Embed Size (px)
Citation preview
copyright 2015
Cloud Applications Secured - LNETM
1
copyright 2015
About Us
2
PartnerNetwork
TECHNOLOGY PARTNER
Founded by Enterprise IT, Capital Markets and ISV professionals
VNS3 cloud security appliance launched in 2008
Secured over 500 million virtual device hours in public, private, & hybrid clouds
Chicago, London, and Palo Alto
VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments.
1000+ customers in 20+ countries across all industry verticals and sectors
copyright 2015
Servers are moving by the millions per year into cloud and virtual infrastructures, and applications are moving with them.
3
Millions of Applications
by 2020System Integrators
as a Service businesses
TECH
Geezeo®
ISV as a Service Offering
Cloud ERP Cloud
as a Service
copyright 2015
Everywhere these virtualized applications go, they need security, integration and connectivity.
4
This creates the market for application security and network services (Layers 3-7) for applications
deployed to public cloud.
ConnectivityIntegrationSecurity
copyright 2015
Network Penetration has gone Professional
•In the post-Snowden era, all servers “on a wire” are compromised, or a target to be, by hackers, criminals or foreign governments.
•Regulatory implementation and reporting demands are increasing (HIPAA, PCI, NIST Cybersecurity, EU Data Privacy, etc.)
5
1
By the Office of Compliance Inspections and Examinations1
Volume IV, Issue 2 April 15, 2014
OCIE CYBERSECURITY INITIATIVE
I. Introduction
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) previously announced that its 2014 Examination Priorities included a focus on technology, including cybersecurity preparedness.2 OCIE is issuing this Risk Alert to provide additional information concerning its initiative to assess cybersecurity preparedness in the securities industry.
II. Background
On March 26, 2014, the SEC sponsored a Cybersecurity Roundtable. In opening the Roundtable, Chair Mary Jo White underscored the importance of this area to the integrity of our market system and customer data protection. Chair White also emphasized the “compelling need for stronger partnerships between
the government and private sector” to address cyber threats.3 Commissioner Aguilar, who recommended holding a Cybersecurity Roundtable, emphasized the importance for the Commission to gather information and “consider what additional steps the Commission should take to address cyber-threats.”4
1 The statements and views expressed herein are those of the staff of OCIE. This guidance is not a rule,
regulation, or statement of the Commission. The Commission has expressed no view on its contents. This document was prepared by the SEC staff and is not legal advice.
2 Examination Priorities for 2014, available at: http://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2014.pdf.
3 Chair Mary Jo White, “Opening Statement at SEC Roundtable on Cybersecurity” (March 26, 2014), available at: http://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1370541286468.
4 Commissioner Luis A. Aguilar, “The Commission’s Role in Addressing the Growing Cyber-Threat,” Statement at SEC Roundtable on Cybersecurity (March 26, 2014), available at: http://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1370541287184.
Topic: Cybersecurity Examinations
Key Takeaways: OCIE will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity. In order to empower compliance professionals with questions and tools they can use to assess their respective firms’ cybersecurity preparedness, OCIE has included a sample cybersecurity document request in the Appendix to this Risk Alert.
copyright 2015
Others Agree• FBI Director James Comey - http://goo.gl/34SEdy
"There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese."
• ITRC - http://goo.gl/BtjNrC 621 data breaches, exposing over 77,890,487 records in 2014.
6
Source: Information is Beautiful http://goo.gl/QWllpM
Court Ventures 200,000,000
Yahoo Japan 22,000,000Dropbox
Adobe 152,000,000
!!JP Morgan
Chase 76,000,000
Gmail 5,000,000
2011 2012 2013 2014
Ebay 145,000,000
Health 4,500,000
Target 70,000,000
Home Depot 56,000,000AOL
2,400,000
Mozilla
NY Taxi
Kissinger 1,700,000
Vodafone 2,000,000Citi
150,000
Zappos 24,000,000
Facebook 6,000,000
Drupal
Korea Credit Bureau
20,000,000
SC Gov
D&BMA Gov
NY Gas 1,800,000
UPSSnapchat
Ubuntu
Sony Online 24,600,000
Evernote 24,600,000
Blizzard 14,000,000
Honda CA
Emory 315,000
copyright 2015
Let’s look at what (may have) happened to Sony…
7
copyright 2015
A classic enterprise deployment pattern for critical business infrastructure
8
Web Tier
AppServer Tier
Database Tier
User Traffic
Message Queues
ETL Usage
API Usage
copyright 2015
Enterprise data centers are filled with these applications
9
copyright 2015
In the post-Snowden era, with network penetrations performed by governments and criminal gangs alike, penetration of one app, means potentially penetration of them all
10
copyright 2015
One penetration creates significant “east-west” expansion of the hacking
11
copyright 2015
The Solution
12
copyright 2015
Introducing the next generation in application security VNS3:turret
13
Application Security Controller
M
Virtual Adapter Virtual Adapter Virtual Adapter
Layer 3 Encrypted
Switch
Layer 3 Encrypted
Router
GRE Protocol Bridge
Protocol Re-
Distributor
Industry Standard L4 - L7 PLUGIN System
Mesh Transaction Management
Core Mesh Firewall
Mesh Key Management
Net Management Interfaces
SSL VPNEdge
IPsec VPN Edge
Autonomics Agents
RESTful API Service Cloud Capacity Interfaces
Virtual CPU(s)
AES-NI Interface
Provisioned IPOs
Enhanced Network Drivers
AppFW
Custom Mods
SSL Offload
Content Cache
Internal LB
IDS IPS
Application Security Controller NIC(s)
Unique Encrypted Topology Identity
Unique Encrypted Topology Identity U
niqu
e En
cryp
ted
Topo
logy
Iden
tity
copyright 2015
Cloud E
dge Protection
Cloud Iso
lation
Cloud VLAN
Cloud Network Firewall
Cloud Network Service VNS3
Database Tier
App ServerTier
WebTier
MessageQueues
Application Security Controller creates unique perimeters for each virtualized application
14
• Unique cryptographic overlay network for each application
• Deployed at each application edge, fortifies and reinforces security policies
• Cloud Native and Software Defined
• Complements and extends the DMZ (“hard edge”) of the data center
copyright 2015
“Application Segmentation” completes the security model
15
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Application Segmentation
Virtual Segmentation
Limit of user access, control and visibility
Physical Segmentation
Alcatel
DCN VCN
VNS3 nodes are software-only network security and connectivity appliances. !
“Application Segmentation” provides the most comprehensive application security model available today. !
Create a cryptographically unique Layer 3 network for each application deployment.
copyright 2015
VNS3: turret application security controllers are deployed as an encrypted, clustered micro-perimeter to secure your mission critical business systems in public/private cloud.
16
copyright 2015
Deploy your applications inside the Turret’s unique, encrypted overlay network, specific to that critical business infrastructure
17
copyright 2015
No server in your deployment talks to any other server without going through a mediating security control. Turret acts as an encrypted smart-switch via its interior network interfaces.
18
copyright 2015
Once the micro-perimeter is established the broad policy enforcement mechanism is in place, with strict traffic flow controls.
19
copyright 2015
L4-L7 plugins provide security and compliance automation for BOTH edge operations and interior operations.
20
copyright 2015
Even if there is an initial penetration event, east-west risk is dramatically reduced by network virtualized security, and the attempts are easier to recognize and isolate.
21
VNS3:turret protected virtual infrastructure
X
X
copyright 2015
Cohesive Customers and Solutions
22
copyright 2015
Cloud Applications Secured
23
System Integratorshelping customers build cloud-based businesses
“As a Service”businesses being built in the cloud
Enterpriseextending business to the cloud
copyright 2015
VNS3 Product Family
24
Application Security Controller provides an application micro-
perimeter platform
Security and connectivity appliance with optional L4-L7
plug-in system
Virtual network management providing a single pane of glass for
cloud-based virtual networksHigh availability solution for self-
healing virtual networks
copyright 2015
Availability
25
VNS3 allows customers to secure their application in any cloud.
Virtual InfrastructurePublic Cloud
Private Cloud
copyright 2015
Appendix
26
copyright 2015
✓ Deployed as part of customer’s cloud-based application. ✓ Patented system for network control in the cloud. ✓ Platform for customer and partner cloud network innovation
Inside VNS3:net
27
