Avoid repeating the on-prem security mistakes in the cloudBest practices, security framework and digital receipts
Cloud Security Summit, Stockholm, March 26th - 11:45
Göran Walles, CTO @ Radpoint
About Göran?
1990 – v21
2000 – MFA/PKI
1995 - Internet
2009-2019 – CTO @ Radpoint
2005 – ”best of breed” security
2019
About Radpoint
Decades of experience with Palo Alto Networks security platform
Part of NetNordic Group, 350 employees, 1000+ customers
Solutions and Managed Services within: ❑ Cybersecurity❑Network infrastructure❑ Smart datacenters (SDx) ❑Unified Communications
”The Best Companion”
Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck
Otto Von Bismarck
Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck
Others experience, valuable for cloud security
Security is Security
Profit from best practices using a holistic security frameworkOther organisations cloud incident and breaches
Profit from the mistakes of others– don´t let it happen to you+
Four key dimensions of a holistic security framework
Framework - Security Controls
Inventory and control over cloud assets (SaaS, IaaS objects)
Cloud Vulnerability Management
Secure ”best practice configuration” for cloud assets (SaaS, IaaS objects)
Maintenance, monitoring and analysis of log (system and user account events)
Malware and exploit defenses(cloud)
Authentication – Identity Mgt
ISO/IEC 27001CIS Center for Internet Security
Critical Security Controls
Measurable and Rateable
Some examples of low hanging fruits
Multi-Factor authentication for SaaS
Recommendations:
Evaluate security solution that also understand Identity Access Management (on-prem and cloud)
Protect API´s
Recommendations:
Implement an API security strategy- Inventory, zero trust with vulnerability scan- Let DevOps follow OWASP REST API Cheat sheet- Evaluate tools and services for API protections
Follow security best practices for cloud configurations
Recommendations:
Establish processes to continously monitor and verify configurations with established best practices
- evaluate using automation tools
Visibility
Recommendations:
- Process/tool for asset inventory- IaaS: implement L7-network control with Threat prevention technologies and reporting- IaaS, PaaS, SaaS: system, application and account logging- Evaluate AI/ML services for anomaly detection and prevention
Users ApplicationsThreats
Systems Traffic
Security requirements 2019
Security defenses, processes and activitiesneeds to be measured and confirmed. Security and risks need to be reported
Right level of security based uponbusiness need
Gartner: “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity”
14
IaaS & PaaS
YOUR CORPORATE NETWORK
INTERNET
ExpressRoute
BRANCH
Network layerPAN-OS FW
SaaS
Core security technologies
15
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNET
ExpressRoute
BRANCH
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
16
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNETBRANCH
Network layerPAN-OS FW
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
SaaS Cloud layer
Aperture
SaaS
17
IaaS & PaaS
SaaS
YOUR CORPORATE NETWORK
INTERNETBRANCH
Network layerPAN-OS FW
Operating system and application
layer
Traps
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
Operating system and application
layer
Traps
Core security technologies
SaaS Cloud layer
Aperture
SaaS
IaaS PaaSCloud layers
Redlock
IaaSPaaS
Compliance monitoring and
security analytics.
CORTEX XDR: BREAKING SECURITY SILOS
CORTEX DATA LAKE
NETWORK
CORTEX XDRDETECTION & RESPONSE FOR
NETWORK, ENDPOINT AND CLOUD
ENDPOINT CLOUD
Automatically detect attacks
using rich data & cloud-
based behavioral analytics
Accelerate investigations
by stitching data together
to reveal root cause
Tightly integrate with
enforcement points to stop
Threats & Adapt defenses
Secure Operations Managed Security Services
Managed Firewall – perimeter – datacenter - cloud
Managed Endpoint – workstations – servers – cloud servers
”The Best Companion”