The End of the Fortress: The new Approach to Cybersecurity

1. The Fortress has fallen: the new approach to Cybersecurity Marc Nader @mourcous Date | November-2016

2. 2 Leaders in Information & Communication Technology Leaders in Virtualization & Cloud Computing Leaders in IT Outsourcing & Cloud Solutions

3. The fortress approach Breaking through the walls: Digitization, IoT & Cloud The Zero-Trust network Redefining the rules of the game The new approach & the promise of the cloud Agenda 3

4. The Industrialisation of hacking 4

5. The Players 5 Nation States Hacktivists Cybercriminals

6. A market place 6

7. The Fortress Approach

8. Security zones 8

9. Security zones 9 INSIDE Demilitarized Zone (DMZ) OUTSIDE Published Data Private Data

10. Sophisticated Perimeter 10 Firewall IPS Sandbox Access Restrictions Network Attacks Malware Web Application Firewall

11. We built a strong fortress 11 The perimeter was the last thing that connected us to the internet.

12. Digitization, IOT & Cloud

13. Your people are working from different places

14. Your people are working from many devices

15. 15 In a digital world, everything is connected

16. 16 The perimeter is broken by every digital service.

17. The Zero-Trust Network

18. You are as secure as your weakest link 18

19. Stuxnet. Natanz, Iran 19

20. Gauss. Beirut, Lebanon 20

21. Infections of Stuxnet, Duqu, Flame & Ghost 21

22. Everyone becomes untrusted 22 Untrusted

23. Everyone becomes untrusted 22 Untrusted Trusted

24. Everyone becomes untrusted 22 Untrusted

25. Everyone becomes untrusted 22 Untrusted Untrusted

26. The zero Trust Network • Secure the data and not the perimeter • Everybody is untrusted • All resources are accessed securely • Design the network from the inside out • Security Analytics 23

27. Redefining the rules of the game

28. The new Security Framework 25 Authentication: endpoints should be fingerprinted. Authorization: establishing the cross platform trust relationships. Network Enforced Policy: all elements that route and transport endpoint traffic securely over the infrastructure. Analytics: Data, generated by the IoT devices, is only valuable if the right analytics algorithms or other security intelligence processes are defined to identify the threat. Ref.:Cisco

29. BeyondCorp Unprivileged Network in a private space with limited network services Authenticating endpoints Access-proxies Access-control Security Analytics Ref.:Google 26

30. Software-Defined Perimeter Micro-segmentation, wrapping of the critical data 27

31. 28

32. The new approach & The promise of the cloud

33. Who is more focused on security? 30 You?

34. Can we catch up? “[Google's] ability to build, organize, and operate a huge network of servers and fiber-optic cables with an efficiency and speed that rocks physics on its heels. This is what makes Google Google: its physical network, its thousands of fiber miles, and those many thousands of servers that, in aggregate, add up to the mother of all clouds.” - Wired 31

35. Data replication across clouds 32 Data Center Data Center Data Center Data Center

36. Why is security so tough? 33 Data Problem: Users want to access their data anytime, from anywhere of corporate data   resides unprotected on PC desktops and laptops 60% laptop computers will   be stolen within 12 months   of purchase 1-out-of-10 of USB thumb drive owners report losing them, over 60% with private corporate data on them 66%

37. Takeways 34 Protect UsersProtect   Information Protect the   Company • Digitization has broken down the perimeter • No one can be trusted • Zero trust architecture moves the security efforts to each transaction • Cloud architectures are the most ready to deliver on this promise

38. Zero-trust 35 Amazon, 107B$ Alibaba, 83B$

39. Zero-trust 35 Amazon, 107B$ Alibaba, 83B$ 100% of their users reside in untrusted zones

40. Thank you!