SlideShare una empresa de Scribd logo

Rationalization and Defense in Depth - Two Steps Closer to the Clouds

Bob Rhubart
Bob Rhubart

As presented by Dave Chappelle at Oracle Technology Network Architect Day in Phoenix, AZ on December 14, 2011.

Tecnología
1 de 27
Descargar para leer sin conexión
<Insert Picture Here> OTN Architect Day Security Breakout Session Dave Chappelle 14 December 2011
Rationalization and Defense in Depth - Two Steps Closer to the Clouds OTN Architect Day 2011
Perimeter Security DB All network traffic All network traffic blocked blocked except for except from the proxy. specific ports. Web Server Application Message Mainframe (app Proxy) Server Queue Application Client Firewall Firewall DB DB DMZ Unprotected Zone Perimeter Protected Zone(s) • Can establish multiple perimeters • Alone, often involves a lot of implied trust • Each perimeter can be more restrictive • Modern environments don’t have such a clearly • Perimeters can be at varying degrees of granularity defined perimeter OTN Architect Day 2011
Defense in Depth • Military defensive strategy to secure a position using multiple defense "Krak des Chavaliers“, Syria mechanisms. • Less emphasis is placed on a single perimeter wall • Several barriers and different types of fortifications • Objective is to win the battle by attrition. The attacker may overcome some barriers but can’t sustain the attack for such a long period of time. OTN Architect Day 2011
Defense in Depth Governance, Identity & Risk Management, Access Management & Compliance Database Security (online storage & backups) Content Security, Information Rights Management Data Message Level Security Federation (SSO, Identity Propagation, Trust, …) Application Authentication, Authorization, Auditing (AAA) Security Assurance (coding practices) Host Platform O/S, Vulnerability Mgmt (patches), Desktop (malware protection),… Internal Network Transport Layer Security (encryption, identity) Firewalls, network address translation, denial Perimeter of service prevention, message parsing and validation, ... Physical Fences, walls, guards, locks, keys, badges, … Data Classification, Password Strengths, Policies, Procedures, & Awareness Code Reviews, Usage Policies, … OTN Architect Day 2011
Defense in Depth: Greater Control Many enforcement points Data Application / Service Host Internal Network Perimeter Physical Policies & Procedures Consistent set of policies & procedures OTN Architect Day 2011
Security Silos Support • Application silos with their own standalone security architecture • Integration is hard enough without security ! ! • End users have many logins & passwords End User Security Administrator • Administration is time- consuming and error-prone • Auditing is inaccurate ? and/or impossible Finance Sales Security Auditor OTN Architect Day 2011
Security Framework Support • Security is part of the foundation, not an inconvenient afterthought • Users have one identity and a set of roles & attributes that govern access End User Security Security Administrator • Administration operator-centric, not Framework system-centric • Auditing is possible and realistic Finance Sales Security Auditor OTN Architect Day 2011
Security Framework High Level Architecture Information Processing: Infrastructure Platforms • Provide a secure run-time environment (Application Servers, Information Management Systems, etc.) • Offer security services to business logic Development & Administration • Allow solution-level security administration Administration Business Information Design & Logic Information Information Information Management: Processing Management • Provide a secure data persistence env. Security Services Security Services • Offer security features to protect data • Allow db-level security administration Security Interfaces Security Framework: Shared Security Services • Provide shared security services • Manage security data for the enterprise Enterprise Security Information • Allow enterprise-level security administration Security Management & Administration Security Interfaces: Enterprise Security Framework • Provide consistent access to security services • Embrace open, common industry standards OTN Architect Day 2011
Support for Architecture Principles Architecture Principles Provides Security as a Service Supports Defense in Depth Supports Least Privilege Supports Information Confidentiality, Integrity, & Availability Provides Secure Management of Security Information Provides Active Threat Detection and Analysis Provides Secure Audit Trail Provides Cross-Domain Identity Federation OTN Architect Day 2011
Space Between the Clouds Technology Integration Private Private Public Id & Access Mgmt Cloud Cloud Cloud Data SaaS Application / Service PaaS Host IaaS Internal Network Perimeter Physical Your Cloud Organization Provider Policies & Procedures GRC Planning & Reconciliation OTN Architect Day 2011
SaaS I&AM Authorization Authorization Patterns Access Policy Access Policy Management Management Provider B Identity Provider Management A Provider SAML C User id & attributes User Id SPML SAML In-House (Private) Authentication IT Environment Authorization Authentication Authorization STS Identity Provider D Management Identity Access Policy Management Management SAML, WS-Trust, Access Policy WS-Federation Management OTN Architect Day 2011
Common Attacks & Cloud Computing Common What types of attacks Attacks happen most frequently? Defense How would you normally Strategies protect your IT resources? Cloud What might be different Scenario about a Cloud environment? OTN Architect Day 2011
Common Threat Summarization • 2011 Data Breach Investigations Report (DBIR) Verizon Investigative Response Team + US Secret Service (financial & cyber fraud) + Dutch National High Tech Crime Unit • 2010: 761 incidents, ~ 4 million records compromised • 7 years: > 1700 incidents, > 900 million records compromised Verizon Enterprise Risk & Incident Sharing (VERIS) Framework • Agent: Whose actions affected the asset • Action: What actions affected the asset • Asset: Which assets were affected • Attribute: How the asset was affected OTN Architect Day 2011
Threat Agents - External 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% External “[External Agents] created economies of 58% Organized Criminal Groups scale by refining standardized, 40% Unaffiliated individuals automated, and highly repeatable 2% Former Employees attacks directed at smaller, vulnerable, and largely homogenous targets.” 1% Competitors 1. Malware Actions 49% / 79% 2. Hacking 50% / 89% 3. Misuse 17% / 1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) OTN Architect Day 2011
Hacking (50% of breaches, 89% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Backdoor or command/control channel 1 73% / 45% Default or guessable credentials 2 67% / 30% Brute force & dictionary attacks 2 52% / 34% Footprinting & fingerprinting 1 49% / 19% 71% via remote access services Use of stolen login credentials 2 21% / 21% (RDP, PCAnywhere, Go2Assist, LogMein, NetViewer, ssh, SQL Injection 3 14% / 24% telnet, rsh, …) Insufficient authentication 4 10% / 21% Abuse of functionality 10% / 19% Buffer overflow 3 9% / 15% Defensive Strategy: Cloud Implications: 1. Limit network/port/protocol access • Remote access may be required for public 2. Strengthen & change passwords cloud maintenance & troubleshooting 3. Protect applications from SQL • Cloud provider may control authentication & injection & buffer overflows password requirements 4. Require authentication • Cloud provider may control code base OTN Architect Day 2011
Malware (49% of breaches, 79% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Installed / Injected by remote attacker 1 81% Email 4% 2 3 Web / Internet auto-executed (“drive-by” infection) 3% 2 3 Web / Internet user-executed (download) 3% 2 3 • Designed to: open back doors, perform key logging, RAM scraping, network scanning, data capture & send, … • 80% installed by attacker following breach of system • Almost 100% caused by external agents Defensive Strategy: Cloud Implications: 1. Protect systems from hacking • Efficacy of cloud provider’s security 2. Maintain system patches, virus measures will factor into risk - protection, security settings, firewalls • How are hacking threats handled? 3. Internet Usage Policies & Awareness • How are Internet-facing devices 4. Consider Internet-facing devices to be secured and isolated? suspect & limit access accordingly • How are they audited for compliance? OTN Architect Day 2011
Perimeters & Internal Networks • Limit exposure to the Internet • Turn off unnecessary ports & protocols • Limit exposure to management interfaces • Don’t plug in devices that may be contaminated • Data Loss Prevention • VPN • Site to site • User to site • Cloud as a DMZ • Multi-tenancy • A hacker’s launch point? Firewall OTN Architect Day 2011
Threat Agents - Internal 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% Internal • Not as scalable as external agents 85% Regular Employee / End User • 9% of incidents involve a 22% Finance / Accounting Staff combination of external and 11% Executive / Upper Mgmt internal agents 9% Helpdesk, SA, DBA, Developer • fewer records but greater impact 1. Malware Actions 49% / 79% 2. Hacking 50% / 89% 3. Misuse 17% / 1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) OTN Architect Day 2011
Misuse (17% of breaches, 1% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Embezzlement, skimming, & related fraud 75% Abuse of system access / privileges 49% Use of unapproved hardware / devices 39% Abuse of private knowledge 7% Defensive Strategy: 1. SoD, Principle of Least Privilege Access •“…employees aren’t normally escalating Control measures their privileges in order to steal data 2. Auditing & Review because they don’t need to. They simply 3. Deprovisioning users take advantage of whatever standard 4. Data Loss Prevention solutions user privileges were granted to them by their organizations.” Cloud Implications: • Cloud provider maintains some level of •“…regular employees typically seek identity and access management “cashable” forms of information like • Auditing & review up to cloud provider payment card data, bank account • DLP up to cloud provider numbers, and personal information.” • Abuse of privilege not “provider-dependent” OTN Architect Day 2011
Threat Agents - Partner 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) • Includes vendors, suppliers, hosting providers, outsourced IT support • Direct involvement has been on the decline • Responsible involvement has not declined • Attacks often involve compromised remote access connection • Poor governance, lax security, too much trust • “Out-of-sight, Out-of mind” condition Cloud Implications: • Provider’s enforcement of Least Privilege and Segregation of Duties • Provider’s contrats, policies, controls, governance, & auditing • Secure communications channels & active threat detection • You can’t delegate accountability OTN Architect Day 2011
Administrative & Management Control • Cloud control vs. your control • Where are the lines drawn? • Segregation of Duties, Least Privilege • How do you measure your provider’s success? • How will you know if your risk is greater than expected? • Audit & Review • What (objectives), by whom, how often • Motility of Data • How to ensure data remnants are destroyed (digital shredding) OTN Architect Day 2011
(Some of) The Good… • Cloud providers have a deep vested interest in security • Must prove themselves to the market • Often much greater investment and attention to detail than traditional IT • Cloud homogeneity makes security auditing/testing simpler • Shifting public data to an external cloud reduces the exposure of the internal sensitive data • Data held by an unbiased party http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
…The Bad… • Multi-tenancy; need for isolation management • High value target for hackers • Fragmentation; creation of more silos • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
…& The Ugly • Proprietary implementations • Audit & compliance • Availability • Relying on a vendor to stay in business • Equipment seizure (e.g. FBI - DigitalOne AG 2011) http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
Recommendations  Institute Defense in Depth • Good general strategy to protect highly distributed systems (SOA, BPM, Cloud, etc.) • Protect the whole environment, not just the perimeter  Rationalize & Consolidate • Standardized frameworks, services, & technologies • Holistic management, visibility, & control  Mind The Gap(s) • Technology: Secure integration • Identity & Access Management • Policies, Procedures, Audits, Attestation, GRC Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies
Rationalization and Defense in Depth - Two Steps Closer to the Clouds

Recomendados

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsPeter Rawsthorne
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 

Recomendados

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsPeter Rawsthorne
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santossantosomar
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityMicrosoft TechNet - Belgium and Luxembourg
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threatsNetwork Intelligence India
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...Skoda Minotti
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Securitytbeckwith
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guardsNetwork Intelligence India
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
Hh 2012-mberman-sds2
Hh 2012-mberman-sds2Hh 2012-mberman-sds2
Hh 2012-mberman-sds2Michael Berman
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Microsoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementMicrosoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementIntergen
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
TrendMicro
TrendMicroTrendMicro
TrendMicro1CloudRoad.com
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Modification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skillsModification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skillsFranz Dalluay
 

Más contenido relacionado

La actualidad más candente

It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santossantosomar
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Introspeloso
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...Skoda Minotti
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Securitytbeckwith
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Private Cloud
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Microsoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementMicrosoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementIntergen
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 

La actualidad más candente (20)

It's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar SantosIt's 2012 and My Network Got Hacked - Omar Santos
It's 2012 and My Network Got Hacked - Omar Santos
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Open Sky Intro
Open Sky IntroOpen Sky Intro
Open Sky Intro
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Security
 
Microsoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution PresentationMicrosoft Forefront - Secure Endpoint Solution Presentation
Microsoft Forefront - Secure Endpoint Solution Presentation
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Hh 2012-mberman-sds2
Hh 2012-mberman-sds2Hh 2012-mberman-sds2
Hh 2012-mberman-sds2
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Microsoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT ManagementMicrosoft System Center 2012 Delivering better IT Management
Microsoft System Center 2012 Delivering better IT Management
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 

Destacado

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Modification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skillsModification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skillsFranz Dalluay
 
Measurement of behavior
Measurement of behaviorMeasurement of behavior
Measurement of behaviorFranz Dalluay
 
Cognitive behavior modification report
Cognitive behavior modification reportCognitive behavior modification report
Cognitive behavior modification reportFranz Dalluay
 
Cognitive behavior modification
Cognitive behavior modification Cognitive behavior modification
Cognitive behavior modification Anuja Chavan
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsCA API Management
 
Behaviour modification ppt 1
Behaviour modification ppt 1Behaviour modification ppt 1
Behaviour modification ppt 1Anju Gautam
 
Iso 27001 iso 27002
Iso 27001 iso 27002Iso 27001 iso 27002
Iso 27001 iso 27002Tensor
 
Behavior modification
Behavior modificationBehavior modification
Behavior modificationVhainj Hibe
 
Rationalization Plan (By Usec Tessam)
Rationalization Plan (By Usec Tessam)Rationalization Plan (By Usec Tessam)
Rationalization Plan (By Usec Tessam)Maam Lumanglas
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 

Destacado (17)

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Modification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skillsModification through teaching thinking and problem solving skills
Modification through teaching thinking and problem solving skills
 
Measurement of behavior
Measurement of behaviorMeasurement of behavior
Measurement of behavior
 
Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
 
Cognitive behavior modification report
Cognitive behavior modification reportCognitive behavior modification report
Cognitive behavior modification report
 
Cognitive behavior modification
Cognitive behavior modification Cognitive behavior modification
Cognitive behavior modification
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Rationalization plan
Rationalization planRationalization plan
Rationalization plan
 
DepED Rationalization
DepED RationalizationDepED Rationalization
DepED Rationalization
 
Weber
WeberWeber
Weber
 
Behavior Modification
Behavior ModificationBehavior Modification
Behavior Modification
 
Behaviour modification ppt 1
Behaviour modification ppt 1Behaviour modification ppt 1
Behaviour modification ppt 1
 
Iso 27001 iso 27002
Iso 27001 iso 27002Iso 27001 iso 27002
Iso 27001 iso 27002
 
Behavior modification
Behavior modificationBehavior modification
Behavior modification
 
Rationalization Plan (By Usec Tessam)
Rationalization Plan (By Usec Tessam)Rationalization Plan (By Usec Tessam)
Rationalization Plan (By Usec Tessam)
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Similar a Rationalization and Defense in Depth - Two Steps Closer to the Clouds

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityBob Rhubart
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introductionerry wardhana
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginNovell
 

Similar a Rationalization and Defense in Depth - Two Steps Closer to the Clouds (20)

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Enterprise Strategy for Cloud Security
Enterprise Strategy for Cloud SecurityEnterprise Strategy for Cloud Security
Enterprise Strategy for Cloud Security
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introduction
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
Unit 08: Security for Web Applications
Unit 08: Security for Web ApplicationsUnit 08: Security for Web Applications
Unit 08: Security for Web Applications
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
 

Más de Bob Rhubart

Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century Bob Rhubart
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionBob Rhubart
 
High Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingHigh Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingBob Rhubart
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureBob Rhubart
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceBob Rhubart
 
Making IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingMaking IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingBob Rhubart
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Oracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudOracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudBob Rhubart
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureBob Rhubart
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOABob Rhubart
 
Cloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsCloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsBob Rhubart
 
Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudBob Rhubart
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented ArchitectureBob Rhubart
 
Application-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsApplication-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsBob Rhubart
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise ManagerBob Rhubart
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureBob Rhubart
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceBob Rhubart
 
Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleCloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleBob Rhubart
 

Más de Bob Rhubart (20)

Business Integration for the 21st Century
Business Integration for the 21st Century Business Integration for the 21st Century
Business Integration for the 21st Century
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Cloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud AdoptionCloud Computing - A Pragmatic Approach to Cloud Adoption
Cloud Computing - A Pragmatic Approach to Cloud Adoption
 
High Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud ComputingHigh Availability Infrastructure for Cloud Computing
High Availability Infrastructure for Cloud Computing
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
Innovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle CoherenceInnovations in Data Grid Technology with Oracle Coherence
Innovations in Data Grid Technology with Oracle Coherence
 
Making IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud ComputingMaking IT Simple: A Pragmatic Approach to Cloud Computing
Making IT Simple: A Pragmatic Approach to Cloud Computing
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Oracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the CloudOracle VM Consolidation and Path to the Cloud
Oracle VM Consolidation and Path to the Cloud
 
Engineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the FutureEngineered Systems: Oracle's Vision for the Future
Engineered Systems: Oracle's Vision for the Future
 
21st Century SOA
21st Century SOA21st Century SOA
21st Century SOA
 
Cloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and DirectionsCloud Computing Industry Trends and Directions
Cloud Computing Industry Trends and Directions
 
Manage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the CloudManage and Monitor Oracle Applications in the Cloud
Manage and Monitor Oracle Applications in the Cloud
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
Application-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural ConsiderationsApplication-Driven Virtualization: Architectural Considerations
Application-Driven Virtualization: Architectural Considerations
 
Oracle Enterprise Manager
Oracle Enterprise ManagerOracle Enterprise Manager
Oracle Enterprise Manager
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the Future
 
Innovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle CoherenceInnovations in Grid Computing with Oracle Coherence
Innovations in Grid Computing with Oracle Coherence
 
Cloud Computing - Making IT Simple
Cloud Computing - Making IT SimpleCloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Rationalization and Defense in Depth - Two Steps Closer to the Clouds

  • 1. <Insert Picture Here> OTN Architect Day Security Breakout Session Dave Chappelle 14 December 2011
  • 2. Rationalization and Defense in Depth - Two Steps Closer to the Clouds OTN Architect Day 2011
  • 3. Perimeter Security DB All network traffic All network traffic blocked blocked except for except from the proxy. specific ports. Web Server Application Message Mainframe (app Proxy) Server Queue Application Client Firewall Firewall DB DB DMZ Unprotected Zone Perimeter Protected Zone(s) • Can establish multiple perimeters • Alone, often involves a lot of implied trust • Each perimeter can be more restrictive • Modern environments don’t have such a clearly • Perimeters can be at varying degrees of granularity defined perimeter OTN Architect Day 2011
  • 4. Defense in Depth • Military defensive strategy to secure a position using multiple defense "Krak des Chavaliers“, Syria mechanisms. • Less emphasis is placed on a single perimeter wall • Several barriers and different types of fortifications • Objective is to win the battle by attrition. The attacker may overcome some barriers but can’t sustain the attack for such a long period of time. OTN Architect Day 2011
  • 5. Defense in Depth Governance, Identity & Risk Management, Access Management & Compliance Database Security (online storage & backups) Content Security, Information Rights Management Data Message Level Security Federation (SSO, Identity Propagation, Trust, …) Application Authentication, Authorization, Auditing (AAA) Security Assurance (coding practices) Host Platform O/S, Vulnerability Mgmt (patches), Desktop (malware protection),… Internal Network Transport Layer Security (encryption, identity) Firewalls, network address translation, denial Perimeter of service prevention, message parsing and validation, ... Physical Fences, walls, guards, locks, keys, badges, … Data Classification, Password Strengths, Policies, Procedures, & Awareness Code Reviews, Usage Policies, … OTN Architect Day 2011
  • 6. Defense in Depth: Greater Control Many enforcement points Data Application / Service Host Internal Network Perimeter Physical Policies & Procedures Consistent set of policies & procedures OTN Architect Day 2011
  • 7. Security Silos Support • Application silos with their own standalone security architecture • Integration is hard enough without security ! ! • End users have many logins & passwords End User Security Administrator • Administration is time- consuming and error-prone • Auditing is inaccurate ? and/or impossible Finance Sales Security Auditor OTN Architect Day 2011
  • 8. Security Framework Support • Security is part of the foundation, not an inconvenient afterthought • Users have one identity and a set of roles & attributes that govern access End User Security Security Administrator • Administration operator-centric, not Framework system-centric • Auditing is possible and realistic Finance Sales Security Auditor OTN Architect Day 2011
  • 9. Security Framework High Level Architecture Information Processing: Infrastructure Platforms • Provide a secure run-time environment (Application Servers, Information Management Systems, etc.) • Offer security services to business logic Development & Administration • Allow solution-level security administration Administration Business Information Design & Logic Information Information Information Management: Processing Management • Provide a secure data persistence env. Security Services Security Services • Offer security features to protect data • Allow db-level security administration Security Interfaces Security Framework: Shared Security Services • Provide shared security services • Manage security data for the enterprise Enterprise Security Information • Allow enterprise-level security administration Security Management & Administration Security Interfaces: Enterprise Security Framework • Provide consistent access to security services • Embrace open, common industry standards OTN Architect Day 2011
  • 10. Support for Architecture Principles Architecture Principles Provides Security as a Service Supports Defense in Depth Supports Least Privilege Supports Information Confidentiality, Integrity, & Availability Provides Secure Management of Security Information Provides Active Threat Detection and Analysis Provides Secure Audit Trail Provides Cross-Domain Identity Federation OTN Architect Day 2011
  • 11. Space Between the Clouds Technology Integration Private Private Public Id & Access Mgmt Cloud Cloud Cloud Data SaaS Application / Service PaaS Host IaaS Internal Network Perimeter Physical Your Cloud Organization Provider Policies & Procedures GRC Planning & Reconciliation OTN Architect Day 2011
  • 12. SaaS I&AM Authorization Authorization Patterns Access Policy Access Policy Management Management Provider B Identity Provider Management A Provider SAML C User id & attributes User Id SPML SAML In-House (Private) Authentication IT Environment Authorization Authentication Authorization STS Identity Provider D Management Identity Access Policy Management Management SAML, WS-Trust, Access Policy WS-Federation Management OTN Architect Day 2011
  • 13. Common Attacks & Cloud Computing Common What types of attacks Attacks happen most frequently? Defense How would you normally Strategies protect your IT resources? Cloud What might be different Scenario about a Cloud environment? OTN Architect Day 2011
  • 14. Common Threat Summarization • 2011 Data Breach Investigations Report (DBIR) Verizon Investigative Response Team + US Secret Service (financial & cyber fraud) + Dutch National High Tech Crime Unit • 2010: 761 incidents, ~ 4 million records compromised • 7 years: > 1700 incidents, > 900 million records compromised Verizon Enterprise Risk & Incident Sharing (VERIS) Framework • Agent: Whose actions affected the asset • Action: What actions affected the asset • Asset: Which assets were affected • Attribute: How the asset was affected OTN Architect Day 2011
  • 15. Threat Agents - External 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% External “[External Agents] created economies of 58% Organized Criminal Groups scale by refining standardized, 40% Unaffiliated individuals automated, and highly repeatable 2% Former Employees attacks directed at smaller, vulnerable, and largely homogenous targets.” 1% Competitors 1. Malware Actions 49% / 79% 2. Hacking 50% / 89% 3. Misuse 17% / 1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) OTN Architect Day 2011
  • 16. Hacking (50% of breaches, 89% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Backdoor or command/control channel 1 73% / 45% Default or guessable credentials 2 67% / 30% Brute force & dictionary attacks 2 52% / 34% Footprinting & fingerprinting 1 49% / 19% 71% via remote access services Use of stolen login credentials 2 21% / 21% (RDP, PCAnywhere, Go2Assist, LogMein, NetViewer, ssh, SQL Injection 3 14% / 24% telnet, rsh, …) Insufficient authentication 4 10% / 21% Abuse of functionality 10% / 19% Buffer overflow 3 9% / 15% Defensive Strategy: Cloud Implications: 1. Limit network/port/protocol access • Remote access may be required for public 2. Strengthen & change passwords cloud maintenance & troubleshooting 3. Protect applications from SQL • Cloud provider may control authentication & injection & buffer overflows password requirements 4. Require authentication • Cloud provider may control code base OTN Architect Day 2011
  • 17. Malware (49% of breaches, 79% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Installed / Injected by remote attacker 1 81% Email 4% 2 3 Web / Internet auto-executed (“drive-by” infection) 3% 2 3 Web / Internet user-executed (download) 3% 2 3 • Designed to: open back doors, perform key logging, RAM scraping, network scanning, data capture & send, … • 80% installed by attacker following breach of system • Almost 100% caused by external agents Defensive Strategy: Cloud Implications: 1. Protect systems from hacking • Efficacy of cloud provider’s security 2. Maintain system patches, virus measures will factor into risk - protection, security settings, firewalls • How are hacking threats handled? 3. Internet Usage Policies & Awareness • How are Internet-facing devices 4. Consider Internet-facing devices to be secured and isolated? suspect & limit access accordingly • How are they audited for compliance? OTN Architect Day 2011
  • 18. Perimeters & Internal Networks • Limit exposure to the Internet • Turn off unnecessary ports & protocols • Limit exposure to management interfaces • Don’t plug in devices that may be contaminated • Data Loss Prevention • VPN • Site to site • User to site • Cloud as a DMZ • Multi-tenancy • A hacker’s launch point? Firewall OTN Architect Day 2011
  • 19. Threat Agents - Internal 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% Internal • Not as scalable as external agents 85% Regular Employee / End User • 9% of incidents involve a 22% Finance / Accounting Staff combination of external and 11% Executive / Upper Mgmt internal agents 9% Helpdesk, SA, DBA, Developer • fewer records but greater impact 1. Malware Actions 49% / 79% 2. Hacking 50% / 89% 3. Misuse 17% / 1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) OTN Architect Day 2011
  • 20. Misuse (17% of breaches, 1% of records) Source: Verizon 2011 Data Breach Investigations Report (DBIR) Embezzlement, skimming, & related fraud 75% Abuse of system access / privileges 49% Use of unapproved hardware / devices 39% Abuse of private knowledge 7% Defensive Strategy: 1. SoD, Principle of Least Privilege Access •“…employees aren’t normally escalating Control measures their privileges in order to steal data 2. Auditing & Review because they don’t need to. They simply 3. Deprovisioning users take advantage of whatever standard 4. Data Loss Prevention solutions user privileges were granted to them by their organizations.” Cloud Implications: • Cloud provider maintains some level of •“…regular employees typically seek identity and access management “cashable” forms of information like • Auditing & review up to cloud provider payment card data, bank account • DLP up to cloud provider numbers, and personal information.” • Abuse of privilege not “provider-dependent” OTN Architect Day 2011
  • 21. Threat Agents - Partner 1. External Agents 91% / 99% 2. Internal 16% / 1% 3. Partner <1% / <1% Source: Verizon 2011 Data Breach Investigations Report (DBIR) • Includes vendors, suppliers, hosting providers, outsourced IT support • Direct involvement has been on the decline • Responsible involvement has not declined • Attacks often involve compromised remote access connection • Poor governance, lax security, too much trust • “Out-of-sight, Out-of mind” condition Cloud Implications: • Provider’s enforcement of Least Privilege and Segregation of Duties • Provider’s contrats, policies, controls, governance, & auditing • Secure communications channels & active threat detection • You can’t delegate accountability OTN Architect Day 2011
  • 22. Administrative & Management Control • Cloud control vs. your control • Where are the lines drawn? • Segregation of Duties, Least Privilege • How do you measure your provider’s success? • How will you know if your risk is greater than expected? • Audit & Review • What (objectives), by whom, how often • Motility of Data • How to ensure data remnants are destroyed (digital shredding) OTN Architect Day 2011
  • 23. (Some of) The Good… • Cloud providers have a deep vested interest in security • Must prove themselves to the market • Often much greater investment and attention to detail than traditional IT • Cloud homogeneity makes security auditing/testing simpler • Shifting public data to an external cloud reduces the exposure of the internal sensitive data • Data held by an unbiased party http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 24. …The Bad… • Multi-tenancy; need for isolation management • High value target for hackers • Fragmentation; creation of more silos • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 25. …& The Ugly • Proprietary implementations • Audit & compliance • Availability • Relying on a vendor to stay in business • Equipment seizure (e.g. FBI - DigitalOne AG 2011) http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt OTN Architect Day 2011
  • 26. Recommendations  Institute Defense in Depth • Good general strategy to protect highly distributed systems (SOA, BPM, Cloud, etc.) • Protect the whole environment, not just the perimeter  Rationalize & Consolidate • Standardized frameworks, services, & technologies • Holistic management, visibility, & control  Mind The Gap(s) • Technology: Secure integration • Identity & Access Management • Policies, Procedures, Audits, Attestation, GRC Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies