SlideShare a Scribd company logo

Microsegmentation for enterprise data centers

Narendran Vaideeswaran
Narendran Vaideeswaran

With the increase in frequency and sophistication of cyber-attacks such as ransomware and data exfiltration, enterprises are starting to adopt micro-segmentation as a key defense. With micro-segmentation you’re able to segment a network down to the individual hosts, drastically bringing down the attack surface. ColorTokens platform-agnostic software-defined security enables enterprises to efficiently secure their dynamic application environments in minutes. ColorTokens micro-segmentation reduces the attack surface and helps protect workloads, applications, and users distributed across bare metal or multi-cloud data centers. For more info, visit www.colortokens.com. Live Demo - http://bit.ly/CTLiveDemo

Technology
1 of 17
Download to read offline
Zero Trust Security. Implemented. Micro-Segmentation For Enterprise Data Centers © 2019 ColorTokens
Traditional Data Center Protection © 2019 ColorTokens, Inc | 2 To protect the data center, we use several security products, from several vendors, at different layers of the OSI model.
Traditional Security is Rigid, Reactive and Complex >75% of data center traffic – East-West • Perimeter security is no more SECURE – Attackers and attacks happening inside the data center • Reactive security doesn’t help – Antivirus solutions playing catchup with sophisticated attacks (zero-day, APTs) E W N S Bare-metal Hypervisors Cloud Containers Data center evolution Microservices | 3
Data Centers of Today and Tomorrow • Dynamic application environments – Changing testing, development & staging environments – Changing data access policies among these environments | 4 Users Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Staging Users
Data Centers of Today and Tomorrow • Dynamic workloads – Dynamic provisioning of Web, App or DB servers in an application environment – Changing resource access policies | 5 Web Server App Server DB App Server DB Security Policies Security Policies
Data Centers of Today and Tomorrow • Dynamic users – User access from within the office – User access from outside the office – Vendor/contractor accesses | 6 Web Server App Server DB App. 1 Web Server App Server DB App. 2 Office Users Mobile Users Vendor/Contractor
Data Centers of Today and Tomorrow • Hybrid Data Center – Application environments on the cloud and on-premise – Dynamic resource access policies | 7 Web Server App Server DB Development Web Server App Server DB Testing Office users Mobile users Web Server App Server DB Cloud Resource Access Policies
| 8 Are no longer monolithic Are spread across multiple locations Have dynamic workloads created, deleted/migrated across clouds In short, modern data centers: Your data center can no longer be built around rigid security solutions Maintaining consistent security policies in hybrid environments is a challenge Increases the attack surface - risk and exposure to data theft Accomplishing compliance is painful Because: Data Centers of Today and Tomorrow
And, Hackers Know Rigid, Traditional Security is Ineffective | 9 Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Cloud Office Users Mobile Users Vendor/Contractor
The Solution? Data Center Micro-Segmentation! | 10 Proper ‘segmentation’ to protect data center assets One of the golden rules in security Foundation for compliance standards and security best practices! With the increase in frequency and sophistication of cyber- attacks such as ransomware and data exfiltration, enterprises are starting to adopt micro-segmentation as a key defense: - To segment the network down to individual hosts, and - Reduce the attack surface
Different Approaches to Data Center Micro-Segmentation? | 11 Network-based Hypervisor-based Host-based Most common micro-segmentation techniques
Network-Based Micro-Segmentation | 12 - Most of the network teams are familiar with implementation as it’s been around for a while - Firewall rules are managed and enforced outside the workloads or hypervisor - Leverages perimeter firewall for both N/S and E/W traffic Pros Cons - Network centric approach - one can end up creating macro- segmentation, increasing the attack surface - Difficult to have fine grained/micro policies at the workload level - Policies are not agile when the workloads move - Thousands of ACLs/firewall rules become cumbersome in dynamic environments - Can become very expensive with security inspection - $$$ in public cloud implementations - cost of firewall + cost of running multiple VMs to support firewall function (minimum 2 for HA) - Performance impact due to additional gateway bottlenecks
Hypervisor-Based Micro-Segmentation | 13 - Programmable overlay networks and policies - Policies are enforced outside the workload on the hypervisor itself - Agility to move policies along with workloads Pros Cons - No support for bare metal /physical workloads - Hypervisor and vendor specific - lock-in - Limited or no support to public cloud environment - No support for container workloads - Lack of process visibility - Performance impact (CPU impact natively on the hypervisor) - Number of policies supported by hypervisor
Host-Based Micro-Segmentation | 14 - Completely independent of infrastructure/hypervisors - Works across multi-vendor OS environments - Works seamlessly across dynamic, distributed environments - Independent of network changes (deploy one VM or thousands in minutes) - Policy agility along with the workloads - Granular context awareness and visibility on every workload - Insights into processes running on every workload to address issues like dynamic port range, etc. - Built around zero trust Pros Cons - Need to install an agent on every host
Host-Based Micro-Segmentation | 15 ColorTokens provides a paradigm shift in enterprise IT security. ColorTokens is platform-independent and enables enterprises to shift from reactive to a proactive security model, without additional investment in hardware and operational complexities.
ColorTokens Proactive Security for Hybrid Data Centers | 16 Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Cloud Office Outside Vendor/Contractor X X Micro-segmentation Visibility Process level security
THANK YOU Micro-Segmentation in 3 Easy Steps [Video] See a Live Demo Got Questions? For more information about the ColorTokens solution email us at sales@colortokens.com Call +1 (408) 341-6030 to speak to a ColorTokens security specialist.

Recommended

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computingSeema Kumari
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 

Recommended

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...Shah Sheikh
 
DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015DTS Solution - Outsourcing Outlook Dubai 2015
DTS Solution - Outsourcing Outlook Dubai 2015Shah Sheikh
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computingSeema Kumari
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingLinux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingSeo Tss
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cloud computing Security
Cloud computing SecurityCloud computing Security
Cloud computing SecurityCloud Genius
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
ePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTicTac Data Recovery
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackNicole Fucile-Borsian
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affairGeorge Delikouras
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risksRevital Lapidot
 

More Related Content

What's hot

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingLinux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingSeo Tss
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cloud computing Security
Cloud computing SecurityCloud computing Security
Cloud computing SecurityCloud Genius
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
ePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTicTac Data Recovery
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackNicole Fucile-Borsian
 

What's hot (20)

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | Sysfore
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Security
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingLinux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Cloud computing Security
Cloud computing SecurityCloud computing Security
Cloud computing Security
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nac
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
ePlus Next-Generation Firewalls
ePlus Next-Generation FirewallsePlus Next-Generation Firewalls
ePlus Next-Generation Firewalls
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
 
The Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds HackThe Seismic Impact of the SolarWinds Hack
The Seismic Impact of the SolarWinds Hack
 

Similar to Microsegmentation for enterprise data centers

Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
On Premise Servers and Cloud-Based Servers.pptx
On Premise Servers and Cloud-Based Servers.pptxOn Premise Servers and Cloud-Based Servers.pptx
On Premise Servers and Cloud-Based Servers.pptxReyce Trono
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsnooralmousa
 
Cloud Networking Presentation - WAN Summit - Ciaran Roche
Cloud Networking Presentation - WAN Summit - Ciaran RocheCloud Networking Presentation - WAN Summit - Ciaran Roche
Cloud Networking Presentation - WAN Summit - Ciaran RocheCiaran Roche
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
Managed Service Provider Deployment Options for SolarWinds Network & Server M...
Managed Service Provider Deployment Options for SolarWinds Network & Server M...Managed Service Provider Deployment Options for SolarWinds Network & Server M...
Managed Service Provider Deployment Options for SolarWinds Network & Server M...SolarWinds
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
Presentation Wsta
Presentation WstaPresentation Wsta
Presentation Wstawill4468
 
Presentation wsta
Presentation wstaPresentation wsta
Presentation wstawill4468
 
WSTA PRESENTATION
WSTA PRESENTATIONWSTA PRESENTATION
WSTA PRESENTATIONwill4468
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 
Algo sec suite overview 2013 05
Algo sec suite overview 2013 05Algo sec suite overview 2013 05
Algo sec suite overview 2013 05hoanv
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 

Similar to Microsegmentation for enterprise data centers (20)

Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
On Premise Servers and Cloud-Based Servers.pptx
On Premise Servers and Cloud-Based Servers.pptxOn Premise Servers and Cloud-Based Servers.pptx
On Premise Servers and Cloud-Based Servers.pptx
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environments
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud Networking Presentation - WAN Summit - Ciaran Roche
Cloud Networking Presentation - WAN Summit - Ciaran RocheCloud Networking Presentation - WAN Summit - Ciaran Roche
Cloud Networking Presentation - WAN Summit - Ciaran Roche
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startups
 
Managed Service Provider Deployment Options for SolarWinds Network & Server M...
Managed Service Provider Deployment Options for SolarWinds Network & Server M...Managed Service Provider Deployment Options for SolarWinds Network & Server M...
Managed Service Provider Deployment Options for SolarWinds Network & Server M...
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 
Presentation Wsta
Presentation WstaPresentation Wsta
Presentation Wsta
 
Presentation wsta
Presentation wstaPresentation wsta
Presentation wsta
 
WSTA PRESENTATION
WSTA PRESENTATIONWSTA PRESENTATION
WSTA PRESENTATION
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
 
Algo sec suite overview 2013 05
Algo sec suite overview 2013 05Algo sec suite overview 2013 05
Algo sec suite overview 2013 05
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Microsegmentation for enterprise data centers

  • 1. Zero Trust Security. Implemented. Micro-Segmentation For Enterprise Data Centers © 2019 ColorTokens
  • 2. Traditional Data Center Protection © 2019 ColorTokens, Inc | 2 To protect the data center, we use several security products, from several vendors, at different layers of the OSI model.
  • 3. Traditional Security is Rigid, Reactive and Complex >75% of data center traffic – East-West • Perimeter security is no more SECURE – Attackers and attacks happening inside the data center • Reactive security doesn’t help – Antivirus solutions playing catchup with sophisticated attacks (zero-day, APTs) E W N S Bare-metal Hypervisors Cloud Containers Data center evolution Microservices | 3
  • 4. Data Centers of Today and Tomorrow • Dynamic application environments – Changing testing, development & staging environments – Changing data access policies among these environments | 4 Users Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Staging Users
  • 5. Data Centers of Today and Tomorrow • Dynamic workloads – Dynamic provisioning of Web, App or DB servers in an application environment – Changing resource access policies | 5 Web Server App Server DB App Server DB Security Policies Security Policies
  • 6. Data Centers of Today and Tomorrow • Dynamic users – User access from within the office – User access from outside the office – Vendor/contractor accesses | 6 Web Server App Server DB App. 1 Web Server App Server DB App. 2 Office Users Mobile Users Vendor/Contractor
  • 7. Data Centers of Today and Tomorrow • Hybrid Data Center – Application environments on the cloud and on-premise – Dynamic resource access policies | 7 Web Server App Server DB Development Web Server App Server DB Testing Office users Mobile users Web Server App Server DB Cloud Resource Access Policies
  • 8. | 8 Are no longer monolithic Are spread across multiple locations Have dynamic workloads created, deleted/migrated across clouds In short, modern data centers: Your data center can no longer be built around rigid security solutions Maintaining consistent security policies in hybrid environments is a challenge Increases the attack surface - risk and exposure to data theft Accomplishing compliance is painful Because: Data Centers of Today and Tomorrow
  • 9. And, Hackers Know Rigid, Traditional Security is Ineffective | 9 Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Cloud Office Users Mobile Users Vendor/Contractor
  • 10. The Solution? Data Center Micro-Segmentation! | 10 Proper ‘segmentation’ to protect data center assets One of the golden rules in security Foundation for compliance standards and security best practices! With the increase in frequency and sophistication of cyber- attacks such as ransomware and data exfiltration, enterprises are starting to adopt micro-segmentation as a key defense: - To segment the network down to individual hosts, and - Reduce the attack surface
  • 11. Different Approaches to Data Center Micro-Segmentation? | 11 Network-based Hypervisor-based Host-based Most common micro-segmentation techniques
  • 12. Network-Based Micro-Segmentation | 12 - Most of the network teams are familiar with implementation as it’s been around for a while - Firewall rules are managed and enforced outside the workloads or hypervisor - Leverages perimeter firewall for both N/S and E/W traffic Pros Cons - Network centric approach - one can end up creating macro- segmentation, increasing the attack surface - Difficult to have fine grained/micro policies at the workload level - Policies are not agile when the workloads move - Thousands of ACLs/firewall rules become cumbersome in dynamic environments - Can become very expensive with security inspection - $$$ in public cloud implementations - cost of firewall + cost of running multiple VMs to support firewall function (minimum 2 for HA) - Performance impact due to additional gateway bottlenecks
  • 13. Hypervisor-Based Micro-Segmentation | 13 - Programmable overlay networks and policies - Policies are enforced outside the workload on the hypervisor itself - Agility to move policies along with workloads Pros Cons - No support for bare metal /physical workloads - Hypervisor and vendor specific - lock-in - Limited or no support to public cloud environment - No support for container workloads - Lack of process visibility - Performance impact (CPU impact natively on the hypervisor) - Number of policies supported by hypervisor
  • 14. Host-Based Micro-Segmentation | 14 - Completely independent of infrastructure/hypervisors - Works across multi-vendor OS environments - Works seamlessly across dynamic, distributed environments - Independent of network changes (deploy one VM or thousands in minutes) - Policy agility along with the workloads - Granular context awareness and visibility on every workload - Insights into processes running on every workload to address issues like dynamic port range, etc. - Built around zero trust Pros Cons - Need to install an agent on every host
  • 15. Host-Based Micro-Segmentation | 15 ColorTokens provides a paradigm shift in enterprise IT security. ColorTokens is platform-independent and enables enterprises to shift from reactive to a proactive security model, without additional investment in hardware and operational complexities.
  • 16. ColorTokens Proactive Security for Hybrid Data Centers | 16 Web Server App Server DB Development Web Server App Server DB Testing Web Server App Server DB Cloud Office Outside Vendor/Contractor X X Micro-segmentation Visibility Process level security
  • 17. THANK YOU Micro-Segmentation in 3 Easy Steps [Video] See a Live Demo Got Questions? For more information about the ColorTokens solution email us at sales@colortokens.com Call +1 (408) 341-6030 to speak to a ColorTokens security specialist.