Join Jason Bloomberg, President of Intellyx and contributor to Forbes and Satyam Tyagi, CTO for Certes Networks as they explore securing the frictionless enterprise.
- The Dark Side of the Frictionless Enterprise
- The Limitations of Network Segmentation
- Borderless Enterprises Require Borderless Security
- Crypto-Segmentation: Security in a Post-Trust World
- Certes Networks CryptoFlows
- Crypto-Segmentation with CryptoFlows
2. Our Speakers
2
Jason Bloomberg, President of Intellyx & contributor
to Forbes - Presenter
Satyam Tyagi, CTO of Certes Networks - Presenter
Adam Boone, CMO of Certes Networks - Moderator
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
3. Root of the Hacking Crisis
3
“Trusted”
Network
No encryption
IPsec
HTTPS
SSL#3
Access
Attacks
SSL#4
No encryption
SSL#1
SSL#2
Yippee! Oh no!We digitized everything! We digitized everything!
Yippee!
Yippee!
Oh no!
Oh no!
We can share everything!
Everybody’s
mobile!
We can share everything!
Everybody’s
mobile!
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
4. The Common Vector
4
“Trusted”
Network
No encryption
IPsec
HTTPS
SSL#3
Access
Attacks
SSL#4
No encryption
SSL#1
SSL#2
Every major data breach in the hacking headlines
has a fundamental architecture exploit in common
Failure of proper segmentation and isolation
of networks and applications
Once a single user or resource was compromised, hackers could move
laterally to the most sensitive applications
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
5. The New Risk
5
We are only as secure as the least
secure of …
Employees
Partners
Supply chain members
Contractors
… who have app access
Opening applications for sharing
means opening for potential hacking
We put locks on the external doors,
but anyone can go anywhere inside
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
16. Current State: Industry Response
More of the Same
The Truth is it will never
be Zero
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs 16
“Entry is often extremely quick, as one would
expect when exploiting stolen or weak
passwords. Most often it takes weeks to
discover, and that’s based entirely on when the
criminals want to start cashing in on their
bounty.”
– Verizon DBIR 2014
Security Industry is trying to address this
“Discrepancy” by trying to “reduce this gap”
17. • Traditional Security
Strong Perimeter: Threat prevention
via firewalls
• Current Generation of Security
Threat Detection and Response: Monitoring and Analysis of signatures,
behavior, sandbox
• Next Generation of Security
Threat Containment: Crypto-Segmentation
• Cryptographic segmentation of sensitive applications
• Role based controlled access
Minimizing breach damage by blocking
lateral movement
Threat Containment: Crypto-Segmentation
CertesNetworks.com
Threats
Contained
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs 17
18. Principles of Segmentation
• Where do you draw the
lines to segment?
What is it that you are
segmenting?
Networks Infrastructure or
Business Applications
• Who is granted access
inside the segments?
What checks, verification and
criteria are used to allow access?
Trusted Networks, Trusted
Device serial numbers or User
identity and role
• Who defines the segments
and access policy?
In or outside the organization,
which teams define policies?
Field network engineers, service
providers and contractors or
Security officers
18
Internet DMZ LAN WAN
CRM Code Billing
Sales
Engineering
Contractor
Trusted
Network
Trusted
Device
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
19. CryptoFlow
Role-based Access to App Crypto-Segments
19
Crypto-Segmentation Architecture
Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
20. CryptoFlows in Action
20Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
• Apps are individually,
cryptographically isolated in
their own crypto-segments
• Users are granted access
based on their roles and
authorization policy
• The Possibility of Lateral
Movement is eliminated
• A compromise of one user
is contained to only what
the user has access to, and
does not spread to
everything
21. CryptoFlow: Crypto-Segmentation
• Where do you draw the lines to
segment?
Lines are drawn around business
applications
• Who is granted access inside the
segments?
Only users with their business role
authorization get access to
applications that they need
• Who defines the segments and
access policy?
Security officer manages all policies
Enforcement is with cryptography
(keys)
• Why it succeeds?
Business centric end to end
security, enforced with strong
cryptography, under control of
security office
21Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
22. Start: Question the Status Quo
What are your business-driven security
requirements?
What happens when they change/evolve?
Does the current security architecture help
or hinder?
How does it hold in the BYOD, Mobile,
Cloud?
What happens when a breach takes place?
22Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
23. How to Apply Crypto-Segmentation
Make a list of your current applications
Prioritize most sensitive applications
Determine which user roles need access
to what
Crypto-segment along these dimensions
You have to start with business needs and
work backwards towards security, and not let
security infrastructure deficiencies force
business practices.
23Watch CryptoFlow Solutions in Action: https://youtu.be/RUIWhTgCNCs
24. CLICK TO EDIT MASTER
TITLE STYLE
Thank you!
The white paper and slides will be
emailed to you within 24 hours.
Watch CryptoFlow Solutions in Action:
https://youtu.be/RUIWhTgCNCs