Debate Session II No More Mr. Nice Guy! Tightening the screws on Cloud Security. Thursday 27 March 2014 10:20 10:50 am Iben Rodriguez



Similar documents
Compliance in the Age of Cloud

How to Lead the People in a Program Based Environment

Enterprise Security Solutions

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

QRadar SIEM 6.3 Datasheet

Achieving Business Imperatives through IT Governance and Risk

Ty Miller. Director, Threat Intelligence Pty Ltd

Logically Securing a Public Cloud Service

Detect & Investigate Threats. OVERVIEW

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Responsible Big Data Governance: Preventing Regulatory Overreaction

Discover & Investigate Advanced Threats. OVERVIEW

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

Consolidated Audit Program (CAP) A multi-compliance approach

Post-Access Cyber Defense

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

SecureVue Product Brochure

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES

Amazon Web Services: Risk and Compliance January 2011

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

Trend Micro Cloud Security for Citrix CloudPlatform

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Amazon Web Services: Risk and Compliance January 2013

Cloud Security Certification

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Achieving Governance, Risk and Compliance Requirements with HISP Certification Course

SIV Workshop March Security, Privacy and Management. March 2009 Valene Skerpac, ibiometrics 1

Security Information Lifecycle

Italy. EY s Global Information Security Survey 2013

How To Protect Your Cloud From Attack

BMC s Security Strategy for ITSM in the SaaS Environment

IT Audit in the Cloud

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Security & Compliance Risk Assessment Capabilities

In the Cloud We Trust!

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Seeing Though the Clouds

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Cloud Security Trust Cisco to Protect Your Data

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Public Cloud Workshop Offerings

State of Information Security

Defending the Database Techniques and best practices

Modular Network Security. Tyler Carter, McAfee Network Security

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

IBM Software Top tips for securing big data environments

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Cisco Advanced Malware Protection for Endpoints

IT Security & Compliance. On Time. On Budget. On Demand.

IoT & SCADA Cyber Security Services

Security/Information Assurance Measurements and Metrics

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

The Education Fellowship Finance Centralisation IT Security Strategy

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

ORGANIZADOR: APOIANTE PRINCIPAL:

SSL Performance Problems

Rising to the Challenge

Amazon Web Services: Risk and Compliance July 2015

The Importance of Cybersecurity Monitoring for Utilities

The SQL Injection Threat & Recent Retail Breaches

Data Management & Protection: Common Definitions

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Securing the Cloud through Comprehensive Identity Management Solution

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Cisco Advanced Malware Protection for Endpoints

On Premise Vs Cloud: Selection Approach & Implementation Strategies

The Evolution of Application Monitoring

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

IDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM

SOC 3 for Security and Availability

CLOUD COMPUTING SERVICES CATALOG

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Practical Storage Security With Key Management. Russ Fellows, Evaluator Group

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Accenture Cyber Security Transformation. October 2015

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

What Does Today s ITSM Leader Need To Know About The Cloud?

Information Security Management System for Microsoft s Cloud Infrastructure

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

White Paper How Noah Mobile uses Microsoft Azure Core Services

Statement of James Sheaffer, President North American Public Sector, CSC

FDCC & SCAP Content Challenges. Kent Landfield Director, Risk and Compliance Security Research McAfee Labs

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

Practical Threat Intelligence. with Bromium LAVA

Surviving an Identity Audit

Data on the Move = Business on the Move How Strategic Secure Managed File Transfer Adds Value and Drives Business

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

Transcription:

Debate Session II No More Mr. Nice Guy! Tightening the screws on Cloud Security Thursday 27 March 2014 10:20 10:50 am Iben Rodriguez

Security products tested Overview

Business model aligned with enterprises No conflict of interest Independent assessment, not certification Vendors do not pay to participate in tests Vendors cannot commission or sponsor a test Vendors cannot opt out of a test

Make security a science. Only NSS has the complete picture to provide actionable intelligence relevant to your organization. Attack Impact We can tell you which attacks will bypass your layers of security, and whether or not you need to take action. Threat Intelligence Security Product Efficacy

How do we know that? We test. Our data shows which attacks bypass a cyber kill chain. You can now make decisions based upon intelligence tailored to your unique environment: 1. Select your applications 2. Select your security product(s) 3. NSS will tell you which exploits bypass each product + combined kill chain of products and 4. NSS will provide you with relevant indicators of compromise including: URLs, shellcode, malware, command & control, etc.

What could you do with this information? Manage OPEX and CAPEX more effectively Reduce cost, complexity, and time Prioritize patches Optimize security policies Eliminate redundancy Efficiently deploy resources Security is not one size fits all

Test Report Release Process NSS releases three sets of reports per test Product Analysis Report (PAR): Individual product reports per product Security Value Map (SVM): Graphical map of each product s TCO Comparative Analysis Reports (CAR): Comparative look at all products performance against security efficacy, performance and TCO. PAR s are released as completed SVM released once all tests are complete CAR s are final reports released and signify completion of public test

Sample Security Value Map View trade-offs between security, performance and cost

The NSS ThreatCAST Suite Threat Mapping Threat Intelligence Threat Intelligence Threat feed tracking live threats from around the world. Research Library product efficacy reports, analyst briefs, and toolkits. Analyst Inquiries tailored, actionable advice from industry experts. Attack Surface Diagnostics Threat Mapping Running attacks gathered by Threat Intelligence against live targets provides you with a real-time view of what the adversaries are targeting TODAY. ThreatCAST Attack Surface Diagnostics Deploying security products within the Threat Map, we can tell you which attacks are capable of bypassing your layers of security in real-time.

Common compliance regulations: Revised International Capital Framework (Basel II) Gramm Leach Bliley Act (GLBA) Health Insurance Portability and Accountability Act, (HIPAA) North American Electric Reliability Corporation Standards (NERC) Payment Card Industry Data Security Standards (PCI-DSS) Sarbanes-Oxley Act of 2002 (SOX) Federal Risk and Authorization Management Program (FedRAMP) Federal Information Security Management Act of 2002 (FISMA) International Traffic in Arms Regulations (ITAR) International Organization for Standardization (ISO) 27001 Federal Information Processing Standards (FIPS) 140-2 American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) Reports Federal Office for Information Security (BSI) Germany Financial Services Roundtable BITS Shared Assessments Agreed Upon Procedures (AUP) and Standardized Information Gathering (SIG) Control Objectives for Information and Related Technology (COBIT) European Network and Information Security Agency (ENISA) Information Assurance Framework (IAF) AICPA and Canadian Institute of Chartered Accountants (CICA) Generally Accepted Privacy Principles (GAPP) Health Information Technology for Economic and Clinical Health (HITECH) Act Jericho Forum National Institute for Science and Technology (NIST) New Zealand Information Security Manual (NZISM) Trusted Cloud Initiative (TCI) Reference Architecture https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3/

Debate Session II Cloud Security Dennis Moreau is responsible for Software Defined Security/Compliance/Trust technology at VMware, EMC/RSA, Configuresoft. Security & compliance automation standards with NIST, Mitre, DHS, DoD, and national labs. Dr. Hongwen Zhang is the CEO and a co-founder of Wedge Networks Inc., a cloud-based information security platform vendor. He is a co-chair of the CloudEthernet Forum s Security Working Group. Iben is the Director of Cloud and Virtual Testing for NSS Labs. His team builds, tests, and researches cloud security infrastructure used by enterprise customers. Paul To is Director in charge of Spirent s SDN & Cloud strategy and Vice Chairman of the Testing Leadership Council at Open Networking Foundation. Steve Pate is the Chief Architect at HyTrust with deep experience in the areas of file systems, encryption, virtualization, and storage security.

Debate Session II Cloud Security Security controls for a distributed data plane Cloud Privacy Data Sovereignty Encryption for data at rest, Ciphers Key management Geo location, Network path selection, audit, test Cloud providers and 3rd party vendors Big Data Analytics Supply Chain Management NFV for Security functions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information