The document discusses the need for distributed and virtualized enterprise security. It covers recent public enterprise hacks and outlines the flaws with traditional enterprise perimeter security models. The presentation advocates for a micro-segmented architecture with isolated security zones and policy-based enforcement to replace the traditional untenable perimeter approach.
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Toward distributed and virtualized enterprise security
1. #RSAC
Dr. Edward G. Amoroso
Toward Distributed and Virtualized
Enterprise Security
STR-T11
CEO TAG Cyber
Stevens Institute of Technology, M&T Bank,
Applied Physics Lab/JHU, New York University
@hashtag_cyber
eamoroso@tag-cyber.com
11. #RSAC
Email
Marketin
g
Web
Gateway
Mistake 1: Email accepted from anyone with
no regard for controls such as DMARCEmail
Gateway
Records
Mistake 2: Someone from Marketing
clicks on a Phish
Mistake 3: Easy lateral
traversal across the
enterprise LAN.Mistake 4: Web egress
allowed to uncategorized
Internet site
Advanced Persistent Threat (APT)
37. #RSAC
Warning: Global Perimeters are Not Secure
Enterprise
LAN
Enterprise
LAN
Attack Surface
Perimeter
Attack Surface
Attack Surface
38. #RSAC
Isolating a Server from a Perimeter Makes it More Secure
Enterprise
LAN
Enterprise
LAN
Attack Surface
Perimeter
Attack Surface
Attack SurfaceIsolated Server