SlideShare a Scribd company logo

Securing the Expanding Enterprise Attack Surface

Download as PPTX, PDF
Jason Bloomberg
Jason Bloomberg

The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically. The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore. Join Certes Networks and Intellyx for a webinar to explore: What factors are driving the expansion of the attack surface? What types of attacks and exploits are taking advantage of these changes? How are segmentation techniques and access controls evolving in response?

Technology
1 of 35
The Cyber House of Horrors: Securing the Expanding Enterprise Attack Surface Welcome CertesNetworks.com
A Little Housekeeping • This webinar is being recorded a replay link will be sent to you by email along with the slides. • You are muted by default, please ask any questions in the Q&A section or the chat window. • We will have a Q&A section at the end of the webinar. • If you experience technical difficulties joining the WebEx session please dial: 1-866-229-3239, or you can message the WebEx Producer using the Q&A panel. Copyright 2016 Certes Networks. Visit CertesNetworks.com 2
Our Speakers Jason Bloomberg, President of Intellyx & contributor to Forbes - Presenter Satyam Tyagi, CTO of Certes Networks - Presenter Adam Boone, CMO of Certes Networks - Moderator 3Copyright 2016 Certes Networks. Visit CertesNetworks.com
The Original Attack Surface Exposure When application traffic and users stayed inside the LAN, the attack surface was minimal 4Copyright 2016 Certes Networks. Visit CertesNetworks.com
New Exposure The New Attack Surface Exposure Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD IoT As IT has evolved, attack surface has exploded User & App Sprawl: mess of users accessing mess of applications 5Copyright 2016 Certes Networks. Visit CertesNetworks.com
New Exposure But Same Perimeter Defense Firewalled Perimeter Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD 20+ year old perimeter-oriented architecture 20+ year old trust model 20+ year old security model tied to enforcing security in infrastructure Network Sprawl, IT Sprawl, Security Sprawl … creating silos and gaps exploited by attackers in all the major data breaches IoT 6Copyright 2016 Certes Networks. Visit CertesNetworks.com
The Cyber House of Horrors Securing the Expanding Enterprise Attack Surface Jason Bloomberg President jason@intellyx.com @theebizwizard Copyright © 2016, Intellyx, LLC
About Jason Bloomberg • President of industry analyst firm Intellyx • Latest book The Agile Architecture Revolution • Recently published the Agile Digital Transformation Roadmap poster Copyright © 2016, Intellyx, LLC8
Cybersecurity, the Old Days Copyright © 2016, Intellyx, LLC9
Cybersecurity Today Copyright © 2016, Intellyx, LLC10 PhotoCredit:BjörnSöderqvisthttps://www.flickr.com/photos/kapten/
The Attack Surface Copyright © 2016, Intellyx, LLC11 Humans are the weakest link PhotoCredit:MarionDosshttps://www.flickr.com/photos/ooocha/ • The sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment (Wikipedia) • Attack vectors can be code-centric  Buffer overflow, SQL injection, etc. • Today, most attack vectors are human-centric
Human Attack Vectors • Phishing  Bulk emails seeking to trick people into clicking malicious links or downloading malware • Spear phishing  Targeted emails seeking to trick people into taking specific action • Other cons  Dropping infected flash drives in parking lots  Calls from “help desk” Copyright © 2016, Intellyx, LLC12 Confidence Tricks PhotoCredit:JointTaskForceGuantanamohttps://www.flickr.com/photos/jtfgtmo/
Insider Attacks • Rare: Edward Snowden  Privileged user with political or other principled motivation • Uncommon: Compromised employee  Target of blackmail or other extortion • More common: Disgruntled employee  More likely to do damage than steal something • Very common: Careless employee  Click on phishing link or open phishing email  Using unauthorized cloud storage Copyright © 2016, Intellyx, LLC13 DonkeyHoteyhttps://www.flickr.com/photos/donkeyhotey/
Advanced Persistent Threats (APTs) • Professional, technologically advanced attacks • Typically single out particular target • Take careful, step-by-step approach  Introduce malware (often by spear phishing)  Malware moves around network  ‘Phones home’ to establish command & control link  Exfiltrates valuable data/money Copyright © 2016, Intellyx, LLC14 PhotoCredit:PaulvandeVeldehttps://www.flickr.com/photos/dordrecht-holland/
Every Endpoint is Vulnerable • Computers • Mobile Devices • Network equipment • Anything on the Internet of Things  Thermostats  Industrial equipment  Appliances  Automobiles  And many, many more… Copyright © 2016, Intellyx, LLC15 PhotoCredit:tomemrichhttps://www.flickr.com/photos/90941490@N06/
Cyber Assumptions • Every endpoint can be compromised • Every user can be compromised • Malware is everywhere • Attackers have the run of your organization Copyright © 2016, Intellyx, LLC16 Mitigation is Essential PhotoCredit:Robhttps://www.flickr.com/photos/rob060/
Jason Bloomberg President, Intellyx jason@intellyx.com @theebizwizard Download poster at AgileDigitalTransformation.com Send email NOW to zombie@intellyx.com to download this presentation Thank You! Copyright © 2016, Intellyx, LLC Thank You!
Wrecking the Cyber House of Horror with Crypto-Segmentation Satyam Tyagi, CTO Certes Networks
Infrastructure-Centric Security Mess Why are we in the House of Horrors? 19
IT has out-evolved IT Security 1990 2000 2010 2016 Enterprise IT Packet networking Digitization, networked application IT Security Firewalls, gateways inspecting packet traffic at perimeter Internet Smart devices Cloud MDM/EMM, NAC, IDS, threat management VPNs, remote access, network access Enterprise security continues to be based on inspecting traffic and making security decisions based on packets: ports, IP addresses, header tags, etc. This means the security model is tied to networks & infrastructure that are already compromised; every major data breaches has exploited this failing • Borderless • Virtual • Platforms • Perimeter • Device-based • Point productsIdentity, authentication 20Copyright 2016 Certes Networks. Visit CertesNetworks.com
The Original Attack Surface 21 Exposure When application traffic and users stayed inside the LAN, the attack surface was minimal Copyright 2016 Certes Networks. Visit CertesNetworks.com
New Exposure The New Attack Surface 22 Exposure Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD IoT As IT has evolved, attack surface has exploded User & App Sprawl: mess of users accessing mess of applications Copyright 2016 Certes Networks. Visit CertesNetworks.com
Humanly Impossible Complexity, Enemy of Security 23 New Exposure Firewalled Perimeter Cloud Apps InternetAccess Remote Workers Access Contractor Remote Office Access Access BYOD IoT Security Office Business Requirements • What are the assets/apps? • Why are they valuable? • Who needs access to them? • Potential negative impact if confidentiality, integrity or availability breached CATEGORIZE Security Policy & Controls • Access Control • Awareness Training • Audit Accountability • Assessment Authorization • Configuration Management • Contingency Planning • Identification Authentication • Incident Response • … SELECT CASBIoT Gateways Software- Defined Perimeter/ VPN EMM/NAC Micro- Segmentation FW/SWG VPN Mobility Team Data Center Team IoT Team Cloud App Team Remote Worker Team Internet Network Firewall Team IMPLEMENT Siloed Expensive Work + Slower to Market = $$$ (expensive) Partner Access Team Copyright 2016 Certes Networks. Visit CertesNetworks.com
Facing the House of Horrors Decoupling Security from Infrastructure Copyright 2016 Certes Networks. Visit CertesNetworks.com 24
Business-Driven Infrastructure-Independent Security Security officer “Implements” security policy and controls to meet business requirements • No dependence on type of infrastructure • No dependence on multiple other teams • Simply Categorize & Segregate Business Assets (Apps) • Defines Access based on User Roles & Business Needs 25 Security Office Business Requirements • What are the assets/apps? • Why are they valuable? • Who needs access to them? • Potential negative impact if confidentiality, integrity or availability breached CATEGORIZE Security Policy & Controls • Access Control • Awareness Training • Audit Accountability • Assessment Authorization • Configuration Management • Contingency Planning • Identification Authentication • Incident Response • … SELECT IMPLEMENT Copyright 2016 Certes Networks. Visit CertesNetworks.com
New Exposure Firewalled Perimeter Infrastructure to Business, Chaos to Harmony! 26 Cloud Apps InternetAccess Access Remote Workers Contractor Remote Office Access Access BYOD IoT SalesOps Copyright 2016 Certes Networks. Visit CertesNetworks.com
IT Security Evolution 1990 2000 2010 2016 Enterprise IT Packet networking Digitization, networked application IT Security Firewalls, gateways inspecting packet traffic at perimeter Internet Smart devices Cloud Intrusion detection, traffic inspection. threat management VPNs, remote access, network access Certes redefines security by decoupling it from network devices Security decisions are not based on ports, addresses or other network parameters • Borderless • Virtual • Platforms • Borderless • Virtual • PlatformIdentity, authentication Software- defined, application access & segmentation 27Copyright 2016 Certes Networks. Visit CertesNetworks.com
Cryptography Decouples Security From Infrastructure 28 ‘No Trust’ with Micro- segmentation ‘No Trust’ with Crypto- segmentation How it works What it means for you How it works What it means for you Basis of Trust Infrastructure Infrastructure compromised & everything is at risk Cryptographic credentials, X.509 certificates, Cryptographic keys All assets are protected unless attacker can break each individual app key (practical impossibility) Basis of Policy VM instances, Layer 2 to Layer 7 firewalls, network flows Compromised machine can be used to laterally move out of micro-segment X.509 certificates Cryptographic keys and security associations No credentials, no keys, no lateral movement Crypto usage Optional for confidentiality and privacy for interconnecting segments Privacy and confidentiality are already provided by most apps Cryptography is the fabric of trust, policy decision and segmentation; consistent privacy is secondary benefit Non-crypto segmentation is exploited in breach after breach via lateral movement User aware Not user role aware Access is granted based on layer 2-7 firewall rules User identity and role are basis for access Business roles and strong identity define access Scope Data-Center or cloud Separate policies inside, outside, user location True end-to-end from user devices to app workloads One policy end-to-end Copyright 2016 Certes Networks. Visit CertesNetworks.com
Wrecking the House of Horrors Certes’ Role based Access to App Segments Copyright 2016 Certes Networks. Visit CertesNetworks.com 29
How to Wreck: Certes’ Role-based Access to App Segments 30Copyright 2016 Certes Networks. Visit CertesNetworks.com
Wrecking in Action 31 • Each app isolated in its own crypto-segments • Users granted access based on roles, applied across all apps consistently • User is compromised, lateral movement is blocked • Breach is contained, attack surface shrinks Copyright 2016 Certes Networks. Visit CertesNetworks.com
Software Defined Security Network Agnostic | Security overlay across silos Reduce Security Complexity Single point of policy configuration and enforcement Total Cost Reduction Single point of policy ownership and operational management End-to-End Security Client to application security | Lateral movement prevention Benefits of Wrecking 32Copyright 2016 Certes Networks. Visit CertesNetworks.com
Q&A Type your questions into the chat panel. Copyright 2016 Certes Networks. Visit CertesNetworks.com 33
Q&A Please type your questions into the chat panel. Or contact us at info@certesnetworks.com CertesNetworks.com Copyright 2016 Certes Networks. Visit CertesNetworks.com 34
CLICK TO EDIT MASTER TITLE STYLE Thank you! The slides and webinar replay will be emailed to you. Visit CertesNetworks.com Watch CryptoFlow Solutions in Action: https://youtu.be/MDy8x9z7mIc Copyright 2016 Certes Networks. Visit CertesNetworks.com

Recommended

Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Eliminate cyber-security threats using data analytics – Build a resilient ent...
Eliminate cyber-security threats using data analytics – Build a resilient ent...Eliminate cyber-security threats using data analytics – Build a resilient ent...
Eliminate cyber-security threats using data analytics – Build a resilient ent...Impetus Technologies
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014Islam Azeddine Mennouchi
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 

Recommended

Addressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAddressing the OWASP Mobile Security Threats using Xamarin
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Eliminate cyber-security threats using data analytics – Build a resilient ent...
Eliminate cyber-security threats using data analytics – Build a resilient ent...Eliminate cyber-security threats using data analytics – Build a resilient ent...
Eliminate cyber-security threats using data analytics – Build a resilient ent...Impetus Technologies
 
Mobile Application Security Code Reviews
Mobile Application Security Code ReviewsMobile Application Security Code Reviews
Mobile Application Security Code ReviewsDenim Group
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014Islam Azeddine Mennouchi
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter Rahul Neel Mani
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidNikola Milosevic
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 

More Related Content

What's hot

Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidNikola Milosevic
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 

What's hot (20)

Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP SeraphimdroidMobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshare
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSO
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
 

Similar to Securing the Expanding Enterprise Attack Surface

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Trish McGinity, CCSK
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to usPeter Wood
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...Rachel Wandishin
 
Unified threat management 4 july 17
Unified threat management 4 july 17Unified threat management 4 july 17
Unified threat management 4 july 17Yabibo
 
Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17Yabibo
 
Cisco security 27 jun 17
Cisco security 27 jun 17Cisco security 27 jun 17
Cisco security 27 jun 17Yabibo
 
Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17Yabibo
 
Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17Yabibo
 
Cisco security3 july17
Cisco security3 july17Cisco security3 july17
Cisco security3 july17Yabibo
 
Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17Yabibo
 
Cisco security 7 jun 17
Cisco security 7 jun 17Cisco security 7 jun 17
Cisco security 7 jun 17Yabibo
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 

Similar to Securing the Expanding Enterprise Attack Surface (20)

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
Unified threat management 4 july 17
Unified threat management 4 july 17Unified threat management 4 july 17
Unified threat management 4 july 17
 
Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17
 
Cisco security 27 jun 17
Cisco security 27 jun 17Cisco security 27 jun 17
Cisco security 27 jun 17
 
Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17
 
Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17
 
Cisco security3 july17
Cisco security3 july17Cisco security3 july17
Cisco security3 july17
 
Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17
 
Cisco security 7 jun 17
Cisco security 7 jun 17Cisco security 7 jun 17
Cisco security 7 jun 17
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 

More from Jason Bloomberg

PSD2: Open Banking with APIs
PSD2: Open Banking with APIsPSD2: Open Banking with APIs
PSD2: Open Banking with APIsJason Bloomberg
 
The customer journey, digital transformation, and you
The customer journey, digital transformation, and youThe customer journey, digital transformation, and you
The customer journey, digital transformation, and youJason Bloomberg
 
Effective Management of Docker Containers
Effective Management of Docker ContainersEffective Management of Docker Containers
Effective Management of Docker ContainersJason Bloomberg
 
Avoiding the Bimodal Disaster - New Life for Enterprise Architecture
Avoiding the Bimodal Disaster - New Life for Enterprise ArchitectureAvoiding the Bimodal Disaster - New Life for Enterprise Architecture
Avoiding the Bimodal Disaster - New Life for Enterprise ArchitectureJason Bloomberg
 
How the Cloud Fixes Bimodal IT
How the Cloud Fixes Bimodal ITHow the Cloud Fixes Bimodal IT
How the Cloud Fixes Bimodal ITJason Bloomberg
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?Jason Bloomberg
 
The Rise of the Open Source ESB
The Rise of the Open Source ESBThe Rise of the Open Source ESB
The Rise of the Open Source ESBJason Bloomberg
 
Removing roadblocks to digital transformation
Removing roadblocks to digital transformationRemoving roadblocks to digital transformation
Removing roadblocks to digital transformationJason Bloomberg
 
Restarting enterprise architecture in the age of digital transformation
Restarting enterprise architecture in the age of digital transformationRestarting enterprise architecture in the age of digital transformation
Restarting enterprise architecture in the age of digital transformationJason Bloomberg
 
Open source containers built for real time interactions
Open source containers built for real time interactionsOpen source containers built for real time interactions
Open source containers built for real time interactionsJason Bloomberg
 
Unleashing the power of machine learning for it ops management
Unleashing the power of machine learning for it ops managementUnleashing the power of machine learning for it ops management
Unleashing the power of machine learning for it ops managementJason Bloomberg
 
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...Jason Bloomberg
 
Innovation processes in the age of digital transformation
Innovation processes in the age of digital transformationInnovation processes in the age of digital transformation
Innovation processes in the age of digital transformationJason Bloomberg
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?Jason Bloomberg
 
Innovation in the age of digital transformation
Innovation in the age of digital transformationInnovation in the age of digital transformation
Innovation in the age of digital transformationJason Bloomberg
 
Digital and the api economy - don't forget your systems of record
Digital and the api economy - don't forget your systems of recordDigital and the api economy - don't forget your systems of record
Digital and the api economy - don't forget your systems of recordJason Bloomberg
 
Four considerations when monitoring microservices
Four considerations when monitoring microservicesFour considerations when monitoring microservices
Four considerations when monitoring microservicesJason Bloomberg
 
Avoiding the perils and pitfalls of cloud based integration
Avoiding the perils and pitfalls of cloud based integrationAvoiding the perils and pitfalls of cloud based integration
Avoiding the perils and pitfalls of cloud based integrationJason Bloomberg
 
Digital transformation & dev ops - two sides of same revolution
Digital transformation & dev ops - two sides of same revolutionDigital transformation & dev ops - two sides of same revolution
Digital transformation & dev ops - two sides of same revolutionJason Bloomberg
 
Streaming Analytics and Cognitive Computing - Changing the Game
Streaming Analytics and Cognitive Computing - Changing the GameStreaming Analytics and Cognitive Computing - Changing the Game
Streaming Analytics and Cognitive Computing - Changing the GameJason Bloomberg
 

More from Jason Bloomberg (20)

PSD2: Open Banking with APIs
PSD2: Open Banking with APIsPSD2: Open Banking with APIs
PSD2: Open Banking with APIs
 
The customer journey, digital transformation, and you
The customer journey, digital transformation, and youThe customer journey, digital transformation, and you
The customer journey, digital transformation, and you
 
Effective Management of Docker Containers
Effective Management of Docker ContainersEffective Management of Docker Containers
Effective Management of Docker Containers
 
Avoiding the Bimodal Disaster - New Life for Enterprise Architecture
Avoiding the Bimodal Disaster - New Life for Enterprise ArchitectureAvoiding the Bimodal Disaster - New Life for Enterprise Architecture
Avoiding the Bimodal Disaster - New Life for Enterprise Architecture
 
How the Cloud Fixes Bimodal IT
How the Cloud Fixes Bimodal ITHow the Cloud Fixes Bimodal IT
How the Cloud Fixes Bimodal IT
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
 
The Rise of the Open Source ESB
The Rise of the Open Source ESBThe Rise of the Open Source ESB
The Rise of the Open Source ESB
 
Removing roadblocks to digital transformation
Removing roadblocks to digital transformationRemoving roadblocks to digital transformation
Removing roadblocks to digital transformation
 
Restarting enterprise architecture in the age of digital transformation
Restarting enterprise architecture in the age of digital transformationRestarting enterprise architecture in the age of digital transformation
Restarting enterprise architecture in the age of digital transformation
 
Open source containers built for real time interactions
Open source containers built for real time interactionsOpen source containers built for real time interactions
Open source containers built for real time interactions
 
Unleashing the power of machine learning for it ops management
Unleashing the power of machine learning for it ops managementUnleashing the power of machine learning for it ops management
Unleashing the power of machine learning for it ops management
 
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
 
Innovation processes in the age of digital transformation
Innovation processes in the age of digital transformationInnovation processes in the age of digital transformation
Innovation processes in the age of digital transformation
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?
 
Innovation in the age of digital transformation
Innovation in the age of digital transformationInnovation in the age of digital transformation
Innovation in the age of digital transformation
 
Digital and the api economy - don't forget your systems of record
Digital and the api economy - don't forget your systems of recordDigital and the api economy - don't forget your systems of record
Digital and the api economy - don't forget your systems of record
 
Four considerations when monitoring microservices
Four considerations when monitoring microservicesFour considerations when monitoring microservices
Four considerations when monitoring microservices
 
Avoiding the perils and pitfalls of cloud based integration
Avoiding the perils and pitfalls of cloud based integrationAvoiding the perils and pitfalls of cloud based integration
Avoiding the perils and pitfalls of cloud based integration
 
Digital transformation & dev ops - two sides of same revolution
Digital transformation & dev ops - two sides of same revolutionDigital transformation & dev ops - two sides of same revolution
Digital transformation & dev ops - two sides of same revolution
 
Streaming Analytics and Cognitive Computing - Changing the Game
Streaming Analytics and Cognitive Computing - Changing the GameStreaming Analytics and Cognitive Computing - Changing the Game
Streaming Analytics and Cognitive Computing - Changing the Game
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Securing the Expanding Enterprise Attack Surface

  • 1. The Cyber House of Horrors: Securing the Expanding Enterprise Attack Surface Welcome CertesNetworks.com
  • 2. A Little Housekeeping • This webinar is being recorded a replay link will be sent to you by email along with the slides. • You are muted by default, please ask any questions in the Q&A section or the chat window. • We will have a Q&A section at the end of the webinar. • If you experience technical difficulties joining the WebEx session please dial: 1-866-229-3239, or you can message the WebEx Producer using the Q&A panel. Copyright 2016 Certes Networks. Visit CertesNetworks.com 2
  • 3. Our Speakers Jason Bloomberg, President of Intellyx & contributor to Forbes - Presenter Satyam Tyagi, CTO of Certes Networks - Presenter Adam Boone, CMO of Certes Networks - Moderator 3Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 4. The Original Attack Surface Exposure When application traffic and users stayed inside the LAN, the attack surface was minimal 4Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 5. New Exposure The New Attack Surface Exposure Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD IoT As IT has evolved, attack surface has exploded User & App Sprawl: mess of users accessing mess of applications 5Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 6. New Exposure But Same Perimeter Defense Firewalled Perimeter Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD 20+ year old perimeter-oriented architecture 20+ year old trust model 20+ year old security model tied to enforcing security in infrastructure Network Sprawl, IT Sprawl, Security Sprawl … creating silos and gaps exploited by attackers in all the major data breaches IoT 6Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 7. The Cyber House of Horrors Securing the Expanding Enterprise Attack Surface Jason Bloomberg President jason@intellyx.com @theebizwizard Copyright © 2016, Intellyx, LLC
  • 8. About Jason Bloomberg • President of industry analyst firm Intellyx • Latest book The Agile Architecture Revolution • Recently published the Agile Digital Transformation Roadmap poster Copyright © 2016, Intellyx, LLC8
  • 9. Cybersecurity, the Old Days Copyright © 2016, Intellyx, LLC9
  • 10. Cybersecurity Today Copyright © 2016, Intellyx, LLC10 PhotoCredit:BjörnSöderqvisthttps://www.flickr.com/photos/kapten/
  • 11. The Attack Surface Copyright © 2016, Intellyx, LLC11 Humans are the weakest link PhotoCredit:MarionDosshttps://www.flickr.com/photos/ooocha/ • The sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment (Wikipedia) • Attack vectors can be code-centric  Buffer overflow, SQL injection, etc. • Today, most attack vectors are human-centric
  • 12. Human Attack Vectors • Phishing  Bulk emails seeking to trick people into clicking malicious links or downloading malware • Spear phishing  Targeted emails seeking to trick people into taking specific action • Other cons  Dropping infected flash drives in parking lots  Calls from “help desk” Copyright © 2016, Intellyx, LLC12 Confidence Tricks PhotoCredit:JointTaskForceGuantanamohttps://www.flickr.com/photos/jtfgtmo/
  • 13. Insider Attacks • Rare: Edward Snowden  Privileged user with political or other principled motivation • Uncommon: Compromised employee  Target of blackmail or other extortion • More common: Disgruntled employee  More likely to do damage than steal something • Very common: Careless employee  Click on phishing link or open phishing email  Using unauthorized cloud storage Copyright © 2016, Intellyx, LLC13 DonkeyHoteyhttps://www.flickr.com/photos/donkeyhotey/
  • 14. Advanced Persistent Threats (APTs) • Professional, technologically advanced attacks • Typically single out particular target • Take careful, step-by-step approach  Introduce malware (often by spear phishing)  Malware moves around network  ‘Phones home’ to establish command & control link  Exfiltrates valuable data/money Copyright © 2016, Intellyx, LLC14 PhotoCredit:PaulvandeVeldehttps://www.flickr.com/photos/dordrecht-holland/
  • 15. Every Endpoint is Vulnerable • Computers • Mobile Devices • Network equipment • Anything on the Internet of Things  Thermostats  Industrial equipment  Appliances  Automobiles  And many, many more… Copyright © 2016, Intellyx, LLC15 PhotoCredit:tomemrichhttps://www.flickr.com/photos/90941490@N06/
  • 16. Cyber Assumptions • Every endpoint can be compromised • Every user can be compromised • Malware is everywhere • Attackers have the run of your organization Copyright © 2016, Intellyx, LLC16 Mitigation is Essential PhotoCredit:Robhttps://www.flickr.com/photos/rob060/
  • 17. Jason Bloomberg President, Intellyx jason@intellyx.com @theebizwizard Download poster at AgileDigitalTransformation.com Send email NOW to zombie@intellyx.com to download this presentation Thank You! Copyright © 2016, Intellyx, LLC Thank You!
  • 18. Wrecking the Cyber House of Horror with Crypto-Segmentation Satyam Tyagi, CTO Certes Networks
  • 19. Infrastructure-Centric Security Mess Why are we in the House of Horrors? 19
  • 20. IT has out-evolved IT Security 1990 2000 2010 2016 Enterprise IT Packet networking Digitization, networked application IT Security Firewalls, gateways inspecting packet traffic at perimeter Internet Smart devices Cloud MDM/EMM, NAC, IDS, threat management VPNs, remote access, network access Enterprise security continues to be based on inspecting traffic and making security decisions based on packets: ports, IP addresses, header tags, etc. This means the security model is tied to networks & infrastructure that are already compromised; every major data breaches has exploited this failing • Borderless • Virtual • Platforms • Perimeter • Device-based • Point productsIdentity, authentication 20Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 21. The Original Attack Surface 21 Exposure When application traffic and users stayed inside the LAN, the attack surface was minimal Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 22. New Exposure The New Attack Surface 22 Exposure Cloud Apps InternetAccess Remote Workers Access Contractor VPN Remote Office Access Access BYOD IoT As IT has evolved, attack surface has exploded User & App Sprawl: mess of users accessing mess of applications Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 23. Humanly Impossible Complexity, Enemy of Security 23 New Exposure Firewalled Perimeter Cloud Apps InternetAccess Remote Workers Access Contractor Remote Office Access Access BYOD IoT Security Office Business Requirements • What are the assets/apps? • Why are they valuable? • Who needs access to them? • Potential negative impact if confidentiality, integrity or availability breached CATEGORIZE Security Policy & Controls • Access Control • Awareness Training • Audit Accountability • Assessment Authorization • Configuration Management • Contingency Planning • Identification Authentication • Incident Response • … SELECT CASBIoT Gateways Software- Defined Perimeter/ VPN EMM/NAC Micro- Segmentation FW/SWG VPN Mobility Team Data Center Team IoT Team Cloud App Team Remote Worker Team Internet Network Firewall Team IMPLEMENT Siloed Expensive Work + Slower to Market = $$$ (expensive) Partner Access Team Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 24. Facing the House of Horrors Decoupling Security from Infrastructure Copyright 2016 Certes Networks. Visit CertesNetworks.com 24
  • 25. Business-Driven Infrastructure-Independent Security Security officer “Implements” security policy and controls to meet business requirements • No dependence on type of infrastructure • No dependence on multiple other teams • Simply Categorize & Segregate Business Assets (Apps) • Defines Access based on User Roles & Business Needs 25 Security Office Business Requirements • What are the assets/apps? • Why are they valuable? • Who needs access to them? • Potential negative impact if confidentiality, integrity or availability breached CATEGORIZE Security Policy & Controls • Access Control • Awareness Training • Audit Accountability • Assessment Authorization • Configuration Management • Contingency Planning • Identification Authentication • Incident Response • … SELECT IMPLEMENT Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 26. New Exposure Firewalled Perimeter Infrastructure to Business, Chaos to Harmony! 26 Cloud Apps InternetAccess Access Remote Workers Contractor Remote Office Access Access BYOD IoT SalesOps Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 27. IT Security Evolution 1990 2000 2010 2016 Enterprise IT Packet networking Digitization, networked application IT Security Firewalls, gateways inspecting packet traffic at perimeter Internet Smart devices Cloud Intrusion detection, traffic inspection. threat management VPNs, remote access, network access Certes redefines security by decoupling it from network devices Security decisions are not based on ports, addresses or other network parameters • Borderless • Virtual • Platforms • Borderless • Virtual • PlatformIdentity, authentication Software- defined, application access & segmentation 27Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 28. Cryptography Decouples Security From Infrastructure 28 ‘No Trust’ with Micro- segmentation ‘No Trust’ with Crypto- segmentation How it works What it means for you How it works What it means for you Basis of Trust Infrastructure Infrastructure compromised & everything is at risk Cryptographic credentials, X.509 certificates, Cryptographic keys All assets are protected unless attacker can break each individual app key (practical impossibility) Basis of Policy VM instances, Layer 2 to Layer 7 firewalls, network flows Compromised machine can be used to laterally move out of micro-segment X.509 certificates Cryptographic keys and security associations No credentials, no keys, no lateral movement Crypto usage Optional for confidentiality and privacy for interconnecting segments Privacy and confidentiality are already provided by most apps Cryptography is the fabric of trust, policy decision and segmentation; consistent privacy is secondary benefit Non-crypto segmentation is exploited in breach after breach via lateral movement User aware Not user role aware Access is granted based on layer 2-7 firewall rules User identity and role are basis for access Business roles and strong identity define access Scope Data-Center or cloud Separate policies inside, outside, user location True end-to-end from user devices to app workloads One policy end-to-end Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 29. Wrecking the House of Horrors Certes’ Role based Access to App Segments Copyright 2016 Certes Networks. Visit CertesNetworks.com 29
  • 30. How to Wreck: Certes’ Role-based Access to App Segments 30Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 31. Wrecking in Action 31 • Each app isolated in its own crypto-segments • Users granted access based on roles, applied across all apps consistently • User is compromised, lateral movement is blocked • Breach is contained, attack surface shrinks Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 32. Software Defined Security Network Agnostic | Security overlay across silos Reduce Security Complexity Single point of policy configuration and enforcement Total Cost Reduction Single point of policy ownership and operational management End-to-End Security Client to application security | Lateral movement prevention Benefits of Wrecking 32Copyright 2016 Certes Networks. Visit CertesNetworks.com
  • 33. Q&A Type your questions into the chat panel. Copyright 2016 Certes Networks. Visit CertesNetworks.com 33
  • 34. Q&A Please type your questions into the chat panel. Or contact us at info@certesnetworks.com CertesNetworks.com Copyright 2016 Certes Networks. Visit CertesNetworks.com 34
  • 35. CLICK TO EDIT MASTER TITLE STYLE Thank you! The slides and webinar replay will be emailed to you. Visit CertesNetworks.com Watch CryptoFlow Solutions in Action: https://youtu.be/MDy8x9z7mIc Copyright 2016 Certes Networks. Visit CertesNetworks.com