SlideShare a Scribd company logo

Protecting application delivery without network security blind spots

Download as PPTX, PDF
Thales e-Security
Thales e-Security

SSL/TLS is extensively used to protect web traffic, but the technology can also be exploited to create security blind spots. SSL/TLS encrypted tunnels can be used to hide malicious codes and other threats from network security and performance monitoring tools. To prevent possible malware propagation across networks requires decrypt/encrypt capabilities that enable careful traffic monitoring and inspection. Don Laursen, Sr. Product Manager from F5 and Juan Asenjo, Sr. Partner Manager at Thales e-Security, explain how a security architecture using application delivery controllers (ADCs) and hardware security modules (HSMs) can ensure you can optimizes web services with traffic inspection, while safeguarding and managing the critical cryptographic keys that underpin security. Or why not listen to the webcast: https://www.thales-esecurity.com/knowledge-base/webcasts/protecting-application-delivery-without-network-security-blind-spots

Technology
1 of 20
www.thales-esecurity.com Protecting Application Delivery without Network Security Blind Spots Juan Asenjo, Thales e-Security Don Laursen, F5 Networks
2 ▌ Juan Asenjo, Sr. Partner Manager, Thales e-Security Juan has worked in the information security field for over 20 years. He has degrees in engineering and business, he is a Certified Information System Security Professional, and is currently working on a post-graduate degree. His experience includes over 10 years within the Department of Defense as an engineer and as a civilian INFOSEC liaison with the U.S. Army- Europe. ▌ Don Laursen, Sr. Product Manager, F5 Networks Don has been in the technology industry for over 20 years. He is a member of IEEE, ACM, and International Privacy Professional Association. He holds an MS in computer systems, is a CISSP certified professional, and Certified Information Privacy Professional (CIPP/US and CIPP/Europe). Prior to joining the private sector Don spent 10 years serving as a U.S. Naval Cryptologist in an active-duty role and as a reservist. Our Speakers
3 Objectives ▌Describe how network security blind spots occur ▌Outline threat that they represent to organization ▌Define the best practices to protect against them ▌Explain how to configure a trusted secure system
4 Introduction SSL is growing and that presents a challenge for our customers
5 Network Security Blind Spots ▌Hinders work of network security tools Network health monitoring DLP, IDS, IPS Malware detection ▌ Requires visibility into network traffic Security Dashboard (SIEMS) Policy and Privacy Enforcement Troubleshooting ENCRYPTED
6 Typical Security Stack Users / Devices User InternetFirewall F5 BIG-IP Firewall IPS (Pool) DLP (Pool) Web Gateway (Pool) Anti-Malware (Pool) Decrypt and Steer (based on policy, bypass options) Re- encrypt ICAP Inline Insertion (L2 Mode) 1-Armed / 2-Armed NGFW (Pool) Inline Insertion (L3 Mode)
7 Significant Performance Impact on Existing Security Stack Visibility is reduced due to the growth of SSL usage Malware uses encrypted channels to evade detection Blind Spotsfor decryption is a significant undertaking Next-Gen Firewall Performance Impact % 79 Next-Gen IPS Performance Impact % 75 Threat Defense No SSL Support % 100 Enabling SSL on a firewall, SWG or an IPS will reduce the overall performance of the appliance, often by more than 80% Performance
8 Threat ▌Threat to your organization ENCRYPTED
9 Best Practices ▌Protecting against encryption blind spots with BIG-IP Optimizes security stack through SSL offload Centralized decrypt/encrypt capability Support for latest ciphers and suites providing network traffic visibility Flexible deployment to support diverse environments ▌SSL/TLS and encrypt/decrypt feature use crypto keys Keys maintained in software can be exposed to threats Increasing number of crypto keys are harder to manage Customers require certified key protection for compliance
10 F5 BIG-IP Solution But critical keys can exist in multiple places and are vulnerable to physical and software attacks Connection Origination
11 F5 BIG-IP Solution with Thales nShield HSM Connection Origination Critical keys are protected and managed in certified confined of HSM and not exposed to physical and software attacks
12 Protecting and Managing the Keys ▌External nShield HSM enables enhanced security Protects and manages critical SSL keys used by BIG-IP and encrypt/decrypt feature Isolate cryptography and keys in secure FIPS 140-2 Level 3 and Common Criteria EAL 4+ boundary Deliver lifecycle hardware key management, mitigates risks, and facilitates regulatory compliance
13 Value of HSM Integration F5 BIG-IP • Optimizes SSL traffic, response times, and customer experience • Provide traffic visibility and prevent security blind spots THALES •Enhances security protecting crypto keys in dedicated hardware •Provide dual controls facilitating auditing/regulatory compliance INTEGRATION • Delivers a proven solution with a strong and certified root of trust
14 HSMs and Problems they Address ▌ What are HSMs? Hardware Security Module Hardened, tamper-resistant devices isolated from host environment Alternative to software crypto libraries ▌ What do HSMs do? Secure cryptographic operations Protect critical cryptographic keys Segregate administration and security domains and enforce policy over the use of keys nShield HSMs are FIPS 140-2 Level 3 and Common Criteria EAL4+ certified
15 Enhanced Security for Application Delivery Controllers ▌ Software-only system ▌ Numerous copies of keys across system and backups ▌ Hardened security system ▌ Keys are segregated within isolated security environment Hardware Security Module Software environment Application Hardware platform Hypervisor Operating System CPU Memory Storage Back-ups Hardware Security Module Software environment Application Hardware platform Hypervisor Operating System CPU Memory Storage Back-ups
16 Root of Trust ▌Provides FIPS 140-2 and Common Criteria certified security ▌Isolates crypto keys and processes from host environment ▌Enforces dual controls and protects from rogue super users ▌Enhances security and ensures availability of critical keys ▌Facilitates security compliance, auditing, and reporting
17 ▌ Experience ‒ Leading global provider of data protection solutions for 40+ years ▌ Leadership ‒ HSMs help secure more than 80% of the world’s payment transactions and most valuable corporate and government information ▌ Market focus ‒ Provides the best data protection solutions possible ▌ Independently certified ‒ Products certified to FIPS standards ▌ Expert advice ‒ Provides training and deployment assistance Why Thales e-Security? Banking Government Utilities High Tech Mobile
18 Why F5? ▌ Experience ‒ 7+ Years providing SSL offload and transformation ▌ Leadership ‒ Gartner ADC Magic Quadrant Leader ▌ Market focus ‒ Application Availability, Security and Performance ▌ Certified ‒ Products certified for US Government and Global Markets ▌ Partnerships ‒ Marketing leading partnerships and ecosystem
19 In Summary… ▌Preventing network security blind spots should be priority ▌ADCs increasingly taking on task/enabling traffic visibility ▌Solution delivers better performance and robust root of trust
20 Time for Questions… Thank you ! Juan Asenjo +1.954.888.6202 / juan.asenjo@thalesesec.com Don Laursen +1.205.272.6860 / d.laursen@f5.com @pgalvin63@asenjoJuan @pgalvin63d.laursen@f5.com

Recommended

Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionThales e-Security
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsThales e-Security
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
thales-corporate-presentation 2015
thales-corporate-presentation 2015thales-corporate-presentation 2015
thales-corporate-presentation 2015Sid Atreya | MBA | B.Eng
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackinghcls
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sally's Special Services
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 

Recommended

Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionThales e-Security
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsThales e-Security
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
thales-corporate-presentation 2015
thales-corporate-presentation 2015thales-corporate-presentation 2015
thales-corporate-presentation 2015Sid Atreya | MBA | B.Eng
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackinghcls
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02Sally's Special Services
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Network Security
Network SecurityNetwork Security
Network SecurityFatima Zohra BENHACINE
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
Demisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is GoodDemisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is GoodRishi Bhargava
 
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103DVV Solutions Third Party Risk Management
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheetDerrick McBreairty
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Thales e-Security
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 

More Related Content

What's hot

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP AssessmentIron Mountain
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
Demisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is GoodDemisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is GoodRishi Bhargava
 
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103DVV Solutions Third Party Risk Management
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 

What's hot (20)

PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
Security VoIP Assessment
Security VoIP AssessmentSecurity VoIP Assessment
Security VoIP Assessment
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Network Security
Network SecurityNetwork Security
Network Security
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Digital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration DatasheetDigital Shadows and Demisto Enterprise Integration Datasheet
Digital Shadows and Demisto Enterprise Integration Datasheet
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Demisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is GoodDemisto Webinar - When Shrinkage is Good
Demisto Webinar - When Shrinkage is Good
 
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103A Comprehensive Approach To Third Party Risk Management White Paper 20180103
A Comprehensive Approach To Third Party Risk Management White Paper 20180103
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
HIPAA_CheatSheet
HIPAA_CheatSheetHIPAA_CheatSheet
HIPAA_CheatSheet
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 

Viewers also liked

Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Thales e-Security
 
Aws cloud hms service
Aws cloud hms serviceAws cloud hms service
Aws cloud hms serviceMmik Huang
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014Sectricity
 
SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the UnionSander Temme
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the UnionSander Temme
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gatewaySeth Xie
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Le contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaLe contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaFranck Beulé
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 

Viewers also liked (17)

Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
 
Aws cloud hms service
Aws cloud hms serviceAws cloud hms service
Aws cloud hms service
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014
 
SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the Union
 
ROTLD DNSSEC Implementation
ROTLD DNSSEC ImplementationROTLD DNSSEC Implementation
ROTLD DNSSEC Implementation
 
Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the Union
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway
 
Innovation Solutions
Innovation SolutionsInnovation Solutions
Innovation Solutions
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware Attacks
 
Le contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaLe contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que ça
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
Payment Hsm Payshield9000
Payment Hsm Payshield9000Payment Hsm Payshield9000
Payment Hsm Payshield9000
 

Similar to Protecting application delivery without network security blind spots

Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersJiri Danihelka
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010Joseph Mark Heinzen
 
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNet
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNetTecnologías para el Cumplimiento. Alexandre Bento. SafeNet
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNetInternet Security Auditors
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...GARL
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sbBloombase
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseSafeNet
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxMohammad512578
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguideDavid Kwak
 

Similar to Protecting application delivery without network security blind spots (20)

Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
 
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNet
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNetTecnologías para el Cumplimiento. Alexandre Bento. SafeNet
Tecnologías para el Cumplimiento. Alexandre Bento. SafeNet
 
SecurePass at OpenBrighton
SecurePass at OpenBrightonSecurePass at OpenBrighton
SecurePass at OpenBrighton
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
 
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sb
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Apani Ov V9
Apani Ov V9Apani Ov V9
Apani Ov V9
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Achieving Data Privacy in the Enterprise
Achieving Data Privacy in the EnterpriseAchieving Data Privacy in the Enterprise
Achieving Data Privacy in the Enterprise
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobility
 
Information Security
Information SecurityInformation Security
Information Security
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguide
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Protecting application delivery without network security blind spots

  • 1. www.thales-esecurity.com Protecting Application Delivery without Network Security Blind Spots Juan Asenjo, Thales e-Security Don Laursen, F5 Networks
  • 2. 2 ▌ Juan Asenjo, Sr. Partner Manager, Thales e-Security Juan has worked in the information security field for over 20 years. He has degrees in engineering and business, he is a Certified Information System Security Professional, and is currently working on a post-graduate degree. His experience includes over 10 years within the Department of Defense as an engineer and as a civilian INFOSEC liaison with the U.S. Army- Europe. ▌ Don Laursen, Sr. Product Manager, F5 Networks Don has been in the technology industry for over 20 years. He is a member of IEEE, ACM, and International Privacy Professional Association. He holds an MS in computer systems, is a CISSP certified professional, and Certified Information Privacy Professional (CIPP/US and CIPP/Europe). Prior to joining the private sector Don spent 10 years serving as a U.S. Naval Cryptologist in an active-duty role and as a reservist. Our Speakers
  • 3. 3 Objectives ▌Describe how network security blind spots occur ▌Outline threat that they represent to organization ▌Define the best practices to protect against them ▌Explain how to configure a trusted secure system
  • 4. 4 Introduction SSL is growing and that presents a challenge for our customers
  • 5. 5 Network Security Blind Spots ▌Hinders work of network security tools Network health monitoring DLP, IDS, IPS Malware detection ▌ Requires visibility into network traffic Security Dashboard (SIEMS) Policy and Privacy Enforcement Troubleshooting ENCRYPTED
  • 6. 6 Typical Security Stack Users / Devices User InternetFirewall F5 BIG-IP Firewall IPS (Pool) DLP (Pool) Web Gateway (Pool) Anti-Malware (Pool) Decrypt and Steer (based on policy, bypass options) Re- encrypt ICAP Inline Insertion (L2 Mode) 1-Armed / 2-Armed NGFW (Pool) Inline Insertion (L3 Mode)
  • 7. 7 Significant Performance Impact on Existing Security Stack Visibility is reduced due to the growth of SSL usage Malware uses encrypted channels to evade detection Blind Spotsfor decryption is a significant undertaking Next-Gen Firewall Performance Impact % 79 Next-Gen IPS Performance Impact % 75 Threat Defense No SSL Support % 100 Enabling SSL on a firewall, SWG or an IPS will reduce the overall performance of the appliance, often by more than 80% Performance
  • 8. 8 Threat ▌Threat to your organization ENCRYPTED
  • 9. 9 Best Practices ▌Protecting against encryption blind spots with BIG-IP Optimizes security stack through SSL offload Centralized decrypt/encrypt capability Support for latest ciphers and suites providing network traffic visibility Flexible deployment to support diverse environments ▌SSL/TLS and encrypt/decrypt feature use crypto keys Keys maintained in software can be exposed to threats Increasing number of crypto keys are harder to manage Customers require certified key protection for compliance
  • 10. 10 F5 BIG-IP Solution But critical keys can exist in multiple places and are vulnerable to physical and software attacks Connection Origination
  • 11. 11 F5 BIG-IP Solution with Thales nShield HSM Connection Origination Critical keys are protected and managed in certified confined of HSM and not exposed to physical and software attacks
  • 12. 12 Protecting and Managing the Keys ▌External nShield HSM enables enhanced security Protects and manages critical SSL keys used by BIG-IP and encrypt/decrypt feature Isolate cryptography and keys in secure FIPS 140-2 Level 3 and Common Criteria EAL 4+ boundary Deliver lifecycle hardware key management, mitigates risks, and facilitates regulatory compliance
  • 13. 13 Value of HSM Integration F5 BIG-IP • Optimizes SSL traffic, response times, and customer experience • Provide traffic visibility and prevent security blind spots THALES •Enhances security protecting crypto keys in dedicated hardware •Provide dual controls facilitating auditing/regulatory compliance INTEGRATION • Delivers a proven solution with a strong and certified root of trust
  • 14. 14 HSMs and Problems they Address ▌ What are HSMs? Hardware Security Module Hardened, tamper-resistant devices isolated from host environment Alternative to software crypto libraries ▌ What do HSMs do? Secure cryptographic operations Protect critical cryptographic keys Segregate administration and security domains and enforce policy over the use of keys nShield HSMs are FIPS 140-2 Level 3 and Common Criteria EAL4+ certified
  • 15. 15 Enhanced Security for Application Delivery Controllers ▌ Software-only system ▌ Numerous copies of keys across system and backups ▌ Hardened security system ▌ Keys are segregated within isolated security environment Hardware Security Module Software environment Application Hardware platform Hypervisor Operating System CPU Memory Storage Back-ups Hardware Security Module Software environment Application Hardware platform Hypervisor Operating System CPU Memory Storage Back-ups
  • 16. 16 Root of Trust ▌Provides FIPS 140-2 and Common Criteria certified security ▌Isolates crypto keys and processes from host environment ▌Enforces dual controls and protects from rogue super users ▌Enhances security and ensures availability of critical keys ▌Facilitates security compliance, auditing, and reporting
  • 17. 17 ▌ Experience ‒ Leading global provider of data protection solutions for 40+ years ▌ Leadership ‒ HSMs help secure more than 80% of the world’s payment transactions and most valuable corporate and government information ▌ Market focus ‒ Provides the best data protection solutions possible ▌ Independently certified ‒ Products certified to FIPS standards ▌ Expert advice ‒ Provides training and deployment assistance Why Thales e-Security? Banking Government Utilities High Tech Mobile
  • 18. 18 Why F5? ▌ Experience ‒ 7+ Years providing SSL offload and transformation ▌ Leadership ‒ Gartner ADC Magic Quadrant Leader ▌ Market focus ‒ Application Availability, Security and Performance ▌ Certified ‒ Products certified for US Government and Global Markets ▌ Partnerships ‒ Marketing leading partnerships and ecosystem
  • 19. 19 In Summary… ▌Preventing network security blind spots should be priority ▌ADCs increasingly taking on task/enabling traffic visibility ▌Solution delivers better performance and robust root of trust
  • 20. 20 Time for Questions… Thank you ! Juan Asenjo +1.954.888.6202 / juan.asenjo@thalesesec.com Don Laursen +1.205.272.6860 / d.laursen@f5.com @pgalvin63@asenjoJuan @pgalvin63d.laursen@f5.com