Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SDN's managing security across the virtual network final


Published on

Software defined networks (SDNs) offer an agile and scalable network option, yet the lack of visibility presents a huge challenge for the security and network operations teams who need to secure and manage it.

Join Omer Ganot, Product Manager at AlgoSec, for this technical webinar on best practices for managing security across the SDN environment.

Key topics include:

• How to securely discover, map and migrate application connectivity to the SDN
• Holistically managing the entire hybrid SDN, cloud and on-premise enterprise network through a single pane of glass
• Assessing risk and compliance cohesively for the entire end-to-end enterprise environment, including SDN
• Best practices for managing security policies across Cisco ACI, VMware NSX and OpenStack
• Tips and tricks to avoid the pitfalls when managing east-west and north-south security policies

Published in: Software
  • Be the first to comment

  • Be the first to like this

SDN's managing security across the virtual network final

  2. 2. WELCOME Have a question? Submit it via the chat This webinar is being recorded! Slides and recording will be sent to you after the webinar 2
  3. 3. Layer of Abstraction Infrastructure Data Panel Infrastructure Control Panel WELCOME TO THE SOFTWARE-DEFINED WORLD Northbound APIs Southbound APIs Applications Platform APIs
  4. 4. Private Cloud SDN CAN EXIST ON Public Cloud
  5. 5. IMAGINE A FUTURE WHERE NETWORK SECURITY HAS… No visibility into the network No boxes with “blinking lights” that inspect traffic No login screen to configure policy (just APIs)
  6. 6. GREAT SCOTT!!! That’s not secure at all…
  7. 7. Which SDN brands (private and public) are you using in production? • VMware NSX • Cisco ACI • Amazon Web Services (AWS) • Microsoft Azure • Google Cloud Platform (GCP) Please vote using the “votes from audience” tab in your BrightTALK panel
  8. 8. SOFTWARE DEFINED NETWORKING CAN BE More secure More adaptive More agile
  9. 9. Assuming…. you can manage it properly You can spend more time defining policy and less time enforcing policy
  10. 10. Through 2019, 80%of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. 80%
  11. 11. For many companies, the future has already arrived
  12. 12. Most companies will gradually evolve to this future or are already hybrid. Your Logo Here
  14. 14. Shared responsibility- Infrastructure security- by the cloud provider Application security- by the customer Your good old perimeter security (FW, IPS, SWG) SECURITY BOUNDARIES Private CloudPublic Cloud
  15. 15. SECURITY IN THE CLOUD Cloud Security Groups Abstracted firewalls at the network fabric level. Free and very flexible, but different for every cloud provider and (currently) do not provide advanced functionality Virtual Firewalls 3rd party commercial next-generation firewalls designed for the cloud. Familiar usage patterns, some already became “cloud-friendly” (data center objects) Host Agents Host agents that utilize existing host-based firewalls. Work across clouds and provide some advanced functionality, but add cost and management overhead
  16. 16. HYBRID CLOUD CHALLENGES • Visibility • Different configurations and security controls on each side • Ensuring consistency • Blurring responsibilities between teams
  17. 17. SECURITY FUNDAMENTALS STAY THE SAME Monitoring Least privileged Change management Risk analysis (Micro) Segmentation Governance Compliance
  18. 18. What is your primary motivation for deploying PUBLIC Cloud IaaS?
  20. 20. DYNAMIC OBJECTS AND TAGS Simplifies policy definition BUT complicates policy visualization • Great inside the data center but what happens outside? • Can you keep up? • Open up wide nets?
  21. 21. NETWORKS THAT SPAN MULTIPLE DATA CENTERS Good for policy definition; Bad for policy visualization • Need network AND application joint visualization approach • Need to verify consistency of edge definitions • Compliance
  22. 22. APPLICATION CONNECTIVITY DEFINITION Good for policy definition; Bad for policy visualization • Match to actual policy is not always automatic, no way to enforce • Compliance is hard
  24. 24. ISLANDS OF SDN AUTOMATION A software controlled data center can be sleek and automated • How do you extend your policy to rest of the network ?
  25. 25. ISLANDS OF SDN AUTOMATION Bad for policy visualization and policy automation beyond the data center
  26. 26. FIREWALL VENDORS SUPPORT DYNAMIC OBJECTS What about the others? Mostly in cloud firewalls
  27. 27. RECOMMENDATIONS • Network Security implementation in the cloud is different (If you’re doing the same things you are doing it wrong) • Evaluate cloud security controls and pick the best one for your needs • Get cloud experts on the network security team • Automation is a must • Unified management across hybrid environment is a must
  28. 28. MORE RESOURCES 29 WHITEPAPER DATASHEET PPT Prof. Wool Educational Videos
  29. 29. UPCOMING WEBINARS Topic: Application Visibility Across the Security Estate–The Value & the Vision When: Tuesday, June 5 Presented by: Jonathan Gold-Shalev, Senior Product Manager Topic: Securely Managing External Network Connections — Tips & Tricks When: Tuesday, June 12, Presented by: Prof. Avishai Wool, CTO ---Sign up now ---
  30. 30. THANK YOU! Questions can be emailed to