03/14

Intelisys Confidential – Do Not Distribute to Third Parties

Schedule for TodayWelcome & Start (12 – 12:10 EST)

Polycom Update (12:10 – 12:25 EST) Keynote: What is security? What are the typical components? What are your customers asking? (12:25 – 12:50 EST)The news promises to get worse before it gets better. We hear about the denial-of-service attacks, security breaches, intrusion detection and network access control when talking about cloud and network security. Every day there’s a security breach at another major retailer. Every day companies are being probed for security vulnerabilities and weaknesses. Ray Nelson will summarize these problems and other topics to give you a better understanding of how security can fit into your solutions sale. Panel 1: How to Secure your Network (12:50 – 1:50 EST)Listen to industry experts discuss how to craft and deploy a multi-layered security approach to your customers’ network design. A good security plan is no longer just a firewall. It includes multiple layers of services to prevent and deter security breaches. Our panelists will talk about best practices around network security, intrusion prevention, DDoS, multi-site security and other factors that go into designing a highly secured network. Break (1:50 – 2:00 EST) Panel 2: Cloud Solutions: Are they more or less secure than a premise-based design? (2:00 – 3:00 EST)Listen to our Cloud providers talk about how a Cloud solution can enhance your end-user with security benefits. Typically people think that the Cloud is not secure. Leveraging Desktop-as-a-Service, hardened data centers, managed services and various other industry best practices, a Cloud solution will most likely be more secure than what a customer has deployed themselves. We will discuss various Cloud solutions, including supporting home-based workers, road warriors and wireless solutions. Conclusion (3 – 3:15)


Goals for Today

• Describe security and its many components

• Understand the threats• Understand the complexity• Discuss how we can help your customers


SCARY TIMES


$1.5M Monitored cyber attacks in the US in 2013… 16856 times as year a company is attacked. - IBM Security Services April 2014

SMBs collectively made up more than half of all targeted attacks at 61 percent – up from 50 percent in 2012 – with medium-sized (2,500+ employees) businesses seeing the largest increase. - Symantec Internet Security Threat Report - April 2014

THE BLOB


M&M ‘S NO MORE

"We want our network to be like an M&M, with a hard crunchy outside and a soft chewy center.“


TOP 10 SECURITY THREATS – PRESENT AND FUTURE

1. Insider Threat – Edward Snowden2. Cyber attacks – Foreign Governments3. Social Media – Facebook, Fantasy Football4. DDOS and Botnets – Xbox Live5. Consumer products – Android/iPhones

Malware6. Outdated Systems – XP 7. Data gone AWOL – The lost laptop8. Unsecure Wireless Networks – Really9. The internet of things – securing the cloud

10.


ANATOMY OF AN ATTACK






PERSONAL EXPERIENCE

• Security Breach – Poor Password policy allowed for a VPN access issue.

• No password policy• Senior members of organization were the worst offenders• Allowed access to all of the corporate information

• Email Spam Server – Found 2 separate customers with issues

• Poor password policy allowed for a relay server• Poor security allowed for SPAM servers on network choking is

Internet performance• Asked for bigger circuits, but discovered he did not need them

• Wireless Security – No security key• Allowed competition access to network


HISTORY OF ACRONYMS

• Firewall and VPN – FW/VPN• Anti-Virus and Spam Control – AV/SPAM• Intrusion Detection System - IDS• Intrusion Prevention System - IPS• Unified Threat Management - UTM• Network Admission Control – NAC• Application Control and Next Generation Firewalls – NGFW• Security Intelligence• Security as a Service - SECaaS


AREAS WE NEED TO SECURE• Network

• Firewalls(Access Control, DDOS, UTM)• Direct Connections• VPN(Users & site-site)

• System• Servers • Desktops• Applications• End Users – Knowledgeable Users

• Mobility• Mobile Phones• MDM• Application Control

• Wireless Devices• Monitor• Secure

• End Users• Behavioral – Physical surroundings, logical thought

process


"Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Dionisio Zumerle, principal research analyst at Gartner. "A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices." - Gartner May 2014

SECURITY AS A SERVICE


Security as a service (SECaaS) is a business model in which a large service provider integrates their security services into a corporate infrastructure on a subscription basis more cost effectively than most individuals or corporations can provide on their own, when total cost of ownership is considered. In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware avoiding substantial capital outlays. These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management, among others.

Security-as-a-Service offers a number of benefits, including:•Constant virus definition updates that are not reliant on user compliance.•Greater security expertise than is typically available within an organization.•Faster user provisioning.•Outsourcing of administrative tasks, such as log management, to save time and money and allow an organization to devote more time to its core competencies.•A Web interface that allows in-house administration of some tasks as well as a view of the security environment and on-going activities.

THE CLOUD AND ITS MANY BENEFITS

• Highly secure data centers• Inherent security benefits due to multi-tenancy• Leverage the “as a Service” Model• Migration to the cloud can be a redo• Desktop as a Service and its benefits


CONCLUSION


Questions

Documents

Security The Network The Cloud Cloud University – 12/03/14 Intelisys Confidential – Do Not Distribute to Third Parties