The application security controller
2 likes518 views
The document discusses the increasing professionalization of cyber attacks and the necessity for enhanced cybersecurity measures, particularly in light of regulatory demands and high-profile data breaches. It highlights the vulnerability of applications in enterprise environments and proposes the use of application security controllers to create micro-perimeters for better protection. Additionally, it emphasizes the relevance of network function virtualization and software-defined networking in implementing these security solutions effectively.
The application security controller
- 1. copyright 2015 Cloud Applications Secured
- 2. copyright 2015 New realities of cybersecurity 2 • Attacks have become professional • All servers “on a wire” are compromised or a target to be by hackers, criminals or foreign governments • Regulatory requirements and reporting demands are increasing (HIPAA, PCI, NIST Cybersecurity, EU Data Privacy, etc.)
- 3. copyright 2015 • FBI Director James Comey: "There are two kinds of big companies in the United States.There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese." • ITRC: 621 data breaches, exposing over 77,890,487 records in 2014 Each hack proves the need for preventive security 3 Source: Information is Beautiful http://goo.gl/QWllpM CourtVentures 200,000,000 Yahoo Japan 22,000,000Dropbox Adobe 152,000,000 JP Morgan Chase 76,000,000 Gmail 5,000,000 2011 2012 2013 2014 Ebay 145,000,000 Target 70,000,000 Home Depot 56,000,000AOL 2,400,000 Mozilla NYTaxi Kissinger 1,700,000 Vodafone 2,000,000Citi 150,000 Zappos 24,000,000 Facebook 6,000,000 Drupal Korea Credit Bureau 20,000,000 SC Gov D&B MA Gov NY Gas 1,800,000 Snap chat Sony Online 24,600,000 Evernote 24,600,000 Blizzard 14,000,000 Honda CA Emory 315,000 Anthem 80,000,000 Health 4,500,000 UPS Ubuntu
- 4. copyright 2015 4 The Problem - Sony Case-Study The Solution -VNS3 Application Segmentation
- 5. copyright 2015 A typical business application 5 WebTier AppServer Tier Database Tier Message Queues
- 6. copyright 2015 PerimeterSecurity Enterprise data centres are filled with these applications, many of them critical to the business 6 80% of Security $s 20% of Security $s
- 7. copyright 2015 PerimeterSecurity Hard on the outside, soft on the inside 7
- 8. copyright 2015 PerimeterSecurity One penetration creates significant potential for “East-West” expansion of the attack 8
- 9. copyright 2015 9 The Problem - Sony Case-Study The Solution - An Application Security Controller
- 10. copyright 2015 Create a micro-perimeter around critical applications in any data centre, cloud or virtualised environment 10
- 11. copyright 2015 PerimeterSecurity Even if there is an initial penetration event, East-West access is dramatically reduced and the attempts are easier to recognise and isolate 11 X X
- 12. copyright 2015 What makes an application perimeter? 12 Bastion host Embedded firewall (and TLS and proxy) Integrated network intrusion detection Encrypted overlay networking
- 13. copyright 2015 Brings the cloud model home to the Enterprise 13
- 14. copyright 2015 Why now - demand 14 NIST Cyber Security Framework PR.AC-5 Network integrity is protected, incorporating network segregation where appropriate
- 15. copyright 2015 Why now - supply 15 Network FunctionVirtualisation - we can make networks out of virtual machines and containers Software Defined Networking -we can manage networks through APIs
- 16. copyright 2015 VNS3 product family 16 Application Security Controller turret free, self-service cloud connectivity vpn security and connectivity networking net scalable VPN end-to-end encryption multi-cloud, multi-region monitor & manage automatic failover secure app isolation ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ + + ✓ ✓ virtual network management system ms high availability & automatic failover ha ADD-ONs + +
- 17. copyright 2015 Anywhere an application can go - it needs security & connectivity. Summary • Applications accessible via the Internet (public or private cloud) are targets. • One compromise becomes the starting point for East-West attacks across an Intranet. • Application Security Controllers use NFV and SDN to build an application centric perimeter within the established Enterprise perimeter. • Brings the public cloud model home to the Enterprise. 17
- 18. copyright 2015 Cohesive Networks - cloud security made easy 18 VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments 1000+ customers in 20+ countries across all industry verticals and sectors Partner Network TECHNOLOGY PARTNER Questions?