AlgoSec, profile picture
Uploaded byAlgoSec
PPTX, PDF761 views

SDN's managing security across the virtual network final

The document discusses managing security in software-defined networking (SDN) across various cloud environments, emphasizing the need for proper management to enhance security. It highlights common challenges such as visibility, responsibility blurring, and the importance of consistent security controls across hybrid cloud setups. Recommendations include adopting automation, unified management, and evaluating cloud security controls tailored to specific needs.

Embed presentation

Downloaded 13 times
SDN: MANAGING SECURITY ACROSS THE VIRTUAL NETWORK Omer Ganot Product Manager, AlgoSec
WELCOME Have a question? Submit it via the chat This webinar is being recorded! Slides and recording will be sent to you after the webinar 2
Layer of Abstraction Infrastructure Data Panel Infrastructure Control Panel WELCOME TO THE SOFTWARE-DEFINED WORLD Northbound APIs Southbound APIs Applications Platform APIs
Private Cloud SDN CAN EXIST ON Public Cloud
IMAGINE A FUTURE WHERE NETWORK SECURITY HAS… No visibility into the network No boxes with “blinking lights” that inspect traffic No login screen to configure policy (just APIs)
GREAT SCOTT!!! That’s not secure at all…
Which SDN brands (private and public) are you using in production? • VMware NSX • Cisco ACI • Amazon Web Services (AWS) • Microsoft Azure • Google Cloud Platform (GCP) Please vote using the “votes from audience” tab in your BrightTALK panel
SOFTWARE DEFINED NETWORKING CAN BE More secure More adaptive More agile
Assuming…. you can manage it properly You can spend more time defining policy and less time enforcing policy
Through 2019, 80%of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. 80%
For many companies, the future has already arrived
Most companies will gradually evolve to this future or are already hybrid. Your Logo Here
HOW DOES NETWORK SECURITY WORK IN THE CLOUD?
Shared responsibility- Infrastructure security- by the cloud provider Application security- by the customer Your good old perimeter security (FW, IPS, SWG) SECURITY BOUNDARIES Private CloudPublic Cloud
SECURITY IN THE CLOUD Cloud Security Groups Abstracted firewalls at the network fabric level. Free and very flexible, but different for every cloud provider and (currently) do not provide advanced functionality Virtual Firewalls 3rd party commercial next-generation firewalls designed for the cloud. Familiar usage patterns, some already became “cloud-friendly” (data center objects) Host Agents Host agents that utilize existing host-based firewalls. Work across clouds and provide some advanced functionality, but add cost and management overhead
HYBRID CLOUD CHALLENGES • Visibility • Different configurations and security controls on each side • Ensuring consistency • Blurring responsibilities between teams
SECURITY FUNDAMENTALS STAY THE SAME Monitoring Least privileged Change management Risk analysis (Micro) Segmentation Governance Compliance
What is your primary motivation for deploying PUBLIC Cloud IaaS?
VMWARE NSX AND CISCO ACI MODELS
DYNAMIC OBJECTS AND TAGS Simplifies policy definition BUT complicates policy visualization • Great inside the data center but what happens outside? • Can you keep up? • Open up wide nets?
NETWORKS THAT SPAN MULTIPLE DATA CENTERS Good for policy definition; Bad for policy visualization • Need network AND application joint visualization approach • Need to verify consistency of edge definitions • Compliance
APPLICATION CONNECTIVITY DEFINITION Good for policy definition; Bad for policy visualization • Match to actual policy is not always automatic, no way to enforce • Compliance is hard
ISLANDS OF SDN AUTOMATION
ISLANDS OF SDN AUTOMATION A software controlled data center can be sleek and automated • How do you extend your policy to rest of the network ?
ISLANDS OF SDN AUTOMATION Bad for policy visualization and policy automation beyond the data center
FIREWALL VENDORS SUPPORT DYNAMIC OBJECTS What about the others? Mostly in cloud firewalls
RECOMMENDATIONS • Network Security implementation in the cloud is different (If you’re doing the same things you are doing it wrong) • Evaluate cloud security controls and pick the best one for your needs • Get cloud experts on the network security team • Automation is a must • Unified management across hybrid environment is a must
MORE RESOURCES 29 www.algosec.com/resources WHITEPAPER DATASHEET PPT Prof. Wool Educational Videos
UPCOMING WEBINARS https://www.algosec.com/webinars Topic: Application Visibility Across the Security Estate–The Value & the Vision When: Tuesday, June 5 Presented by: Jonathan Gold-Shalev, Senior Product Manager Topic: Securely Managing External Network Connections — Tips & Tricks When: Tuesday, June 12, Presented by: Prof. Avishai Wool, CTO ---Sign up now ---
THANK YOU! Questions can be emailed to marketing@algosec.com

More Related Content

PPTX
Application visibility across the security estate the value and the vision ...
byAlgoSec
 
PPTX
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
byAlgoSec
 
PDF
best practices-managing_security_in_the hybrid cloud
byAlgoSec
 
PDF
Managing Application Connectivity in the World of Network Security
byshira koper
 
PPT
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
byAlgoSec
 
PDF
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 
PDF
Microsegmentation from strategy to execution
byAlgoSec
 
PPTX
2018 11-19 improving business agility with security policy automation final
byAlgoSec
 
Application visibility across the security estate the value and the vision ...
byAlgoSec
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
byAlgoSec
 
best practices-managing_security_in_the hybrid cloud
byAlgoSec
 
Managing Application Connectivity in the World of Network Security
byshira koper
 
Accelerate Application Deployment Across Cisco ACI Fabric, On-Premise Firewal...
byAlgoSec
 
compliance made easy. pass your audits stress-free webinar
byAlgoSec
 
Microsegmentation from strategy to execution
byAlgoSec
 
2018 11-19 improving business agility with security policy automation final
byAlgoSec
 

What's hot

PDF
Migrating and Managing Security in an AWS Environment- Best Practices
byshira koper
 
PDF
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
byshira koper
 
PPTX
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
byAlgoSec
 
PPTX
Best Practics for Automating Next Generation Firewall Change Processes
byAdi Gazit Blecher
 
PPT
Create and Manage a Micro-Segmented Data Center – Best Practices
byAlgoSec
 
PPTX
2019 02-20 micro-segmentation based network security strategies (yoni geva)
byAlgoSec
 
PPTX
Put out audit security fires, pass audits -every time
byAlgoSec
 
PDF
Radically reduce firewall rules with application-driven rule recertification
byAlgoSec
 
PPTX
Tying cyber attacks to business processes, for faster mitigation
byMaytal Levi
 
PDF
Cloud migrations made simpler safe secure and successful migrations
byAlgoSec
 
PPTX
2018 10-11 automating network security policy management allows financial ins...
byAlgoSec
 
PPTX
2019 08-13 selecting the right security policy management solution
byAlgoSec
 
PDF
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
PDF
DevSecOps: Putting the Sec into the DevOps
byshira koper
 
PDF
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
PPT
More Things You Can Do with the AlgoSec Security Policy Management Suite
byAlgoSec
 
PDF
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
byAlgoSec
 
PDF
Managing application connectivity securely through a merger or acquisition – ...
byAlgoSec
 
PDF
Examining the Impact of Security Management on the Business (Infographic)
byAlgoSec
 
PDF
Cisco aci and AlgoSec webinar
byMaytal Levi
 
Migrating and Managing Security in an AWS Environment- Best Practices
byshira koper
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
byshira koper
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
byAlgoSec
 
Best Practics for Automating Next Generation Firewall Change Processes
byAdi Gazit Blecher
 
Create and Manage a Micro-Segmented Data Center – Best Practices
byAlgoSec
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
byAlgoSec
 
Put out audit security fires, pass audits -every time
byAlgoSec
 
Radically reduce firewall rules with application-driven rule recertification
byAlgoSec
 
Tying cyber attacks to business processes, for faster mitigation
byMaytal Levi
 
Cloud migrations made simpler safe secure and successful migrations
byAlgoSec
 
2018 10-11 automating network security policy management allows financial ins...
byAlgoSec
 
2019 08-13 selecting the right security policy management solution
byAlgoSec
 
Build and enforce defense in depth - an algo sec-cisco tetration webinar
byAlgoSec
 
DevSecOps: Putting the Sec into the DevOps
byshira koper
 
2021 01-13 reducing risk-of_ransomware
byAlgoSec
 
More Things You Can Do with the AlgoSec Security Policy Management Suite
byAlgoSec
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
byAlgoSec
 
Managing application connectivity securely through a merger or acquisition – ...
byAlgoSec
 
Examining the Impact of Security Management on the Business (Infographic)
byAlgoSec
 
Cisco aci and AlgoSec webinar
byMaytal Levi
 

Similar to SDN's managing security across the virtual network final

PDF
Security sdn
byPriya Singh
 
PDF
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
byCohesive Networks
 
PDF
Securing your telco cloud
byOPNFV
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PDF
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
PDF
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 
PPTX
talk6securingcloudamarprusty-191030091632.pptx
byTrongMinhHoang1
 
PDF
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
PDF
SDN-ppt-new
byGifty Susan Mani
 
PPTX
Presentacion de solucion cloud de navegacion segura
byRogerChaucaZea
 
PPTX
Security-Centric Networking
byLiveAction Next Generation Network Management Software
 
PDF
Sdn&security
byCristiano Monteiro
 
PDF
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
byVMworld
 
PDF
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
PPTX
Using sdn to secure the campus - Networkshop44
byJisc
 
PDF
Sdn primer pdf
byPooja Patel
 
PDF
OVNC 2015-Software-Defined Networking: Where Are We Today?
byNAIM Networks, Inc.
 
PPTX
Generate Software Defined Network Presentation with Bulleted Explanations.pptx
byAngieloBecenia1
 
PDF
Spo1 w25 spo1-w25
bySelectedPresentations
 
Security sdn
byPriya Singh
 
Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...
byCohesive Networks
 
Securing your telco cloud
byOPNFV
 
Cloud Security
byAWS User Group Bengaluru
 
Cloud Security
byAWS User Group Bengaluru
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 
talk6securingcloudamarprusty-191030091632.pptx
byTrongMinhHoang1
 
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
SDN-ppt-new
byGifty Susan Mani
 
Presentacion de solucion cloud de navegacion segura
byRogerChaucaZea
 
Security-Centric Networking
byLiveAction Next Generation Network Management Software
 
Sdn&security
byCristiano Monteiro
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
byVMworld
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
bycentralohioissa
 
Using sdn to secure the campus - Networkshop44
byJisc
 
Sdn primer pdf
byPooja Patel
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
byNAIM Networks, Inc.
 
Generate Software Defined Network Presentation with Bulleted Explanations.pptx
byAngieloBecenia1
 
Spo1 w25 spo1-w25
bySelectedPresentations
 

More from AlgoSec

PDF
The state of the cloud csa survey webinar
byAlgoSec
 
PDF
2021 01-27 reducing risk of ransomware webinar
byAlgoSec
 
PDF
Compliance made easy. Pass your audits stress-free.
byAlgoSec
 
PDF
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
byAlgoSec
 
PDF
2020 04-07 webinar slides -turning network security alerts into action change...
byAlgoSec
 
PPT
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
byAlgoSec
 
PPTX
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
PPT
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
byAlgoSec
 
PPTX
Zero Trust Framework for Network Security​
byAlgoSec
 
PPT
Selecting the right security policy management solution for your organization
byAlgoSec
 
PPTX
2018 07-24 network security at the speed of dev ops - webinar
byAlgoSec
 
The state of the cloud csa survey webinar
byAlgoSec
 
2021 01-27 reducing risk of ransomware webinar
byAlgoSec
 
Compliance made easy. Pass your audits stress-free.
byAlgoSec
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
byAlgoSec
 
2020 04-07 webinar slides -turning network security alerts into action change...
byAlgoSec
 
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...
byAlgoSec
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
byAlgoSec
 
Zero Trust Framework for Network Security​
byAlgoSec
 
Selecting the right security policy management solution for your organization
byAlgoSec
 
2018 07-24 network security at the speed of dev ops - webinar
byAlgoSec
 

Recently uploaded

DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PPTX
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
PDF
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
PDF
20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf
byAkihiro Suda
 
PDF
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
Figma systems development services
bydavidjohansen1597
 
PDF
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
PPTX
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PPTX
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PDF
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
2026 Safety Roadmap: Systems, Skills, and Scale for EHS Leaders
byTECH EHS Solution
 
20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf
byAkihiro Suda
 
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
Figma systems development services
bydavidjohansen1597
 
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 

SDN's managing security across the virtual network final

  • 1.
    SDN: MANAGING SECURITY ACROSSTHE VIRTUAL NETWORK Omer Ganot Product Manager, AlgoSec
  • 2.
    WELCOME Have a question?Submit it via the chat This webinar is being recorded! Slides and recording will be sent to you after the webinar 2
  • 3.
    Layer of Abstraction InfrastructureData Panel Infrastructure Control Panel WELCOME TO THE SOFTWARE-DEFINED WORLD Northbound APIs Southbound APIs Applications Platform APIs
  • 4.
    Private Cloud SDN CANEXIST ON Public Cloud
  • 5.
    IMAGINE A FUTUREWHERE NETWORK SECURITY HAS… No visibility into the network No boxes with “blinking lights” that inspect traffic No login screen to configure policy (just APIs)
  • 6.
  • 7.
    Which SDN brands(private and public) are you using in production? • VMware NSX • Cisco ACI • Amazon Web Services (AWS) • Microsoft Azure • Google Cloud Platform (GCP) Please vote using the “votes from audience” tab in your BrightTALK panel
  • 8.
    SOFTWARE DEFINED NETWORKINGCAN BE More secure More adaptive More agile
  • 9.
    Assuming…. you can manageit properly You can spend more time defining policy and less time enforcing policy
  • 10.
    Through 2019, 80%ofcloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. 80%
  • 11.
    For many companies, thefuture has already arrived
  • 12.
    Most companies willgradually evolve to this future or are already hybrid. Your Logo Here
  • 13.
    HOW DOES NETWORKSECURITY WORK IN THE CLOUD?
  • 14.
    Shared responsibility- Infrastructure security-by the cloud provider Application security- by the customer Your good old perimeter security (FW, IPS, SWG) SECURITY BOUNDARIES Private CloudPublic Cloud
  • 15.
    SECURITY IN THECLOUD Cloud Security Groups Abstracted firewalls at the network fabric level. Free and very flexible, but different for every cloud provider and (currently) do not provide advanced functionality Virtual Firewalls 3rd party commercial next-generation firewalls designed for the cloud. Familiar usage patterns, some already became “cloud-friendly” (data center objects) Host Agents Host agents that utilize existing host-based firewalls. Work across clouds and provide some advanced functionality, but add cost and management overhead
  • 16.
    HYBRID CLOUD CHALLENGES •Visibility • Different configurations and security controls on each side • Ensuring consistency • Blurring responsibilities between teams
  • 18.
    SECURITY FUNDAMENTALS STAYTHE SAME Monitoring Least privileged Change management Risk analysis (Micro) Segmentation Governance Compliance
  • 19.
    What is your primarymotivation for deploying PUBLIC Cloud IaaS?
  • 20.
    VMWARE NSX ANDCISCO ACI MODELS
  • 21.
    DYNAMIC OBJECTS ANDTAGS Simplifies policy definition BUT complicates policy visualization • Great inside the data center but what happens outside? • Can you keep up? • Open up wide nets?
  • 22.
    NETWORKS THAT SPANMULTIPLE DATA CENTERS Good for policy definition; Bad for policy visualization • Need network AND application joint visualization approach • Need to verify consistency of edge definitions • Compliance
  • 23.
    APPLICATION CONNECTIVITY DEFINITION Goodfor policy definition; Bad for policy visualization • Match to actual policy is not always automatic, no way to enforce • Compliance is hard
  • 24.
    ISLANDS OF SDNAUTOMATION
  • 25.
    ISLANDS OF SDNAUTOMATION A software controlled data center can be sleek and automated • How do you extend your policy to rest of the network ?
  • 26.
    ISLANDS OF SDNAUTOMATION Bad for policy visualization and policy automation beyond the data center
  • 27.
    FIREWALL VENDORS SUPPORTDYNAMIC OBJECTS What about the others? Mostly in cloud firewalls
  • 28.
    RECOMMENDATIONS • Network Securityimplementation in the cloud is different (If you’re doing the same things you are doing it wrong) • Evaluate cloud security controls and pick the best one for your needs • Get cloud experts on the network security team • Automation is a must • Unified management across hybrid environment is a must
  • 29.
    MORE RESOURCES 29 www.algosec.com/resources WHITEPAPERDATASHEET PPT Prof. Wool Educational Videos
  • 30.
    UPCOMING WEBINARS https://www.algosec.com/webinars Topic: ApplicationVisibility Across the Security Estate–The Value & the Vision When: Tuesday, June 5 Presented by: Jonathan Gold-Shalev, Senior Product Manager Topic: Securely Managing External Network Connections — Tips & Tricks When: Tuesday, June 12, Presented by: Prof. Avishai Wool, CTO ---Sign up now ---
  • 32.
    THANK YOU! Questions canbe emailed to marketing@algosec.com

Editor's Notes

  • #2 https://www.brighttalk.com/webcast/11873/273869?utm_campaign=knowledge-feed&utm_source=brighttalk-portal&utm_medium=web
  • #4 Public cloud is also a type of an SDN infra, as you can use its APIs to configure its networking and security
  • #5 Public cloud is a form of SDN
  • #6 No visibility- Various constructs that are not existing on the regular network Can’t connect directly to boxes, but only to mgmt. No UI. Only API
  • #7 Problem, but opportunity The control is not in the hand of the security team. In the networking team, not necessarily 1st priority
  • #9 Re secure- better segmentation Adaptive- do changes in network as needed. Some network was attacked- can isolate, fix and re-deploy Agile- Deploy faster. not dependent on changing policy on multiuple different boxes- AlgoSec can make it faster
  • #10 Intent-based- graphical is easy. Complexity and understanding it isn’t easy- Many types of policies. You need a tool to manage all of this as it’s complicated
  • #11 On-prem- proably 95% Most of the risk remains in the configuration- because it’s not simple
  • #12 Public cloud What they doing today in the DC
  • #13 Hybrid for most of us. New DC in the cloud (private/public), while we’ll still see many years remaining with on-prem DCs for various reasons such as legacy HW or SW, price, proving things before full velocity in the cloud
  • #15 Public- Infra security- should be secure Private- you’re in charge of everything (infra and application) SWG- Secure Web Gateway IPS- Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it.
  • #16 Cloud security controls- SGs, dist. FW in NSX. Controlled by the APIs that manage the system. Built in the fabric. In public cloud- it is provided for free. SDN- NSX and ACI- not free. OpenStack- free for built in controls. Sub-flavor- virtual firewall Virt FWs- used to be at edges, now at the VM level. Good old functionality and additional functionality to land on cloud Host agents- Illumio. Own iptables, Windows firewalls. Runs on the platform itself. Good for very fragmented subnets. Hard to define objects that will cover all those frgaments
  • #17 Visibility- many types of systems. Hard to define a consistent policy Responsibility- multiple Networking team-security team, security team-cloud/virt. DC team
  • #18 What is your biggest challenge moving to the cloud Controls and teams are different Visibility The need for integrated NSPM
  • #19 Monitoring- important, even more as of the greater rate of change and ppl Segmentation- better and easier in SDNs => easier governance and compliance. Assuming cloud provider takes care of underlying certification and compliance
  • #20 Being able to quickly deploy apps and security is the most important reason for choosing cloud
  • #22 Dynamic objects allow to logically define groups of machines that should get the same policy. You can abstract the subnets and use tags. VMs add/remove dynamically. But targets are not only in the virt. DC. Possible resolution- open wide subnets Synchronize the data center objects of the north-south firewalls and the Data Center (east-west) firewalls to allow external users to reach the internal resource. Problematic for hybrid network with multiple brands. Partner reaching on-perm via VPN that then leads to the cloud
  • #23 Great protocols like VXLAN- network that can span across multiple DCs. One policy for all. Hard to understand what goes where. Not enough to see only the app layer or the network layer. Need to see both. Edge definitions- 2 or more DCs that connect to each other- infra configuration that affects the outcome of those flows Compliance- everything is configured and compliant
  • #24 Able to define app. Connectitvity in a declarative fashion Easy to initially define, hard to understand visibility Match- those using 3rd party FWs, plugins, or edge integration with this infra. As long as the config with the SDN infra works as it allows- good. But if you want flexibility tailored to your needs- hard
  • #25 OS, NSX and ACI doing great job of enhancing their infra
  • #27 Partner networks, campus, On-perm, etc. Different policies. Hard to automate across the entire org.
  • #28 There may be additional. Need mgmt. system that knows to fetch these objects When you make a change on dynamic objects on cloud-typed FWs, what happens for objects on on-prem firewalls- do they all have these objects? Right now no cohesive way to do that over the entire org. We’ll be happy to help with that
  • #29 The OOB cloud security controls come with some good capabilities Automation is a must- for agility, efficiency and cost. If you’re not doing that, you’re utilizing half the value Unified- cohesive controls and visibility . Otherwise you'll have issues securing and automating