collaborative security in an encrypted internet
TRANSCRIPT
![Page 1: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/1.jpg)
Collaborative Security in an Encrypted Internet
Nancy Cam-WingetAugust 2020
![Page 2: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/2.jpg)
The Visibility Tensor
Time
Firewalls
80% TCPInternet boundtraffic
Network SecurityControls
FirewallsWeb Proxies
90% HTTP“HTTP the new TCP”
???
90% HTTPs95% (TLS) EncryptedQUIC becomes the new TCP
![Page 3: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/3.jpg)
General Use cases• Security and crypto compliance• Acceptable Use policies• Controls based on Application type• Regulatory Compliance• Intrusion Detection/Prevention• Malware Detection• Granular Application Controls• File inspection
When and How is Visibility required?
Metadata Inspection
Metadata Inspection,DPI,Stateful DPI
![Page 4: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/4.jpg)
Improve Controls thru Collaboration
App
On-Prem & Private DC
Workloads
Public Clouds
Workloads
InternetSaaS
Guidance can be provided by: Asset Manufacturer Asset Manager End User Network/Cloud Security Admin
• Guidance set on configuration• Guidance conveyed in a secure
“TLS Authorization” token• IT configured how to use the
token contents• IT manages keys to secure token
Security Controls Configuration
End User
IT
Security Controls Configuration
Security Controls. +Policy Configuration
![Page 5: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/5.jpg)
Use Mutual Trust to Guide Security controls:
Future Controls thru Collaborative Security
App
App Services (server)
Network Security Services (on-prem/cloud)
System Mgr
Security Controls
Attestation Services
1. Is Device + App Trusted?
2. Provision AuthZ keyingmaterial + Config
3. Use TLS AuthZ token
4. Data Packets control guided by AuthZ
Enables Trusted Parties to Collaborate:• Enterprise to signal Application of desired controls• Application to influence Security Control Outcomes• Security Controls can avoid further inspection
as guided by the Enterprise and Application
![Page 6: Collaborative Security in an Encrypted Internet](https://reader031.vdocuments.us/reader031/viewer/2022012412/616c13efa7efca4eac570287/html5/thumbnails/6.jpg)
Comments?