SlideShare a Scribd company logo

Guardicore - Shrink Your Attack Surface with Micro-Segmentation

CSNP
CSNP

CSNP Chicago - presented by Avishag Daniely

Technology
1 of 25
Download to read offline
Shrink Your Attack Surface with Micro- Segmentation Avishag Daniely Director, Product management @avishugz
2 // Guardicore Confidential Segmentation: It was never easy. It’s only getting harder. Many enterprise networks are too flat Why? No visibility Tied to infrastructure App changes & downtime required Slow to implement Multiple teams involved Because VLANs are painful and restrictive But segmentation is more important than ever 85% of data center traffic is now east- west1 191 days Average dwell time after a breach is 1Source: Cisco Global Cloud Index 2Source: Ponemon Institute 2018 “Cost of a Data Breach” report 2
3 // Guardicore The Usual Strategy: Build Walls
4 // Guardicore Walls Don’t Always Work Spoiler Alert:
5 // Guardicore A Better Strategy: Build Ships Instead of thinking about walls, we should be thinking about ships
6 // Guardicore So Why Haven’t We Applied Shipbuilders’ Wisdom to IT Infrastructure?
Because In Today’s Hybrid Data Center Infrastructure… Traditional Security Approaches are Ineffective
VLANs fail to deliver ● Visibility ● Fast Deployment ● Cloud & Container support ● Flexibility
Security Groups are Becoming the New VLANs
Simple to Manage Centralized Management Distributed Enforcement Simple to Deploy One policy approach for all on-premises and cloud environments Completely decoupled from underlying infrastructure Broad ecosystem and OS integration and support Intuitive, human readable visualization and policy creation Software Defined Segmentation Simplifies Hybrid Cloud Security Highly Effective Precise control down to the individual process level
1. Rules for IT hygiene ▪ Block undesired ports, services like Telnet, internet access to databases, etc 1. Rules for infrastructure services (e.g., Jumpboxes, IoT) 2. Separate environments (e.g., Dev/Lab/Prod) 3. Ring-fence sensitive and/or regulated apps (e.g., SWIFT, PCI, etc.) 4. Micro-segment applications Strive to Make Segmentation Simple
The Business Impact of Effective Segmentation
13 // Guardicore Confidential13 // Guardicore Confidential How Do I Shrink my Attack Surface?
14 // Guardicore Confidential Environment Segmentation
15 // Guardicore Confidential Critical Application Ring-Fencing
16 // Guardicore Confidential Third-Party Access Control
17 // Guardicore Confidential Identity-Based Access Control
Real-World Example: Securing Access Based on User Identity Environment: Production Application: Accounting Application: DMS Andy Doug Jumpbox
19 // Guardicore Confidential ▪ Project target: 10 critical applications ▪ Project scope: 1. Application ring-fencing 2. 3rd party access control 3. Cloud migration readiness ▪ No data center traffic visibility ▪ Complex IT infrastructure ▪ Heavy dependence on infra team Time: 1.5 years with VLANs and FW ▪ Granular east-west traffic visibility ▪ 10 critical applications ring-fenced ▪ 3rd party access restricted ▪ Dependencies mapped for seamless migration ▪ Full process automation with DevOps Time: 2 months People: 1 Architect Legacy Segmentation Software-Defined Segmentation Use Case Protect Your Digital Crown Jewels Top 25 Global Bank
20 // Guardicore Confidential Use Case Simplify and Accelerate Compliance ▪ Need to ring-fence SWIFT application ▪ Complex environment with bare-metal, VMware and OpenStack servers ▪ Hard to define segments across complex infra ▪ No visibility into applications and dependencies ▪ Requires downtime Time: ~8-12 months People: at least 5 ▪ Completed SWIFT application mapping in hours ▪ Segmentation policies automatically suggested and fine-tuned ▪ No need to purchase and deploy new HW and FWs ▪ No downtime Time: 2 weeks People: 1 architect Legacy Segmentation Software-Defined Segmentation Multinational Commercial Bank
21 // Guardicore Confidential ▪ Project target: 30 PCI applications ▪ Project scope: 1. Separate PCI and non-PCI apps 2. Unify security controls 3. Multi-cloud support ▪ Compliance blind spots ▪ Difficult to manage security controls across OpenStack, VMware, Azure, Oracle Cloud Five Separate Policy Engines ▪ 30 PCI applications ring-fenced ▪ From 5 security policy engines to 1 ▪ Contextual visibility into PCI related traffic ▪ Integration into DevOps cycles ▪ Breach Detection added value Time: 3 months People: 2 Architects Legacy Segmentation Software-Defined Segmentation Use Case Adopt Cloud and PaaS Securely Global Online Retailer
22 // Guardicore Confidential Use Case Simplify and Accelerate Compliance ▪ Extremely slow progress ▪ Audit failures, fines and production errors ▪ Production outages due to application downtime Time: 2 Years with VLANs ▪ 10,000 non-compliant assets segmented ▪ Zero application downtime ▪ 10x faster implementation saving compliance costs ▪ Reduced manual effort with DevOps Time: 6 Months People: 3 Architects Legacy Segmentation Software-Defined Segmentation ▪ Project target: Dev/Prod/UAT separation ▪ Project scope: 1. Restrict traffic between production and non- production environments 2. App ring-fencing readiness Top 25 Global Bank
23 // Guardicore Confidential23 // Guardicore Confidential With Software-Defined Segmentation • Gain as much visibility as possible (real-time, historical, detailed) • Consume large amounts of visibility data simply and clearly • Support any environment – on-premises or cloud • Create flexible policies based on objectives instead of infrastructure • Support multiple use cases simultaneously • Make life simpler for both security teams and application owners
24 // Guardicore Confidential About Guardicore Top 25 Promising Young Start-ups for 2017 Gartner 2018 Cool Vendor 2018 InfoSec Awards winner for Cloud Security 5/5 Stars Rating - Best Buy Recommendation third year in a row 5/5 Stars rating on Glassdoor Our Mission 250% growth 2018 Customers in 5 Continents 160+ employees $110M in funding (Series C) Chosen to be an AWS Security Hub Partner Guardicore is a data center and cloud security company. We provide the simplest, most intuitive way to protect your organization’s critical assets through micro-segmentation.
25 // Guardicore Confidential25 // Guardicore Confidential Connect with Us: Twitter: @Guardicore LinkedIn: www.linkedin.com/company/guardicore Email: info@guardicore.com Critical Assets. Simply Secured. Anywhere.

Recommended

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture Maganathin Veeraragaloo
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 

Recommended

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture Maganathin Veeraragaloo
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityEmpower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityDatabricks
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Using AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeUsing AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeAmazon Web Services
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Software-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StorySoftware-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StoryCisco Enterprise Networks
 
Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptx Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptxAvi Networks
 

More Related Content

What's hot

Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityEmpower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityDatabricks
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Using AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeUsing AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeAmazon Web Services
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 

What's hot (20)

Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for CybersecurityEmpower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
Empower Splunk and other SIEMs with the Databricks Lakehouse for Cybersecurity
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM Presentation
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Using AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeUsing AIOps to reduce incidents volume
Using AIOps to reduce incidents volume
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 

Similar to Guardicore - Shrink Your Attack Surface with Micro-Segmentation

Software-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StorySoftware-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StoryCisco Enterprise Networks
 
Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptx Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptxAvi Networks
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13Cohesive Networks
 
Automating security in aws with divvy cloud
Automating security in aws with divvy cloudAutomating security in aws with divvy cloud
Automating security in aws with divvy cloudJohn Varghese
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloudAlgoSec
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCohesive Networks
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateDavid Chambers
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHostway|HOSTING
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsJay Bryant
 
7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud AdoptionProtectWise
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 

Similar to Guardicore - Shrink Your Attack Surface with Micro-Segmentation (20)

Software-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StorySoftware-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success Story
 
Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptx Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Virtualize Application Security Today - Hardware is No Longer Needed.pptx
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
 
Automating security in aws with divvy cloud
Automating security in aws with divvy cloudAutomating security in aws with divvy cloud
Automating security in aws with divvy cloud
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequate
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data Center
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
VMworld 2015: No App is An Island
VMworld 2015: No App is An IslandVMworld 2015: No App is An Island
VMworld 2015: No App is An Island
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption7 Security Requirements to Accelerate Cloud Adoption
7 Security Requirements to Accelerate Cloud Adoption
 
Datacenter 2014: Symantec - Peter Schjøtt
Datacenter 2014: Symantec - Peter SchjøttDatacenter 2014: Symantec - Peter Schjøtt
Datacenter 2014: Symantec - Peter Schjøtt
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
 

More from CSNP

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsCSNP
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsCSNP
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsCSNP
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in CryptographyCSNP
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareCSNP
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...CSNP
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskCSNP
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
 

More from CSNP (12)

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 

Recently uploaded (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Guardicore - Shrink Your Attack Surface with Micro-Segmentation

  • 1. Shrink Your Attack Surface with Micro- Segmentation Avishag Daniely Director, Product management @avishugz
  • 2. 2 // Guardicore Confidential Segmentation: It was never easy. It’s only getting harder. Many enterprise networks are too flat Why? No visibility Tied to infrastructure App changes & downtime required Slow to implement Multiple teams involved Because VLANs are painful and restrictive But segmentation is more important than ever 85% of data center traffic is now east- west1 191 days Average dwell time after a breach is 1Source: Cisco Global Cloud Index 2Source: Ponemon Institute 2018 “Cost of a Data Breach” report 2
  • 3. 3 // Guardicore The Usual Strategy: Build Walls
  • 4. 4 // Guardicore Walls Don’t Always Work Spoiler Alert:
  • 5. 5 // Guardicore A Better Strategy: Build Ships Instead of thinking about walls, we should be thinking about ships
  • 6. 6 // Guardicore So Why Haven’t We Applied Shipbuilders’ Wisdom to IT Infrastructure?
  • 7. Because In Today’s Hybrid Data Center Infrastructure… Traditional Security Approaches are Ineffective
  • 8. VLANs fail to deliver ● Visibility ● Fast Deployment ● Cloud & Container support ● Flexibility
  • 9. Security Groups are Becoming the New VLANs
  • 10. Simple to Manage Centralized Management Distributed Enforcement Simple to Deploy One policy approach for all on-premises and cloud environments Completely decoupled from underlying infrastructure Broad ecosystem and OS integration and support Intuitive, human readable visualization and policy creation Software Defined Segmentation Simplifies Hybrid Cloud Security Highly Effective Precise control down to the individual process level
  • 11. 1. Rules for IT hygiene ▪ Block undesired ports, services like Telnet, internet access to databases, etc 1. Rules for infrastructure services (e.g., Jumpboxes, IoT) 2. Separate environments (e.g., Dev/Lab/Prod) 3. Ring-fence sensitive and/or regulated apps (e.g., SWIFT, PCI, etc.) 4. Micro-segment applications Strive to Make Segmentation Simple
  • 12. The Business Impact of Effective Segmentation
  • 13. 13 // Guardicore Confidential13 // Guardicore Confidential How Do I Shrink my Attack Surface?
  • 14. 14 // Guardicore Confidential Environment Segmentation
  • 15. 15 // Guardicore Confidential Critical Application Ring-Fencing
  • 16. 16 // Guardicore Confidential Third-Party Access Control
  • 17. 17 // Guardicore Confidential Identity-Based Access Control
  • 18. Real-World Example: Securing Access Based on User Identity Environment: Production Application: Accounting Application: DMS Andy Doug Jumpbox
  • 19. 19 // Guardicore Confidential ▪ Project target: 10 critical applications ▪ Project scope: 1. Application ring-fencing 2. 3rd party access control 3. Cloud migration readiness ▪ No data center traffic visibility ▪ Complex IT infrastructure ▪ Heavy dependence on infra team Time: 1.5 years with VLANs and FW ▪ Granular east-west traffic visibility ▪ 10 critical applications ring-fenced ▪ 3rd party access restricted ▪ Dependencies mapped for seamless migration ▪ Full process automation with DevOps Time: 2 months People: 1 Architect Legacy Segmentation Software-Defined Segmentation Use Case Protect Your Digital Crown Jewels Top 25 Global Bank
  • 20. 20 // Guardicore Confidential Use Case Simplify and Accelerate Compliance ▪ Need to ring-fence SWIFT application ▪ Complex environment with bare-metal, VMware and OpenStack servers ▪ Hard to define segments across complex infra ▪ No visibility into applications and dependencies ▪ Requires downtime Time: ~8-12 months People: at least 5 ▪ Completed SWIFT application mapping in hours ▪ Segmentation policies automatically suggested and fine-tuned ▪ No need to purchase and deploy new HW and FWs ▪ No downtime Time: 2 weeks People: 1 architect Legacy Segmentation Software-Defined Segmentation Multinational Commercial Bank
  • 21. 21 // Guardicore Confidential ▪ Project target: 30 PCI applications ▪ Project scope: 1. Separate PCI and non-PCI apps 2. Unify security controls 3. Multi-cloud support ▪ Compliance blind spots ▪ Difficult to manage security controls across OpenStack, VMware, Azure, Oracle Cloud Five Separate Policy Engines ▪ 30 PCI applications ring-fenced ▪ From 5 security policy engines to 1 ▪ Contextual visibility into PCI related traffic ▪ Integration into DevOps cycles ▪ Breach Detection added value Time: 3 months People: 2 Architects Legacy Segmentation Software-Defined Segmentation Use Case Adopt Cloud and PaaS Securely Global Online Retailer
  • 22. 22 // Guardicore Confidential Use Case Simplify and Accelerate Compliance ▪ Extremely slow progress ▪ Audit failures, fines and production errors ▪ Production outages due to application downtime Time: 2 Years with VLANs ▪ 10,000 non-compliant assets segmented ▪ Zero application downtime ▪ 10x faster implementation saving compliance costs ▪ Reduced manual effort with DevOps Time: 6 Months People: 3 Architects Legacy Segmentation Software-Defined Segmentation ▪ Project target: Dev/Prod/UAT separation ▪ Project scope: 1. Restrict traffic between production and non- production environments 2. App ring-fencing readiness Top 25 Global Bank
  • 23. 23 // Guardicore Confidential23 // Guardicore Confidential With Software-Defined Segmentation • Gain as much visibility as possible (real-time, historical, detailed) • Consume large amounts of visibility data simply and clearly • Support any environment – on-premises or cloud • Create flexible policies based on objectives instead of infrastructure • Support multiple use cases simultaneously • Make life simpler for both security teams and application owners
  • 24. 24 // Guardicore Confidential About Guardicore Top 25 Promising Young Start-ups for 2017 Gartner 2018 Cool Vendor 2018 InfoSec Awards winner for Cloud Security 5/5 Stars Rating - Best Buy Recommendation third year in a row 5/5 Stars rating on Glassdoor Our Mission 250% growth 2018 Customers in 5 Continents 160+ employees $110M in funding (Series C) Chosen to be an AWS Security Hub Partner Guardicore is a data center and cloud security company. We provide the simplest, most intuitive way to protect your organization’s critical assets through micro-segmentation.
  • 25. 25 // Guardicore Confidential25 // Guardicore Confidential Connect with Us: Twitter: @Guardicore LinkedIn: www.linkedin.com/company/guardicore Email: info@guardicore.com Critical Assets. Simply Secured. Anywhere.