FTI – Cybersecurity Service Centre (CSC)

Cybersecurity ABCD

(Google keywords)
Tran Hong Quan Andy
People Firewall
Vice Director - FTI
Agendas
✓Cybersecurity basic ?
✓Cybersecurity Trend (2024-2029)
✓Selling what ?
✓Zero Trust architecture
✓SASE architecture
Cybersecurity basic
• Prevent, detect, response, remediation & rollbank from
cyberattack.
• Cyberattack: DDoS, ransomware (virus, malware, botnet,
trojan…), data breach, bank account stolen, crypto wallet hack,
personal information expose, fake social profile for love/Tinder…
• Why cybersecurity is so difficult to understand ?
Involve People + Business Process + Technology
Cybersecurity = Health = ERP
Cybersecurity basic
• People: complex, feeling, psychology, belief, education,
experience… cybersecurity knowledge/finance knowledge
• Process: Business process / QA / routine. Steps to do something
• Technology:
Defensive: Firewall (Network security) and Antivirus (Endpoint
security), Security Management. Average large Enterprise has 32
security vendors. (Mouse)
Cybersecurity basic
• Offensive: Linux, opensource, 0 day attack, social engineering,
master hacking tool and master code. “mastermind” = CAT
• Learning on hacking:
https://www.facebook.com/groups/hacking101
Cybersecurity Trend
• Cybersecurity trend for next 5 years (2024-2029)
• Defensive/Blue: Cloud anti-DDoS for stop and mitigation, Zero Trust
architecture + IAM /Identity Security + SASE(SDWAN+SSE) +
XDR(NGAV+EDR+XDR) + Security Awareness Training/SAT for
prevent, detect&response, remediation&rollback for anti-
Ransomware...
• SOC: XDR, SIEM&SOAR, TI, Attack Surface Management...
• Cloud Security: CNAPP (CSPM and CWPP)...
• Offensive/Red: OpenSource, Linux, 0 day exploitation and social
engineering (remain the same from day one)
Restructure in thinking for recent incident
Restructure in complex
The State of Cyber Defense Today

9
Cost of a Data Breach

$4.62m
Average total cost of a ransomeware breach

Ransomeware and destructive attacks were costlier

than other types of breaches

10
The Platform
Approach
Natural Migration from Standalone Tools to Platform

Firewall 1.0 NGFW - Firewall 1.0

NGFW

FW DPI
More Prevention VPN IPS
Simplification Lower Routing Sandbox
TCO

Single Hardware Applienace FW Unified Threat Platform

+ VPN + Routing

12
Natural Migration from Standalone Tools to Platform

Endpoint Protection 1.0 Endpoint Protection 2.0

NGFW

Prevention Response
More Prevention Detection
Quick Response
Threat Hunting
Simplification
Prevention-only Anti-Virus Lower TCO Unified EDR Platform

13
Natural Migration from Standalone Tools to Platform

Security Operations 1.0 Security Operations 2.0

NGFW

NG SIEM UEBA
Efficacy NDR Malware
SOAR Sandbox
Automation/Efficiency
IDS TIP
Quick Response
Simplification
Single Hardware Applienace FW Lower TCO Unified Intelligent Platform
+ VPN + Routing

14
Isolated SecOps Tools Anchored on SIEM or SOAR

SIEM NDR CASB

SOAR TIP EDR

IDS Email Security VM

15
Unified Intelligent Platform Integrated with Environment

Open XDR SecOps Platform

Email
SIEM UEBA Security
NDR

CASB
SOAR TIP
EDR

Malware
IDS
Sandbox
VM

Any Security or IT Telemetry

16
The Case for Open XDR? The Tool Problem

The Security Tool and

Vendor landscaape is Too many tools and vendors creates
growing out of complexity.
control.
Tools Data

= Alerts
Vendors
Licenses
How does an organization
defend itself efficiently
DevOps
and on-budget given this
complexity?

17
Selling what ?
• IAM ( Identity protection, users, power users and admin) Microsoft Entra ID
P2, E3, E5
• Anti-DDoS: Cloud anti-DDoS, CloudFlare (CF) Anti-Ransonware:
EDR&XDR, SentinelOne(S1)
• SOC: (SIEM, SOAR, NDR, TI…) Stellar OpenXDR
• Managed Service XDR (MDR) S1, Managed SOC
• Pentest
Alternative:
IAM protection: Cyberark, Beyondtrust, Okta, Wallix, One identity, ManageEngine….
Anti-DDoS: Akamai, Arbor, Radware, F5, Citrix, Incapsula, ClearDDoS….
Anti-Ransomware: Trendmicro, Trellix, Crowdstrike, Microsoft EMS3, Broadcom Symantec,
Kaspersky…
SOC: Splunk, IBM Qradar, Microsoft Sentinel, Palo Alto Cortex, Microfocus Arcsight….
Zero Trust history
Security Modernization with Zero Trust Principles
Business Enablement Security Strategy and Program
Align security to the organization’s
mission, priorities, risks, and processes

Assume Breach (Assume Compromise)

Assume attackers can and will successfully attack anything (identity, network, device,
app, infrastructure, etc.) and plan accordingly

Verify Explicitly
Protect assets against attacker control by explicitly validating that all trust and security
decisions use all relevant available information and telemetry.

Use least-privilege access

Limit access of a potentially compromised asset, typically with just-in-time and just-
enough-access (JIT/JEA) and risk-based polices like adaptive access control.

Zero Trust Architecture

Secure Identities Infrastructure & IoT and OT Modern Security Data Security &
and Access Development Security Security Operations (SecOps/SOC) Governance
Zero Trust
architecture Policy Optimization
Governance
Compliance
Data
Classify,
Security Posture Assessment Emails & documents
label,
Productivity Optimization encrypt Structured data

Identities
Strong
Human authentication

Non-human

Apps
Zero Trust Policies Network
Request Adaptive SaaS
Public Access
enhancement Evaluation
On-premises
Traffic filtering Private
Enforcement
& segmentation
(as available)

Endpoints Infrastructure
Device Risk
compliance assessment Serverless
Corporate
Runtime Containers
Personal
control
IaaS
Threat Protection Paas
Continuous Assessment Internal Sites
Threat Intelligence
Forensics
Response Automation
Telemetry/analytics/assessment

JIT & Version Control

Zero Trust Policy Optimization

architecture
Governance
Compliance
Data
Classify,
Security Posture Assessment Emails & documents
label,
Productivity Optimization encrypt Structured data

Microsoft Defender for Cloud Defender for Office 365

Identities Secure Score Microsoft Purview
Strong
Human authentication Compliance Manager Microsoft Priva
Non-human

Microsoft Entra ID Apps

Zero Trust Policies Network
ID Protection
Request Adaptive SaaS
Workload ID enhancement Public Access
Evaluation
Microsoft Entra On-premises
Entra ID Governance Traffic filtering Private
Enforcement Conditional Access
& segmentation
GitHub Advanced Security
(as available)
Defender for Identity Azure Networking
Defender for Cloud Apps
Entra Internet Access
Entra Private Access
Defender for
Endpoints APIs (preview) Infrastructure
Device Risk
compliance assessment Serverless
Corporate
Runtime Containers
Personal
control
IaaS

Intune Threat Protection Microsoft Entra Paas

Device Management Continuous Assessment Permissions Management Internal Sites
Threat Intelligence
Defender for Endpoint Defender for Cloud
Endpoint Detection and Forensics Azure Arc

Response (EDR) Response Automation

Microsoft Sentinel
Telemetry/analytics/assessment
Microsoft Defender • Security Information and Event
Management (SIEM)
JIT & Version Control • Security Orchestration, Automation,
Defender for Endpoint Defender for Office 365 Defender for Identity Defender for Cloud Apps Defender for Cloud and Response ( SOAR)
What is SASE (Secure Access Service Edge)?
 Cloud-delivered network and security convergence solution for work-from-anywhere

Networking Cloud-delivered Security

FWaaS/SWG
—
ZTNA
—
SASE SD-WAN CASB
-----
DLP
------
…

Secure Service Edge

(SSE)
 Universal ZTNA – Secure user access to applications
Internet SaaS Public Cloud Data Center Edge Compute

Network Firewall Network Firewall Network Firewall

Convergence Consistent
Security

Securi
ty SD
Servic WAN
es
• Network Firewall Edge • Application Aware
• Secure SD-WAN • Intrusion Prevention
• SD-Branch • Web Filtering
• Security Services Edge • DNS Protection
• Universal ZTNA • Sandboxing
SD-Branch • In-Line Sandboxing
• Network Access
Control (NAC)
• OT and IoT Security
Travel Home Campus Branch Factory

Remote Users On-premises Users

 SASE
 Single Vendor SASE with AI-powered Security Services

Securing Remote Users Cloud-delivered Security & Networking Improved User Experience

Secure SaaS Access

Client Unified Agent

Cloud CASB
Thin Edge Managed

Single
Vendor SWG Secure Internet Access

Web
SASE
Extender
FWaaS

Secure Edges

SD-WAN Secure Private Access

AI-Powered
Security ZTNA
SD-WAN Data Center
Q&A

Thank you, get in touch

Google keywords: Tran Hong Quan Andy

People Firewall

Facebook/Linkedin/Zalo/Whatsup/Viber/Telegram.

+84 90 419 4242

Email: quanth38@fpt.com