Crypto-Segmentation: Protecting Networked Applications When Firewalls Fail
|
|
- Marion Allen
- 8 years ago
- Views:
Transcription
1 SESSION ID: SPO-R02 Crypto-Segmentation: Protecting Networked Applications When Firewalls Fail Satyam Tyagi Chief Technology Officer Certes Networks Adam Boone Chief Marketing Officer Certes Networks
2 They are already inside we just have not found them 2
3 Security Crisis: Outdated Architecture Borderless Enterprises Apps digitized, extended outside firewall, rise of Shadow IT Firewalls Fail Access for working = access for hacking Segmentation Chaos SSL, TLS, IPsec, VPN, DMZs, VLANs, ACLs Performance hits Gaps & trade-offs SSL#3 IPsec SSL#2 SSL#1 VLAN#1 Trusted Network No encryption ACL#1 Access Attacks HTTPS No encryption SSL#4 3
4 Impact: Data Breach Crisis In 60% of cases, attacker compromise organization in minutes 75% of attacks spread from Victim 0 to Victim 1 within one day (24 hours) Breach discovery is days or weeks 4
5 The Post-Trust World No internal network can be fully trusted No user can be fully trusted Assume the breach has already happened Architecture based solely on perimeter security (firewalls, IDS/IPS) to keep the bad guys out is obsolete Common strategy is to use network segmentation 5
6 The Dirty Secret of Network Segmentation December 2014 global IT manager survey (Spiceworks) No LAN Crypto- Segmentation Problem: Segmentation of traffic is tied to network infrastructure; disconnected from business rules 66
7 Segmentation Chaos: Fragmentation Attempting to isolate traffic hop by hop, app by app Consumer grade encryption, out of your control VLANs, ACLs, VPNs, IPsec, SSL, TLS, DMZs 77
8 Segmentation Chaos: Too Many Tools Where are VLANs defined and enforced? Are they encrypted? How are WAN links encrypted? Who controls keys? How are they managed? SSL SSL SSL SSL Patient Record App Sensitive Record App Other Network App SSL HQ Data Center VLAN 2 VLAN 1 LAN How many of the apps have their own embedded encryption? Who controls it? What s in it? Do they contain Heartbleed? DR Backup VLAN 1 MPLS Label1 VLAN 2 LAN WAN Internet Siloed Fragmented Gaps HTTPS MPLS Label2 VPN Physician s smartphone Hospital Doctor s office SSL How are apps encrypted to mobile devices? Is it enterprise grade encryption? Who controls keys and algorithms? 88
9 Epic Segmentation Fail Attack Steps VPN: Protection Failed 1 Phishing Steals Password Weak password security PoS System 3. PoS Malware Billing System Other Systems 4. Exf Malware IDS Monitoring 2 VPN established across Internet Anywhere across Internet 3 Malware Installed on PoS No segregation of PoS and Billing 4 Malware Installed No segregation PoS 3. PoS Malware 5. Dump CC 6. Exfiltrate CC 5 Dump CC data No segregation 9 6 CC Exfiltrated VPN: no restriction on outbound connectivity Contractor Retailer Network Internet VPN Access Contractor Network 3. PoS Malware FW/VPN PoS Steal Password PoS 3. PoS Malware 9 Exfiltration Server Attacker
10 Back to the Drawing Board 10
11 What is Security? (Orange Book) Policy: Rules of Security Accountability: Identity and Authorization Assurance: Cannot be bypassed Objective: Move IT security away from the infrastructure and closer to the business rules 11
12 A New Blueprint 12
13 What Is Crypto-Segmentation? Role-based access to cryptographically isolated networked applications Crypto-segments defined per application based on business rules User roles and business policy determine access rights based on verified identity Maintain complete control of keys and key lifecycle Centralizes audit logging for all access Compromise of network, application, user does not compromise crypto-segments: no lateral movement 13
14 Crypto-Segmentation Architecture Sales Enterprise Directory Admin App Crypto-Segments Policy Orchestrator Users and Roles CRM App Billing App Policies & Keys Policy Enforcer VPN Policy Enforcer Policy Enforcer Sales VPN Admin 14
15 Security Evolved Cryptographically assured segmentation Compromises in one segment can not propagate to another segment Strong user identity and role enforcement End-to-end security with no network dependency Security team in control Keys, policies, auditing: orchestrated across all apps, users, networks 15
16 Crypto-Segmentation in Action PoS 3. PoS Malware 3. PoS Malware Enc 3. Stop PoS System 3. PoS Malware Enc 5. Stop Billing System 5. Dump CC Enc Retailer Network 4. Stop 4. Exf Other Malware Systems Enc 6. Exfiltrate CC 6. Stop IDS Monitoring Internet Crypto-Segmentation Per-app flow Per-user multi-factor access control Contractor Network Enc Contractor PoS Steal Password 3. PoS Malware 2. Stop 1. Stop PoS Exfiltration Server Attacker 16
17 Summary: Question the status quo What are your business-driven security requirements? What happens when they change? Does your current network security architecture help or hinder? How does it hold in the new realities of BYOD, mobile, public cloud, SaaS? What happens when a breach takes place? 17
18 Apply Crypto-Segmentation Make a list of your current applications Prioritize most sensitive Which user roles need access when and where? Crypto-segment along these dimensions Make Business needs drive security, not security risk drive business practices I cannot secure this, it will not be on your mobile 18
19 Thank you Satyam Tyagi, CTO, Adam Boone, CMO, CertesNetworks.com 19
Hacking Crisis Highlights Crypto Chaos
TREND ADVISOR: Hacking Crisis Highlights Crypto Chaos Four Data Traffic Security Challenges Exposing Enterprises to Hack Attacks IT departments were battered by a cybersecurity perfect storm in 2014. While
More informationZero Trust Requires Effective Business-Centric Application Segmentation
Zero Trust Requires Effective Business-Centric Application Segmentation GET STARTED Zero Trust Requires Effective Business-Centric Application Segmentation To protect the network from today s sophisticated
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationDo More with MPLS: A Foundation for Security
Do More with MPLS: A Foundation for Security By John E. Burke Principal Research Analyst, Nemertes Research Executive Summary Organizations of all sizes find it a challenge to maintain the skilled staff
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationWireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com
Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationPrinciples & Policies of Perpetual Paranoia: The New Rules for Enterprise IT Security
TREND ADVISOR: Principles & Policies of Perpetual Paranoia: The New Rules for Enterprise IT Security Enterprise users are putting many more demands on IT security than ever before. At the same time, the
More informationCertes: Who s Next in the Hacking Headlines? Lessons Learned from the Data Breach Epidemic
Certes: Who s Next in the Hacking Headlines? Lessons Learned from the Data Breach Epidemic Recorded January 16, 2015 Discussion Transcript Adam Boone Certes Networks, Chief Marketing Officer Larry Hettick
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More informationNetwork Security. Mike Trice, Network Engineer mtrice@asc.edu. Richard Trice, Systems Specialist rtrice@asc.edu. Alabama Supercomputer Authority
Network Security Mike Trice, Network Engineer mtrice@asc.edu Richard Trice, Systems Specialist rtrice@asc.edu Alabama Supercomputer Authority What is Network Security Network security consists of the provisions
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationData Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations
WHITEPAPER An Adaptive Approach to Network Security Evolve your network security strategy to meet new threats and simplify IT security operations Frank Andrus CTO, Bradford Networks Executive Summary...
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationTechnical breakout session
Technical breakout session Small leaks sink great ships Managing data security, fraud and privacy risks Tarlok Birdi, Deloitte Ron Borsholm, WTS May 27, 2009 Agenda 1. PCI overview: the technical intent
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationBig Drivers for IT Security - 2013
Ending the information security arms race with end-to-end encryption Presenting: Jill Walsh October, 2013 Big Drivers for IT Security Consumerization of IT Device explosion; app explosion Employee demands
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationTRENDS IN THE THREAT LANDSCAPE
TRENDS IN THE THREAT LANDSCAPE Guy Eilon, SEE Regional Manager April 2013 geilon@websense.com TRITON STOPS MORE THREATS. WE CAN PROVE IT. 2013 Websense, Inc. Page 1 CHANGING CUSTOMERS NEEDS 90% of companies
More informationWHITE PAPER. 5 Reasons Enterprises Need a New Access Model
WHITE PAPER 5 Reasons Enterprises Need a New Access Model Today enterprises are providing access to their applications in much the same way they did twenty years ago VPNs, proxies, and remote desktops.
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationMOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES
MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network strategy to meet new threats and achieve expanded business imperatives
WHITEPAPER The Emergence of Adaptive Network Security Evolve your network strategy to meet new threats and achieve expanded business imperatives Frank Andrus CTO, Bradford Networks Executive Summary...
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationAll Information is derived from Mandiant consulting in a non-classified environment.
Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationTrustNet Group Encryption
TrustNet Group Encryption Executive Summary Protecting data in motion has become a high priority for a growing number of companies. As more companies face the real and growing threat of data theft, along
More informationENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0
ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationMITIGATING LARGE MERCHANT DATA BREACHES
MITIGATING LARGE MERCHANT DATA BREACHES Tia D. Ilori Ed Verdurmen January 2014 1 DISCLAIMER The information or recommendations contained herein are provided "AS IS" and intended for informational purposes
More informationAgenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree
Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationBYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationPresenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013
Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Outline Genesis - why we built it, where and when did the idea begin Issues
More informationWe Prevent Breaches (and surprises) Intelligent Prevention
We Prevent Breaches (and surprises) Intelligent Prevention www.blueridge.com sales@blueridge.com 1-800-704-5234 2015 Blue Ridge Networks, Inc. October 2015 Losing Ground in the Cyber Battle Post Breach
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationSecuring Web Applications...at the Network Layer
Securing Web Applications......at the Network Layer OWASP Spain Chapter Meeting 16 th June, 2006 Barcelona (ES) Carlos Fragoso Mariscal Chief Technical Director carlos@jessland.net Securing Web Applications
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationCLOUD ACCESS SECURITY BROKERS
The Definitive Guide to CLOUD ACCESS SECURITY BROKERS WHITE PAPER For many enterprises, security and compliance concerns hamper adoption of cloud applications. In fact, 90% of companies have security concerns
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationFidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1
Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationMirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
More informationWebsite Security: It s Not all About the Hacker Anymore
Website Security: It s Not all About the Hacker Anymore Mike Smart Sr. Manager, Products and Solutions Trust Services & Website Security Website Security 1 Website Security Challenges Evolving Web Use
More informationSECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS
SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess
More informationWHITE PAPER AUGUST 2014
THE DEFINITIVE GUIDE TO CLOUD ACCESS SECURITY BROKERS WHITE PAPER AUGUST 2014 For many enterprises, security and compliance concerns hamper adoption of cloud applications. Furthermore, cloud applications
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationNSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationUnderstanding the Security Vendor Landscape Using the Cyber Defense Matrix
SESSION ID: PDIL-W02F Understanding the Security Vendor Landscape Using the Cyber Defense Matrix Sounil Yu sounil@gmail.com @sounilyu Disclaimers The views, opinions, and positions expressed in this presentation
More informationHow to Dramatically Reduce the Cost and Complexity of PCI Compliance
How to Dramatically Reduce the Cost and Complexity of PCI Compliance Using Network Segmentation and Policy-Based Control Over Applications, Users And Content to Protect Cardholder Data December 2008 Palo
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More informationCovering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon
Covering my IaaS: Security and Extending the Datacenter Brian Bourne Tadd Axon About Us Tadd Axon - Holds a Bachelor of Business Administration with a minor in Spanish from Wilfrid Laurier University.
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationOur Key Security Features Are:
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationThe Leading Provider of Endpoint Security Solutions
The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationToday's security needs in networking
Today's security needs in networking Besoins actuels de la sécurité réseau European partner summit Thursday, October 13, 2005 Hervé Schauer Hervé Schauer Agenda Firewalls Liability
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationLimiting the Spread of Threats: A Data Center for Every User
SESSION ID: SPO1-R03 Limiting the Spread of Threats: A Data Center for Every User Geoff Huang Director Product Marketing VMware Tony Paikeday Senior Product Marketing Manager VMware Why do breaches still
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP
SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationSecuring Remote Vendor Access with Privileged Account Security
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationTrue Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
More information