WOLKENVERHANGEN: DAS SECURITY-DILEMMA IN DER CLOUD. PDFs/DD 18 Präsentat… · Customer Data...

1©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.

Stephan Fritsche

Cloud Security – Cloud Guard IaaS Sales Manager Central Europe

WOLKENVERHANGEN: DAS SECURITY-DILEMMA IN DER CLOUD. KONSOLIDIERTE SICHERHEITSARCHITEKTUR FÜRPRIVATE UND ÖFFENTLICHE CLOUD-SERVICES.

2©2017 Check Point Software Technologies Ltd.

GmbH

Stephan FritscheCloud Guard IaaS Sales Manager

Central Europe

Check Point Software Technologies GmbH

Zeppelinstr. 1, D-85399 Hallbergmoos

Phone: +49 151 4221 4988

E-Mail: [email protected]

mailto:[email protected]


Public Cloud Security:

Sicher hin - sicher drin

Herausforderung Virtualisierung:

ACI, NSX, OpenStack - aber sicher!

SDN & IaaS:

Sicherheitsherausforderungen neuer

Infrastrukturkonzepte



6©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content

FROM DATA CENTER TO CLOUD

DATA CENTER

WHAT USED TO TAKE WEEKS TAKES MINUTES WITH CLOUD

CLOUD


DATA CENTER EVOLUTION

VIRTUAL DATA CENTER HYBRID CLOUD

• Manual operation

• Perpetual licensing

• Automation & Orchestration

• Pay as you go licensing

8©2017 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

THE NEW CLOUD ENVIROMENT

Cloud Management One place to orchestrate and automate all applications

HypervisorThe virtual compute

SDNCentral place to control

the entire networks


WELCOME TO THE CLOUD



Cloud Market

12©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

ADOPTION GROWTH80% OF ENTERPRISES ARE

COMMITTED TO CLOUD STRATEGY BY 2017

IDC

CLOUD COMPUTING MARKET TO

REACH $170B BY 2020

Gartner

NEW TECH

CONTAINERS MARKET TO

REACH $3.5B AND

SERVERLESS $8B BY 2021

Gartner and 451 Research

THE CLOUD IS HERE


CLOUD DIVERSITY67% OF ENTERPRISES ARE IN HYBRID

CLOUD MODEL. MULTI CLOUD BECOMING THE NORM

RightScale

SECURITY40% OF ENTERPRISES RATE CLOUD

SECURITY AS SIGNIFICANTCHALLENGERightScale 2017

THE CLOUD IS HERE


New objects of Anxiety

Networks are more Inter-Connected

Threats are more Sophisticated and Automated

&


Infrastructure Diversity

[Internal Use] for Check Point employees

IOT


The Global Risks Report 2018


STATE OF CLOUD CYBER SECURITY

esecurityplanet.com, September 19, 2017 pcmag.com, July 7, 2017

Lightreading.com – September 5, 2017Gizmodo.com – September 19, 2017 Scmagazine.com, September 5, 2017

ZDNet.com, August 16, 2017


WHO’S RESPONSIBLE FOR CLOUD SECURITY?

[PROTECTED] Distribution or Modification is subject to approval


TRADITIONAL SECURITY NOT DESIGNED FOR CLOUD

Static workloads

Manually intensive

DevOps don't know Security

IT Security doesn't know Cloud


Customer responsible for security in the cloud

Cloud vendor responsible for security of the cloud

CLOUD = SHARED RESPONSIBILITY

Cloud Global Infrastructure

Regions

Availability Zones

Edge Locations

Compute Storage Database Networking

Customer Data

Platform, Applications, IAM

Operating System, Network and FW Configs

Client-side Data Encryption & Data

Integrity Authentication

Server-side Encryption (File System / Data)

Network Traffic Protection (Encryption,

Integrity, Identity)


NO Threat Prevention in real time (L4-L7 protections)

NO unified management for all Clouds & Traditional Data Center

NO Identity based authentication access to applications

NO URL Filtering

NO Threat Extraction and Zero-day Sanboxing

WHERE CLOUD NATIVE SECURITY FALLS SHORT


Lateral threat movements

Data breach due to misconfiguration

Abuse of cloud services

API hacking

Malicious insiders

THIS MIGHT EXPOSE YOU TO…

23©2017 Check Point Software Technologies Ltd. 23©2018 Check Point Software Technologies Ltd.

Generations of Attacks and Protections

Gen ILate 1980s –PC attacks - standalone

Virus

Gen IIMid 1990s –Attacks from the internet

Networks

Gen IIIEarly 2000s -Exploiting vulnerabilities in applications

Applications

The Anti Virus

The Firewall

Intrusion Prevention (IPS)

Gen IV2010 -Polymorphic Content

Payload

SandBoxingand Anti-Bot


Where are we ?

1990 2000 2010 2015 2017

THREATS

PROTECTIONS

Networks

Gen II

Applications

Gen III

Payload

Gen IV

GRADE I

GRADE II

GRADE III

GRADE V

GRADE IV

Virus

Gen I

Enterprises are between

Gen 2-3

2.8

Mega

Gen V


4 STEPS TO SECURE YOUR CLOUD

BUCKLE UP


STEP #1: CONTROL THE CLOUD PERIMETER

•Use advanced threat prevention at the cloud perimeter

•Securely connect your cloud with your on-premise environment

CLOUD

ON-PREMISE


STEP #2: SECURE THE CLOUD FROM THE INSIDE

•Micro-segment your cloud to control inside communication

•Prevent lateral threats movement between applications

App App

App App


STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS

• Deploy unified security management for your hybrid cloud (On-Premise and Cloud)

• Ensure policy consistency

• Reduce operation cost

CLOUD

ON-PREMISE


STEP #4: AUTOMATE YOUR SECURITY

Security should be as elastic and dynamic as your cloud

• Auto-provisioned

• Auto-scaled

• Adaptive to changes


TRAVEL TO THE CLOUD IN FIRST CLASS

[Protected] Non-confidential content 30©2017 Check Point Software Technologies Ltd.


CHECK POINT CLOUD SECURITY PRINCIPLES

Utmost protection

Adaptive Security

Hybrid Infrastracture


Consistent security policy and control across ALL Private and Public CloudsACI

THE CloudGuard FAMILY


CloudGuard IaaS FOR THE CLOUD

Infrastructure Security

Next Generation Firewall & VPN

Application and Data Security

Advanced Threat Prevention

Forensic Analysis

CloudVendor


Firewall

Anti-Virus

Anti-Bot

Application

Control

IPS

Threat

Emulation

URL

Filtering

Utmost Protection from Modern Threats


Check Point Access Policy

Rule From To Application Action

3 Finance_App1(vCenter Object)

Database_Group

(NSX SecGroup)MSSQL Allow

4 HR_App2(Open StackObject)

Finance_Group(ACI EndPoint Group)

CRM Allow

5 User_ID SAP_App(AWS Object)

SAP Allow

ADAPTIVE SECURITY

Reduce Firewall Tickets by 60%


‘Cloud Ready’ Unified Access Policy

[Restricted] ONLY for designated groups and individuals

Users Devices Applications Data Gateways Mobile Public Cloud Private Cloud


CloudGuard Security Automation & Orchestration

Security at the speed of DevOps

Adapt policy to application changes

Auto-scale security with Pay-as-you-Go

Auto-provisioning via templates and APIs


Azure

vNET-1

vNET-2

Check Point Unified Management & Security Policy

AWSOn Premise Datacenter

Transit VPC

VPC-1 VPC-2 VPC-3

SDN

Hybrid Cloud Security Architecture with CloudGuard


ADAPTIVE SECURITY THAT ENABLES INNOVATION

Easy to secure and connect

Multi-clouds application

Applications are protected

with the best security

DevOps and IT Security

speaks the same language

Policy is updated when

application is deleted Application owner

never waits

Reduce security tickets

by 60%


SUCCESSMore than 3,500 customers world-wide

use CloudGuard to secure their cloud

40


XERO is a global online accounting firm servicing over 1M accounts in AWS

CloudGuard secures all their accounts in AWS

Allegiant makes leisure travel affordable

CloudGuard secures their new NSX-based Private Cloud

HAPPY CUSTOMERS



SUMMARYCloud is eating the world

Bad guys are everywhere

Cloud Native Controls are good, but…

Own your security!

You can get burned when it’s cloudy, protect yourself!


XaaS – “X” As a Service


“99% of security breaches could have been

prevented by the correct configuration of security

appliances.”

Gartner Research Note


TRAVEL TO THE CLOUD IN FIRST CLASS


Utmost Protection, Adaptive Security , Hybrid Infrastructure

Date post:	17-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

WOLKENVERHANGEN: DAS SECURITY-DILEMMA IN DER CLOUD. PDFs/DD 18 Präsentat… · Customer Data...

Documents