SlideShare a Scribd company logo

Transforming security part 1 - Cloud and virtualization

Priyanka Aash
Priyanka Aash

The biggest obstacle in security may well be an architectural gap between the apps and data we must protect, and the infrastructure in which we place controls. The cloud presents a unique opportunity to architect-in security, rather than bolt it on. Micro-segmentation opened the door—enabling us to see and control the infrastructure through the lens of the application. (Source : RSA Conference USA 2017)

Technology
1 of 65
Download to read offline
SESSION ID:SESSION ID: #RSAC Tom Corn Transforming Security Part 1: Cloud & Virtualization SPO1-R10 Senior Vice President, Security Products VMware @therealtomcorn
GLASS. WOOD. CONCRETE.
THE PLANNING PHASE DEVELOPMENT PHASE FUNCTIONAL TEST GENERAL AVAILABILITY
THE PLANNING PHASE DEVELOPMENT PHASE FUNCTIONAL TEST GENERAL AVAILABILITY
DAY 2 OPERATIONS
THREAT THREAT THREAT THREAT THREAT THREAT
7
11 YOUR CRITICAL APPLICATION IS YOUR BABY
12
From Monolithic Stack to Distributed Apps
The Application is a Network
Securing the Infrastructure PERIMETER SECURITY
The Impact of Architectural Shifts on Security PERIMETER SECURITY
The Impact of Architectural Shifts on Security PERIMETER SECURITY
18 Misalignment Security Policies Security Controls APPS DATA COMPUTE NETWORK
Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup Stop infiltration Stop exfiltration
Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown Mass Complexity
The Only Thing Outpacing Growth in Security Spend is Growth in Security Breaches IT Spend Security Spend Security Breaches Annual Cost of Security Breaches: $445B (Source: Center for Strategic and Int’l Studies) Security as a % of IT Spend: 2012: 11% 2015: 21 % (Source: Forrester) Projected Growth Rate in IT Spend from 2014- 2019: Zero (Flat) (Source: Gartner)
22 We need to align controls and policies to the application Security Policies APPS DATA Security Controls COMPUTE NETWORK Application
23 Application We need to establish least privilege environments
“Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.” Professor Jerome Saltzer, MIT Communications of the ACM
Least Privilege Is More Than Just Blocking Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup
Least Privilege Is More Than Just Blocking Propagation Extraction Application Network Data Plane
Least Privilege Is More Than Just Blocking Static Course Grained Dynamic Fine Grained Prevent Detect Respond Application Network Data Plane
28 • Highly complex and noisy • Exposed, i.e., untrusted monitoring, limited context • Manual and lacking orchestration From our current model Focused on malicious behavior
29 To a new model Focused on good (intended) behavior • Simpler and smaller problem set • Better signal to noise ratio • Actionable and behavior-based alerts and responses
Why Haven’t We Done This Already? APPLICATION UNDERSTANDING INFRASTRUCTURE ALIGNMENT DATACENTER DYNAMICS Application context and visibility Connecting the dots between apps and I/F Datacenters are highly dynamic THE STAKES ARE HIGH If we get it wrong… At best: operational complexity At worst: application disruption
What does this have to do with virtualization and cloud?
It Provides an Abstraction Layer Between I/F and Apps
Unique Properties of the Virtualization Layer It’s in a unique position to see both Intentional and Runtime State Intended State Runtime State Application
Unique Properties of the Virtualization Layer It’s in a unique position to understand the infrastructure and control topology NGFWIPSWAF sFW ENC TopologyApplication
Unique Properties of the Virtualization Layer It’s in a unique position to maintain this alignment as the datacenter and applications evolve Topology AlignmentApplication
Unique Properties of the Virtualization Layer It’s in a unique position to deliver a high degree of automation Topology Alignment AutomationApplication
Unique Properties of the Virtualization Layer It’s in a unique position to deliver isolation: maintain a separate trust domain for security Topology Alignment IsolationAutomationApplication
Isolation We can leverage the unique properties of cloud and virtualization to secure critical applications Application Topology Alignment Automation
VMVM VMVM APP VMVM VMVM APP VMVM VMVM APP Software-Defined Security
Attack Vectors Application Data Plane Network
Attack Vectors
Traditional Segmentation
Micro-Segmentation FW FW DB WEB APP APP APP
Attack Vectors
What About Exposure from the Physical Underlay? Listening Inserting DB WEB APP APP APP
You Can Solve that with Encryption …. But that turns out to be enormously complex DB WEB APP APP APP
Encryption as a Distributed Service DB WEB APP APP APP
Application-Focused Least Privilege
The Application as a System of Components Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications DB WEB APP APP APP
Least Privilege for the Application Layer Detection and Response Intentional State Intended State Runtime State
Least Privilege for the Application Layer Detection and Response Intentional State Infrastructure Events (vRA, vCenter, NSX, Chef, Puppet, AWS, etc) • Machine context • Control and security policies • Network topology Developer Workflow (Maven, Ansible, Jenkins, etc) • Application flows down to process level • Code signing/authorization Runtime Behavior (Agents, Netflow, Policy Changes, etc) • Process and network behavior • Ideal for brownfield apps
Least Privilege for the Application Layer Detection and Response Intentional State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
Least Privilege for the Application Layer Detection and Response al State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
Least Privilege for the Application Layer Detection and Response al State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store Great Context | Lacks Isolation Security In Hardware Great Isolation | Lacks Context Security In Software Goldilocks
Least Privilege for the Application Layer Detection and Response al State Remediation Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
Least Privilege for the Application Layer st) ring Outbound Communications ) tion Remediation
Least Privilege for the Application Layer Intentional State Remediation Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
Extending the Concept to the Security Ecosystem Intentional State Remediation Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store SECURITY VENDORS
The Future of Software-Defined Security Correlation/AnalyticsGovernance, Risk & Compliance Network Security Controls Data Security ControlsCompute Security Controls Network Application-Centric Micro-segmentation Application-Centric Detection & Response Compute PREVENT DETECT/RESPOND ApplicationApplication
Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup
Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown
Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown
How do you secure virtualization? How do you use virtualization to secure?
64 Practitioners Vendors Cloud Infrastructure What will you deliver next?
SESSION ID:SESSION ID: #RSAC Tom Corn Transforming Security Part 1: Cloud & Virtualization SPO1-R10 Senior Vice President, Security Products VMware @therealtomcorn

Recommended

Speeding Up Secure Software Development
Speeding Up Secure Software DevelopmentSpeeding Up Secure Software Development
Speeding Up Secure Software DevelopmentUlisses Albuquerque
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Linkedin SOLIDSHIELD
Linkedin SOLIDSHIELDLinkedin SOLIDSHIELD
Linkedin SOLIDSHIELDVincent lefebvre
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Application Security from the Inside Out
Application Security from the Inside OutApplication Security from the Inside Out
Application Security from the Inside OutUlisses Albuquerque
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
saravanan_resume
saravanan_resumesaravanan_resume
saravanan_resumesaravanan meivel
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 

Recommended

Speeding Up Secure Software Development
Speeding Up Secure Software DevelopmentSpeeding Up Secure Software Development
Speeding Up Secure Software DevelopmentUlisses Albuquerque
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Linkedin SOLIDSHIELD
Linkedin SOLIDSHIELDLinkedin SOLIDSHIELD
Linkedin SOLIDSHIELDVincent lefebvre
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Application Security from the Inside Out
Application Security from the Inside OutApplication Security from the Inside Out
Application Security from the Inside OutUlisses Albuquerque
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
saravanan_resume
saravanan_resumesaravanan_resume
saravanan_resumesaravanan meivel
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Securityshira koper
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
SanerNow platform-datasheet
SanerNow platform-datasheetSanerNow platform-datasheet
SanerNow platform-datasheetSecPod Technologies
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsshira koper
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentationData Unit
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protectionMatt Watts
 
Reducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceReducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceSecurity Innovation
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentationtoddpruner
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedJason Chan
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSebastien Deleersnyder
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...iland Cloud
 

More Related Content

What's hot

Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Securityshira koper
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsshira koper
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network finalAlgoSec
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentationData Unit
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protectionMatt Watts
 
Reducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceReducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceSecurity Innovation
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentationtoddpruner
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedJason Chan
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSebastien Deleersnyder
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 

What's hot (20)

Managing Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network SecurityManaging Application Connectivity in the World of Network Security
Managing Application Connectivity in the World of Network Security
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
SanerNow platform-datasheet
SanerNow platform-datasheetSanerNow platform-datasheet
SanerNow platform-datasheet
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
 
SDN's managing security across the virtual network final
SDN's managing security across the virtual network finalSDN's managing security across the virtual network final
SDN's managing security across the virtual network final
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection
 
Reducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surfaceReducing Application Risk: minimizing your web application's attack surface
Reducing Application Risk: minimizing your web application's attack surface
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
April2010 Sales Presentation
April2010 Sales PresentationApril2010 Sales Presentation
April2010 Sales Presentation
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 

Similar to Transforming security part 1 - Cloud and virtualization

Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...iland Cloud
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyAdi Gazit Blecher
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackStratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackAli Kafel
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentHow the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentErika Barron
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxtmbainjr131
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01RoutecoMarketing
 
What does performance mean in the cloud
What does performance mean in the cloudWhat does performance mean in the cloud
What does performance mean in the cloudMichael Kopp
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCsa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCSA Argentina
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Spark Summit
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
Future of testing – impact of mobile devices somenath nag- calsoft labs
Future of testing – impact of mobile devices somenath nag- calsoft labsFuture of testing – impact of mobile devices somenath nag- calsoft labs
Future of testing – impact of mobile devices somenath nag- calsoft labsSomenath Nag
 

Similar to Transforming security part 1 - Cloud and virtualization (20)

Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
Learn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiencyLearn how an app-centric approach will improve security & operational efficiency
Learn how an app-centric approach will improve security & operational efficiency
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackStratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentHow the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptx
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
 
What does performance mean in the cloud
What does performance mean in the cloudWhat does performance mean in the cloud
What does performance mean in the cloud
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos CloudCsa summit 2017 - Plataforma de Seguridad para entornos Cloud
Csa summit 2017 - Plataforma de Seguridad para entornos Cloud
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Future of testing – impact of mobile devices somenath nag- calsoft labs
Future of testing – impact of mobile devices somenath nag- calsoft labsFuture of testing – impact of mobile devices somenath nag- calsoft labs
Future of testing – impact of mobile devices somenath nag- calsoft labs
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Transforming security part 1 - Cloud and virtualization

  • 1. SESSION ID:SESSION ID: #RSAC Tom Corn Transforming Security Part 1: Cloud & Virtualization SPO1-R10 Senior Vice President, Security Products VMware @therealtomcorn
  • 7. 7
  • 8.
  • 9.
  • 10.
  • 12. 12
  • 13. From Monolithic Stack to Distributed Apps
  • 14. The Application is a Network
  • 16. The Impact of Architectural Shifts on Security PERIMETER SECURITY
  • 17. The Impact of Architectural Shifts on Security PERIMETER SECURITY
  • 18. 18 Misalignment Security Policies Security Controls APPS DATA COMPUTE NETWORK
  • 19. Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup Stop infiltration Stop exfiltration
  • 20. Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown Mass Complexity
  • 21. The Only Thing Outpacing Growth in Security Spend is Growth in Security Breaches IT Spend Security Spend Security Breaches Annual Cost of Security Breaches: $445B (Source: Center for Strategic and Int’l Studies) Security as a % of IT Spend: 2012: 11% 2015: 21 % (Source: Forrester) Projected Growth Rate in IT Spend from 2014- 2019: Zero (Flat) (Source: Gartner)
  • 22. 22 We need to align controls and policies to the application Security Policies APPS DATA Security Controls COMPUTE NETWORK Application
  • 23. 23 Application We need to establish least privilege environments
  • 24. “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.” Professor Jerome Saltzer, MIT Communications of the ACM
  • 25. Least Privilege Is More Than Just Blocking Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup
  • 26. Least Privilege Is More Than Just Blocking Propagation Extraction Application Network Data Plane
  • 27. Least Privilege Is More Than Just Blocking Static Course Grained Dynamic Fine Grained Prevent Detect Respond Application Network Data Plane
  • 28. 28 • Highly complex and noisy • Exposed, i.e., untrusted monitoring, limited context • Manual and lacking orchestration From our current model Focused on malicious behavior
  • 29. 29 To a new model Focused on good (intended) behavior • Simpler and smaller problem set • Better signal to noise ratio • Actionable and behavior-based alerts and responses
  • 30. Why Haven’t We Done This Already? APPLICATION UNDERSTANDING INFRASTRUCTURE ALIGNMENT DATACENTER DYNAMICS Application context and visibility Connecting the dots between apps and I/F Datacenters are highly dynamic THE STAKES ARE HIGH If we get it wrong… At best: operational complexity At worst: application disruption
  • 31. What does this have to do with virtualization and cloud?
  • 32. It Provides an Abstraction Layer Between I/F and Apps
  • 33. Unique Properties of the Virtualization Layer It’s in a unique position to see both Intentional and Runtime State Intended State Runtime State Application
  • 34. Unique Properties of the Virtualization Layer It’s in a unique position to understand the infrastructure and control topology NGFWIPSWAF sFW ENC TopologyApplication
  • 35. Unique Properties of the Virtualization Layer It’s in a unique position to maintain this alignment as the datacenter and applications evolve Topology AlignmentApplication
  • 36. Unique Properties of the Virtualization Layer It’s in a unique position to deliver a high degree of automation Topology Alignment AutomationApplication
  • 37. Unique Properties of the Virtualization Layer It’s in a unique position to deliver isolation: maintain a separate trust domain for security Topology Alignment IsolationAutomationApplication
  • 38. Isolation We can leverage the unique properties of cloud and virtualization to secure critical applications Application Topology Alignment Automation
  • 45. What About Exposure from the Physical Underlay? Listening Inserting DB WEB APP APP APP
  • 46. You Can Solve that with Encryption …. But that turns out to be enormously complex DB WEB APP APP APP
  • 47. Encryption as a Distributed Service DB WEB APP APP APP
  • 49. The Application as a System of Components Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications DB WEB APP APP APP
  • 50. Least Privilege for the Application Layer Detection and Response Intentional State Intended State Runtime State
  • 51. Least Privilege for the Application Layer Detection and Response Intentional State Infrastructure Events (vRA, vCenter, NSX, Chef, Puppet, AWS, etc) • Machine context • Control and security policies • Network topology Developer Workflow (Maven, Ansible, Jenkins, etc) • Application flows down to process level • Code signing/authorization Runtime Behavior (Agents, Netflow, Policy Changes, etc) • Process and network behavior • Ideal for brownfield apps
  • 52. Least Privilege for the Application Layer Detection and Response Intentional State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
  • 53. Least Privilege for the Application Layer Detection and Response al State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
  • 54. Least Privilege for the Application Layer Detection and Response al State Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store Great Context | Lacks Isolation Security In Hardware Great Isolation | Lacks Context Security In Software Goldilocks
  • 55. Least Privilege for the Application Layer Detection and Response al State Remediation Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
  • 56. Least Privilege for the Application Layer st) ring Outbound Communications ) tion Remediation
  • 57. Least Privilege for the Application Layer Intentional State Remediation Untrusted Zone (Guest) Processes Security Agents / Monitoring OS Inbound Communications Outbound Communications Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store
  • 58. Extending the Concept to the Security Ecosystem Intentional State Remediation Trusted Zone (Kernel) Virtual Enclave Runtime Attestation Secure Context Store SECURITY VENDORS
  • 59. The Future of Software-Defined Security Correlation/AnalyticsGovernance, Risk & Compliance Network Security Controls Data Security ControlsCompute Security Controls Network Application-Centric Micro-segmentation Application-Centric Detection & Response Compute PREVENT DETECT/RESPOND ApplicationApplication
  • 60. Propagation Extraction ExfiltrationInfiltration Attack vector/malware Delivery mechanism Entry point compromise Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Parcel and obfuscate Exfiltration Cleanup
  • 61. Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown
  • 62. Propagation Extraction Escalate privileges Install C2* infrastructure Lateral movement Break into data stores Network eavesdropping App-level extraction Known good Known bad Unknown
  • 63. How do you secure virtualization? How do you use virtualization to secure?
  • 64. 64 Practitioners Vendors Cloud Infrastructure What will you deliver next?
  • 65. SESSION ID:SESSION ID: #RSAC Tom Corn Transforming Security Part 1: Cloud & Virtualization SPO1-R10 Senior Vice President, Security Products VMware @therealtomcorn