activeguard® u.s. patent nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159;...
TRANSCRIPT
ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743;
7,673,049: 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. © 2014 Solutionary, Inc. June 13, 2014
Does Security in the Cloud Get More or Less Complex?
Jozef Krakora, Senior Product Manager
October 7, 2014
Physical Cloud - Benefits & Drawbacks
Infrastructure Benefits Drawbacks
Physical
• Familiarity• Reliable• Known capacity &
throughputs• Security controls hardwired
• More expensive • Long time for new
hardware• Long time for
reconfigurations
Cloud
• Elastic• Cheaper• Easier to manage• Safer?
• Where is the Firewall & Perimeter?
• Where are my Assets?• Where is the Data?• Who controls what?
Which is Easier to keep Secure?
Solutionary
Founded
2000
2001
ActiveGuard ®
V1
ActiveGuard
2nd
Patent
2002
2004
Application & Database
Security Monitoring
Vigilant Minds Acquisition
2007
2008
Buffer Zone (Cloud) Patent
Inline Enrichment &
Dynamic Correlation
2008
2009
Advanced Detection
Analytics
ActiveGuard V4
Next-Gen Platform
2010
2011
Gartner MQ Leader
Gartner MQ Leader
2012
2012
Trillionth Log
Processed
Acquired by NTT
2013
2013
Big Data Analytics
GTIR Published
2013
2014
Raw Log Search
GTIR Published
2014
2014
Next Generation MSSP
The Islands and the Ships Come and Go
4
But the Elements of Security Stay the Same
• Effectively plan and efficiently operate security controls– Broad experience, deep expertise to assist in planning and implementing
security controls– Consistent, repeatable monitoring and management of security controls
• Continuously protect against threats– Harden your organization to maximize avoidable threats– Provide an advanced detective, investigative, and response capability to
minimize the impact of threats
• Predict and prevent future threats through feedback– “Neighborhood watch” identifies threats before they can impact clients– Gather, analyze and validate global threat intelligence to create and
deploy countermeasures
5
And Good Security Ties All the Pieces Together *
Anti-Malware
Endpoint
IDS
Firewall
Asset
Virus Malware
Bytes-in Bytes-out
Geography MHID
User
Compliance Criticality
Internet
AD
xxxxx
xxxxx
xxxxx
xxxxx
xxxxx
xxxxx
xxxxx
xxxxx
Incident
Firewall, IDS
Malware, Endpoint
User
Virus/Malware
Asset
Bytes in/out
Geography
Malicious
* If you know where all the pieces are, what they are, and what they mean.....
55+M Pieces to be Exact Into 7 Actionable Alerts
Features• Global Threat Intelligence — SERT• Cross-device Correlation• Advanced Threat Detection and Context-based Alerts• Built-in Heuristics and Anomaly Detection• Extension of the Internal Team• Unparalleled, Passionate Customer Service• 100% of collected logs are
analyzed and retained for one year• Analyzed by Security Experts• 24/7 Portal Access with Industry, Compliance & Custom Reporting
Benefits• Peace of Mind• Maximum Returns on Security Operations Investment or Spend• Flexible, Easy-to-do Business with Partner• Optimization of Existing Technology Investments• Strengthened, Accelerated Security Program• Reduced Cost of Security• Eased Audits and Compliance Support• Incident Response Preparedness (SERT CIR)
7Events Alerted to Client
55,661,301 Logs Received
286,119 Logs of Interest
8,187 Event queues
732 Events Note: 15 minutes average
per Event – 1 FTE = 2,080
hours
FirewallRouter
Today, Infrastructures Have At Least One Cloud
8
FirewallRouter
Regional
Analyzer Internet
Solutionary SOCs
SolutionaryDR/BCP Facility
ActiveGuard Analyzer
ActiveGuard Analyzer
ActiveGuard Analyzer
ActiveGuard Analyzer
Cloud Environment
FirewallRouter
WAN
Firewall & Perimeter
Physical Cloud
• Once place• Fixed FW policy • Fixed security log flow • One FW administrator
• Many locations• Many firewalls• Numerous egress points• Many security zones• Constantly changing• Numerous FW administrators
Malware & Intrusion Detection
Physical Cloud
• One egress • Fixed internal networks• Known DMZ and zones• Known application pathways• Limited threat pathways
• Many egress• SDN unpredictable number
of internal networks and zones• Difficult or impossible to cover
all zones with malware and intrusion detection economically
Endpoint Security
Physical Cloud
• Fixed and known • Infinitely elastic• Exponentially more risky
Users, Administrators and Domains
Physical Cloud
• Users known• Administrators control user
access to physical domains and endpoints
• Fixed and predictable domains with contents and perimeters easy to define and control
• # of users can be just as dynamic as # of endpoints
• Multiple administrators• Legacy data center• Cloud data center• Virtualized infrastructure• Dynamically growing
applications and databases
• Dynamic domains with difficult to control perimeters and controls
Assets, Data and Compliance
Physical Cloud
• Assets are physical• Data resides on Assets• Compliance easy to map to
Assets and Data
• Assets come and go• Networks and perimeter
dynamic• Data is “swimming” from place
to place• Compliance becomes difficult
to impossible to track without tremendous discipline
Geography
Physical Cloud
• Physical infrastructure is in one place
• With load balancing, virtual infrastructure, applications and data move from place to place
• Cloud providers guarantee locations to a degree, but the boat can still drift from one continent to another unless closely watched
Cloud Provisioning & Virtualization Administration
Physical Cloud
• n/a • Cloud Administrators (Amazon, Azure, etc.)
• Hypervisors and Host OSs• Virtualization Management
Consoles• …
So, Is there Hope for Cloud Security?
Despite the countless challenges that clouds introduce to security, with sufficient policy, process, discipline, and
testing, cloud security can be achieved, and achieved at scale.
But it is tricky!
And a Single Pain of Glass Helps
Additional Notes to work in
Should have end to end visibility into and through the cloud
Shouldn't be an island - ideally a single pane of glass to see what's happening where regardless of in the cloud or not
You can outsource many things to a cloud provider
But very hard to outsource risk and compliance requirements as they get more more detailed and involved with
Still need to do all that you did before,
Plus more
SDN/virtual infrastructure admin monitoring, etc.
Hacking the SDN admin console - increased risk…
ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743;
7,673,049: 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. © 2014 Solutionary, Inc. June 13, 2014
Thank You!