Post on 26-Dec-2015
transcript
How STERIS is using Cloud Technology to Protect Web Access
Presented By: Ed Pollock, CISSP-ISSMP, CISMCISOSTERIS Corporation“Enabling Business”
Overview
• A little about STERIS Corp• Why Care?• Challenge – Protecting Web Access• Lessons Learned
Background• Manufacturing company
• 3,000 internal users & 2,000 remote users
• Facilities in Americas, Europe, & Asia (60+)
• Centralized Internet access through Mentor, OH (until last year)
• Acquired 10 companies in the last 2 years
• Moving to breakouts at larger facilities
• Small IT team…very small IT Security team
Internet
New (9/13)New (8/13)New (2012)
New (2014)
Why Care
Protecting Internet Access
Why Care? - Reputation
Botnet Infections on Guest Network
Zero Issues from 3,000+ employees
Services now available to rate your security & your competition
Why Care? – Web Access Impacts Score
349 of 354 events related to protecting web access
Botnet Infections
Spam Propagation
Potentially Exploited
Why Care – if you need more reasons
Basic / 354 events Competitor
Advanced/ 2 events
• Customers starting to care about the security of their partners• Board of Directors are starting to care• Protecting your web access plays a major role
Core Network
Industry: Healthcare/Wellness
Challenge – Protecting Web Access
Layered Defense (2012)
• On Premise• Centralized• Effective (facility)• Ineffective (remote)• Expensive
Firewall
Intrusion Prevention System (x2)
URL Filtering/Reputation
Anti-Virus (host)
Patching/Rights Management
Evolving Layered Defense• Looked at new solutions in 2013
to combat evolving threats• Internet Breakouts changed my
plansFirewall
Intrusion Prevention System (x2)
URL Filtering/Reputation
Anti-Virus
Patching/Rights Management
Execution Analysis (sandboxing)
Anti-Bot (firewall)
Intrusion Prevention System (Host)
Application White Listing
Options When Internet Breakouts Meet Evolving Threats
On Premise• Capital some expense• Expensive to replicate same
level of protection across the enterprise
• Remote users?• Team does Policy, Reporting,
& Maintaining
Cloud• Expense vs Capital• Minimal equipment• Protects facility & remote
users• Team does Policy & Reporting
Hybrid• Capital/Expense• Standardization?• Protects facility & remote users• Staggered commitment
What are Cloud Solutions Providing?
IPS
Execution Analysis
ReputationAV
Third Party Intel
Traffic Analysis
Human Analysts
Protections
Community of Millions
URL Filtering
Reporting
Policy Management
Application Control
Management
Authentication
STERIS’s Approach
• Researched vendors – technology, integration, administration, locations, cost (talk to your research service)
• Pilot Cloud solutions for facilities & remote users• First sites going Cloud are supporting acquisitions• Expand out to remote users (XP was a driver)• Large sites getting Internet breakouts?• Primary & Disaster Recovery sites???
Research Pilot Acquisitions Remote Users Large Sites Primary &
DR Sites
Today
Lessons Learned
Lessons Learned - Location• Compare the vendor data center locations to your users (some sites tailor
to source IP)• Impact performance & user experience
Facility Vendor 1 Vendor 2
US (multiple)
Mexico
Canada
France
Finland
China
Lessons Learned - Speed
• Will it be slower?• Impact performance & experience?• Didn’t see it
Cloud Protections• URL Filter (dynamic)• AV• IPS• Sandboxing
Cloud Protections• URL Filter (dynamic)• AV• IPS• Sandboxing
Latency?
Latency?
Latency?
Lessons Learned - Compatibility
• Ran into issue that the IPS built into the VPN Client thought the Proxy Client was malicious
• Similar issue with the web filter built into the AV• Support quickly provided a fixed client
Cloud Service
Cloud Service
malicious
https
Lessons Learned – Authentication
• How does the user authenticate?– What devices do you need to support?– Add a client or is it built into something already?
• Do you want the user to enter their credentials?• Do you care if the user authenticates?
– What’s the “value add” for authentication?– “best” is the enemy of “better”
Lessons Learned – Management• Don’t assume managing the rules is the same as with on-prem devices• An acquisition site wanted admin access to the policy• How will you deploy & update the client for remote users? Involve your
Client team.• Reporting in the Cloud
– Considering moving to the Cloud– Does it meet your log retention requirements?
• Features change quickly in the Cloud (good & bad)
Lessons Learned – Cost• Don’t assume Cloud will cost less or more
Facility On-Prem Cloud 1 Cloud 2
Subscription x 2x 3x
Proxy $1,000 - -
Proxy Support $500 - -
IPS $1,000 - -
IPS Support $500 - -
Firewall same same $3,000
IT Support same same same
Value Add
Security Considerations
• Logs can be sensitive– What companies are your acquisition teams surfing?– Where are your executives surfing?
• Cloud companies could be nice targets– Surveillance?– Redirect?– Go after the Admin
• What country does the data reside?• Is your organization “risk adverse”• Good news…these are security companies that have a lot to
lose
Cloud Protection at Home
• You can have the same Cloud protection at home
• Free tool• Block by category• Anti-virus, Intrusion
Prevention, & reputation protections in the Cloud
http://www.k9webprotection.com/
Summary
• Protecting Web Access is Important• Look for opportunities for Cloud & On-Prem solutions• Lessons Learned• Location• Speed• Compatibility• Management• Cost• Security
• Protection at Home
Questions?
Ed Pollock epollock@steris.com