the application security controller
TRANSCRIPT
copyright 2015
Cloud Applications Secured
copyright 2015
New realities of cybersecurity
2
• Attacks have become professional
• All servers “on a wire” are compromised or a target to be by hackers, criminals or foreign governments
• Regulatory requirements and reporting demands are increasing (HIPAA, PCI, NIST Cybersecurity, EU Data Privacy, etc.)
copyright 2015
• FBI Director James Comey: "There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese."
• ITRC: 621 data breaches, exposing over 77,890,487 records in 2014
Each hack proves the need for preventive security
3
Source: Information is Beautiful http://goo.gl/QWllpM
Court Ventures200,000,000
Yahoo Japan22,000,000Dropbox
Adobe152,000,000
JP Morgan Chase
76,000,000
Gmail5,000,000
2011 2012 2013 2014
Ebay145,000,000
Target70,000,000
Home Depot56,000,000AOL
2,400,000
Mozilla
NY Taxi
Kissinger1,700,000
Vodafone2,000,000Citi
150,000
Zappos24,000,000
Facebook6,000,000
Drupal
Korea Credit Bureau
20,000,000
SCGov
D&BMAGov
NY Gas1,800,000
Snapchat
Sony Online24,600,000
Evernote24,600,000
Blizzard14,000,000
Honda CA
Emory315,000
Anthem80,000,000
Health4,500,000
UPS
Ubuntu
copyright 2015 4
The Problem - Sony Case-Study
The Solution - VNS3 Application Segmentation
copyright 2015
A typical business application
5
WebTier
AppServerTier
DatabaseTier
MessageQueues
copyright 2015
Perimeter Security
Enterprise data centres are filled with these applications,many of them critical to the business
6
80% of Security $s
20% of Security $s
copyright 2015
Perimeter Security
Hard on the outside, soft on the inside
7
copyright 2015
Perimeter Security
One penetration creates significant potentialfor “East-West” expansion of the attack
8
copyright 2015 9
The Problem - Sony Case-Study
The Solution - An Application Security Controller
copyright 2015
Create a micro-perimeter around critical applicationsin any data centre, cloud or virtualised environment
10
copyright 2015
Perimeter Security
Even if there is an initial penetration event, East-West access is dramatically reduced and the attempts are easier to recognise and isolate
11
X X
copyright 2015
What makes an application perimeter?
12
Bastion host
Embedded firewall(and TLS and proxy)
Integrated networkintrusion detection
Encrypted overlay networking
copyright 2015
Brings the cloud model home to the Enterprise
13
copyright 2015
Why now - demand
14
NIST Cyber Security Framework
PR.AC-5
Network integrity is protected, incorporating network segregationwhere appropriate
copyright 2015
Why now - supply
15
Network Function Virtualisation - we can make networks out of virtual machines and containers
Software Defined Networking-we can manage networksthrough APIs
copyright 2015
VNS3 product family
16
Application Security Controllerturret
free, self-service cloud connectivityvpn
security and connectivity networkingnet
scalable VPN
end-to-end encryption
multi-cloud, multi-region
monitor & manage
automatic failover
secure app isolation
✓ ✓ ✓ ✓ ✓ ✓
✓ ✓ ✓ + +
✓ ✓
virtual network management systemms
high availability & automatic failoverha
ADD-ONs+
+
copyright 2015
Anywhere an application can go - it needs security & connectivity.
Summary• Applications accessible via the Internet (public or private
cloud) are targets.
• One compromise becomes the starting point for East-West attacks across an Intranet.
• Application Security Controllers use NFV and SDN to build an application centric perimeter within the established Enterprise perimeter.
• Brings the public cloud model home to the Enterprise.
17
copyright 2015
Cohesive Networks - cloud security made easy
18
VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments
1000+ customers in 20+ countries across all industry verticals and sectors
PartnerNetwork
TECHNOLOGY PARTNER
Questions?