Cloud and Based Security Supoj Aram-ekkalarb Network Security Consultant 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.
Agenda 1 Market Landscape 2 Private Cloud Security 3 Public Cloud Security 4 Summary 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2
The Cloud Evolution On-Premise Hybrid Cloud Off-Premise Efficiency Virtualization Private Cloud Public Cloud SaaS Legacy Datacenter Web Hosting $11.8 billion by 2014 $55 billion by 2014 3
Agenda 1 Market Landscape Private Cloud Security 2 VLAN Sprawl problem Secure Dynamic Cloud Security Gateway Virtual Edition 3 Public Cloud Security 4 Summary 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 4
Private Cloud Cost Reduction Shrinking 1,000 servers that use 100K watts into 100 servers that uses 10K watts IT as a Service IT becomes an ISP within the corporation 5
Moving to Private Cloud Legacy Datacenter Corpnet DMZ Extranet 1:1 Server per Application 1:10 Security Zone (VLANs) per Server 6
Moving to Private Cloud Application Virtualization Corpnet DMZ Extranet 1:5 Server per Application 1:1 Security Zone (VLANs) per Server 7
Moving to Private Cloud Networks Virtualization Corpnet DMZ Extranet 1:20 Server per Application 5:1 Security Zone (VLANs) per Server 8
Moving to Private Cloud Datacenter Consolidation Corpnet DMZ Extranet 1:100 Server per Application 20:1 Security Zone (VLANs) per Server 9
The VLANs Sprawl Problem Cheap and easy to add applications Everyone wants more s s Sprawl How to secure? More VLANs to segment s Hard to manage VLANs Sprawl Problem Lack of compliance Black spots Latency 10
Private Cloud - Security Needs Protection from external threats Inspect traffic between Virtual Machines (s) Secure new Virtual Machines automatically 11
Private Cloud - Security Needs Protection from external threats Inspect traffic between Virtual Machines (s) Secure new Virtual Machines automatically Hypervisor 12
Private Cloud - Security Needs Protection from external threats Inspect traffic between Virtual Machines (s) Secure new Virtual Machines automatically Ensure Security in dynamic environment 13
Check Point Virtual Edition R75.20 Check Point Secures the Private Cloud Check Point Security Gateway Virtual Edition Best Virtual Security Gateway Securing the Virtual Machines Unified Management for Physical and Virtual 14
Secure the Virtual Infrastructure Protects Virtual Machines VE Hypervisor security Certified by Ware Hypervisor Hypervisor Connector Audit virtualization system 15
Virtual Edition Features Best Security Check Point Software Blades All Software Blades Firewall Anti-Virus IPS URL Filtering VPN Flexible Security Mobile Access DLP Application Control Identity Awareness VE Hypervisor Connector Hypervisor 16
Virtual Edition Features Best Security s Protection All Software Blades Flexible Security Securing New s Automatically Secure Dynamic Environment VE Inspecting Inter- Traffic Hypervisor Connector Hypervisor 17
Virtual Edition Features Best Security s Protection All Software Blades Flexible security Securing New s Automatically Secure Dynamic Environment VE Hypervisor Connector Hypervisor 18
Virtual Edition Features Best Security s Protection Unified Management All Software Blades Flexible security Securing New s Automatically Secure Dynamic Environment Same management for Physical and Virtual Virtualize the Management 19
Virtual Edition Features Best Security s Protection Unified Management All Software Blades Flexible security Securing New s Automatically Secure Dynamic Environment Same management for Physical and Virtual Virtualize the Management Hypervisor Connector Hypervisor 20
Secure Dynamic Virtualized Environment Using Identity Based Policy Define a secure policy using Machines and Users identity Update identity-based policy from the Active Directory Old Policy New Policy From To Service Action 192.134.12.12 Database 176.12.34.23 Virtual SQL SQL Allow Admins Group Servers Group User/Group Identity Virtual Machines Identity 21
Agenda 1 Market Landscape 2 Private Cloud Security Public Cloud Security 3 4 Public Cloud Potential Multi-tenancy Security Summary 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 22
23
Public Cloud in 2011 Few Global Clouds Many Regional Clouds 24 24
Cloud Providers Security Needs Multi-tenancy: Servicing Multiple Customers From the Same Environment Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud 25
Agenda 1 Market Landscape 2 Private Cloud Security 3 Public Cloud Security Summary 4 Best Practices Summary 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 26
Virtualized Security Scenarios VE Hypervisor Connector Hypervisor Securing the Virtual Environment Use the new Virtualization Software Blade to apply granular Firewall and IPC policy on traffic between virtual machines. VE Hypervisor Office in a Box Use the Security Gateway VE with FW, IPS, VPN and any other software blade to secure your office networks and assets VE VE VE Enterprise Security Gateways Hypervisor Consolidate your Security Gateways deployment into a virtualized environment. 27
Cloud Security Best Practices Use Firewall to segment between Virtual Machines Use IPS to secure s from External and Internal threats Let the same security Admin manage both physical and virtual policy from a single console Ensure full security with zero downtown-time during live migration Log and audit all Virtualization events and traffic 28
Summary Check Point Pioneers the Cloud Security Virtual Security Gateway For Multi-Tenant Cloud Environments Best Hypervisor security for Virtual Machines The only solution with unified management for Physical and Virtual 29