Presentation delivered at the Cybercrime conference of the World Union of Arab Bankers on Nov 5th, 2016. It explains how digital technologies are pushing us to rethink the traditional model of securing the enterprise.

1. The Fortress has fallen: the new approach to
Cybersecurity
Marc Nader
@mourcous
Date | November-2016

2. 2
Leaders in Information &
Communication Technology
Leaders in
Virtualization & Cloud
Computing
Leaders in IT
Outsourcing & Cloud
Solutions

3. The fortress approach
Breaking through the walls: Digitization, IoT & Cloud
The Zero-Trust network
Redefining the rules of the game
The new approach & the promise of the cloud
Agenda
3

4. The Industrialisation of hacking
4

5. The Players
5
Nation States Hacktivists Cybercriminals

6. A market place
6

7. The Fortress Approach

8. Security zones
8

9. Security zones
9
INSIDE
Demilitarized Zone
(DMZ)
OUTSIDE
Published
Data
Private
Data

10. Sophisticated Perimeter
10
Firewall IPS Sandbox
Access
Restrictions
Network
Attacks
Malware Web
Application
Firewall

11. We built a strong fortress
11
The perimeter was the
last thing that
connected us to the
internet.

12. Digitization, IOT & Cloud

13. Your people are working
from different places

14. Your people are working
from many devices

15. 15
In a digital world, everything is connected

16. 16
The perimeter is broken by every digital service.

17. The Zero-Trust Network

18. You are as secure as your weakest link
18

19. Stuxnet. Natanz, Iran
19

20. Gauss. Beirut, Lebanon
20

21. Infections of Stuxnet, Duqu, Flame & Ghost
21

22. Everyone becomes untrusted
22
Untrusted

23. Everyone becomes untrusted
22
Untrusted Trusted

24. Everyone becomes untrusted
22
Untrusted

25. Everyone becomes untrusted
22
Untrusted Untrusted

26. The zero Trust Network
• Secure the data and not the perimeter
• Everybody is untrusted
• All resources are accessed securely
• Design the network from the inside out
• Security Analytics
23

27. Redefining the rules of the game

28. The new Security Framework
25
Authentication: endpoints should be
fingerprinted.
Authorization: establishing the cross
platform trust relationships.
Network Enforced Policy: all
elements that route and transport
endpoint traffic securely over the
infrastructure.
Analytics: Data, generated by the IoT
devices, is only valuable if the right
analytics algorithms or other
security intelligence processes are
defined to identify the threat.
Ref.:Cisco

29. BeyondCorp
Unprivileged Network in a
private space with limited
network services
Authenticating endpoints
Access-proxies
Access-control
Security Analytics
Ref.:Google
26

30. Software-Defined Perimeter
Micro-segmentation, wrapping of the critical data
27

31. 28

32. The new approach & The promise of the cloud

33. Who is more focused on security?
30
You?

34. Can we catch up?
“[Google's] ability to build, organize, and operate
a huge network of servers and fiber-optic cables
with an efficiency and speed that rocks physics
on its heels.
This is what makes Google Google: its physical
network, its thousands of fiber miles, and those
many thousands of servers that, in aggregate,
add up to the mother of all clouds.”
- Wired
31

35. Data replication across clouds
32
Data Center
Data Center
Data Center
Data Center

36. Why is security so tough?
33
Data Problem: Users want to access their data anytime, from anywhere
of corporate data
resides unprotected on PC
desktops and laptops
60%
laptop computers will
be stolen within 12 months
of purchase
1-out-of-10
of USB thumb drive owners report
losing them, over 60% with private
corporate data on them
66%

37. Takeways
34
Protect UsersProtect
Information
Protect the
Company
• Digitization has broken down the perimeter
• No one can be trusted
• Zero trust architecture moves the security efforts to each transaction
• Cloud architectures are the most ready to deliver on this promise

38. Zero-trust
35
Amazon, 107B$ Alibaba, 83B$

39. Zero-trust
35
Amazon, 107B$ Alibaba, 83B$
100% of their users reside in untrusted zones

40. Thank you!