Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Transcription

1 Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1

2 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers for critical business functions and because these services are now being hosted outside the enterprise perimeter, security control is greatly limited. Transitioning to the cloud introduces new protocols that are difficult to inspect. Additionally, network security devices cannot inspect the contents of encrypted traffic between end-users and application providers. New risks arise with the increased use of cloud services open the door to sensitive information being transferred to outside organizations. Visibility is lost when key applications are moved to external providers of services such as , collaboration tools, CRM and storage. Fidelis XPS Cloud Services Security Solution gives an enterprise that visibility back. The Fidelis XPS solution for Cloud Services Security combines the Fidelis XPS sensor and Fidelis SSL Inspector appliance. With the solution, enterprises can ensure that only authorized services and service providers are being used, only authorized information is being transferred to or through these providers, and that users aren t downloading malicious content that might be the basis for an attack on the enterprise network itself. Security Challenges in the Cloud As enterprises worldwide are increasing their reliance on Cloud Service providers for critical business functions such as (Google Mail, Hosted Exchange), collaboration (Google Apps, Hosted Sharepoint), CRM (Salesforce.com), and storage (Dropbox, Amazon S3), an enterprise can reap numerous compelling benefits, but they come with a new set of risks. These services were traditionally deployed within the enterprise perimeter on systems and networks secured by the enterprise. In the Software-as-a-Service (SaaS) model offered by Cloud Service providers, enterprise employees are users of services hosted outside the enterprise perimeter, greatly limiting the security controls around application usage and information that might be stored and retrieved outside the organization. Often, the use of these services is at the initiative of teams or business units, without corporate security being consulted. Typically, this structure leaves an enterprises conventional network security monitoring devices blind to the content being transferred between the enterprise and the SaaS provider. Utilizing cloud services without the proper visibility can lead to: Emergence of new protocols at traditional monitoring points. Instead of content being transferred over open protocols such as SMTP, use of new protocols such as Microsoft MAPI do not allow traditional network security solutions to inspect content; Reliance on SSL encryption. Hosted services rely on encryption via SSL/TLS between the enduser and application provider. In the absence of a means of decrypting this traffic, network security devices cannot inspect the contents of underlying sessions; Being blind to advanced threats. Client-system focused malware can be downloaded or distributed through an organization without the possibility for intervention by an enterprises network security tools. PAGE 2 PAGE 2

3 Collectively, this creates new risks around the potential for sensitive information to be transferred outside the organization in violation of policy or the possibility for advanced threats to enter the enterprise s network. Hosted'Exchange'/' SharePoint' Local'SensiHve' InformaHon' Network'Security'Stack' Hosted'Services' '' Public'Cloud' (SaaS)' Internet' MAPI'/'SSL' Network' Data'Center' MicrosoK'Outlook' 1' Figure 1 Hosted Services, Impact of SaaS The Fidelis XPS Solution for Cloud Services Security Fidelis XPS Cloud Services Security solution reestablishes visibility into all traffic between an enterprise and its providers. Through a solution that combines Fidelis XPS and Fidelis SSL Inspector, enterprises can gain the necessary visibility and control to decrease their risk with their use of SaaS applications. By identifying the use of SaaS applications, as well as content inspection of all traffic between the enterprise and its SaaS providers visibility is restored that had been lost when key applications are moved to external providers of critical IT services. Enterprises gain complete visibility and control around their use of Cloud Services, in order to ensure the use of authorized Cloud Service applications, prevent the transfer of unauthorized content to the Cloud Service applications, and authenticate Cloud Service Providers to prevent Man-In-The-Middle attacks. By utilizing the following features within the Fidelis XPS solution for Cloud Services Security, organizations can secure their use of cloud services: Decrypt SSL. Fidelis SSL Inspector ensures that all SSL traffic is decrypted and made available to the Fidelis XPS sensor for inspection. PAGE 3 PAGE 3

4 ' Inspect All SaaS Applications. The following Fidelis XPS decoders inspect SaaS applications: - Fidelis XPS HTTP decoder inspects and controls web-based SaaS applications such as Salesforce.com, Google Apps and Amazon S3. - Fidelis XPS Exchange/MAPI decoder inspects and controls hosted Exchange services such as Microsoft Exchange 360 and Aptix. - Fidelis XPS Sharepoint decoder can be used to inspector and control Hosted Sharepoint services such as Microsoft Exchange 360. Authenticate SaaS Providers. The Fidelis XPS SSL decoder verifies the authenticity of all SaaS providers using SSL. Enterprise-Controlled Security Practices. Since the solution is deployed at the enterprise, it does not require active cooperation from the service provider so that an enterprises current security policies can continue to be enforced consistently across all providers. Fidelis'XPS'Direct' Hosted'Exchange'/' SharePoint' Local'SensiKve' InformaKon' Fidelis'SSL' Inspector' MAPI' Hosted'Services' '' Public'Cloud' (SaaS)' MAPI'/'SSL' Internet' MAPI'/'SSL' Fidelis'XPS'CommandPost' Network' Data'Center' 2' MicrosoM'Outlook' 2 Figure 2 Typical deployment of Fidelis XPS Cloud Services Security solution Solution Spotlight: Fidelis XPS Exchange/MAPI Decoder Administrators charged with managing enterprise level environments are finding that IT consolidation often leads to key systems, such as Microsoft Exchange servers, being placed outside their security perimeters while they retain the responsibility of providing security for the clients within the perimeter. Security concerns continue to be the biggest PAGE 4 PAGE 4

5 obstacles to the centralization of data centers, which provide greater cost savings and lead to increases in operational efficiency. With the Fidelis XPS Exchange/MAPI decoder, blind spots are removed and visibility is restored, allowing data to be managed in any environment as if it resided behind the firewall. This decoder addresses the lack of visibility into information flowing between clients such as Microsoft Outlook and Microsoft Exchange servers, using the MAPI protocol. Fidelis XPS Exchange/MAPI Decoder provides security administrators with visibility into areas where the enterprise might be at risk through inadvertent or malicious activity such as data exfiltration or phishing. The majority of spear phishing attacks are through messages and with many Exchange servers out of the control of enterprise IT and security teams, the susceptibility to these threats is only increasing. The Fidelis XPS Exchange/MAPI decoder can be used to identify these threats and alert security teams to them before the threat actors can invade and cause harm. Utilizing the Fidelis XPS Exchange/MAPI Decoder, an enterprise can see into any attachment and any embedded content-based attack helping to eliminate outbound (inadvertent exfiltration) and inbound (spear phishing, targeted attack) threats. Customer Case Study In 2009, a global pharmaceutical manufacturer took stock of the use of Microsoft Sharepoint across their business units and recognized the potential for consolidation and migration to a third party hosting provider. Sharepoint was used extensively to manage internal projects and those that involved the large set of partners that the company used to assist in activities such as field trials around the world. Consequently, there was a considerable amount of sensitive information stored in those systems that required compliance with regulations such as HIPAA, as well as key intellectual property that needed to be protected. After considerable analysis, the company decided to use hosted Sharepoint from a third party provider as well as maintain a consolidated internal deployment. For both sets of deployments, they created policies around access control and the kind of content to be stored in each system. However, they realized that enforcing these policies on hosted Sharepoint was going to be infeasible since there was no visibility into that traffic. They chose to deploy the Fidelis XPS Cloud Services Solution to enforce policies on all traffic going to their Sharepoint deployments, both internal and hosted. This allows them to maintain compliance, protect sensitive intellectual property, and guard against the risk of infection via the hosted Sharepoint deployment. The use of the solution enabled the realization of their Sharepoint vision and the associated efficiencies and cost savings. PAGE 5 PAGE 5

6 Conclusion Cloud Services represent a significant and compelling change in enterprise IT architectures and it will take years to understand and plug all the resulting security exposures. The inability to achieve comprehensive and deep visibility into and control over information flow between the enterprise and Cloud Service Providers is a hole that needs plugged today. Fidelis XPS is the industry's only network security monitoring solution capable of seeing, studying, and stopping advanced threats in real-time; providing organizations with the network visibility, analysis, and control necessary to manage advanced threats, analyze forensics data more intelligently, and prevent data breaches. Fidelis SSL Inspector allows organizations to identify threats hidden within SSL encrypted communications with no impact to existing network configurations and performance and provides organizations with security, content inspection, and threat detection created by SSL. Combined, the Fidelis XPS Cloud Security Solution extends unparalleled visibility and control of increasingly high volumes of traffic between the enterprise and SaaS provider. About Fidelis Security Systems Since 2002, Fidelis Security Systems has been providing organizations with the network visibility, analysis, and control necessary to manage advanced threats and prevent data breaches. Built on a patented Deep Session Inspection, platform, the Fidelis XPS is the industry's only network security solution capable of seeing, studying, and stopping advanced threats in real-time by uniquely working at the session-level where today s threats occur. Fidelis enables their government, military, and commercial enterprise customers around the globe to achieve proactive situational awareness, content protection, threat mitigation, and application activity control. To learn more, visit FIDELIS SECURITY SYSTEMS, FIDELIS EXTRUSION PREVENTION SYSTEM, FIDELIS XPS, DEEP SESSION INSPECTION, the FIDELIS SECURITY SYSTEMS logo, and/or other FIDELIS SECURITY SYSTEMS products referenced herein are trademarks of Fidelis Security Systems, Inc. Copying, use or distribution of any material contained herein is expressly prohibited. Copyright 2012 Fidelis Security Systems, Inc. All rights reserved. PAGE 6 PAGE 6