Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The End of the Fortress: The new Approach to Cybersecurity


Published on

Presentation delivered at the Cybercrime conference of the World Union of Arab Bankers on Nov 5th, 2016.
It explains how digital technologies are pushing us to rethink the traditional model of securing the enterprise.

Published in: Technology
  • Be the first to comment

The End of the Fortress: The new Approach to Cybersecurity

  1. 1. The Fortress has fallen: the new approach to Cybersecurity Marc Nader @mourcous Date | November-2016
  2. 2. 2 Leaders in Information & Communication Technology Leaders in Virtualization & Cloud Computing Leaders in IT Outsourcing & Cloud Solutions
  3. 3. The fortress approach Breaking through the walls: Digitization, IoT & Cloud The Zero-Trust network Redefining the rules of the game The new approach & the promise of the cloud Agenda 3
  4. 4. The Industrialisation of hacking 4
  5. 5. The Players 5 Nation States Hacktivists Cybercriminals
  6. 6. A market place 6
  7. 7. The Fortress Approach
  8. 8. Security zones 8
  9. 9. Security zones 9 INSIDE Demilitarized Zone (DMZ) OUTSIDE Published Data Private Data
  10. 10. Sophisticated Perimeter 10 Firewall IPS Sandbox Access Restrictions Network Attacks Malware Web Application Firewall
  11. 11. We built a strong fortress 11 The perimeter was the last thing that connected us to the internet.
  12. 12. Digitization, IOT & Cloud
  13. 13. Your people are working from different places
  14. 14. Your people are working from many devices
  15. 15. 15 In a digital world, everything is connected
  16. 16. 16 The perimeter is broken by every digital service.
  17. 17. The Zero-Trust Network
  18. 18. You are as secure as your weakest link 18
  19. 19. Stuxnet. Natanz, Iran 19
  20. 20. Gauss. Beirut, Lebanon 20
  21. 21. Infections of Stuxnet, Duqu, Flame & Ghost 21
  22. 22. Everyone becomes untrusted 22 Untrusted
  23. 23. Everyone becomes untrusted 22 Untrusted Trusted
  24. 24. Everyone becomes untrusted 22 Untrusted
  25. 25. Everyone becomes untrusted 22 Untrusted Untrusted
  26. 26. The zero Trust Network • Secure the data and not the perimeter • Everybody is untrusted • All resources are accessed securely • Design the network from the inside out • Security Analytics 23
  27. 27. Redefining the rules of the game
  28. 28. The new Security Framework 25 Authentication: endpoints should be fingerprinted. Authorization: establishing the cross platform trust relationships. Network Enforced Policy: all elements that route and transport endpoint traffic securely over the infrastructure. Analytics: Data, generated by the IoT devices, is only valuable if the right analytics algorithms or other security intelligence processes are defined to identify the threat. Ref.:Cisco
  29. 29. BeyondCorp Unprivileged Network in a private space with limited network services Authenticating endpoints Access-proxies Access-control Security Analytics Ref.:Google 26
  30. 30. Software-Defined Perimeter Micro-segmentation, wrapping of the critical data 27
  31. 31. 28
  32. 32. The new approach & The promise of the cloud
  33. 33. Who is more focused on security? 30 You?
  34. 34. Can we catch up? “[Google's] ability to build, organize, and operate a huge network of servers and fiber-optic cables with an efficiency and speed that rocks physics on its heels. This is what makes Google Google: its physical network, its thousands of fiber miles, and those many thousands of servers that, in aggregate, add up to the mother of all clouds.” - Wired 31
  35. 35. Data replication across clouds 32 Data Center Data Center Data Center Data Center
  36. 36. Why is security so tough? 33 Data Problem: Users want to access their data anytime, from anywhere of corporate data 
 resides unprotected on PC desktops and laptops 60% laptop computers will 
 be stolen within 12 months 
 of purchase 1-out-of-10 of USB thumb drive owners report losing them, over 60% with private corporate data on them 66%
  37. 37. Takeways 34 Protect UsersProtect 
 Information Protect the 
 Company • Digitization has broken down the perimeter • No one can be trusted • Zero trust architecture moves the security efforts to each transaction • Cloud architectures are the most ready to deliver on this promise
  38. 38. Zero-trust 35 Amazon, 107B$ Alibaba, 83B$
  39. 39. Zero-trust 35 Amazon, 107B$ Alibaba, 83B$ 100% of their users reside in untrusted zones
  40. 40. Thank you!