When to Leverage the Cloudfor Web SecurityRob Davis, CISSP – Founder, Managing Partner

https://pwnedlist.com

Becoming more effective: Are you getting right alerts? Reduce false positives Reduce time to investigate Increase headcount Reduce time “maintaining tools”

Example: 40 alerts requiring investigation per day X .5 hrs/investigation / 8 hrs/day = 2.5 headcount

4

Ongoing90%

10% Software/Hardware Costs

The 90%• Apply fixes, patches,

upgrades• Downtime• Performance Tuning• Rewrite customizations• Rewrite integrations• Maintain/upgrade hardware• Power, cooling, rackspace

5

People love their cloud apps, and for good reason

Anywhere Access TimeCost

2015 > 10%2016 25%2017 $250B

Cloud AppRevenueExplosion

Microsoft's cloud-based Office 365 is the company's fastest growing commercial product ever, and adoption shows no sign of stalling. The company's cloud revenue (which included Azure and Dynamics CRM as well as Office 365) grew 128 percent in the most recent quarter compared to the same period last year, and the number of Office 365 commercial seats in use nearly doubled.

"Pretty much everyone is considering Office 365 now," says Jeffrey Mann, a research vice president at Gartner. "They are at least thinking about it, even if they don't end up adopting it. Adoption was going in fits and starts but now it is really starting to take off, and bigger companies are implementing it."

8

STEP 1:Requirements for

Web Content Security

10© 2014 Critical Start LLC

The Magic Quadrant That Doesn’t Exist

Ongoing90%

• Dynamic Malware Prevention• Anti-Virus (known bad)• Data Loss Prevention• SSL Inspection• File Type Control• Browser Control

• Authentication Proxy• URL Filtering• Caching• Bandwidth Controls

11© 2014 Critical Start LLC

Flow management

Load balancers Edge firewall

SSL

Server – side SSL tunnel

Aggregation firewall

SSL

PAC File

1

2

3

28

27

26

14, 1710

15, 16Client - side SSL tunnel

SSLSandbox

6, 18

7, 12, 19, 22 2313

9, 2

18, 20

4, 5

SSL

24, 25

Web Filter

SSL

SSLSSL

11

Log files

Content Inspection

Best of Breed is Best

When Does Cloud Make Sense?

13

Provide Protection at Every Location

14© 2014 Critical Start LLC

Eliminate the Need to Backhaul Internet Traffic

VPN

Gateway(s)

MPLS

HQ

Unprotected !

MOBILE – 3G, 4G

Unprotected !

PRIVATE CLOUD | MOBILE APPS | CONSUMER CLOUDCOMMERCIAL CLOUD | PUBLIC CLOUD

BRANCH

REGIONAL HUB

BRANCH BRANCH

ON-THE-GO

HOME/HOTSPOT

15© 2014 Critical Start LLC

Close Visibility Gaps

Ongoing90%

“Less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.”

Gartner

The Advent of 2048 Bit SSL Certificates

Some proxy vendors typically bypass SSL – performance overhead

Customers using SSL decryption are buying new hardware

SSL Perfo

rmance

Requirement

Banking

Enterprise

Webmail

Social Networking

SearchSS

L on

Inte

rnet

Login Transactions All

App Coverage

Perf

orm

ance

Security

1024bit

2048bit

80% Performance Drop

17© 2014 Critical Start LLC

The Future of SSL Attacks

Ongoing90%

“Gartner believes that by 2017 more than 50% of the network attacks targeting enterprises will use SSL encryption. For this majority of organizations that do not decrypt data, most lack the ability to decrypt and inspect encrypted communications to assess these threats.”

Gartner

18© 2014 Critical Start LLC

Anti-Virus and Dynamic Malware Analysis

Ongoing90%

• Dynamic Malware Prevention• Anti-Virus (known bad)• SSL Inspection• File Type Control

EXE, encrypted archive• Protection for remote laptops

19© 2014 Critical Start LLC

Tight Budgets and Few Resources

OR

Multiple appliances at everyInternet gateway All Cloud Delivered

20© 2014 Critical Start LLC

Best of Breed Requires the Expertise on Each Point Product

©2013 Zscaler, Inc. All rights reserved.

21© 2014 Critical Start LLC

Conduct an Annual Security Tools Assessment

SecCon05

SecCon04

SecCon03

SecCon02

SecCon01

Operational

Operational security – minimal resources and

budget allocated

Industry Average

Use security practices that are typical for a given peer group and industry. Higher risk

tolerance.

Industry Best Practice

Use security practices that are best practice

for their industry. Lower risk tolerance.

Advanced

Goal is to detect and effectively respond to

sophisticated, targeted cyber attacks

Compliance

Security is an outcome of compliance

The real face of shadow IT is you, me and even IT. We’re being asked to solve this and to be strategic. It’s a new dynamic that we need to embrace. (big picture/words)

Business Risk is the real shadow

Balancing people, budget, and risk

tolerance

Ultimately, this is simply another business decision.

• Complex data loss prevention use cases

• Multi-vector dynamic malware• Complex proxy requirements• Regulatory constraints• Bandwidth shaping between sites• Very old NW equipment (tunnels)• I can do it better

Security budget to afford People and expertise to operate

When To Avoid Cloud Only

25© 2014 Critical Start LLC

Example Cloud ArchitectureMobile AppsConsumer Cloud

Private Cloud

Commercial Cloud

Public Cloud

On-the-go Home officeHQ Regional offices Factories Internet of things

Branches / stores Mobile

Rob Davisrob.davis@criticalstart.com214-674-1748

Brad Alstattbalstatt@zscaler.com214-675-2613

K.C. Kenneykkenney@zscaler.com469-322-4409