SlideShare a Scribd company logo

How VPNs and Firewalls Put Your Organization at Risk

Cyxtera Technologies
Cyxtera Technologies

Traditional VPNs and firewalls are dangerous to your organization. Learn where they fail.

Software
1 of 31
Download to read offline
How VPNs and Firewalls Put Your Organization at Risk Traditional VPNs and firewalls are dangerous to your organization. Learn where they fail.
1990’s 2000’s Firewalls and VPNs have been around for over 20 years In technical dog years, that’s more than three centuries.
And they haven’t really changed. Firewalls and VPNs have used the same methods and protocols since the 1990s. PRESENT no significant change
Yet technology and the ways people connect have changed significantly.
People are more connected and more dispersed today than ever before. THE WORLD IS CONNECTED CONNECTING TO YOUR NETWORK WHEREVER IT MAY BE… ON-PREMISES PUBLIC CLOUD PRIVATE CLOUD HYBRID CLOUD
The network perimeter as we know it has disappeared. People are connecting to your network in new ways. Your job is to secure these network connections. And if you don’t, you face some big security problems.
Security becomes hard to manage across hybrid environments. There are separate ways people are managing polices and permissions for cloud vs. on-premises workloads. It’s complicated, difficult, expensive and dangerous. ON-PREMISESMANAGEMENT CLOUD MANAGEMENT
If hackers get in, they’ve hit the lottery. They can bounce from place to place, file server to database. It’s difficult for security professionals to detect so hackers can wait and make a move at the right time. Lateral movement across the network becomes a huge security risk. Many organizations have a flat architecture – once you’re inside the network, you can see or access anything.
Securing networks against cyberwarfare is impossible. Well‑funded organizations and nation‑states with sophisticated skills are attacking corporate IT systems. They’re testing your defenses. They want your stuff. To sell. To ransom. To embarrass your organization. WANNACRY MALWARE An estimated 416,000 systems were infected by WannaCry malware worldwide. - MalwareTech, May 16, 2017 HBO HACKERS LEAK TOP EXECUTIVE EMAILS Hackers delivered a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. …HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).” - August 2017 YOU ARE PARTICIPATING IN CYBER WAR WHETHER YOU LIKE IT OR NOT
Securing the network from employees – often a weak security link – is hard. THEY’RE IN YOUR COMPANY RIGHT NOW – DO YOU RECOGNIZE THEM? THE MALICIOUS INSIDER THE COMPROMISED THIRD PARTY USER THE NEGLIGENT INSIDER THE OVER-PRIVILEGED/ SUPER-PRIVILEGED THE COMPROMISED INSIDER
So we turn to Firewalls and VPNs.
Firewalls are configured and forgotten. Once set up, you really don’t want to change the firewall because it’s usually a significant change ticket.
Firewalls look at port and addresses, not users. They’re not designed to address specific users, which is why admins are always adding exceptions and HOLES for access. PORT 80 OR 443 LogMeIn and TeamViewer use to bypass your firewalls giving access to your network unless you protect against traffic from these ports. PORT 3389 Remote Desktop Protocol (RDP) gives users a jump box or bastion hosts, and is exposed to the public. Why? Because an IT person is working from home so its easier to RDP directly to a particular box to get work done. Port holes are common because we are trying to secure our environments and still make them usable. 192.153.1.2 : 80
Firewalls aren’t always the best solution for securing your network. SO WE TURN TO VPNS.
VPNs do NOT equal secure They were never designed to be a security solution. VPNS AUTHENTICATE TO EVERYTHING VPNS ARE SIMPLE PERIMETER- BASED SECURITY VPNS ARE STATIC AND UNINTELLIGENT VPNS PROVIDE OVER- ENTITLED ACCESS Once authorized, users have complete access to the authenticated network. In a world where the physical perimeter is no longer relevant. While user context and security threats are ever-changing. Maximizing your lateral attack surface and vulnerability. VPN SERVER
Firewalls and VPNs were designed for an era when we trusted each other… a lot. BUT TODAY, WE CAN’T TRUST EVERYBODY.
We need a new approach to network security that is simple enough that a child would understand the concept. CONSIDER THIS SCENARIO If someone knocks on the door to your house, a 2nd grader would know to ask: “who are you?” and “what do you want?” If the two questions are answered appropriately, only then would the door be opened to a trusted person. THAT’S HOW A SOFTWARE DEFINED PERIMETER WORKS. LET’S TAKE A LOOK...
A Software-Defined Perimeter is a network security model that dynamically creates 1:1 network connections between users and the data they access. SDP reduces the attack surface in real-time by creating a discrete, encrypted network segment of one, making everything else invisible and inaccessible. A network segment of one is network micro-segmentation down to individual users and for each user session!! Now that’s secure!
Cyxtera delivers the market leading Software-Defined Perimeter: AppGate SDP
AppGate SDP is user-centric It provides identity-based access control, creating an individualized perimeter based on each user and their context. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor Authentication USER
AppGate SDP is dynamic and adaptive. It adapts to changes in user context, device and security conditions, and it integrates with your operational systems. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor authentication Location Network Time Threat Posture USER ENVIRONMENT
AppGate SDP is programmable and extensible. It integrates with your business and operational systems. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor authentication Location Network Time Threat Posture Business Systems Operational Systems Network Analytics Cloud Security Groups & Tags API-driven Entitlements USER ENVIRONMENT ENTERPRISE
AppGate SDP Creates a Segment of One. It gives you fine-grained controls to reduce the available network attack surface. Encrypted 1:1 connection PROTECTED ASSETS Cloud, Hybrid or On-PremisesENCRYPTED
AppGate SDP Creates a Segment of One. It gives you fine-grained controls to reduce the available network attack surface. The user only sees what they are authorized to access. Access is adjusted in real time as events and conditions warrant.ENCRYPTED
How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 Using Single-Packet Authorization, client makes access request to controller CONTROLLER
How AppGate SDP works: DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 2 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client CONTROL CHANNEL CONTROLLER
How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 2 3 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client Gateway creates “Segment of One” access rule CONTROLLER
How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER CONTROLLER PROTECTIVE SERVER DATA CHANNEL 1 2 3 4 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client Gateway creates “Segment of One” access rule Controller continuously monitors for context changes, adapts entitlements accordingly
AppGate SDP provides secure, adaptive network access Encrypted connection between user and approved resources creates custom per-user network Unauthorized resources are completely dark – impossible to detect Eliminates lateral movement on internal networks Policy adapts dynamically to changes in context Provides unified access control across hybrid environments Sally Developer Project X Charlie DB Admin Joe System Analyst Project Hawk
Learn more about AppGate SDP DATASHEET VIDEO AppGate SDP for AWS WHITEPAPER Forrester Report No More Chewy Centers: The Zero Trust Model of Information Security AppGate SDP
Want to know more? AWS FREE TRIAL AZURE FREE ACCOUNT GET IN TOUCH Click here to get access to a 15-day free trial of AppGate SDP on AWS marketplace. Click here to create and view the benefits of a Microsoft Azure account, including a $200 credit towards Azure products. Email: sales@cyxtera.com Twitter: @Cyxtera LinkedIn: linkedin.com/company/cyxtera

Recommended

Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Government Technology & Services Coalition
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 

Recommended

Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Government Technology & Services Coalition
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
Ivan Dwyer
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
Priyanka Aash
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
Ivan Dwyer
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
Cryptzone
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2
Priyanka Aash
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
Cryptzone
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
KloudLearn
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
AccuKnox
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
Anthony Daniel
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
Zscaler
 

More Related Content

What's hot

SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
AlgoSec
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 

What's hot (20)

How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseBeyondCorp - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Workshop on CASB Part 2
Workshop on CASB Part 2Workshop on CASB Part 2
Workshop on CASB Part 2
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 

Similar to How VPNs and Firewalls Put Your Organization at Risk

Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
ssuserea0dfe
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
Angie Lee
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Rachel Wandishin
 

Similar to How VPNs and Firewalls Put Your Organization at Risk (20)

Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
 
VPN In Details
VPN In DetailsVPN In Details
VPN In Details
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
The vpn
The vpnThe vpn
The vpn
 
Top vpn interview question and answer
Top vpn interview question and answerTop vpn interview question and answer
Top vpn interview question and answer
 
Blug Talk
Blug TalkBlug Talk
Blug Talk
 
Blug talk
Blug talkBlug talk
Blug talk
 
Streamline and Secure Your Network and Users
Streamline and Secure Your Network and UsersStreamline and Secure Your Network and Users
Streamline and Secure Your Network and Users
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
 
Vpn
VpnVpn
Vpn
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 

Recently uploaded

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Recently uploaded (20)

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

How VPNs and Firewalls Put Your Organization at Risk

  • 1. How VPNs and Firewalls Put Your Organization at Risk Traditional VPNs and firewalls are dangerous to your organization. Learn where they fail.
  • 2. 1990’s 2000’s Firewalls and VPNs have been around for over 20 years In technical dog years, that’s more than three centuries.
  • 3. And they haven’t really changed. Firewalls and VPNs have used the same methods and protocols since the 1990s. PRESENT no significant change
  • 4. Yet technology and the ways people connect have changed significantly.
  • 5. People are more connected and more dispersed today than ever before. THE WORLD IS CONNECTED CONNECTING TO YOUR NETWORK WHEREVER IT MAY BE… ON-PREMISES PUBLIC CLOUD PRIVATE CLOUD HYBRID CLOUD
  • 6. The network perimeter as we know it has disappeared. People are connecting to your network in new ways. Your job is to secure these network connections. And if you don’t, you face some big security problems.
  • 7. Security becomes hard to manage across hybrid environments. There are separate ways people are managing polices and permissions for cloud vs. on-premises workloads. It’s complicated, difficult, expensive and dangerous. ON-PREMISESMANAGEMENT CLOUD MANAGEMENT
  • 8. If hackers get in, they’ve hit the lottery. They can bounce from place to place, file server to database. It’s difficult for security professionals to detect so hackers can wait and make a move at the right time. Lateral movement across the network becomes a huge security risk. Many organizations have a flat architecture – once you’re inside the network, you can see or access anything.
  • 9. Securing networks against cyberwarfare is impossible. Well‑funded organizations and nation‑states with sophisticated skills are attacking corporate IT systems. They’re testing your defenses. They want your stuff. To sell. To ransom. To embarrass your organization. WANNACRY MALWARE An estimated 416,000 systems were infected by WannaCry malware worldwide. - MalwareTech, May 16, 2017 HBO HACKERS LEAK TOP EXECUTIVE EMAILS Hackers delivered a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. …HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).” - August 2017 YOU ARE PARTICIPATING IN CYBER WAR WHETHER YOU LIKE IT OR NOT
  • 10. Securing the network from employees – often a weak security link – is hard. THEY’RE IN YOUR COMPANY RIGHT NOW – DO YOU RECOGNIZE THEM? THE MALICIOUS INSIDER THE COMPROMISED THIRD PARTY USER THE NEGLIGENT INSIDER THE OVER-PRIVILEGED/ SUPER-PRIVILEGED THE COMPROMISED INSIDER
  • 11. So we turn to Firewalls and VPNs.
  • 12. Firewalls are configured and forgotten. Once set up, you really don’t want to change the firewall because it’s usually a significant change ticket.
  • 13. Firewalls look at port and addresses, not users. They’re not designed to address specific users, which is why admins are always adding exceptions and HOLES for access. PORT 80 OR 443 LogMeIn and TeamViewer use to bypass your firewalls giving access to your network unless you protect against traffic from these ports. PORT 3389 Remote Desktop Protocol (RDP) gives users a jump box or bastion hosts, and is exposed to the public. Why? Because an IT person is working from home so its easier to RDP directly to a particular box to get work done. Port holes are common because we are trying to secure our environments and still make them usable. 192.153.1.2 : 80
  • 14. Firewalls aren’t always the best solution for securing your network. SO WE TURN TO VPNS.
  • 15. VPNs do NOT equal secure They were never designed to be a security solution. VPNS AUTHENTICATE TO EVERYTHING VPNS ARE SIMPLE PERIMETER- BASED SECURITY VPNS ARE STATIC AND UNINTELLIGENT VPNS PROVIDE OVER- ENTITLED ACCESS Once authorized, users have complete access to the authenticated network. In a world where the physical perimeter is no longer relevant. While user context and security threats are ever-changing. Maximizing your lateral attack surface and vulnerability. VPN SERVER
  • 16. Firewalls and VPNs were designed for an era when we trusted each other… a lot. BUT TODAY, WE CAN’T TRUST EVERYBODY.
  • 17. We need a new approach to network security that is simple enough that a child would understand the concept. CONSIDER THIS SCENARIO If someone knocks on the door to your house, a 2nd grader would know to ask: “who are you?” and “what do you want?” If the two questions are answered appropriately, only then would the door be opened to a trusted person. THAT’S HOW A SOFTWARE DEFINED PERIMETER WORKS. LET’S TAKE A LOOK...
  • 18. A Software-Defined Perimeter is a network security model that dynamically creates 1:1 network connections between users and the data they access. SDP reduces the attack surface in real-time by creating a discrete, encrypted network segment of one, making everything else invisible and inaccessible. A network segment of one is network micro-segmentation down to individual users and for each user session!! Now that’s secure!
  • 19. Cyxtera delivers the market leading Software-Defined Perimeter: AppGate SDP
  • 20. AppGate SDP is user-centric It provides identity-based access control, creating an individualized perimeter based on each user and their context. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor Authentication USER
  • 21. AppGate SDP is dynamic and adaptive. It adapts to changes in user context, device and security conditions, and it integrates with your operational systems. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor authentication Location Network Time Threat Posture USER ENVIRONMENT
  • 22. AppGate SDP is programmable and extensible. It integrates with your business and operational systems. Device OS Version Endpoint Agents App Permissions Directory Attributes Multi-factor authentication Location Network Time Threat Posture Business Systems Operational Systems Network Analytics Cloud Security Groups & Tags API-driven Entitlements USER ENVIRONMENT ENTERPRISE
  • 23. AppGate SDP Creates a Segment of One. It gives you fine-grained controls to reduce the available network attack surface. Encrypted 1:1 connection PROTECTED ASSETS Cloud, Hybrid or On-PremisesENCRYPTED
  • 24. AppGate SDP Creates a Segment of One. It gives you fine-grained controls to reduce the available network attack surface. The user only sees what they are authorized to access. Access is adjusted in real time as events and conditions warrant.ENCRYPTED
  • 25. How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 Using Single-Packet Authorization, client makes access request to controller CONTROLLER
  • 26. How AppGate SDP works: DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 2 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client CONTROL CHANNEL CONTROLLER
  • 27. How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER PROTECTIVE SERVER DATA CHANNEL 1 2 3 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client Gateway creates “Segment of One” access rule CONTROLLER
  • 28. How AppGate SDP works: CONTROL CHANNEL DATA CHANNEL PROTECTIVE SERVER CONTROLLER PROTECTIVE SERVER DATA CHANNEL 1 2 3 4 Using Single-Packet Authorization, client makes access request to controller Controller checks context, passes entitlements to client Gateway creates “Segment of One” access rule Controller continuously monitors for context changes, adapts entitlements accordingly
  • 29. AppGate SDP provides secure, adaptive network access Encrypted connection between user and approved resources creates custom per-user network Unauthorized resources are completely dark – impossible to detect Eliminates lateral movement on internal networks Policy adapts dynamically to changes in context Provides unified access control across hybrid environments Sally Developer Project X Charlie DB Admin Joe System Analyst Project Hawk
  • 30. Learn more about AppGate SDP DATASHEET VIDEO AppGate SDP for AWS WHITEPAPER Forrester Report No More Chewy Centers: The Zero Trust Model of Information Security AppGate SDP
  • 31. Want to know more? AWS FREE TRIAL AZURE FREE ACCOUNT GET IN TOUCH Click here to get access to a 15-day free trial of AppGate SDP on AWS marketplace. Click here to create and view the benefits of a Microsoft Azure account, including a $200 credit towards Azure products. Email: sales@cyxtera.com Twitter: @Cyxtera LinkedIn: linkedin.com/company/cyxtera