Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
copyright 2015
Cloud Applications Secured - LNETM
1
copyright 2015
About Us
2
Partner
Network
TECHNOLOGY PARTNER
Founded by Enterprise IT, Capital
Markets and ISV professiona...
copyright 2015
Servers are moving by the millions per year into cloud and virtual
infrastructures, and applications are mo...
copyright 2015
Everywhere these virtualized applications go,
they need security, integration and connectivity.
4
This crea...
copyright 2015
Network Penetration has gone Professional
•In the post-Snowden era, all servers
“on a wire” are compromised...
copyright 2015
Others Agree
• FBI Director James Comey - http://goo.gl/34SEdy	

"There are two kinds of big companies in t...
copyright 2015
Let’s look at what (may have) happened to Sony…
7
copyright 2015
A classic enterprise deployment pattern	

for critical business infrastructure
8
Web Tier
AppServer	

Tier
...
copyright 2015
Enterprise data centers are filled with these applications
9
copyright 2015
In the post-Snowden era, with network penetrations performed by governments and
criminal gangs alike, penet...
copyright 2015
One penetration creates significant “east-west” 	

expansion of the hacking
11
copyright 2015
The Solution
12
copyright 2015
Introducing the next generation in application security	

VNS3:turret
13
Application Security Controller
M
...
copyright 2015
Cloud Edge Protection
Cloud Isolation
CloudVLAN
Cloud Network Firewall
Cloud Network Service
VNS3
Database ...
copyright 2015
“Application Segmentation” completes the security model
15
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
La...
copyright 2015
VNS3: turret application security controllers are deployed as an encrypted, clustered micro-perimeter	

to ...
copyright 2015
Deploy your applications inside theTurret’s unique, encrypted
overlay network, specific to that critical bus...
copyright 2015
No server in your deployment talks to any other server without going through a mediating
security control. ...
copyright 2015
Once the micro-perimeter is established the broad policy
enforcement mechanism is in place, with strict tra...
copyright 2015
L4-L7 plugins provide security and compliance automation for 	

BOTH edge operations and interior operation...
copyright 2015
Even if there is an initial penetration event, east-west risk is dramatically reduced by
network virtualize...
copyright 2015
Cohesive Customers and Solutions
22
copyright 2015
Cloud Applications Secured
23
System Integrators
helping customers build	

cloud-based businesses
“As a Ser...
copyright 2015
VNS3 Product Family
24
Application Security Controller
provides an application micro-
perimeter platform
Se...
copyright 2015
Availability
25
VNS3 allows customers to secure their 	

application in any cloud.
Virtual Infrastructure
P...
copyright 2015
Appendix
26
copyright 2015
✓ Deployed as part of customer’s cloud-based application.	

✓ Patented system for network control in the cl...
Upcoming SlideShare
Loading in …5
×

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

361 views

Published on

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

  1. 1. copyright 2015 Cloud Applications Secured - LNETM 1
  2. 2. copyright 2015 About Us 2 Partner Network TECHNOLOGY PARTNER Founded by Enterprise IT, Capital Markets and ISV professionals VNS3 cloud security appliance launched in 2008 Secured over 500 million virtual device hours in public, private, & hybrid clouds Chicago, London, and Palo Alto
 VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments. 1000+ customers in 20+ countries across all industry verticals and sectors
  3. 3. copyright 2015 Servers are moving by the millions per year into cloud and virtual infrastructures, and applications are moving with them. 3 Millions of Applications by 2020 System Integrators as a Service businesses TECH Geezeo® ISV as a Service Offering Cloud ERP Cloud as a Service
  4. 4. copyright 2015 Everywhere these virtualized applications go, they need security, integration and connectivity. 4 This creates the market for application security and network services (Layers 3-7) for applications deployed to public cloud. ConnectivityIntegrationSecurity
  5. 5. copyright 2015 Network Penetration has gone Professional •In the post-Snowden era, all servers “on a wire” are compromised, or a target to be, by hackers, criminals or foreign governments. •Regulatory implementation and reporting demands are increasing (HIPAA, PCI, NIST Cybersecurity, EU Data Privacy, etc.) 5 By the Office of Compliance Inspections and Examinations1 Volume IV, Issue 2 April 15, 2014 OCIE CYBERSECURITY INITIATIVE I. Introduction The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) previously announced that its 2014 Examination Priorities included a focus on technology, including cybersecurity preparedness.2 OCIE is issuing this Risk Alert to provide additional information concerning its initiative to assess cybersecurity preparedness in the securities industry. II. Background On March 26, 2014, the SEC sponsored a Cybersecurity Roundtable. In opening the Roundtable, Chair Mary Jo White underscored the importance of this area to the integrity of our market system and customer data protection. Chair White also emphasized the “compelling need for stronger partnerships between the government and private sector” to address cyber threats.3 Commissioner Aguilar, who recommended holding a Cybersecurity Roundtable, emphasized the importance for the Commission to gather information and “consider what additional steps the Commission should take to address cyber-threats.”4 1 The statements and views expressed herein are those of the staff of OCIE. This guidance is not a rule, regulation, or statement of the Commission. The Commission has expressed no view on its contents. This document was prepared by the SEC staff and is not legal advice. 2 Examination Priorities for 2014, available at: http://www.sec.gov/about/offices/ocie/national-examination- Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered broker- dealers and registered investment advisers, focusing on areas related to cybersecurity. In order to empower compliance professionals with questions and tools they can use to assess their respective firms’ cybersecurity preparedness, OCIE has included a sample cybersecurity document request in the Appendix to this Risk Alert.
  6. 6. copyright 2015 Others Agree • FBI Director James Comey - http://goo.gl/34SEdy "There are two kinds of big companies in the United States.There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese." • ITRC - http://goo.gl/BtjNrC 621 data breaches, exposing over 77,890,487 records in 2014. 6 Source: Information is Beautiful http://goo.gl/QWllpM CourtVentures 200,000,000 Yahoo Japan 22,000,000Dropbox Adobe 152,000,000 ! ! JP Morgan Chase 76,000,000 Gmail 5,000,000 2011 2012 2013 2014 Ebay 145,000,000 Health 4,500,000 Target 70,000,000 Home Depot 56,000,000AOL 2,400,000 Mozilla NYTaxi Kissinger 1,700,000 Vodafone 2,000,000Citi 150,000 Zappos 24,000,000 Facebook 6,000,000 Drupal Korea Credit Bureau 20,000,000 SC Gov D&B MA Gov NY Gas 1,800,000 UPS Snap
 chat Ubuntu Sony Online 24,600,000 Evernote 24,600,000 Blizzard 14,000,000 Honda CA Emory 315,000
  7. 7. copyright 2015 Let’s look at what (may have) happened to Sony… 7
  8. 8. copyright 2015 A classic enterprise deployment pattern for critical business infrastructure 8 Web Tier AppServer Tier Database Tier User Traffic Message Queues ETL Usage API Usage
  9. 9. copyright 2015 Enterprise data centers are filled with these applications 9
  10. 10. copyright 2015 In the post-Snowden era, with network penetrations performed by governments and criminal gangs alike, penetration of one app, means potentially penetration of them all 10
  11. 11. copyright 2015 One penetration creates significant “east-west” expansion of the hacking 11
  12. 12. copyright 2015 The Solution 12
  13. 13. copyright 2015 Introducing the next generation in application security VNS3:turret 13 Application Security Controller M Virtual Adapter Virtual Adapter Virtual Adapter Layer 3 Encrypted Switch Layer 3 Encrypted Router GRE Protocol Bridge Protocol Re- Distributor Industry Standard L4 - L7 PLUGIN System Mesh Transaction Management Core Mesh Firewall Mesh Key Management Net Management Interfaces SSLVPN
 Edge IPsecVPN Edge Autonomics Agents RESTful API Service Cloud Capacity Interfaces Virtual CPU(s) AES-NI
 Interface Provisioned IPOs Enhanced Network Drivers App
 FW Custom Mods SSL Offload Content Cache Internal LB IDS IPS Application Security Controller NIC(s) Unique Encrypted Topology Identity UniqueEncryptedTopologyIdentity UniqueEncryptedTopologyIdentity
  14. 14. copyright 2015 Cloud Edge Protection Cloud Isolation CloudVLAN Cloud Network Firewall Cloud Network Service VNS3 Database Tier App Server Tier WebTier Message Queues Application Security Controller creates unique perimeters for each virtualized application 14 • Unique cryptographic overlay network for each application • Deployed at each application edge, fortifies and reinforces security policies • Cloud Native and Software Defined • Complements and extends the DMZ (“hard edge”) of the data center
  15. 15. copyright 2015 “Application Segmentation” completes the security model 15 Layer 3 ! Layer 2 ! Layer 1 ! Layer 0 Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Application Segmentation Virtual Segmentation Limit of user access, control and visibility Physical Segmentation Alcatel DCN VCN VNS3 nodes are software- only network security and connectivity appliances. ! “Application Segmentation” provides the most comprehensive application security model available today. ! Create a cryptographically unique Layer 3 network for each application deployment.
  16. 16. copyright 2015 VNS3: turret application security controllers are deployed as an encrypted, clustered micro-perimeter to secure your mission critical business systems in public/private cloud. 16
  17. 17. copyright 2015 Deploy your applications inside theTurret’s unique, encrypted overlay network, specific to that critical business infrastructure 17
  18. 18. copyright 2015 No server in your deployment talks to any other server without going through a mediating security control. Turret acts as an encrypted smart-switch via its interior network interfaces. 18
  19. 19. copyright 2015 Once the micro-perimeter is established the broad policy enforcement mechanism is in place, with strict traffic flow controls. 19
  20. 20. copyright 2015 L4-L7 plugins provide security and compliance automation for BOTH edge operations and interior operations. 20
  21. 21. copyright 2015 Even if there is an initial penetration event, east-west risk is dramatically reduced by network virtualized security, and the attempts are easier to recognize and isolate. 21 VNS3:turret protected virtual infrastructure X X
  22. 22. copyright 2015 Cohesive Customers and Solutions 22
  23. 23. copyright 2015 Cloud Applications Secured 23 System Integrators helping customers build cloud-based businesses “As a Service” businesses being built in the cloud Enterprise extending business to the cloud
  24. 24. copyright 2015 VNS3 Product Family 24 Application Security Controller provides an application micro- perimeter platform Security and connectivity appliance with optional L4-L7 plug-in system Virtual network management providing a single pane of glass for cloud-based virtual networks High availability solution for self- healing virtual networks
  25. 25. copyright 2015 Availability 25 VNS3 allows customers to secure their application in any cloud. Virtual Infrastructure Public Cloud Private Cloud
  26. 26. copyright 2015 Appendix 26
  27. 27. copyright 2015 ✓ Deployed as part of customer’s cloud-based application. ✓ Patented system for network control in the cloud. ✓ Platform for customer and partner cloud network innovation InsideVNS3:net 27

×