SlideShare una empresa de Scribd logo

Zero Trusted Networks: Why Perimeter Security Is Dead

Jochen Kressin
Jochen Kressin

Nothing either inside or outside the network perimeter can be trusted without verification! Enterprises are struggling to prevent data breaches. Using conventional approaches they invest a lot of time and energy to protect their networks from outside attacks. VPNs and firewalls are the norms, but perimeter security is not enough anymore. The Zero Trust Security model moves access control mechanisms from the network perimeter to the actual users, devices, and systems.

Tecnología
1 de 21
Descargar para leer sin conexión
SEARCH GUARD ZERO TRUSTED NETWORKS © 2018 floragunn GmbH - All Rights Reserved OR: WHY PERIMETER SECURITY IS DEAD
© 2018 floragunn GmbH - All Rights Reserved ABOUT ME Jochen Kressin, Co-Founder & CTO of floragunn GmbH Makers of Search Guard Enterprise Security Suite for Elasticsearch Founded 2012 Main office: Berlin, Germany Partner offices: Seattle, New York, Miami, Bordeaux Meet us at booth #15 01.
© 2018 floragunn GmbH - All Rights Reserved WHY THIS TOPIC? I talk a lot to customers that are using Elasticsearch Most of them store sensitive data inside Elasticsearch Personally identifiable information: User- or customer data Financial information: Transaction data Healthcare information: Patient data Elasticsearch does not offer security out-of-the-box Natural question: How do you secure Elasticsearch? Answers are scary … 02.
© 2018 floragunn GmbH - All Rights Reserved ANSWERS 03. Evil Internet Sensitive Data Elasticsearch “It’s unprotected” Elasticsearch “Firewall” Elasticsearch “VPN and Firewall”
© 2018 floragunn GmbH - All Rights Reserved PERIMETER SECURITY 04. Elasticsearch Evil Internet Firewall Loadbalancer Data Lake HTTPS HTTPS HTTPS HTTP “Untrusted” “Trusted Perimeter”
© 2018 floragunn GmbH - All Rights Reserved ASSUMPTIONS Traffic from the outside cannot be trusted Traffic inside the perimeter can be trusted Access to the perimeter can be controlled Consequences VPNs, firewalls and loadbalancers are sufficient At any point in time, we know who has access to the data Traffic inside the VPN does not need to be encrypted end-to-end Performance is more important than encryption Security breaches will be detected 05.
© 2018 floragunn GmbH - All Rights Reserved REALITY CHECK Does perimeter security work? If it works, why do we still suffer from security breaches and data loss? Data breach @ Exactis Close to 340 million personal records leaked Phone number, home address Number, age and gender of children Elasticsearch cluster publicly accessible I don’t think this was on purpose, but a human mistake 06.
© 2018 floragunn GmbH - All Rights Reserved WHAT HAS CHANGED? Access control Partners, freelancers, part-time contractors etc. These are all potential inside threats Locations Remote offices Remote workers Devices Laptops, smartphone, tablets Bring your own device 07.
© 2018 floragunn GmbH - All Rights Reserved WHAT HAS CHANGED? Cloud computing Cloud storage Microservices SaaS / PaaS / IaaS Containerization Docker, Kubernetes etc. How to apply IP-based security? Decentralized systems / clusters Internet of things 08.
© 2018 floragunn GmbH - All Rights Reserved WHERE IS THE PERIMETER NOW? 09. Office Internet Aynwhere Cloud Storage SaaS Cloud Storage Elasticsearch Datacenter
© 2018 floragunn GmbH - All Rights Reserved PERIMETER SECURITY REVISITED 10. Elasticsearch Evil Internet Firewall Loadbalancer Data Lake HTTPS HTTPS HTTPS HTTP “Untrusted” “Trusted Perimeter”
© 2018 floragunn GmbH - All Rights Reserved ZERO TRUSTED NETWORK 11. Office Internet Elasticsearch Aynwhere Datacenter Cloud Storage SaaS Cloud Storage “Untrusted”
© 2018 floragunn GmbH - All Rights Reserved FACT CHECK Companies do not have full control anymore Explosion of devices and locations Data and services are moving to the cloud Internet of Things Inside attacks are ever increasing 60% of attacks originated from the inside (IBM study 2016) Attacks via social engineering Lines between inside and outside are blurry at best 12.
© 2018 floragunn GmbH - All Rights Reserved PARADIGM SHIFT No traffic can be trusted Regardless where it originates Regardless from which device No IP / port / application can be trusted Cloud, containers, IoT Traditional firewall approach flawed No user can be trusted Beware of inside attacks Outside personell 13.
© 2018 floragunn GmbH - All Rights Reserved PARADIGM SHIFT Move security to where the data lives No unsecured services Not even in a VPN No unencrypted traffic, anywhere Not even in a VPN Assume attackers are already in your network Never trust, always verify Apply least privilege strategies Inspect and log all traffic 14.
© 2018 floragunn GmbH - All Rights Reserved EXAMPLE: ELASTICSEARCH 15. Search Guard Search Guard Search Guard Search Guard Node Node TLS Secured TLS Secured RESTTRANSPORT TLS Secured https://example.com:
© 2018 floragunn GmbH - All Rights Reserved EXAMPLE: ELASTICSEARCH 16. Any location Any device HTTPS Validate certificates Hostname verification DNS Lookups Authentication Certificate revocation TLS Role-based access control Least privilege approach No defaults RBAC Document-level Field-level Filtering Anonymization Data Audit Logs Track access Monitor anomalies Alerting Data Lake Elasticsearch
© 2018 floragunn GmbH - All Rights Reserved OPEN SOURCE / OPEN CODE Complete Search Guard code has always been publicly accessible Code has been audited several times By the community By security experts and auditors of customers Verified by Veracode Download, inspect, audit, compile https://github.com/floragunncom/search-guard https://github.com/floragunncom/search-guard-enterprise-modules 17.
© 2018 floragunn GmbH - All Rights Reserved RESOURCES Search Guard website https://search-guard.com/ Documentation https://docs.search-guard.com Community Forum https://groups.google.com/d/forum/search-guard GitHub https://github.com/floragunncom 18.
SEARCH GUARD info@search-guard.com © 2018 floragunn GmbH - All Rights Reserved send us a message: 20
© 2018 floragunn GmbH - All Rights Reserved floragunn GmbH Tempelhofer Ufer 16 D-10963 Berlin, Germany 
 E-Mail: info@search-guard.com Web: search-guard.com Managing Directors: Claudia Kressin, Jochen Kressin
 Registergericht: Amtsgericht Charlottenburg 
 Registernummer: HRB 147010 B E-Mail: info@floragunn.com Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries. Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. floragunn GmbH is not affiliated with Elasticsearch BV.

Recomendados

Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeJoAnna Cheshire
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 

Recomendados

Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeJoAnna Cheshire
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustrySeclore
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareSecureAuth
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
Seclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | SecloreSeclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | SecloreSeclore
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security Seclore
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)DNIF
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For EmailSeclore
 
The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirementsWatchful Software
 
Cyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsCyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsScott Griffith
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAmazon Web Services
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | SecloreSeclore
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Bitglass
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionYustinus Simon
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...NETWAYS
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 

Más contenido relacionado

La actualidad más candente

Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustrySeclore
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Mark Silverberg
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareSecureAuth
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationSara Thomason
 
Seclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | SecloreSeclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | SecloreSeclore
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security Seclore
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)DNIF
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For EmailSeclore
 
The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirementsWatchful Software
 
Cyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsCyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsScott Griffith
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAmazon Web Services
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | SecloreSeclore
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Bitglass
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionYustinus Simon
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial servicesBitglass
 

La actualidad más candente (20)

Data Security For Pharmaceutical Industry
Data Security For Pharmaceutical IndustryData Security For Pharmaceutical Industry
Data Security For Pharmaceutical Industry
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
 
Balancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in HealthcareBalancing User Experience with Secure Access Control in Healthcare
Balancing User Experience with Secure Access Control in Healthcare
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Hyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers PresentationHyperconverged: The Future of Data Centers Presentation
Hyperconverged: The Future of Data Centers Presentation
 
Seclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | SecloreSeclore For Spirion Data Classification | Seclore
Seclore For Spirion Data Classification | Seclore
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For Email
 
The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirements
 
Cyber Security Tips for Small Firms
Cyber Security Tips for Small FirmsCyber Security Tips for Small Firms
Cyber Security Tips for Small Firms
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at Scale
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Email encryption plus | Seclore
Email encryption plus | SecloreEmail encryption plus | Seclore
Email encryption plus | Seclore
 
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
Closing the Cloud Security Gap with a CASB (in partnership with Forrester)
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
C:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_losspreventionC:\fakepath\wg xcs data_lossprevention
C:\fakepath\wg xcs data_lossprevention
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365
 
securing the cloud for financial services
securing the cloud for financial servicessecuring the cloud for financial services
securing the cloud for financial services
 

Similar a Zero Trusted Networks: Why Perimeter Security Is Dead

OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...NETWAYS
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Making the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data VisibilityMaking the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data Visibilitydianadvo
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPowerSaturdayParis
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security
 
Search Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchSearch Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchJochen Kressin
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25Hortonworks
 
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...n|u - The Open Security Community
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016Verimatrix
 
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...DefCamp
 
Cyren cybersecurity of things
Cyren cybersecurity of thingsCyren cybersecurity of things
Cyren cybersecurity of thingsChristian Milde
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Amazon Web Services
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 

Similar a Zero Trusted Networks: Why Perimeter Security Is Dead (20)

OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen ...
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Making the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data VisibilityMaking the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data Visibility
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentation
 
Search Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchSearch Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for Elasticsearch
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25Dataguise hortonworks insurance_feb25
Dataguise hortonworks insurance_feb25
 
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
nullcon 2011 - Protect infrastructure of protect information – Lessons from W...
 
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016
 
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
 
Cyren cybersecurity of things
Cyren cybersecurity of thingsCyren cybersecurity of things
Cyren cybersecurity of things
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
 
Data Security Whitepaper
Data Security WhitepaperData Security Whitepaper
Data Security Whitepaper
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
SecurePass at OpenBrighton
SecurePass at OpenBrightonSecurePass at OpenBrighton
SecurePass at OpenBrighton
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 

Más de Jochen Kressin

Elasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardElasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardJochen Kressin
 
Elasticsearch JSON web token authentication | Search Guard
Elasticsearch JSON web token authentication | Search GuardElasticsearch JSON web token authentication | Search Guard
Elasticsearch JSON web token authentication | Search GuardJochen Kressin
 
Elasticsearch Document- and Field-Level Security | Search Guard
Elasticsearch Document- and Field-Level Security | Search GuardElasticsearch Document- and Field-Level Security | Search Guard
Elasticsearch Document- and Field-Level Security | Search GuardJochen Kressin
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchJochen Kressin
 
Search Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchSearch Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchJochen Kressin
 
Search Guard Architecure | Security for Elasticsearch
Search Guard Architecure | Security for ElasticsearchSearch Guard Architecure | Security for Elasticsearch
Search Guard Architecure | Security for ElasticsearchJochen Kressin
 
Search Guard Installation Quickstart | Security for Elasticsearch
Search Guard Installation Quickstart | Security for ElasticsearchSearch Guard Installation Quickstart | Security for Elasticsearch
Search Guard Installation Quickstart | Security for ElasticsearchJochen Kressin
 

Más de Jochen Kressin (7)

Elasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardElasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search Guard
 
Elasticsearch JSON web token authentication | Search Guard
Elasticsearch JSON web token authentication | Search GuardElasticsearch JSON web token authentication | Search Guard
Elasticsearch JSON web token authentication | Search Guard
 
Elasticsearch Document- and Field-Level Security | Search Guard
Elasticsearch Document- and Field-Level Security | Search GuardElasticsearch Document- and Field-Level Security | Search Guard
Elasticsearch Document- and Field-Level Security | Search Guard
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
 
Search Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchSearch Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for Elasticsearch
 
Search Guard Architecure | Security for Elasticsearch
Search Guard Architecure | Security for ElasticsearchSearch Guard Architecure | Security for Elasticsearch
Search Guard Architecure | Security for Elasticsearch
 
Search Guard Installation Quickstart | Security for Elasticsearch
Search Guard Installation Quickstart | Security for ElasticsearchSearch Guard Installation Quickstart | Security for Elasticsearch
Search Guard Installation Quickstart | Security for Elasticsearch
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Zero Trusted Networks: Why Perimeter Security Is Dead

  • 1. SEARCH GUARD ZERO TRUSTED NETWORKS © 2018 floragunn GmbH - All Rights Reserved OR: WHY PERIMETER SECURITY IS DEAD
  • 2. © 2018 floragunn GmbH - All Rights Reserved ABOUT ME Jochen Kressin, Co-Founder & CTO of floragunn GmbH Makers of Search Guard Enterprise Security Suite for Elasticsearch Founded 2012 Main office: Berlin, Germany Partner offices: Seattle, New York, Miami, Bordeaux Meet us at booth #15 01.
  • 3. © 2018 floragunn GmbH - All Rights Reserved WHY THIS TOPIC? I talk a lot to customers that are using Elasticsearch Most of them store sensitive data inside Elasticsearch Personally identifiable information: User- or customer data Financial information: Transaction data Healthcare information: Patient data Elasticsearch does not offer security out-of-the-box Natural question: How do you secure Elasticsearch? Answers are scary … 02.
  • 4. © 2018 floragunn GmbH - All Rights Reserved ANSWERS 03. Evil Internet Sensitive Data Elasticsearch “It’s unprotected” Elasticsearch “Firewall” Elasticsearch “VPN and Firewall”
  • 5. © 2018 floragunn GmbH - All Rights Reserved PERIMETER SECURITY 04. Elasticsearch Evil Internet Firewall Loadbalancer Data Lake HTTPS HTTPS HTTPS HTTP “Untrusted” “Trusted Perimeter”
  • 6. © 2018 floragunn GmbH - All Rights Reserved ASSUMPTIONS Traffic from the outside cannot be trusted Traffic inside the perimeter can be trusted Access to the perimeter can be controlled Consequences VPNs, firewalls and loadbalancers are sufficient At any point in time, we know who has access to the data Traffic inside the VPN does not need to be encrypted end-to-end Performance is more important than encryption Security breaches will be detected 05.
  • 7. © 2018 floragunn GmbH - All Rights Reserved REALITY CHECK Does perimeter security work? If it works, why do we still suffer from security breaches and data loss? Data breach @ Exactis Close to 340 million personal records leaked Phone number, home address Number, age and gender of children Elasticsearch cluster publicly accessible I don’t think this was on purpose, but a human mistake 06.
  • 8. © 2018 floragunn GmbH - All Rights Reserved WHAT HAS CHANGED? Access control Partners, freelancers, part-time contractors etc. These are all potential inside threats Locations Remote offices Remote workers Devices Laptops, smartphone, tablets Bring your own device 07.
  • 9. © 2018 floragunn GmbH - All Rights Reserved WHAT HAS CHANGED? Cloud computing Cloud storage Microservices SaaS / PaaS / IaaS Containerization Docker, Kubernetes etc. How to apply IP-based security? Decentralized systems / clusters Internet of things 08.
  • 10. © 2018 floragunn GmbH - All Rights Reserved WHERE IS THE PERIMETER NOW? 09. Office Internet Aynwhere Cloud Storage SaaS Cloud Storage Elasticsearch Datacenter
  • 11. © 2018 floragunn GmbH - All Rights Reserved PERIMETER SECURITY REVISITED 10. Elasticsearch Evil Internet Firewall Loadbalancer Data Lake HTTPS HTTPS HTTPS HTTP “Untrusted” “Trusted Perimeter”
  • 12. © 2018 floragunn GmbH - All Rights Reserved ZERO TRUSTED NETWORK 11. Office Internet Elasticsearch Aynwhere Datacenter Cloud Storage SaaS Cloud Storage “Untrusted”
  • 13. © 2018 floragunn GmbH - All Rights Reserved FACT CHECK Companies do not have full control anymore Explosion of devices and locations Data and services are moving to the cloud Internet of Things Inside attacks are ever increasing 60% of attacks originated from the inside (IBM study 2016) Attacks via social engineering Lines between inside and outside are blurry at best 12.
  • 14. © 2018 floragunn GmbH - All Rights Reserved PARADIGM SHIFT No traffic can be trusted Regardless where it originates Regardless from which device No IP / port / application can be trusted Cloud, containers, IoT Traditional firewall approach flawed No user can be trusted Beware of inside attacks Outside personell 13.
  • 15. © 2018 floragunn GmbH - All Rights Reserved PARADIGM SHIFT Move security to where the data lives No unsecured services Not even in a VPN No unencrypted traffic, anywhere Not even in a VPN Assume attackers are already in your network Never trust, always verify Apply least privilege strategies Inspect and log all traffic 14.
  • 16. © 2018 floragunn GmbH - All Rights Reserved EXAMPLE: ELASTICSEARCH 15. Search Guard Search Guard Search Guard Search Guard Node Node TLS Secured TLS Secured RESTTRANSPORT TLS Secured https://example.com:
  • 17. © 2018 floragunn GmbH - All Rights Reserved EXAMPLE: ELASTICSEARCH 16. Any location Any device HTTPS Validate certificates Hostname verification DNS Lookups Authentication Certificate revocation TLS Role-based access control Least privilege approach No defaults RBAC Document-level Field-level Filtering Anonymization Data Audit Logs Track access Monitor anomalies Alerting Data Lake Elasticsearch
  • 18. © 2018 floragunn GmbH - All Rights Reserved OPEN SOURCE / OPEN CODE Complete Search Guard code has always been publicly accessible Code has been audited several times By the community By security experts and auditors of customers Verified by Veracode Download, inspect, audit, compile https://github.com/floragunncom/search-guard https://github.com/floragunncom/search-guard-enterprise-modules 17.
  • 19. © 2018 floragunn GmbH - All Rights Reserved RESOURCES Search Guard website https://search-guard.com/ Documentation https://docs.search-guard.com Community Forum https://groups.google.com/d/forum/search-guard GitHub https://github.com/floragunncom 18.
  • 20. SEARCH GUARD info@search-guard.com © 2018 floragunn GmbH - All Rights Reserved send us a message: 20
  • 21. © 2018 floragunn GmbH - All Rights Reserved floragunn GmbH Tempelhofer Ufer 16 D-10963 Berlin, Germany 
 E-Mail: info@search-guard.com Web: search-guard.com Managing Directors: Claudia Kressin, Jochen Kressin
 Registergericht: Amtsgericht Charlottenburg 
 Registernummer: HRB 147010 B E-Mail: info@floragunn.com Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries. Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. floragunn GmbH is not affiliated with Elasticsearch BV.