ArcGIS and Enterprise Security
|
|
- Hilary Dennis
- 8 years ago
- Views:
Transcription
1
2 ArcGIS and Enterprise Security Leveraging ArcGIS in Cybersecurity Ken Stoni Secure Enterprise ArcGIS Best Practices Michael Young
3 Visualizing the Virtual: A geospatial approach to cyber operations and security Ken Stoni
4 The Problem Detection is Difficult, Cyber isn t enough Breach Timeline Our Goals: Compromise: Exfiltration: Discovery: Containment: 97% <= days 72% <= days 66% >= MONTHS 63% <= days 1) Detect early 2) Detect internally 3) Respond appropriately (maintenance vs security) **70% of breaches were discovered by external parties
5 Cyberspace Re-Considered It s Mappable Social / Persona Layer Device Layer Logical Network Layer Physical Network Layer Geographic Layer Each device in cyberspace is owned by someone (no global commons ) Electro-mechanical devices exist in space-time and interact with physical events Geography is required to integrate and align cyberspace with other data
6 Cybersecurity A common sequence of questions How should we respond? Intervention Hardening Remediation Mission Impact? Source WAN Destination Technical Impact? IDS IPS IT Inventory Compromise Detection attempted? Compromise Successful?
7 Four Design Patterns Signature Detection Data External Cyber Environment Internal Cyber Environment Anomaly Detection Mission Assurance Mission Assurance (Cyber Supply Line) WAN
8 Detection Selection & Trending at various scales Building City Firewall Campus Building Function IDS/IPS Geocoding 3 rd Party Geo-Locators Source IP Destination IP IT Inventory
9 Mission Impact The Cyber Supply Line Mission Data Flow LAN Bldg Net DISA WAN Mission Data Flow AT&T LAN Campus #1 Campus #2 Verizon WAN Cyber Supply Line Bldg Net 1. Cyber Supply Line (CSL) is a consistent path through the infrastructure 2. CSL focuses resources on only the devices that are critical 3. Managing data flows is similar to traffic routing; an Esri core competency
10 The CSL and Risk Mission Assurance R A = f(v, T) R = Risk, A = Asset, V = Vulnerability, T = Threat Asset = Data, Device, Sub-Net, Mission Cyber Supply Line Mitigation prioritized Likelihood & Consequence (of failure)
11 Effect Propagation Multi-level Model of Data Flow Cyber Supply Line Maintain Data Flow Mission Assurance
12 When Support to all stages of development Existing Data Dashboard MS-Office Briefing Book Data Workflow Information Product (Monitoring) Information Product (Reporting) Start from Scratch Data Workflow Information Product (Monitoring) Information Product (Reporting) Improve SA Geo-Coding Data Workflow Information Product (Monitoring) Information Product (Reporting) Improve Reporting Data Workflow Information Product (Monitoring) Information Product (Reporting) Improve Performance (cheaper, quicker, more accurate) Design -- Build Cost/Schedule IT Inventory MaxMind Operate -- Maintain Status Monitor -- Respond Risk
13 How Recommended Approach MS-Office Briefing Book Reporting Dashboard Existing Enterprise Apps Monitoring Visualization Visualization Visualization Visualization Visualization Visualization Analysis Analysis Analysis APIs Analysis Widget Database Database Database Query Widget Collector Collector Collector Portal Existing Enterprise Network Environmental Data Auxiliary Data
14 Why Information sharing leading to coordinated action Reporting Executives Monitoring Enterprise Ops Center Analysis & Planning Best Practices (e.g. NIST Framework) Network Engineers Performance Optimization Net Model Determine Attack Indicators Net Security Division Threat Data Security Community (e.g. McAfee) Net Ops Data Net Security Data Observe & Assess Network Activities Network Ops Hunt Teams Adversary
15 Secure Enterprise ArcGIS Best Practices Michael E Young Esri Principal Security Architect
16 What is a secure GIS?
17 Introduction What is The Answer? Risk Impact
18 Trends Controls by Industry Industry risk patterns Focus security controls Energy Sector High Risk Areas Web Application Attacks Crimeware Denial of Service (DoS) attacks * Verizon 2014 DBIR
19 Trends Open source security component vulnerability affects 2/3 rd of web services Scenario OpenSSL vulnerability (HeartBleed) ArcGIS Online indirectly exposed through Amazon s Elastic Load Balancer Patched by Amazon within a day of vulnerability announcement Many pre 10.3 ArcGIS components contain vulnerable version, but don t utilize vulnerable function ArcGIS Server for Linux before 10.3 was vulnerable (Patch available for 10.1SP1 and later) Lessons learned 3 rd party / open source components are immersive across cloud and on-premises Many organizations still don t have effective patch management for these underlying components No individual layer is full-proof Esri s first cross-product vulnerability status KBA minimized confusion Utilize Trust.ArcGIS.com site Expect More Issues with OpenSSL throughout 2015
20 Trends 2015 and beyond Focus shifting from network perimeter to data - Drives need for stronger authentication of who is accessing the data Mobile malware continues to grow APTs and malware diversification Unpatched systems (Windows XP end-of-life) Hacking the Internet of Things
21 Strategy
22 Strategy A better answer Identify your security needs - Assess your environment - Datasets, systems, users - Data categorization and sensitivity - Understand your industry attacker motivation Understand security options - Trust.arcgis.com - Enterprise-wide security mechanisms - Application specific options Implement security as a business enabler - Improve appropriate availability of information - Safeguards to prevent attackers, not employees
23 Strategy Enterprise GIS Security Strategy Security Risk Management Process Diagram - Microsoft
24 Strategy Esri Products and Solutions Secure Products - Trusted geospatial services - Individual to organizations - 3 rd party assessments ArcGIS Secure Enterprise Guidance - Trust.ArcGIS.com site - Online Help Secure Platform Management - SaaS Functions & Controls - Certifications / Compliance
25 Strategy Security Principles CIA Security Triad Availability
26 Strategy Defense in Depth More layers does NOT guarantee more security Understand how layers/technologies integrate Simplify Balance People, Technology, and Operations Holistic approach to security Data and Assets Physical Controls Policy Controls Technical Controls
27 Mechanisms
28 Mechanisms
29 Mechanisms Authentication GIS Tier (Default) - Built-in User store - Enterprise (AD / LDAP) - ArcGIS Tokens Web, mobile, and desktop clients Web server Web Adaptor Web Tier (Add web adaptor) - Enterprise (AD / LDAP) - Any authentication supported by web server - HTTP Basic / Digest - PKI - Windows Integrated ArcGIS for Desktop users GIS Server administrators Publish Services Connect to ArcGIS Server Manager + GIS server(s) Data server
30 Mechanisms Authorization Role-Based Access Control Esri COTS - Assign access with ArcGIS Manager - Service Level Authorization across web interfaces - Services grouped in folders utilizing inheritance 3 rd Party - Web Services - Conterra s Security Manager (more granular) - RDBMS - Row Level or Feature Class Level - Versioning with Row Level degrades performance - Alternative - SDE Views - URL Based - Web Servers & Intercept offerings such as CA s SiteMinder
31 Mechanisms Filters 3 rd Party Options Firewalls Reverse Proxy Web Application Firewall Anti-Virus Software Intrusion Detection / Prevention Systems
32 Mechanisms Encryption 3 rd Party Options Network - IPSec (VPN, Internal Systems) - SSL/TLS (Internal and External System) - Cloud Encryption Gateways - Only encrypted datasets sent to cloud File Based - Operating System BitLocker - GeoSpatial PDF with Certificates - Hardware (Disk) RDBMS - Transparent Data Encryption (TDE)
33 Mechanisms Logging/Auditing Esri COTS - Geodatabase history - Track changes - ArcGIS Workflow Manager - Track detailed Feature based activities - ArcGIS Server 10+ Logging - User tag added 3 rd Party - Logs - Web Server, RDBMS, OS, Firewall - Consolidate with a SIEM - Geospatial monitors - Upcoming GIS Management pack for MS System Center - Esri System Monitor - Vestra GeoSystems Monitor - Geocortex Optimizer
34 ArcGIS Server
35 ArcGIS Server Enterprise Deployment WAF, SSL Accel Load Balancer Network Load Balancing 443 Firewall Internet Port: 443 Port: 80 Port: 80 IIS/Java Web Server IIS/Java Web Server IIS/Java Web Server ADFS Proxy Web Apps Web Adaptor Web Adaptor Web Apps Auth Web Server Web Server A Web Server B Firewall Supporting Infrastructure ArcGIS Site ADFS / SAML 2.0 Port: 6080 Web Adaptor Round-Robin Port: 6080 AD/ LDAP SQL ArcGIS for Server GIS Services GIS Server A Server Request Load Balancing GIS Services ArcGIS for Server GIS Server B Clustered HA NAS Config Store HA DB1 HA DB2 Directories FGDB
36 ArcGIS Server Minimize Attack Surface Don t expose Server Manager to public Disable Services Directory Disable Service Query Operation (as feasible) Enable Web Service Request Filtering - Windows 2008 R2+ Request Filtering - XML Security Gateway Better Attack surface Attack surface over time Time Limit utilization of commercial databases under website - File GeoDatabase can be a useful intermediary (SQL injection does not work) Require authentication to services
37 ArcGIS Server New Security Hardening Guidelines Establishing guidelines with DISA - Create a Security Technical Implementation Guides (STIGs) - First STIG will be Windows based ArcGIS Server Other STIGs will be performed based on demand Expected completion in 2015 Post STIG completion - STIG will be an input for an ArcGIS Server Security Hardening guide for general distribution - Additional enterprise component integration testing and best practice recommendations to be incorporated
38 ArcGIS Server Awareness of Relative Risk New relative risk insights for geospatial services Optional mitigation measures to reduce risk Service Map Map Feature Feature Feature Geocoding Geodata Geodata Geodata Geoprocessing Image Image Image Relative Service Risk Capability Mapping Query Read Edit Sync Geocode Query Data Extraction Replica Geoprocessing Imaging Edit Upload Default when Enabled Security Hardened Security Hardened Settings Red = Higher risk Yellow = Average risk Green = Low risk
39 ArcGIS Server Enhancements Single-Sign-On (SSO) for Windows Integrated Authentication - Works across ArcGIS for Server, Portal, and Desktop Stronger PKI validation - Leverage multi-factor authentication when accessing applications, computers, and devices - Web adaptor deployed to web server forwards to AGS the request and username Integrated account management and publishing capabilities - Across ArcGIS for Server and Portal in a federated configuration Key SQL Injection vulnerabilities addressed since 10.2 with Standardized Queries Add support for - Active Directory nested groups & domain forests - Configuring Private and Public services within the same ArcGIS Server site
40 ArcGIS Server Single ArcGIS Server machine Desktop, Web, and Mobile Clients Desktop, Web, and Mobile Clients 80/443 Web Adaptor 6080/ /6443 Site Administrators Connect to Manager GIS server, Data, Server directories, Configuration Store Site Administrators Connect to Manager GIS server, Data, Server directories, Configuration Store Front-ending GIS Server with Reverse Proxy or Web Adaptor
41 ArcGIS Server ArcGIS Server HA - Sites independent of each other Desktop, Web, and Mobile Clients Active-active configuration is shown - Active-passive is also an option Separate configuration stores and management Network Load Balancer (NLB) - Scripts can be used to synchronize Cached map service for better performance Web Adaptors (optional) Load balancer to distribute load Site Administrators Connect to Manager ArcGIS Server site ArcGIS Server site Site Administrators Connect to Manager Server directories, Configuration Store (duplicated between sites)
42 ArcGIS Server ArcGIS Server HA Shared configuration store Desktop, Web, and Mobile Clients Shared configuration store Network Load Balancer (NLB) Web Adaptor will correct if server fails Web Adaptors Config change affects whole site - Example: publishing a service GIS servers Test configuration changes Site Administrators Connect to Manager Data server, Data (enterprise geodatabase), Server directories, Configuration Store
43 Cloud
44 Cloud Service Models On-Premises - Traditional systems infrastructure deployment - Portal for ArcGIS & ArcGIS Server IaaS - Portal for ArcGIS & ArcGIS Server - Some Citrix / Desktop SaaS - ArcGIS Online - Esri Managed Cloud Services Customer Responsible End to End Decreasing Customer Responsibility Customer Responsible For Application Settings
45 Cloud Deployment Models Online Online Intranet Intranet Intranet Server Portal Server Public ArcGIS Online + On-Prem On- Prem Online Server Server Server Read-only Basemaps Intranet Intranet Portal Server Cloud ArcGIS Online + EMCS On-Prem + On-premise
46 Cloud Management Models Self-Managed - Your responsibility for managing IaaS deployment security Provider Managed - Esri Managed Cloud Services - New FedRAMP Moderate Compliant (part of Advanced Plus option)
47 Cloud Responsibility Across Deployment Options On-premises Esri Images & Cloud Builder Esri Managed Cloud Services FedRAMP Moderate Compliant ArcGIS Online FISMA Low ATO ArcGIS ArcGIS ArcGIS ArcGIS Online OS/DB/Network OS/DB/Network OS/DB/Network OS/DB/Network Security Infrastructure No Security Infrastructure by default Security Infrastructure Security Infrastructure Esri Compliance & ATO Scope Virtual / Physical Servers Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) Cloud Infrastructure (IaaS) IaaS ATO Scope Customer Responsibility Esri Responsibility CSP Responsibility
48 EMCS Security Infrastructure AWS Customer Infrastructure Active/Active Redundant across two Cloud Data Centers End Users Public-Facing Gateway Web Application Firewall WAF ArcGIS for Portal DMZ Security Ops Center (SOC) Security Service Gateway Intrusion Detection IDS / SIEM ArcGIS Server Cloud Infrastructure Centralized Management Backup, CM, AV, Patch, Monitor Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Bastion Gateway MFA Relational Database File Servers Authentication/Authorization LDAP, DNS, PKI Dedicated Customer Application Infrastructure Common Security Infrastructure Esri Administrators Esri Admin Gateway Cloud Infrastructure Hypervisor, TCP/IP, Network ACLs, Routing, Storage, Hardware Common Cloud Infrastructure Legend Agency Application Cloud Provider Security
49 Cloud Hybrid deployment combinations Users Apps Anonymous Access On-Premises Ready in months/years Behind your firewall You manage & certify Esri Managed Cloud Services Ready in days All ArcGIS capabilities at your disposal in the cloud Dedicated services FedRAMP Moderate ArcGIS Online Ready in minutes Centralized geo discovery Segment anonymous access from your systems FISMA Low... All models can be combined or separate
50 Cloud Standards Enterprise Logins - SAML Provides federated identity management - Integrate with your enterprise LDAP / AD - Added to Portal for ArcGIS 10.3 API s to Manage users & app logins - Developers can utilize OAuth 2-based API s -
51 Compliance
52 Compliance Products and Services ArcGIS Online - FISMA Low Authority To Operate (ATO) by USDA - FedRAMP - Upcoming Esri Managed Cloud Services (EMCS) - FedRAMP Moderate (Jan 2015) ArcGIS Desktop - FDCC (versions ) - USGCB (versions 10.1+) - ArcGIS Pro (Expected Q1 2015)
53 Compliance Corporate Operations ISO Esri s Corporate Security Charter Privacy Assurance - US EU/Swiss SafeHarbor self-certified - TRUSTed cloud certified SSAE 16 Type 1 Previously SAS 70 - Esri Data Center Operations - Expanded to Managed Services in 2012
54 Compliance Cloud Infrastructure Providers ArcGIS Online Utilizes World-Class Cloud Infrastructure Providers - Microsoft Azure - Amazon Web Services Cloud Infrastructure Security Compliance SSAE16 SOC1 Type2 Moderate
55 Compliance ArcGIS Online Assurance Layers Customer Web App Consumption ArcGIS Management Esri Web Server & DB software AGOL SaaS FISMA Low (USDA) SafeHarbor (TRUSTe) Operating system Instance Security Management Cloud Provider ISO SSAE16 FedRAMP Mod Cloud Providers Hypervisor Physical
56 Summary
57 Summary Geospatial solutions can facilitate cybersecurity Security demands rapidly evolving - Prioritize efforts according to your industry and needs - Don t just add components, simplified Defense In Depth Secure Best Practice Guidance is Available - Check out the ArcGIS Trust Site! - ArcGIS Security Architecture Workshop - SecureSoftwareServices@esri.com
58 Thank you! Give us your feedback!
59 Thank you! Give us your feedback!
60
Designing an Enterprise GIS Security Strategy 2014. Michael E. Young Matt Lorrain
Designing an Enterprise GIS Security Strategy 2014 Michael E. Young Matt Lorrain Agenda Introduction Trends Strategy Mechanisms Server Mobile Cloud Compliance Summary Introduction What is a secure GIS?
More informationDesigning an Enterprise GIS Security Strategy
Esri International User Conference San Diego, California Technical Workshops July 26, 2012 Designing an Enterprise GIS Security Strategy Michael E Young Agenda Introduction Strategy Trends Mechanisms ArcGIS
More informationArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies. Michael E. Young
ArcGIS Cloud Security Roadmap & Best Practices for Federal Agencies Michael E. Young Agenda Introduction ArcGIS Cloud Capabilities ArcGIS Online (SaaS) Security ArcGIS Cloud Providers ArcGIS IaaS Security
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationArcGIS Security Authorization Advancements
Federal GIS Conference February 9 10, 2015 Washington, DC ArcGIS Security Authorization Advancements Michael Young & Erin Ross Overview Authorization Past & Present Products - ArcGIS Server - ArcGIS Desktop
More informationEnterprise GIS Architecture Deployment Options. Andrew Sakowicz
Enterprise GIS Architecture Deployment Options Andrew Sakowicz Audience Audience - Architects - Developers - Administrators - Project Managers Level: - Beginner / Intermediate Introduction Andrew Sakowicz
More informationPortal for ArcGIS. Satish Sankaran Robert Kircher
Portal for ArcGIS Satish Sankaran Robert Kircher ArcGIS A Complete GIS Data Management Planning & Analysis Field Mobility Operational Awareness Constituent Engagement End to End Integration Collect, Organize,
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationHow To Use Arcgis For Free On A Gdb 2.2.2 (For A Gis Server) For A Small Business
Esri Middle East and Africa User Conference December 10 12 Abu Dhabi, UAE Understanding ArcGIS in Virtualization and Cloud Environments Marwa Mabrouk Powerful GIS capabilities Delivered as Web services
More informationSecurity Best Practices for Microsoft Azure Applications
Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure
More informationPortal for ArcGIS: An Introduction
2013 Esri Mid-Atlantic User Conference December 10-11 Baltimore, MD Portal for ArcGIS: An Introduction Derek Law Esri, Redlands Agenda Web GIS Deployment patterns Portal for ArcGIS overview Security Integration
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationDeploying ArcGIS for Server Using Managed Services
Deploying ArcGIS for Server Using Managed Services Andrew Sakowicz Erin Ross Sridhar Karra Agenda Introduction Program Overview - Overview - Methodology - Tools Customer Deployments - Architecture and
More informationSecuring ArcGIS Server Services: First Steps
Federal GIS Conference February 9 10, 2015 Washington, DC Securing ArcGIS Server Services: First Steps Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow ArcGIS Server Roles and
More informationPortal. from the trenches!
from the trenches! Deployment Patterns Scaling and High Availability Reference Implementations Common Challenges Extending Engagement patterns Esri UC 2014 Technical Workshop for ArcGIS Technology Transfer
More informationArcGIS for Server Deployment Scenarios An ArcGIS Server s architecture tour
ArcGIS for Server Deployment Scenarios An Arc s architecture tour Ismael Chivite Product Manager at Esri Concepts Single Machine Configurations Basic Basic with Proxy Fail-Over Load Balanced or Siloed
More informationDeploying ArcGIS for Server Using Esri Managed Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Deploying ArcGIS for Server Using Esri Managed Services Andrew Sakowicz Erin Ross Cloud Overview Deploying ArcGIS for Server What is Cloud:
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationArcGIS for Server Reference Implementations. An ArcGIS Server s architecture tour
ArcGIS for Server Reference Implementations An Arc s architecture tour Basic Single Machine Site Advantages Easy to setup Fast performance (keep file resources local) Client Manager Data (Files) Uses:
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationBuilding your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk
Building your Server for High Availability and Disaster Recovery Witt Mathot Danny Krouk Terminology Whoa! Resiliency High Availability RTO Round Robin Business Continuity A Spectrum, Not a Switch Backup
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationCourse 20533: Implementing Microsoft Azure Infrastructure Solutions
Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationImplementing Microsoft Azure Infrastructure Solutions
Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationChapter 1: Introduction to ArcGIS Server
Chapter 1: Introduction to ArcGIS Server At a high level you can think of ArcGIS Server as software that helps you take your geographic information and make it available to others. This data can be distributed
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationMicrosoft SharePoint Architectural Models
Microsoft SharePoint This topic is 1 of 5 in a series Introduction to Fundamental SharePoint This series is intended to raise awareness of the different fundamental architectural models through which SharePoint
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More informationGetting Started with the iscan Online Data Breach Risk Intelligence Platform
Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing
More informationBig data variety, 179 velocity, 179 volume, 179 Blob storage containers
Index A AADRM. See Azure active directory rights management (AADRM) AADRM PowerShell module Azure AD module, 164 Connect-AadrmService cmdlet, 164 Connect-MsolService cmdlet, 164 PowerShell v2.0 and.net
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationArcGIS for Server in the Amazon Cloud. Michele Lundeen Esri
ArcGIS for Server in the Amazon Cloud Michele Lundeen Esri What we will cover ArcGIS for Server in the Amazon Cloud Why How Extras Why do you need ArcGIS Server? Some examples Publish - Dynamic Map Services
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More information319 MANAGED HOSTING TECHNICAL DETAILS
319 MANAGED HOSTING TECHNICAL DETAILS 319 NetWorks www.319networks.com Table of Contents Architecture... 4 319 Platform... 5 319 Applications... 5 319 Network Stack... 5 319 Cloud Hosting Technical Details...
More informationAppendix C Pricing Index DIR Contract Number DIR-TSO-2724
Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationCloud economics and flexibility with local choice and control
Cloud economics and flexibility with local choice and control Schools are expected to operate in a hybrid IT environment for the foreseeable future, part on-premise and part cloud service. Schools require
More informationSharePoint 2013 Logical Architecture
SharePoint 2013 Logical Architecture This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
More informationImplementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led
Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Course Description This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationCourse 20533B: Implementing Microsoft Azure Infrastructure Solutions
Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Sales 406/256-5700 Support 406/252-4959 Fax 406/256-0201 Evergreen Center North 1501 14 th St West, Suite 201 Billings, MT 59102 Course
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationHow To Cloud Compute At The Cloud At The Cyclone Center For Cnc
Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1 Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2 Background Cloud Definition
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationRealizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific
Realizing the Benefits of Hybrid Cloud Anand MS Cloud Solutions Architect Microsoft Asia Pacific Agenda Key drivers for Hybrid Cloud Unified Cloud Strategy Example Use Cases How to get there Hybrid Cloud:
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationHarnessing the Power of the Microsoft Cloud for Deep Data Analytics
1 Harnessing the Power of the Microsoft Cloud for Deep Data Analytics Today's Focus How you can operate your business more efficiently and effectively by tapping into Cloud based data analytics solutions
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationSecurity of Cloud Computing for the Power Grid
ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationMANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013
MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY EMEA Webinar July 2013 Protecting the Enterprise Full Footprint Mobile user Application access management & Application security Enterprise headquarters
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationSymantec App Center 4.0 Admin Documentation
Symantec App Center 4.0 Admin Documentation Installation Planning Guide September 2012 Symantec Corporation, 2012 Page 1 Table of Contents Purpose of Document... 3 Deployment Options Overview... 3 Public
More informationFundamentals of Windows Server 2008 Network and Applications Infrastructure
Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationKEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure
KEMP LoadMaster Enabling Hybrid Cloud Solutions in Microsoft Azure Introduction An increasing number of organizations are moving from traditional on-premises datacenter architecture to a public cloud platform
More informationTotal Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER
Total Cost of Ownership Overview vs OneLogin WHITEPAPER Are you really going to double down on machines, software and professional services to extend Active Directory (AD)? Executive Summary Are you planning
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationOBIEE 11g Scaleout & Clustering
OBIEE 11g Scaleout & Clustering Borkur Steingrimsson, Rittman Mead Consulting Collaborate, Orlando, April 2011 Agenda Review OBIEE Architecture Installation Scenarios : Desktop, Departmental, Enterprise
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informatione2e Secure Cloud Connect Service - Service Definition Document
e2e Secure Cloud Connect Service - Service Definition Document Overview A cloud connectivity service that connects users, devices, offices and clouds together over the Internet. Organisations can choose
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More information