Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

API Days - API Security & the Audit Paradox by Chris Swan

591 views

Published on

API Days talk by Chris Swan, CTO at Cohesive Networks

Published in: Technology
  • Be the first to comment

  • Be the first to like this

API Days - API Security & the Audit Paradox by Chris Swan

  1. 1. Chris Swan, CTO, @cpswan API Security
  2. 2. © 2015 Setting the scene
  3. 3. © 2015 A little over a decade ago
  4. 4. © 2015 But it all went horribly wrong
  5. 5. © 2015 Mostly because of XML asymmetry of effort X O R Easy Hard
  6. 6. © 2015 The audit paradox
  7. 7. © 2015 Building in CC photo by WorldSkills
  8. 8. © 2015 What building in looks like
  9. 9. © 2015 Bolting on CC photo by arbyreed
  10. 10. © 2015 What bolting on looks like
  11. 11. © 2015 The shifting sands
  12. 12. © 2015 Unified Threat Management Firewall NIDS/NIPS AV Anti Spam VPN DLP Load Balancer UTM
  13. 13. © 2015 Application Delivery Controllers Cache TLS offload Compression WAF Multiplexing Load Balancer ADC Traffic Shaping
  14. 14. © 2015 PaaS gives us the chance to ‘bolt in’
  15. 15. © 2015 But Docker adoption shows a movement against opinionated platforms
  16. 16. © 2015 If a security event happens and it isn’t monitored
  17. 17. © 2015 SDN and NFV
  18. 18. © 2015 Networks made from and configured by software
  19. 19. © 2015 We can put a bunch of ‘network’ onto a VM Firewall VPN Switch Router
  20. 20. © 2015 And add more functions into containers Firewall VPN Switch Router Cache TLS offload WAF Load Balancer NIDS/NIPS
  21. 21. © 2015 This could be thought of as an app centric perimeter
  22. 22. © 2015 But it refactors very readily into microservices
  23. 23. © 2015 Some challenges remain
  24. 24. © 2015 ToDo: SecDevOps APIs (to the network) are necessary but not sufficient: Need to have them integrated into the overall system Control metadata (and its mutability): Must be visible and understandable Security events need to be captured: Then turned into something humans can action
  25. 25. © 2015 Questions?

×