Scribd
Upload
14 views26 pages

Week 2 Session 1

Uploaded by

Christopher Bradley
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
14 views26 pages

Week 2 Session 1

Uploaded by

Christopher Bradley
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

“There are two types of companies: those that have been

hacked, and those who don’t know they have been


hacked.” — John Chambers

“The wonderful thing about the Internet is that you’re


connected to everyone else. The terrible thing about the
Internet is that you’re connected to everyone else.” — Vinton
Cerf
Week 1 Recap
1. Policy is there to keep honest people honest and guide the running of the organization

2. Controls (technical, physical, procedural) based on policies are there to keep stupid/bad people
from doing stupid/bad things.

3. Security (cyber, physical, etc.) tells you whether you are successful (or not) in implementing 1 or
2.

Policy drives controls, which are verified through security.


Network Security
POLICY
POLICY CONTROL SECURITY

This policy provides a framework for securing an organization's network infrastructure.


It may include:

• Network architecture and design principles


• Intrusion detection and prevention systems
• Cloud / Hybrid
POLICY CONTROL SECURITY

Network Design for a Secure Network


POLICY CONTROL SECURITY

The Rise of Packet Rate Attacks: When Core Routers Turn Evil
POLICY CONTROL SECURITY

Network Design for a Secure Network


POLICY CONTROL SECURITY

Network Design for a Secure Network


POLICY CONTROL SECURITY

Network Design for a Secure Network


POLICY CONTROL SECURITY
POLICY CONTROL SECURITY

Traditional Layer 2 (Access) Network Security

• Basic Device Security


• Port Security
• VLAN Hopping
• DHCP Snooping
• Dynamic ARP Inspection (DIA)
• STP Attacks
• MAC and IP Spoofing
• CDP & LLDP Reconnaissance
• 802.1x
POLICY CONTROL SECURITY

Security Policy Management in the Hybrid Cloud


POLICY CONTROL SECURITY

Business Goals of Cloud Strategy - Agility

• Competitive advantage
• Rapid innovation: bringing products to markets quickly
• Customer satisfaction and loyalty
• Rapid trouble resolution and responsiveness to input
• Capture market demand
• On-demand capacity to scale
POLICY CONTROL SECURITY

Problem

• Organizations want to increase security


without sacrificing agility, but struggle to
achieve success.

• Relying on tactical projects and


fragmented processes are core issues.
POLICY CONTROL SECURITY
POLICY CONTROL SECURITY

Security Problem #1 - Misconfigurations

At least 99% of cloud security failures will be due to misconfigurations.


- Gartner
POLICY CONTROL SECURITY

Security Problem #2 – Visibility


POLICY CONTROL SECURITY

Security Problem #2 – Visibility


POLICY CONTROL SECURITY

Security Problem #2 – Visibility


POLICY CONTROL SECURITY

Security Problem #3 – Firewalls are not Enough!


POLICY CONTROL SECURITY

Security Problem #3 – Firewalls are not Enough!


POLICY CONTROL SECURITY

Security Problem #3 – Complexities will only grow


• Policies related to Connectivity and Access involve controls beyond
networking only
• Identity, API, platform, servicemesh, 3rd party CNFW or other proprietary
controls.
• Risk due to misconfigurations and visibility require for compliance is
magnified by these new environments.
• Multi-cloud & Hybrid-cloud usage & deployments introduce significant skills
and costs challenges
• Velocity and speed of change by Cloud Application Development & DevOps
processes require automation
• “Don’t get in the way of development productivity” – CIO to Security
Team
POLICY CONTROL SECURITY

Security Solution – Collaboration

• Responsible for code scans, • Responsible for cloud-native • Overall responsibility for security
packaging building, image, and security controls, sometimes split
container scans. across IAM and network areas. • Direct responsibility for security

• Dev environments are usually the • Focus on application and account • Under pressure to provide access
most permissive so that they can security, using automation and without slowing down
focus on building code. infrastructure as code. operations.

• Rely on cloud operations to • Rely on network security to


manage overall app security. manage firewalls and transit
gateway configurations.
POLICY CONTROL SECURITY

Benefits of Security Policy Management


• Accelerate digital transformations / cloud adoption
• Enhances rather than hinders traditional and DevOps processes
• Gain consistent visibility across the cloud
• Better economics
• Leverage security controls native to the platform
• Reduce the need for additional agents and proxies
• Vendor neutrality
• Security policies should be independent of the underlying enforcement
technology.
• Organizations have more freedom to switch platforms and providers as
offerings evolven’t get in the way of development productivity” – CIO to
Security Te
POLICY CONTROL SECURITY

So what’s the point?


• Security policy management is a must in a hybrid cloud strategy to maintain
business agility

• Visibility needs to extend beyond the firewalls inside the cloud to avoid
misconfigurations and reduce risks

• Leverage cloud-native controls to reduce costs by avoiding additional


control planes and agents. get in the way of development productivity” –

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy