Page 3
© 2015
A little over a decade ago
Page 4
© 2015
But it all went horribly wrong
Page 5
© 2015
Mostly because of XML asymmetry of effort
X
O R Easy
Hard
Page 8
© 2015
What building in looks like
Page 10
© 2015
What bolting on looks like
Page 12
© 2015
Unified Threat Management
Firewall
NIDS/NIPS
AV
Anti Spam
VPN
DLP
Load Balancer
UTM
Page 13
© 2015
Application Delivery Controllers
Cache
TLS offload
Compression
WAF
Multiplexing
Load Balancer
ADC
Traffic Shaping
Page 14
© 2015
PaaS gives us the chance to ‘bolt in’
Page 15
© 2015
But Docker adoption shows a movement against opinionated platforms
Page 16
© 2015
If a security event happens and it isn’t monitored
Page 18
© 2015
Networks made from and configured by software
Page 19
© 2015
We can put a bunch of ‘network’ onto a VM
Firewall
VPN
Switch
Router
Page 20
© 2015
And add more functions into containers
Firewall
VPN
Switch
Router Cache
TLS offload
WAF
Load Balancer
NIDS/NIPS
Page 21
© 2015
This could be thought of as an app centric perimeter
Page 22
© 2015
But it refactors very readily into microservices
Page 24
© 2015
ToDo: SecDevOps
APIs (to the network) are necessary but not sufficient: Need to have them integrated into the overall system Control metadata (and its mutability): Must be visible and understandable Security events need to be captured: Then turned into something humans can action