SlideShare a Scribd company logo

Faster, simpler, more secure remote access to apps in aws

Zscaler
Zscaler

1) The document discusses Zscaler's cloud-based platform for providing secure access to applications in AWS and hybrid cloud environments. It outlines how Zscaler Private Access (ZPA) implements a zero-trust network architecture by brokering secure connections between users and applications without placing users on the internal network. 2) ZPA provides policy-based access to internally managed applications using software-defined perimeters rather than traditional VPNs. It segments applications and enforces security policies through the Zscaler cloud. 3) The document provides an example workflow showing how ZPA can be configured to enable secure access to migrated applications in AWS within an hour, without requiring inbound connectivity or remote access to internal networks.

Internet
1 of 27
©2018 Zscaler, Inc. All rights reserved.0 Faster, Simpler, and more Secure access to apps on AWS Sam Hennessy Senior Solution Architect, AWS samhen@amazon.com Patrick Foxhoven CIO, Zscaler p@zscaler.com
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migration Patterns • Dev/Test • New Applications • Existing Applications • Business Critical Applications • Data Center Migrations • All In
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Metrics • Millions of Active Customers Every Month • S3 Holds Trillions of Objects and Peaks at Millions of Requests per Second • More than 73,000 Databases Have Been Migrated with Database Migration Service • More than 100,000 Customers Use Amazon DyanmoDB • Tens of Thousands of Customers are Using AWS Machine Learning Services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility Model Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) Hardened service endpoints Rich IAM capabilities Network configuration Security groups OS firewalls Operating systems Applications Proper service configuration AuthN & acct management Authorization policies + = Customer . • Scope of responsibility depends on the type of service offered by AWS: Infrastructure, Container, Abstracted Services • Understanding who is responsible for what is critical to ensuring your AWS data and systems are secure! More secure and compliant systems than any one entity could achieve on its own at scale
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud CustomerAWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benefits and Challenges • Benefits • Abstract the Responsibility • Experienced Security Team • Ease of Adoption of Complex Security Requirements • Large Set of Security Tools, and a Huge Partner Ecosystem • Challenges • There Are No Restrictions on Your Configuration • A Lack of Understanding Can Lead to Serious Consequences
©2018 Zscaler, Inc. All rights reserved.6
©2018 Zscaler, Inc. All rights reserved.7©2018 Zscaler, Inc. All rights reserved. The IT world has evolved… but app access hasn’t
©2018 Zscaler, Inc. All rights reserved.8 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION8 Public CloudSaaS Open Internet MPLS MPLS MPLS MPLS “GE will run 70% of our workloads in the cloud by 2020.” Jim Fowler, CIO, GE(1) Backhauling traffic is expensive and providers a poor user experience. Who likes VPN? Over 60% of browser-based traffic is encrypted using SSL(3) “The Internet will become the new corporate network” Frederik Janssen, Head of Infrastructure, Siemens(2) Network security is becoming less relevant. A new approach is needed. Do we control the Internet? How do you secure the network? Cloud and mobility extend the perimeter to the internet
©2018 Zscaler, Inc. All rights reserved.9 Business critical apps like SAP are now running on AWS Common Threats • Malicious insiders – Data purposely exposed to public by an employee • Cyber criminals – Stolen data used for ransom or personal financial gain • State sponsored attacks • Hacked employee devices – Malware that spreads laterally across network • Third-party users – Partners with overprovisioned access to internal apps • High value asset with sensitive customer data • Mission-critical business functions • Attacks can be extremely costly • Often complex with large attack surface
©2018 Zscaler, Inc. All rights reserved.10 Global LB DDoS Ext. FW / IPSInternal LB Internal FW RAS (VPN) Site-to-site VPN The Problem – Application access often looks like this Remote User (C-Level Exec) Users become frustrated with slow VPN experience. Risk is introduced as users placed on network, or they find workarounds Complexity ACLs, firewalls make remote access difficult to manage Months spent on just getting infrastructure set up
©2018 Zscaler, Inc. All rights reserved.11 How mobile users feel with current experience
©2018 Zscaler, Inc. All rights reserved.12 Common challenges of cloud adoption 1. Legacy technology lacks ability to provide cloud-like user experience 2. Takes months to implement, slowing app migration efforts 3. Requires additional appliances to be purchased and deployed 4. Setting up site-to-site VPN for user traffic to traverse 5. Connecting employees to cloud means access to the network
©2018 Zscaler, Inc. All rights reserved.13 Enterprises need to embrace a zero-trust security model • Never automatically trust anything inside or outside perimeters • Reduce the attack surface by reducing # of users able to access an application • Provide access on a strict “need to know” basis • Verify before granting any level of access to an application • Create a segment of one between a named user and a named application
©2018 Zscaler, Inc. All rights reserved.14 Zero trust via software-defined perimeter • New approach that uses software to provide policy-based access to specific applications • Fully software-based allowing for decommissioning of inbound gateway appliances • Based on Defense Information Systems Agency (DISA) work in 2007 • Popularized by Google BeyondCorp • Two key criteria before providing access to an app: User device – device posture User identity – authorized user access User device (requests connection) Centralized Policy Engine (approves user connection) Applications (Access based on policy)
©2018 Zscaler, Inc. All rights reserved.15 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION15 Zscaler enables secure IT transformation to the cloud Fast and secure policy-based access to applications and services over the Internet Global load balancing Distributed denial of service protection External firewall / intrusion prevention VPN concentrator Internal firewall Internal load balancer Firewall / intrusion prevention URL filter Anti-virus Data loss prevention Secure sockets layer inspection Sandbox Open internetSaaS Private cloud / On-premise data center Any device, any location, on-network or off-network EXTERNALLY MANAGED INTERNALLY MANAGED Securely connects users to externally managed SaaS applications and internet destinations Zscaler Internet Access Securely connects authorized users to internally managed applications Zscaler Private Access HQMOBILE BRANCHIOT
©2018 Zscaler, Inc. All rights reserved.16 Zscaler Private Access Zero trust access to internal applications
©2018 Zscaler, Inc. All rights reserved.17 Built on key security tenets that enable secure cloud migration 1 Users are never placed on the corporate network 2 Applications never listen for inbound pings or connections 3 Application segmentation, not network segmentation 4 The internet becomes the new corporate network
©2018 Zscaler, Inc. All rights reserved.18 ZPA: Zero trust security for all apps, users and environments Public Cloud Private Cloud & Data Center INTERNALLY MANAGED HQMOBILE BRANCHIOT • Simplify access to hybrid cloud apps • VPN Replacement • Accelerate M&A processes • Secure third-party access Fast and secure policy-based access to applications over the Internet Primary Use Cases • Remote users never placed on network. Reduces lateral attacks • No inbound connectivity to apps. Invisible to unauthorized users • Application segmentation • Standardized access for all users & environments Modern Approach to remote Access
©2018 Zscaler, Inc. All rights reserved.19 ZPA: How it works Z-App Zero trust security architecture The Zscaler cloud brokers a secure connection between the Z-Connector and Z-App Workloads Z-broker AWS 1 ZPA Cloud 3 2 Z-APP – carries access request for app1 Z-broker (aka ZEN) – control user app access rights (auth before access) 2 Z-Connectors – sit in front of apps, outbound-only connection 3 Datacenter AWS Direct Connect For server to server traffic
©2018 Zscaler, Inc. All rights reserved.20 User access to AWS migrated workloads using ZPA us-west-1 Z-broker Legacy Datacenter Internet Users Z-broker US West (N. California) EU (London) Z-broker Z-broker ZPA Connectors ZPA Connectors Private Subnet eu-west-2 ZPA Connectors Private Subnet
©2018 Zscaler, Inc. All rights reserved.21 Enterprise benefits CostExperience Security Simple • Direct access to AWS • No VPN login • Cloud-like experience • Users never on network • Apps segmented via policy • Visibility into user activity • Simple implementation • Access from any device • Less Network complexity • No appliances • Less inbound service spend • Optimize bandwidth use
©2018 Zscaler, Inc. All rights reserved.22 Location: Germany Industry: Manufacturing User Count: 12,000 users in over 100 locations and 70 countries Zscaler Products: ZPA, ZIA Use Case: • VPN retirement • Secure cloud adoption • Zero-trust adoption The challenge Benefits of Zscaler Platform • MAN Diesel was undertaking a massive cloud (AWS) adoption, and needed a better way to provide remote access to internal applications. • Needed more visibility into their network and to ensure a true zero trust access to their internal applications • Enabled zero-trust security through application segmentation and enforcing granular policies via the Zscaler Security Cloud. • Users and devices are never allowed on the network, which increases security and decreasing risk. Creating a Zero-trust network.
©2018 Zscaler, Inc. All rights reserved.23 Step 1: Configure User Auth 20 MINUTES 5 Minutes Add ZPA as a new Service Provider (SP) within your AD 5 Minutes Assign ZPA to test users within IdP, select SAML attributes to send 5 Minutes Import IdP’s metadata into ZPA admin console 5 Minutes Test User Authentication and SAML Attributes 1 2 3 4 5 Minutes Configure connector provisioning keys via ZPA Setup Wizard 10 Minutes Download and deploy ZPA Connector VPN or RPM package from AWS Marketplace 20 Minutes Configure Connector Networking and Network Security policies 10 Minutes Verify and Test Connector Health: Access to DNS, Routing to Internal Apps 1 2 3 4 10 Minutes Configure Z-App Traffic Forwarding Policy and App Profile 5 Minutes Download and deploy Z- App on User Devices 1 2 45 MINUTES Step 2: Deploy Connector Step 3: Install Zscaler App 15 MINUTES Getting ZPA setup within AWS in an hour
©2018 Zscaler, Inc. All rights reserved.24 Zero trust access to internal apps across hybrid infrastructure Cloud-based security The access users want, with the security you need 1. Secure access to apps in datacenter & AWS 2. Authorized access to specific apps 3. Fast and seamless experience 4. Optimize bandwidth usage HQON-THE-GO BRANCHES
©2018 Zscaler, Inc. All rights reserved.25 Visit zscaler.com/aws to learn more Take ZPA for a Test-drive with ZPA Interactive! zscaler.com/zpa-interactive Learn about the AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ Thank You! Questions and Next Steps Sam Hennessy Senior Solution Architect, AWS Patrick Foxhoven CIO, Zscaler
©2018 Zscaler, Inc. All rights reserved.26

Recommended

Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
Zscaler
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0
David Pasek
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
Sophos Benelux
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz Süreci
PRISMA CSI
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
Alberto Rivai
 

Recommended

Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
Zscaler
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
 
Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0
David Pasek
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
Sophos Benelux
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz Süreci
PRISMA CSI
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
Alberto Rivai
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
Zscaler
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Cisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching FamilyCisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching Family
Mobeen Khan
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakBGA Cyber Security
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Insight
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
Zscaler
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 

More Related Content

What's hot

Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
Zscaler
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Cisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching FamilyCisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching Family
Mobeen Khan
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakBGA Cyber Security
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Insight
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 

What's hot (20)

Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Cisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching FamilyCisco Catalyst 9000 Switching Family
Cisco Catalyst 9000 Switching Family
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
Meraki vs. Viptela: Which Cisco SD-WAN Solution Is Right for You?
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 

Similar to Faster, simpler, more secure remote access to apps in aws

Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
Zscaler
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
Zscaler
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
Zscaler
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
Zscaler
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
Zscaler
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
Zscaler
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
CSA Argentina
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
Amazon Web Services
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft Azure
Zscaler
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
Zscaler
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PROIDEA
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
 

Similar to Faster, simpler, more secure remote access to apps in aws (20)

Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 
Segurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantecSegurdad de red para la generacion de la nube symantec
Segurdad de red para la generacion de la nube symantec
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft Azure
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 

More from Zscaler

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
Zscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
Zscaler
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
Zscaler
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
Zscaler
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
Zscaler
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
Zscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
Zscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
Zscaler
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
Zscaler
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
Zscaler
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
Zscaler
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments fail
Zscaler
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 

More from Zscaler (17)

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Top reasons o365 deployments fail
Top reasons o365 deployments failTop reasons o365 deployments fail
Top reasons o365 deployments fail
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 

Recently uploaded

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 

Recently uploaded (20)

Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 

Faster, simpler, more secure remote access to apps in aws

  • 1. ©2018 Zscaler, Inc. All rights reserved.0 Faster, Simpler, and more Secure access to apps on AWS Sam Hennessy Senior Solution Architect, AWS samhen@amazon.com Patrick Foxhoven CIO, Zscaler p@zscaler.com
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Migration Patterns • Dev/Test • New Applications • Existing Applications • Business Critical Applications • Data Center Migrations • All In
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Metrics • Millions of Active Customers Every Month • S3 Holds Trillions of Objects and Peaks at Millions of Requests per Second • More than 73,000 Databases Have Been Migrated with Database Migration Service • More than 100,000 Customers Use Amazon DyanmoDB • Tens of Thousands of Customers are Using AWS Machine Learning Services
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility Model Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) Hardened service endpoints Rich IAM capabilities Network configuration Security groups OS firewalls Operating systems Applications Proper service configuration AuthN & acct management Authorization policies + = Customer . • Scope of responsibility depends on the type of service offered by AWS: Infrastructure, Container, Abstracted Services • Understanding who is responsible for what is critical to ensuring your AWS data and systems are secure! More secure and compliant systems than any one entity could achieve on its own at scale
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud CustomerAWS
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benefits and Challenges • Benefits • Abstract the Responsibility • Experienced Security Team • Ease of Adoption of Complex Security Requirements • Large Set of Security Tools, and a Huge Partner Ecosystem • Challenges • There Are No Restrictions on Your Configuration • A Lack of Understanding Can Lead to Serious Consequences
  • 7. ©2018 Zscaler, Inc. All rights reserved.6
  • 8. ©2018 Zscaler, Inc. All rights reserved.7©2018 Zscaler, Inc. All rights reserved. The IT world has evolved… but app access hasn’t
  • 9. ©2018 Zscaler, Inc. All rights reserved.8 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION8 Public CloudSaaS Open Internet MPLS MPLS MPLS MPLS “GE will run 70% of our workloads in the cloud by 2020.” Jim Fowler, CIO, GE(1) Backhauling traffic is expensive and providers a poor user experience. Who likes VPN? Over 60% of browser-based traffic is encrypted using SSL(3) “The Internet will become the new corporate network” Frederik Janssen, Head of Infrastructure, Siemens(2) Network security is becoming less relevant. A new approach is needed. Do we control the Internet? How do you secure the network? Cloud and mobility extend the perimeter to the internet
  • 10. ©2018 Zscaler, Inc. All rights reserved.9 Business critical apps like SAP are now running on AWS Common Threats • Malicious insiders – Data purposely exposed to public by an employee • Cyber criminals – Stolen data used for ransom or personal financial gain • State sponsored attacks • Hacked employee devices – Malware that spreads laterally across network • Third-party users – Partners with overprovisioned access to internal apps • High value asset with sensitive customer data • Mission-critical business functions • Attacks can be extremely costly • Often complex with large attack surface
  • 11. ©2018 Zscaler, Inc. All rights reserved.10 Global LB DDoS Ext. FW / IPSInternal LB Internal FW RAS (VPN) Site-to-site VPN The Problem – Application access often looks like this Remote User (C-Level Exec) Users become frustrated with slow VPN experience. Risk is introduced as users placed on network, or they find workarounds Complexity ACLs, firewalls make remote access difficult to manage Months spent on just getting infrastructure set up
  • 12. ©2018 Zscaler, Inc. All rights reserved.11 How mobile users feel with current experience
  • 13. ©2018 Zscaler, Inc. All rights reserved.12 Common challenges of cloud adoption 1. Legacy technology lacks ability to provide cloud-like user experience 2. Takes months to implement, slowing app migration efforts 3. Requires additional appliances to be purchased and deployed 4. Setting up site-to-site VPN for user traffic to traverse 5. Connecting employees to cloud means access to the network
  • 14. ©2018 Zscaler, Inc. All rights reserved.13 Enterprises need to embrace a zero-trust security model • Never automatically trust anything inside or outside perimeters • Reduce the attack surface by reducing # of users able to access an application • Provide access on a strict “need to know” basis • Verify before granting any level of access to an application • Create a segment of one between a named user and a named application
  • 15. ©2018 Zscaler, Inc. All rights reserved.14 Zero trust via software-defined perimeter • New approach that uses software to provide policy-based access to specific applications • Fully software-based allowing for decommissioning of inbound gateway appliances • Based on Defense Information Systems Agency (DISA) work in 2007 • Popularized by Google BeyondCorp • Two key criteria before providing access to an app: User device – device posture User identity – authorized user access User device (requests connection) Centralized Policy Engine (approves user connection) Applications (Access based on policy)
  • 16. ©2018 Zscaler, Inc. All rights reserved.15 ©2018 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION15 Zscaler enables secure IT transformation to the cloud Fast and secure policy-based access to applications and services over the Internet Global load balancing Distributed denial of service protection External firewall / intrusion prevention VPN concentrator Internal firewall Internal load balancer Firewall / intrusion prevention URL filter Anti-virus Data loss prevention Secure sockets layer inspection Sandbox Open internetSaaS Private cloud / On-premise data center Any device, any location, on-network or off-network EXTERNALLY MANAGED INTERNALLY MANAGED Securely connects users to externally managed SaaS applications and internet destinations Zscaler Internet Access Securely connects authorized users to internally managed applications Zscaler Private Access HQMOBILE BRANCHIOT
  • 17. ©2018 Zscaler, Inc. All rights reserved.16 Zscaler Private Access Zero trust access to internal applications
  • 18. ©2018 Zscaler, Inc. All rights reserved.17 Built on key security tenets that enable secure cloud migration 1 Users are never placed on the corporate network 2 Applications never listen for inbound pings or connections 3 Application segmentation, not network segmentation 4 The internet becomes the new corporate network
  • 19. ©2018 Zscaler, Inc. All rights reserved.18 ZPA: Zero trust security for all apps, users and environments Public Cloud Private Cloud & Data Center INTERNALLY MANAGED HQMOBILE BRANCHIOT • Simplify access to hybrid cloud apps • VPN Replacement • Accelerate M&A processes • Secure third-party access Fast and secure policy-based access to applications over the Internet Primary Use Cases • Remote users never placed on network. Reduces lateral attacks • No inbound connectivity to apps. Invisible to unauthorized users • Application segmentation • Standardized access for all users & environments Modern Approach to remote Access
  • 20. ©2018 Zscaler, Inc. All rights reserved.19 ZPA: How it works Z-App Zero trust security architecture The Zscaler cloud brokers a secure connection between the Z-Connector and Z-App Workloads Z-broker AWS 1 ZPA Cloud 3 2 Z-APP – carries access request for app1 Z-broker (aka ZEN) – control user app access rights (auth before access) 2 Z-Connectors – sit in front of apps, outbound-only connection 3 Datacenter AWS Direct Connect For server to server traffic
  • 21. ©2018 Zscaler, Inc. All rights reserved.20 User access to AWS migrated workloads using ZPA us-west-1 Z-broker Legacy Datacenter Internet Users Z-broker US West (N. California) EU (London) Z-broker Z-broker ZPA Connectors ZPA Connectors Private Subnet eu-west-2 ZPA Connectors Private Subnet
  • 22. ©2018 Zscaler, Inc. All rights reserved.21 Enterprise benefits CostExperience Security Simple • Direct access to AWS • No VPN login • Cloud-like experience • Users never on network • Apps segmented via policy • Visibility into user activity • Simple implementation • Access from any device • Less Network complexity • No appliances • Less inbound service spend • Optimize bandwidth use
  • 23. ©2018 Zscaler, Inc. All rights reserved.22 Location: Germany Industry: Manufacturing User Count: 12,000 users in over 100 locations and 70 countries Zscaler Products: ZPA, ZIA Use Case: • VPN retirement • Secure cloud adoption • Zero-trust adoption The challenge Benefits of Zscaler Platform • MAN Diesel was undertaking a massive cloud (AWS) adoption, and needed a better way to provide remote access to internal applications. • Needed more visibility into their network and to ensure a true zero trust access to their internal applications • Enabled zero-trust security through application segmentation and enforcing granular policies via the Zscaler Security Cloud. • Users and devices are never allowed on the network, which increases security and decreasing risk. Creating a Zero-trust network.
  • 24. ©2018 Zscaler, Inc. All rights reserved.23 Step 1: Configure User Auth 20 MINUTES 5 Minutes Add ZPA as a new Service Provider (SP) within your AD 5 Minutes Assign ZPA to test users within IdP, select SAML attributes to send 5 Minutes Import IdP’s metadata into ZPA admin console 5 Minutes Test User Authentication and SAML Attributes 1 2 3 4 5 Minutes Configure connector provisioning keys via ZPA Setup Wizard 10 Minutes Download and deploy ZPA Connector VPN or RPM package from AWS Marketplace 20 Minutes Configure Connector Networking and Network Security policies 10 Minutes Verify and Test Connector Health: Access to DNS, Routing to Internal Apps 1 2 3 4 10 Minutes Configure Z-App Traffic Forwarding Policy and App Profile 5 Minutes Download and deploy Z- App on User Devices 1 2 45 MINUTES Step 2: Deploy Connector Step 3: Install Zscaler App 15 MINUTES Getting ZPA setup within AWS in an hour
  • 25. ©2018 Zscaler, Inc. All rights reserved.24 Zero trust access to internal apps across hybrid infrastructure Cloud-based security The access users want, with the security you need 1. Secure access to apps in datacenter & AWS 2. Authorized access to specific apps 3. Fast and seamless experience 4. Optimize bandwidth usage HQON-THE-GO BRANCHES
  • 26. ©2018 Zscaler, Inc. All rights reserved.25 Visit zscaler.com/aws to learn more Take ZPA for a Test-drive with ZPA Interactive! zscaler.com/zpa-interactive Learn about the AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ Thank You! Questions and Next Steps Sam Hennessy Senior Solution Architect, AWS Patrick Foxhoven CIO, Zscaler
  • 27. ©2018 Zscaler, Inc. All rights reserved.26