Security “in-the-Cloud”
Getting Past the fluff and into the Cloud
Presented by: Babak Pasdar
President & CEO
Bat Blue Corp...
* Security Goals:
Maintain the integrity, privacy and
availability of organizational systems
and data.
* Perimeter Securit...
* Perimeter Security Challenges - Expensive
The Current Approach to Perimeter Security
Demands...
...Dozens of Disparate T...
* Security Challenges - Resource Intensive
Dozens of Technologies & 24+ Devices...
...Require extremely complex & expensiv...
ISP-1 ISP-2
In-DMZ Out-DMZ
P
r
o
x
y
A
V
U
R
L
I
P
S
e
c
S
S
L
S
p
a
m
* Security Challenges - Ineffective Security
Ineffective Security Model...
...Expensive equipment force organizations to
m...
* Security Challenges - Ineffective Security
Ineffective Security Tools...
...Firewall is NOT security | Firewall is “Nois...
* Security Challenges - Ineffective Security
Proxy as a security tool...
...is only application protocol aware (ie: http)
...
* Security Challenges - Ineffective Security
IPS as a security tool...
...IPS is only 20-50% effective
after tuning
...Tha...
* Security Challenges - so what's the answer?
Cloud/Sec
A completely new security paradigm that delivers...
Economy – elim...
Introducing:
Cloud/Sec
Cloud/Sec is a completely in-the-cloud perimeter security
solution that...
...Delivers superior app...
Cloud/Sec
Cloud/Sec Delivers superior visibility & security...
…Consolidate Perimeter Security functions
…Application iden...
Consolidated Perimeter Security - Application Identity & Visibility
Cloud/Sec
Consolidated Security Perimeter - Access Control
Cloud/Sec
A single Policy can
support...
...Access Control
...Threat Mana...
Consolidated Security Perimeter - Threat Management
Cloud/Sec
Consolidated Security Perimeter - SSL Decryption and Re-encryption
…Internet Internal SSL Decryption & Re-encryption→
...I...
Consolidated Security Perimeter – Application & Threat Research
Cloud/Sec
Step 1. Identify Applications
Step 2. Get Detail...
Consolidated Security Perimeter – Application & Threat Research
Cloud/Sec
Step 3. Get Source and Destination Information i...
Consolidated Security Perimeter – Application & Threat Research
Cloud/Sec
Consolidated Security Perimeter - URL Filtering & Site Classification
Cloud/Sec
Consolidated Security Perimeter - File Transfer Control
Cloud/Sec
Consolidated Security Perimeter - Data Leakage Prevention
Cloud/Sec
BlueNET
BlueNETBlueNET – The Cloud Enabler
BlueNETBlueNET eliminates the performance penalty of operating in-the-cloud
…De...
Cloud/Sec
BlueNETBlueNET & Cloud/SecCloud/Sec data centers...
…New York, NY ...Atlanta, GA ...Los Angeles, CA
111 8th
Ave....
Cloud/SecCloud/Sec – Use Cases
…Multi-Site Organization
...Headquarters
...Branch Office
...Home
...Hotel
...Complete in-t...
Cloud/SecCloud/Sec – Use Cases
…Multi-Site Organization
...Headquarters
...Branch Office
...Home
...Hotel
Cloud/SecCloud/Sec – Use Cases
...Complete in-the-cloud Computing
Cloud/SecCloud/Sec – Use Cases
...Dot Com Perimeter in-the-cloud
Cloud/SecCloud/Sec – Use Cases
...In-the-cloud Site Redundancy
Cloud/SecCloud/Sec – Use Cases
...Internet Anonymization
Cloud/SecCloud/Sec – Use Cases
...Internet Anonymization
Cloud/SecCloud/Sec – Performance Specs
Cloud/SecCloud/Sec
Thank YouThank You
Any Questions? Want to see a demo?
Please see us at booth 713.
Upcoming SlideShare
Loading in …5
×

Bat Blue Cloud Sec Presentation 4

687 views
575 views

Published on

Bat Blue introduces Cloud/Sec a unique comprehensive security in-the-Cloud offering. This is the slideware from Babak Pasdar\'s Cloud Forum presentation from Interop NY 2010.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
687
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Bat Blue Cloud Sec Presentation 4

  1. 1. Security “in-the-Cloud” Getting Past the fluff and into the Cloud Presented by: Babak Pasdar President & CEO Bat Blue Corporation Cloud/Sec Board Member:
  2. 2. * Security Goals: Maintain the integrity, privacy and availability of organizational systems and data. * Perimeter Security Challenges The current approach to Perimeter security is... ...Expensive ...Resource intensive …Ultimately ineffective Cloud/Sec
  3. 3. * Perimeter Security Challenges - Expensive The Current Approach to Perimeter Security Demands... ...Dozens of Disparate Technologies Firewalls, IPS, Proxy, URL-Filter, Anti-Virus, Anti- Spyware, VPN (SSL/IPSec), Web App Firewalls, Load Balancers, SIMs, etc... ...Multitude (24+) of Devices Cloud/Sec This translates to initial capital costs of... ...$75K - $100K+ for a small site ...$250K - $500K for a medium site or dot com ...$750k - $Millions for a large site
  4. 4. * Security Challenges - Resource Intensive Dozens of Technologies & 24+ Devices... ...Require extremely complex & expensive implementations ...Drive hundreds of direct and indirect integration points forcing complicated troubleshooting ...Requires managing dozens of disparate policy sets quite often by disparate resources ...Operate as “Islands of Security” without an integrated operational mode ...Managing many vendor relationships Cloud/Sec
  5. 5. ISP-1 ISP-2 In-DMZ Out-DMZ P r o x y A V U R L I P S e c S S L S p a m
  6. 6. * Security Challenges - Ineffective Security Ineffective Security Model... ...Expensive equipment force organizations to manage risk ...Complex security leads to a focus on functionality and performance and not security ...”Islands of Security” lead to protection gaps and inconsistent security operations ...It takes hours, days or weeks to get a view on what happened hours, days or weeks ago Cloud/Sec
  7. 7. * Security Challenges - Ineffective Security Ineffective Security Tools... ...Firewall is NOT security | Firewall is “Noise Management” ...VPN is NOT security | VPN is privacy ...HTTPS is NOT security | HTTPS is privacy ...SSL is NOT security | SSL is privacy ...Security REQUIRES application level insight: .... Proxy .... IDS / IPS .... Other Miscellaneous (WAN XL & Network Visibility) Cloud/Sec
  8. 8. * Security Challenges - Ineffective Security Proxy as a security tool... ...is only application protocol aware (ie: http) ...limited to a handful of protocols and not all ...functions no better than a firewall, but at a higher level ...is extremely slow Cloud/Sec
  9. 9. * Security Challenges - Ineffective Security IPS as a security tool... ...IPS is only 20-50% effective after tuning ...That means it is 50+% un-credible forcing alerting on rather than blocking threats ...Forensics is extremely resource intensive and can only leads to one of two results: Cloud/Sec IPS overlays Thousands of Signatures over data streams Bit-pattern matching generates significant false positives This forces organizations to do Forensics Your Tools Are Inaccurate! You're Breached! Both of which are after the fact and at great cost!!!!
  10. 10. * Security Challenges - so what's the answer? Cloud/Sec A completely new security paradigm that delivers... Economy – eliminating all capital expenses Effectiveness – Application layer security for all traffic regardless of port and protocol Efficiency – Reduce the burden on the IT staff and make security operations repeatable
  11. 11. Introducing: Cloud/Sec Cloud/Sec is a completely in-the-cloud perimeter security solution that... ...Delivers superior application visibility & security ...Offers a single unified interface for managing Security ...Runs on BlueNET – a Cloud enabler that is extremely fast ...Diversely available data centers nationwide ...Requires no hardware investments & simple to activate ...Supports all organizational locations ....Headquarters ....Branch offices ....Home users ....Hotel / traveling users ....Mobile phone users (coming soon)
  12. 12. Cloud/Sec Cloud/Sec Delivers superior visibility & security... …Consolidate Perimeter Security functions …Application identity & visibility ...User-based access control (by application or port/protocol) ...Accurate Threat Management (Malware, Spyware & Vulnerabilities) ...SSL decryption and re-encryption!!! ...Comprehensive integrated application & threat research ...URL filtering and site classification ...File by type transfer control ...Data Leakage Prevention (Credit Card, Social Security, etc..)
  13. 13. Consolidated Perimeter Security - Application Identity & Visibility Cloud/Sec
  14. 14. Consolidated Security Perimeter - Access Control Cloud/Sec A single Policy can support... ...Access Control ...Threat Management ...Malware Protection ...URL Filtering ...File Control ...Leakage Prevention
  15. 15. Consolidated Security Perimeter - Threat Management Cloud/Sec
  16. 16. Consolidated Security Perimeter - SSL Decryption and Re-encryption …Internet Internal SSL Decryption & Re-encryption→ ...Internal Internet SSL Decryption & Re-encryption→ Cloud/Sec
  17. 17. Consolidated Security Perimeter – Application & Threat Research Cloud/Sec Step 1. Identify Applications Step 2. Get Detailed Assessment on the Application
  18. 18. Consolidated Security Perimeter – Application & Threat Research Cloud/Sec Step 3. Get Source and Destination Information including IP, User & Country Step 4. Get Site Categorization Information Step 5. Get Threat Information
  19. 19. Consolidated Security Perimeter – Application & Threat Research Cloud/Sec
  20. 20. Consolidated Security Perimeter - URL Filtering & Site Classification Cloud/Sec
  21. 21. Consolidated Security Perimeter - File Transfer Control Cloud/Sec
  22. 22. Consolidated Security Perimeter - Data Leakage Prevention Cloud/Sec
  23. 23. BlueNET BlueNETBlueNET – The Cloud Enabler BlueNETBlueNET eliminates the performance penalty of operating in-the-cloud …Designed from the ground up to support Cloud Apps ...Uses “Hot Potato Extreme” Routing ...Guaranteed “One Hop Out” Routing ...No single point of failure for even the smallest sites ...Incorporates terabit-grade infrastructure ...Operates with extremely low latency ...Available in data centers nationwide
  24. 24. Cloud/Sec BlueNETBlueNET & Cloud/SecCloud/Sec data centers... …New York, NY ...Atlanta, GA ...Los Angeles, CA 111 8th Ave. ...Sanfrancisco, CA 60 Hudson St. ...Chicago, IL ...Ashburn, VA ...Clifton, NJ ...Seattle, WA* ...Las Vegas, NV* * Coming Soon
  25. 25. Cloud/SecCloud/Sec – Use Cases …Multi-Site Organization ...Headquarters ...Branch Office ...Home ...Hotel ...Complete in-the-cloud Computing ...In-the-cloud Site Redundancy ...Dot Com Perimeter in-the-cloud ...Internet Anonymization
  26. 26. Cloud/SecCloud/Sec – Use Cases …Multi-Site Organization ...Headquarters ...Branch Office ...Home ...Hotel
  27. 27. Cloud/SecCloud/Sec – Use Cases ...Complete in-the-cloud Computing
  28. 28. Cloud/SecCloud/Sec – Use Cases ...Dot Com Perimeter in-the-cloud
  29. 29. Cloud/SecCloud/Sec – Use Cases ...In-the-cloud Site Redundancy
  30. 30. Cloud/SecCloud/Sec – Use Cases ...Internet Anonymization Cloud/SecCloud/Sec – Use Cases ...Internet Anonymization
  31. 31. Cloud/SecCloud/Sec – Performance Specs
  32. 32. Cloud/SecCloud/Sec Thank YouThank You Any Questions? Want to see a demo? Please see us at booth 713.

×