VMUGIT Meeting - Lecce, 5 Aprile 2018
Rodolfo Rotondo VMware Sr. Business Solution Strategist, SEMEA - Difendere tutto... difendere niente! Come sviluppare un approccio strategico alla cyber security nell'era del mobile-cloud e degli oggetti interconnessi
9. New Expectations and Scale – Digital Transformation Agenda
Business Agility
and Innovation
Exceptional Mobile
Experiences
Protection of Brand
and Customer Trust
Integrate
Public
Clouds
Transform
SecurityEmpower
Digital
Workspaces
Modernize
Data
Centers
B U S I N E S S O U T C O M E S
S T R AT E G I C I T P R I O R I T I E S
9
10. Digital Transformation – VMware Vision
Any
Cloud
Private Clouds Public Clouds
Any
App
Any
Device
Traditional SaaSCloud Native
10
TransformSecurity
11. Do Non-Technical Business Leaders Look at Security
Differently than CIOs and CISOs?
11
Only 8% of Business Decision-Makers consider
cyber security as the number one corporate issue
vs.
CEO & CFO
Business
Decision-Makers
CIO & CISO
Technology
Decision-Makers
13. The Only Thing Outpacing Growth in Security Spend is
Growth in Security Breaches
13
IT Spend Security Spend Security Breaches
Annual Cost of Security
Breaches: $445B
(Source: Center for Strategic and Int’l Studies)
Security as a % of IT
Spend:
2012: 11%
2015: 21 %
(Source: Forrester)
Projected Growth Rate
in IT Spend from 2014-
2019: Zero (Flat)
(Source: Gartner)
14. World's Biggest Data Breaches
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
14
16. Some Notable Data Breaches
Not the latest…
16
• 78.8 million patient
records has been stolen
• Highly sensitive data
exposed (ssn, birth’s date,
home addresses, …)
• Agreed to pay $115M
• 70 million CC
data stolen
• $200M damages
• Sales drop 4%
• CEO & CIO
resigns
• Sensitive personal
identifiable information of
145M people
• $90M cost so far,
forecasting $75M
spending, subject to 240
class-action lawsuits
• CEO resigned
• 21.5 million
records hacked
• 4 million people
affected with
personal identifiable
information
23. Devices
Infrastructure
Apps Traditional Apps Cloud-Native AppsAPP APP APP APP APP APP
The New World
23
APP APP APPAPP APP APP
APP APPAPP APP APP
APP
Managed
Clouds
Private
Clouds
Public
Clouds
APP
APP APP APPAPP APP APP
APP APPAPP APP APP APP
24. Who is ultimately responsible in
the event of a security breach?
Legal Department Business
Users
Mix of IT and
Business Users
IT
Department
4.4% 5.2%
23.0%
67.5%
2016
IT Must Secure Everything
24
34. A Timeline of Government Data Breaches
34
April May June July Aug Sept Oct Nov Dec Jan Feb March April May June July Aug Sept Oct Nov Dec Jan Feb March April May June
April May June July Aug Sept Oct Nov Dec Jan Feb March April May June July Aug Sept Oct Nov Dec Jan Feb March April May June
USIS breach
about 25,000
records stolen
First OPM breach
no records stolen
First KeyPoint breach
about 48,000 stolen
Second
KeyPoint
breach
as many as
390,000
stolen
Second OPM
breach
about 21.5
million stolen
Third OPM
breach
about
4.6 million
stolen
breach start date not public
Although this breach was
originally announced in
June, the full extent of the
data stolen was not made
public until July
3.6 million individuals
were affected by both
the second and third
OPM breaches
No breaches have
been detected
since June 8
Breach discovered Breach made public
2013 2014 2015
2013 2014 2015
OPM hack
contractor hack
breach made public
height of bar repre-
sents size of hack
Source: http://www.theatlantic.com/politics/archive/2015/07/a-timeline-of-government-data-breaches/458352/
35. Modern attack: targeted, interactive, stealthy
35
• Perimeter-centric
• Managing Compliance
• Application and User-centric
• Managing Risk
Shift from… Shift to…
Stop infiltration Lack visibility, control to stop exfiltration
80% of investments
focus on
intrusion prevention.
The attack surface is
simply too broad
Only 20% of the investments focus on
addressing the
propagation, extraction and exfiltration.
Organizations do not have the visibility and
control within their infrastructure.
37. Leverage the unique properties of identity,
mobility, cloud, and virtualization to add
security everywhere
RecoverIdentify Protect Detect Respond
37
38. Context – Isolation: where to apply security?
38
• Lack application context
• Isolation from the attack
surface
Network Control Points Endpoint Control Points
• Great context
• No Isolation from the attack
surface
39. The perfect place for an ubiquitous Security Layer
Too Hot Too Cold
The “Goldilocks Zone” of security
39
40. 40
New apps and
delivery models can’t
be easily protected
with perimeter-
centric network
security.
Proliferating and
diverse endpoints
access a range of
apps and IT services.
Increasingly complex
regulatory
compliance
requires more of
organizations.
VMware’s New Approach to Security
41. VMware’s New Approach to Security
41
TRANSFORM SECURITY
New apps and
delivery models can’t
be easily protected
with perimeter-
centric network
security.
Proliferating and
diverse endpoints
access a range of
apps and IT services.
Increasingly complex
regulatory
compliance
requires more of
organizations.
Secure Application
Infrastructure
Secure Identity
and Endpoints
Streamline
Compliance
Intrinsic Security from Device to Data Center to Cloud
47. 47
• Highly complex and noisy
• Exposed, i.e., untrusted monitoring, limited context
• Manual and lacking orchestration
From our current model
Focused on malicious behavior
48. 48
To a new model
Focused on good (intended) behavior
• Simpler and smaller problem set
• Better signal to noise ratio
• Actionable and behavior-based alerts and responses
49. Attack Vectors
Break the Kill Chain with Least Privilege
49
Propagation Extraction
Application
Network
Data Plane
ExfiltrationInfiltration
61. The Application as a System of Components
Processes
Security Agents / Monitoring
OS
Inbound
Communications
Outbound
Communications
Processes
Security Agents / Monitoring
OS
Inbound
Communications
Outbound
Communications
Processes
Security Agents / Monitoring
OS
Inbound
Communications
Outbound
Communications
DB
WEB
APP
APP
APP
61
62. Least Privilege for the Application Layer
Intentional State Remediation
Untrusted Zone (Guest)
Processes
Security Agents / Monitoring
OS
Inbound
Communications
Outbound
Communications
Trusted Zone (Virtualization)
Runtime Attestation
Secure Context Store
62
CAPTURE DETECT RESPOND