The document outlines VNS3's security and connectivity solutions for cloud applications, designed to protect against exploitation by hackers and other threats. It emphasizes the importance of application segmentation within enterprise clouds to enhance security against potential east-west attacks. The VNS3 application security controller is presented as a solution that creates micro-perimeters around critical applications, ensuring strict traffic flow controls in virtualized environments.

1. copyright 2015
Cloud Applications Secured

2. copyright 2015
Presenters
2
Patrick Kerpan
CEO
@pjktech
Chris Swan
CTO
@cpswan

3. copyright 2015
Cohesive Networks - Cloud Applications Secured
3
VNS3 family of security and
connectivity solutions protects
cloud-based applications from
exploitation by hackers, criminal
gangs, and foreign governments
1000+ customers in 20+ countries
across all industry verticals and
sectors
Partner
Network
TECHNOLOGY PARTNER

4. copyright 2015
Our lineup
4
Application Security Controller
turret
free, self-service cloud connectivity
vpn
security and connectivity networking
net
scalable
VPN
end-to-end
encryption
multi-cloud,
multi-region
monitor &
manage
automatic
failover
secure app
isolation
✓ ✓ ✓ ✓ ✓ ✓
✓ ✓ ✓ + +
✓ ✓
virtual network management system
ms
high availability & automatic failover
ha
ADD-ONs
+
+

5. copyright 2015
Available everywhere in Microsoft Azure
5

6. copyright 2015 6
VNS3 connectivity and security with L4-L7 plug-in system
Isolated Docker containers withinVNS3 allows Partners and Customers to embed
features and functions safely and securely into their Cloud Network.
Router Switch Firewall Protocol
Redistributor
VPN
Concentrator
Scriptable
SDN
VNS3 Core Components
Proxy Reverse Proxy Content Caching Load Balancer IDS Custom Container

7. copyright 2015
VNS3 and Cloud Application Segmentation
7

8. copyright 2015
I don’t need to tell you about the security landscape
8
FUD

9. copyright 2015 9
The Problem - Lots of apps sprawled across enterprise clouds
The Solution -VNS3 Application Segmentation

10. copyright 2015
A typical business application
10
WebTier
AppServer
Tier
Database
Tier
Message
Queues

11. copyright 2015
PerimeterSecurity
Public and Private clouds are filled with these applications,
many of them “critical” infrastructure
11
80% of Security $s
20% of Security $s
(RSA)

12. copyright 2015
PerimeterSecurity
Hard on the outside, soft on the inside
12

13. copyright 2015
PerimeterSecurity
One penetration creates significant potential
for “East-West” expansion of the attack
13

14. copyright 2015 14
The Problem - Lots of apps sprawled across enterprise clouds
The Solution -VNS3 Application Segmentation

15. copyright 2015
“Application Segmentation” completes the cloud security model
15
Hardware
Managed by
Azure
Hypervisor
Managed by
Azure
Application
Policies
Customers Control
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 3
Layer 2
Layer1
Layer 0
App 1 App 2
Limit of user access,
control and visibility
Azure Layer 3
Network
Cloud
Service
Provider
Cloud
Customer

16. copyright 2015
Introducing theVNS3 Application Security Controller
16
M
Virtual Adapter Virtual Adapter Virtual Adapter
Layer 3
Encrypted
Switch
Layer 3
Encrypted
Router
GRE
Protocol
Bridge
Protocol
Re-
Distributor
Industry Standard L4 - L7 PLUGIN System
Mesh Transaction
Management
Core Mesh
Firewall
Mesh Key
Management
Net Management
Interfaces
SSLVPN
Edge
IPsecVPN
Edge
Autonomics
Agents
RESTful
API Service Cloud Capacity Interfaces
Virtual
CPU(s)
AES-NI
Interface
Provisioned
IOPS
Enhanced
Network
Drivers
App
FW
Custom
Mods
SSL/TLS
Offload
Content
Cache
Internal
LB
IDS
IPS
Application Security Controller NIC(s)
Unique Encrypted Topology Identity
UniqueEncryptedTopologyIdentity
UniqueEncryptedTopologyIdentity

17. copyright 2015
VNS3 Application Segmentation
17
turret
VNS3 creates a micro-perimeter around critical applications in any data center,
cloud or virtualized environment
Traffic only flows in
permitted directions,
from permitted locations.
None of the servers
talks to any other server
without going through a
secureVNS3 switch.

18. copyright 2015
Why now - “demand”?
18
NIST Cyber Security Framework
PR.AC-5
Network integrity is protected,
incorporating network segregation
where appropriate

19. copyright 2015
Why now - “supply”?
19
Network FunctionVirtualization
- we can make networks out of
virtual machines and containers
Software Defined Networking
- we can manage networks
through APIs
DevOps and Containers
- makes application networks
just another config

20. copyright 2015
Once the micro-perimeter is established the broad policy
enforcement mechanism is in place, with strict traffic flow controls.
20

21. copyright 2015
Demo
21

22. copyright 2015
DemoTopology
22
VNS3 Manager 1 VNS3 Manager 2 VNS3 Manager 3
VNS3 Overlay Network - 192.168.56.0/24
Overlay IP: 192.168.56.111 Overlay IP: 192.168.56.101*
Sinatra App Tier Primary DB Backup DB
Active IPsec Tunnel
Public IP: 104.40.234.149 Public IP: 191.236.146.199
Peered
Overlay IP: 192.168.56.101
Public IP: 104.42.102.143
VNS3 Manager 4
Public IP: 191.236.53.137 VNS3 Overlay - 172.31.0.0/22
Nginx Server
Overlay IP: 172.31.1.1
Peered
Customer
Corp Office
West Europe West US North Central US
East US

23. copyright 2015
Anywhere an application can go - it needs
security & connectivity.
• Perimeter based security models are no longer sufficient. One
compromise becomes the starting point for East-West attacks
across a series of application deployments.
• Application Security Controllers use NFV and SDN to build an
application-centric perimeter rather than traditional “edge”
perimeter.
• Application-centric Security is portable across Azure zones and
locations.
23