Guest Speaker Michael Sutton Chief Information Security Officer Zscaler, Inc. Michael Sutton has dedicated his career to conducting leadingedge security research, building world-class security teams and educating others on a variety of security topics. As CISO, Sutton heads Zscaler's Office of the CISO, a team engaging security executives at a peer level to drive best practices and facilitate industry wide collaboration on emerging security topics. The Office of the CISO is also responsible for providing subject matter expertise through speaking engagements, blogging and media collaboration.
whois Zscaler CISO Cloud delivered, carrier-grade Internet security and compliance platform Background SPI Dynamics acquired by HP idefense acquired by VeriSign Research Web security Client-side vulnerabilities Book Fuzzing: Brute Force Vulnerability Discovery 2
2015 Gartner Magic Quadrant for Secure Web Gateways leads the SWG market in several cloud innovations the largest global cloud footprint continues to be the fastest-growing vendor in this market one of the most innovative vendors. 3
Enterprise How the modern workforce is changing enterprise security
The Evolving Threat Landscape Enterprises Attackers Attacks Security Sedentary Workforce PCs and laptops Corporate network VPN connectivity required for remote employees Rogue Individuals Motivated by the challenge No financial gain Loud and Noisy Server side vulns Attacks were obvious and a brief duration Damage could be costly but easy to clean up URL filtering Anti-virus 2005 Corp. owned devices Dynamic Workforce Smartphones and tablets Working from free wifi networks and 3G/4G connections BYOD Organized Criminals Well funded Highly skilled Criminal organizations Financial/political gain Quiet and stealthy Exploiting client-side vulns and social engineering Leveraging end users as a catalyst Goal - data exfiltration URL filtering Anti-virus 2015 Enterprise security has failed to keep pace with the evolving threat landscape
IT is Losing Control IT must protect corporate resources that they no longer control Can t rely on device/network solutions Device Mobile devices BYOD IoT Network Cellular (3G/4G) Guest WiFi Direct to net Home networks Data Cloud apps Shadow IT SSL inspection 6
(In)visibility Acquisition Regional Office HQ Cloud Remote Employees HQ Consolidate data from disparate systems (IDS, IPS, Firewall, AV, etc.) Internal/external view Regional offices Consolidate data to obtain comprehensive threatscape Acquisition Incompatible technologies Remote Employees Poor user experience (forced VPN) vsweak security (split tunnel) Cloud Losing control of data
Appliance Fatigue 28 PAC File 1 Web Filter Sandbox SSL Aggregation firewall 27 2 SSL Client - side SSL tunnel Load balancers 26 10 3 15, 16 SSL Server side SSL tunnel Flow management 11 Edge firewall Content Inspection Source: Global 1000 network security diagram, August 2014 Log files
Secure Web Gateways 9
Defining Secure Web Gateways Features Value Deployment Options URL filtering Legacy malware protection Advanced threat defense Application control technologies Defend users from Internet borne threats Help enterprises enforce Internet policy compliance Secure Web gateways (SWGs) utilize URL filtering, advanced threat defense, legacy malware protection and application control technologies to defend users from Internet-borne threats and to help enterprises enforce Internet policy compliance. SWGs are implemented as on-premises appliances (hardware and virtual), cloud-based services or in hybrid mode (combined on-premise appliances and cloud-based services). Vendors continue to differ greatly in the maturity and features of their cloud-based services and in their ability to protect enterprises from advanced threats. - 2015 Gartner Magic Quadrant for Secure Web Gateways On premise appliance (hardware and virtual) Cloud based services Hybrid mode 10
Hybrid Deployments Because of the requirement to defend against advanced threats, it is no longer enough for a cloud based SWG to only offer the traditional SWG services (for example, URL filtering and basic malware detection). Vendors that offer cloud-based SWGs, and only offer on-premises appliance-based advanced threat products, need to quickly port their advanced threat offerings to a cloud platform and deliver this functionality as a service. Vendors such as Blue Coat, Intel Security and others fall into this category. - 2015 Gartner Magic Quadrant for Secure Web Gateways CAUTION Hybird solutions often deliver differing functionality and reporting in appliance vs cloud platforms In this scenario, end user protection diminishes when employees leave the corporate network 11
Sandboxing Solutions SWG vendors are competing against firewall, intrusion prevention system (IPS) and unified threat management (UTM) vendors that also sell sandboxing as an optional feature - 2015 Gartner Magic Quadrant for Secure Web Gateways Core Focus Feature Set Advanced Behavioral Analysis WildFire Malware Analysis Appliance Deep Discovery Inspector Threat Emulation Private Cloud Appliance FortiSandbox
Behavioral Analysis Deployment Options Appliance Based Generally deployed in tap mode as a detective control SSL decryption generally requires complimentary proxy technology Authentication options Examples FireEye, Palo Alto WildFire
Behavioral Analysis Deployment Options Cloud Based LAN connectivity - GRE tunnel, IPSec VPN, Proxy chaining Device connectivity PAC files, agent, HTTP proxy, IPSec VPN Proxy integrates SSL decryption and authentication Traffic inspection independent of device/location Examples Zscaler
Zscaler Platform 15
Zscaler Architecture Private Cloud Consumer Cloud Commercial Cloud Mobile Apps Public Cloud Inspect all web traffic For all users, locations and devices Block threats Prevent IP leakage Enforce business policy Improve Internet performance Increase IT & end-user productivity HQ Regional offices Branches / stores Factories On-thego Home office Mobile Internet of things Secure, compliant, policy-based Internet access on any device, anywhere
Zscaler Framework Next generation firewall Data loss prevention Cloud application visibility & control Advanced persistent threat protection Network effects Signature blocking Guest Wifi protection Secure web gateway Security Services Policy management User authentication Application awareness Unified administration Software as a Service Platform and Global Operations Global operations 24x7x365 support Real-time security updates Cloud mining Sand boxing Machine learning SSL decryption Content inspection Deep packet inspection Intrusion prevention system 100+ global data centers 1,000 s of processors 1+ terabits of bandwidth Inline antivirus Threat scoring URL filtering Proxy & forwarding Bandwidth control Global logging Reporting & analytics In-memory architecture In-line processing Inspect every byte Mobile, BYOD & things security Open Ecosystem Single sign-on SIEM integration MDM integration Mobile device support Resilient & redundant 99.999% available Full transparency Better security with lower cost of administration
Advanced Security Defense In Depth OUTBOUND Botnet C&C Traffic, Malicious URL requests, XSS, etc. INBOUND Viruses, Adware, Spyware, Malicious Javascript, Malformed Files, etc. URL Filtering/MD5 Blocks Inline Antivirus Content Inspection Browser Control Page Risk Index Advanced Basic Behavioral Analysis
Zscaler: The Worlds Largest Security Cloud Users Protected Daily 13M users 5,000 organizations 50G peak traffic (bps) 15B transactions/day 100K Security Updates / Day Every 15 minutes & On-Demand Threats Blocked Daily 260T bytes scanned 100M threats blocked 200M policies enforced 2M mobile threats Botnet Exploits Behavioral Analysis 25 External Security Feeds 19 Malware Research
Zscaler Strengths 20
Zscaler Strengths SSL Inspection Zscaler applies all its malware detection engines to all content, including SSL traffic that it decrypts via SSL, regardless of site reputation. This approach yields up-to-date malware ratings on websites. - 2015 Gartner Magic Quadrant for Secure Web Gateways SSL traffic is becoming pervasive, but most organizations are blind to it 35% percent of Internet traffic is now encrypted with SSL, growing to more than 50% in 2015 The most sophisticated threats are using SSL 16% of all traffic blocked uses SSL 54% of advanced persistent threats use SSL SSL decryption requires 8X more appliances SSL traffic on enterprise networks is growing rapidly & creating security blind spots 21
Zscaler Strengths Global Footprint Zscaler has the largest global cloud footprint, with more than 100 enforcement nodes in 30 countries. It provides flexible implementation options by offering a broad set of choices for traffic redirection and authentication. - 2015 Gartner Magic Quadrant for Secure Web Gateways 100+ ZENs in 30+ countries Dynamic traffic forwarding Flexible deployment options Broad device support 22 Actual Zscaler customer locations
Zscaler Strengths Transparency [Zscaler] was the first to expose its cloud uptime and event statistics to the public via its trust.zscaler.com portal. - 2015 Gartner Magic Quadrant for Secure Web Gateways Publicly exposed details on real-time status of all Zscaler clouds Reports on scheduled maintenance, recent incidents and security advisories Service disruptions trigger automatic traffic rerouting that is transparent to end users Upgrades and maintenance are achieved with no downtime 23
Zscaler Strengths Policy/Reporting Zscaler's updated console display (based on HTML5) enables role-based administrative access. Views can be customized according to administrative rights and privileges. - 2015 Gartner Magic Quadrant for Secure Web Gateways Web based console (HTML5) works with all modern devices Single pane of glass for all functionality, all users, all locations Policy changes are immediately applied globally All reports generated in realtime 24
Zscaler Strengths Logging An optional streaming log service provides near-real-time export of logs from the cloud to on premises servers, where they can be analyzed by a SIEM solution. - 2015 Gartner Magic Quadrant for Secure Web Gateways 25 Real-time global log consolidation Cloud based log retention Customizable SIEM integration via onpremise virtual appliance Technology partnerships with Splunk, ArcSight and QRadar
Consider Three Users Office Coffee Shop Laptop Airport Device PC Protection IDS, IPS, FW, SWG, Host based AV DLP, etc. and firewall Nothing Visibility Location based reporting Nothing Nothing Tablet/smartpho ne We must seek security solutions that ensure consistent policy, protection and visibility, regardless of device or location. Cloud provides the opportunity to level the playing field.
Questions and Next Steps Michael Sutton msutton@zscaler.com michaelawsutton Free Security HealthCheck Risk free evaluation of your security infrastructure Go to: http://securitypreview.zscaler.com Live product demo: Register: https://www.zscaler.com/product-demos.php 27
Michael Sutton CISO @michaelawsutton