Enterprise Network Security & Compliance - A Vendor's Perspective

•

1 like•231 views

Anusha Vaidyanathan

Presentation made at the Information Systems Audit and Control Association (ISACA) meetup, Oct 2016.

DISCLAIMER
The views expressed here are my own, though I may draw examples from my past
and present professional experiences.

AGENDA
Scope
 B2B - Vendors selling to enterprises
 "Devices in your network"
Not in scope
 Not about specific security solutions
Devices in your Network

COMPLIANCE ALPHABET SOUP
FIPS
140-2
Common
Criteria ICSA NSS
PCI DSS HIPPA SOX ISO
27002 FIPS200 GLBA FISMA NERC
IT Security &
Compliance
Product
Security &
Compliance
Homologat
ion
FCC, UL,
CB/CE DVTTCG –
TPM
Export
Complian
ce
Hardware
Security &
Compliance

Internet
Mobile
Branch
Saas
Applications Paas/Iaas
Applications
White-box
switches
Data Center
DEVICES IN YOUR ENTERPRISE NETWORK TODAY
Courtesy: Palo Alto Networks Virtual Firewall

A BRIEF HISTORY
Then Now
Centralized+
Distributed
Programmable
VNFs /Service
chaining
Network
Virtualization
Tightly
Coupled
Rigid
Monolithic
Custom
hardware

A BRIEF HISTORY
Then Now
Hypervisor
IaaS Clouds
Virtual
Physical
Orchestration
Courtesy: Juniper SRX 5600
Courtesy: Silver Peak Systems Inc.

WHOSE ‘OS’ IS IT ANYWAY?
Applications
 Management and Orchestration
 Malware analysis
 Analytics
 SIEMs
 Anti-Virus
 DLP
Embedded Systems
 SDN Controllers
 Firewall
 Routers
 Switches
 WAN optimization
 Web Application Firewalls
 Load balancers
 Secure Web gateways
 VPN devices
 IPS
Embedded
Systems
Cloud
Apps
(Iaas)
Applications
Cloud Apps
(Saas/Paas)

A BRIEF HISTORY
Then Now
Service Chaining SD-WAN and Firewall VNFs
Courtesy: Silver Peak Systems Inc.

A BRIEF HISTORY
Then Now
Centralized Orchestrator, Distributed Devices
Courtesy: Silver Peak Systems Inc.

A BRIEF HISTORY
Then Now
Courtesy: Silver Peak Systems Inc.

• FIPS boundaries - hardware vs. software only
• TPM for virtual
• Common Criteria – Evolving => Assurance levels to Protection Profiles
• IPSec/SSL encryption – commodity hardware, AES NI instructions
Compliance Considerations

New Threat Vectors
•Virtualization – Hypervisor, Containers
Courtesy: Docker

New Threat Vectors & Considerations
•Programmability
• DDoS on REST APIs
• Authentication
• Distributed Data Plane – Backward & Forward compatibility
•‘Outside the Box’ - Secure communications

RISING OPEN
SOURCE USAGE
Copy-left vs. Permissive licenses
Vendors
 Publish ALL 3rd party licenses
 Publish source code for modified copy-left
licenses
 Maintain tabs on Bill of Materials
 Provide trickle-down SLAs for open source
vulnerabilities
Courtesy: Blackduck Software

“SHARE MY PIE”
Vendors Enterprises
Vulnerability Assessment
• OWASP top 10
• SANS 25
• TCP/IP attacks
Penetration Testing
• Privilege escalations
• Availability
• Security Posture

DEVOPS AND HOSTED CLOUD APPLICATIONS
The release is dead, long live the release!
Network vendors with physical, virtual,
IaaS products
 Follow (Agile) software release cycles
Enterprises with cloud or web services
Saas/Paas products
 Devops model
 Risks
 Availability, Stability, DDoS
Courtesy: http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr

SUMMARY
 Enterprise networks are adapting to network virtualization and cloud applications
 Programmable, hardware agnostic products introduce new threat vectors
 Vendor compliance standards help in enterprise IT security & compliance
 Vendor best practices for open source usage & vulnerability assessment

Pre-Requisites: As this is a hands-on lab, students should bring their laptop to take full advantage of the labs throughout the day sessions. Learn how to configure network, compute, storage and virtualization components then use UCS Director to orchestrate, provision, automate and manage the solution. IT transformation is a long journey that requires a close, sustained collaboration across the IT organization. For IT organizations that are transitioning to a private cloud architecture, the measure of success isn’t whether they’ve implemented an IT architecture that “works better”—it’s whether IT makes the business work better. By simplifying the design, build, and operational processes for private and hybrid clouds, Cisco ONE Enterprise Cloud Suite (ECS) helps you focus your time and energy on ensuring that your platform remains closely aligned with business requirements. Labs • UCS Director Concepts (vDC, Pod, etc.) • Managing Physical Resources, • Managing Virtual Infrastructure, • UCS Director Extensibility

TechWiseTV Workshop: Q&A OpenDNS and AnyConnect

Robb Boyd

Текториал по тематике информационной безопасности

Cisco Russia

TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)

Robb Boyd

These are the slides used in the Live Webinar August 3, 2016 at 10:00 am Pacific Time / 1:00 pm Eastern Time. You can listen/watch the replay of that show at techwisetv.com. Just click on 'workshops.' The TechWiseTV Episode is also on that site or on YouTube at https://youtu.be/zZHRLsaKD3U Demos to checkout: ISE Streamlined Visibility: https://communities.cisco.com/videos/15260 ISE Context Visibility: https://communities.cisco.com/videos/15264 ISE EasyConnect: https://communities.cisco.com/videos/15285 ISE Threat-centric NAC (AMP): https://communities.cisco.com/videos/15269 ISE Threat-centric NAC (Qualys): https://communities.cisco.com/videos/15270

Behind the Curtain: Exposing Advanced Threats

Cisco Canada

Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.

淺談WAF在AWS的架構_20171027

4ndersonLin

AWS Summit Auckland Sponsor Presentation - Dome9

Amazon Web Services

Replay the live event: http://cs.co/90008z2Ar Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices. It’s time for the network to protect itself. Please make time for this important workshop. Resources: Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M Network as a Sensor-Enforcer on CCO: http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html Cisco ISE Community http://cs.co/ise-community

NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab

Cisco Canada

The Network Service Orchestrator (NSO) is a multi-vendor network orchestrator developed by Tail-f, a recent Cisco acquisition in the area of network management and orchestration. This 4hs session will give an introduction to the NCS system and show hands-on the tool and its different interfaces: network-wide CLI, REST API, etc. Participants will also create one basic network services models using the YANG language.

AWS Summit Auckland Sponsor Presentation - Vocus

Amazon Web Services

Ignite your network digitize your business

Cisco Canada

ASA Firepower NGFW Update and Deployment Scenarios

Cisco Canada

This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

Cisco DevNet

A session in the DevNet Zone at Cisco Live, Berlin. Cisco Security is committed to an extensible product porfolio that enables integration with many best of breed technology partners. Through the Cisco Security Technical Alliance program (CSTA) customers can leverage more than a dozen APIs and integration points to share data with SIEM, MDM, EDM, IR, Vulnerability Management and many other critical security technologies found in the enterprise. Integration with nearly 100 partner solutions powers automation, provides additional context that speeds the resolution of critical events and increases overall security effectiveness.

CSS 17: NYC - The AWS Shared Responsibility Model in Practice

Alert Logic

Cisco Identity Services Engine (ISE)

Anwesh Dixit

Choosing PaaS: Cisco and Open Source Options: an overview

Cisco DevNet

A session in the DevNet Zone at Cisco Live, Berlin. Confused by all the open source PaaS options out there? What criteria should you use to evaluate them? We seek to answer these questions in a systematic manner and will explore top technologies such as Mesos, Apprenda, Cloud Foundry and Kubernetes along with Cisco's Project Shipped and open source Mantl. The aim of this session will be to shed light on which platforms add value to your needs, applications and workloads.

TechWiseTV Workshop: OpenDNS and AnyConnect

Robb Boyd

TechWiseTV Workshop: APIC-EM

Robb Boyd

Hope you did not miss our deep dive: Cisco APIC-EM: IT Speed and Simplicity Through Automation Ronnie Ray walked through Cisco's purpose-built enterprise controller. Purpose build to help you move to software-defined networking (SDN) that works both on existing networks and on new infrastructure. Watch and Listen to the workshop replay at cs.co/6017Bl8Kb (check out the Digital Network Architecture episodes Part 1 and 2 at http://www.techwisetv.com) You will learn how Cisco engineers created the world’s best network automation controller, which provides enterprise resiliency and scale, an open and extensible platform, and a full suite of policy-driven SDN applications. You’ll learn about multiple time-saving apps that cover the complete network service lifecycle and drive policy enforcement consistently across the enterprise to make sure of zero-touch infrastructure deployment, quality of experience, and rapid troubleshooting. Moving to software-driven networking is the future. Join us and find out how to start your journey today.

Sasa milic, cisco advanced malware protection

Dejan Jeremic

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...

Farooq Khan

AWS Security Strategy

Teri Radichel

VMware vRealize Network Insight Frequently Asked Questions FAQ

Richard Common

General Q&A Q: What is Arkin (now vRealize Network Insight)? Q: What is the new Arkin product name? Q: How will vRealize Network Insight be integrated into VMware? Q: Where can I find more information about vRealize Network Insight? Q: Who can sell vRealize Network Insight? Q: Who can purchase vRealize Network Insight? Q. When can I begin selling vRealize Network Insight? Q: Will I be compensated for selling vRealize Network Insight? Q: Is there an Academic or Federal SKU? Q: Can I add vRealize Network Insight to my existing NSX Opportunities? Q: How to get licenses?

Hybridní cloud s F5 v prostředí kontejnerů

MarketingArrowECS_CZ

Hope, fear, and the data center time machine

Cisco Canada

Technologies You Need to Safely Use the CloudCloudPassage

Network security

Sibergen Technologies

Emerging Threats - The State of Cyber Security

Cisco Canada

The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary to help secure a network in light of this ever changing and growing threat landscape.Talos advances the overall efficacy of all Cisco security platforms by analyzing data feeds, collaborating with teams of security experts, and developing cutting-edge big data technology to identify security threats. In this talk we will perform deep analysis of recent threats and see how Talos leverages large data intelligence feeds to deliver product improvements and mitigation strategies.

AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.

Manjesh cv

Manjesh N

What's hot

TechWiseTV Workshop: Cisco Stealthwatch and ISE

Robb Boyd

NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab

Cisco Canada

AWS Summit Auckland Sponsor Presentation - Vocus

Amazon Web Services

Ignite your network digitize your business

Cisco Canada

ASA Firepower NGFW Update and Deployment Scenarios

Cisco Canada

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

Cisco DevNet

CSS 17: NYC - The AWS Shared Responsibility Model in Practice

Alert Logic

Cisco Identity Services Engine (ISE)

Anwesh Dixit

Choosing PaaS: Cisco and Open Source Options: an overview

Cisco DevNet

TechWiseTV Workshop: OpenDNS and AnyConnect

Robb Boyd

TechWiseTV Workshop: APIC-EM

Robb Boyd

Sasa milic, cisco advanced malware protection

Dejan Jeremic

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...

Farooq Khan

AWS Security Strategy

Teri Radichel

VMware vRealize Network Insight Frequently Asked Questions FAQ

Richard Common

Hybridní cloud s F5 v prostředí kontejnerů

MarketingArrowECS_CZ

Hope, fear, and the data center time machine

Cisco Canada

Technologies You Need to Safely Use the CloudCloudPassage

Network security

Sibergen Technologies

Emerging Threats - The State of Cyber Security

Cisco Canada

What's hot (20)

TechWiseTV Workshop: Cisco Stealthwatch and ISE

NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab

AWS Summit Auckland Sponsor Presentation - Vocus

Ignite your network digitize your business

ASA Firepower NGFW Update and Deployment Scenarios

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

CSS 17: NYC - The AWS Shared Responsibility Model in Practice

Cisco Identity Services Engine (ISE)

Choosing PaaS: Cisco and Open Source Options: an overview

TechWiseTV Workshop: OpenDNS and AnyConnect

TechWiseTV Workshop: APIC-EM

Sasa milic, cisco advanced malware protection

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...

AWS Security Strategy

VMware vRealize Network Insight Frequently Asked Questions FAQ

Hybridní cloud s F5 v prostředí kontejnerů

Hope, fear, and the data center time machine

Technologies You Need to Safely Use the Cloud

Network security

Emerging Threats - The State of Cyber Security

Similar to Enterprise Network Security & Compliance - A Vendor's Perspective

AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...

Amazon Web Services

Manjesh cv

Manjesh N

040711 webcast securing vmachine

Erin Banks

Security at the Speed of the Network

Hantzley Tauckoor

DNA Intelligent WAN Campus Day

Cisco Canada

Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...

Amazon Web Services

Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows. Join us to Learn: How to protect and automate your AWS deployments while maintaining data segregation Best practices for creating consistent security for data moving to and from the cloud How to securely extend your application development testing environment to AWS Speakers: AWS Speaker: David Wright, Solution Architect Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer

Cisco Connect 2018 Thailand - Software defined access a transformational appr...

NetworkCollaborators

CloudOps evening presentation from Savvis

Alistair Croll

VMware NSX for vSphere - Intro and use cases

Angel Villar Garea

Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)

ClubHack

Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda

Plain Concepts

AWS Security and SecOps

Shiva Narayanaswamy

Cyberoam SSL VPN

Ajay Nawani

Barracuda WAF: Scalable Security for Applications on AWS

Amazon Web Services

Organizations that work with a variety of third-parties in a cloud-based environment are challenged with finding a scalable and elastic security solution, that also meets their partners’ regulations and remains easy-to-use. Barracuda delivers cloud-connected security to simplify your IT environment, and their Web Application Firewall is an elastic and scalable solution for AWS that adapts to and deters evolving threats in a cloud environment. Iris Solutions, a multi-national cloud based enterprise software provider, needed to secure their eSignature SaaS with a tool that facilitated elasticity and scalability to help streamline expansion into several different markets, while meeting the strict regulations they encountered. Register for our upcoming webinar to learn why Iris chose to integrate Barracuda Web Application Firewall with AWS Services, such as Amazon CloudWatch, AWS Elastic Load Balancing, and AWS Identity and Access Management, to overcome their challenge without slowing the pace of transactions. Join us to learn: • Best practices for securing web-facing applications on AWS • The features and benefits of using Barracuda WAF on AWS to protect web-facing applications from targeted and automated attacks • Insights on the flexible deployment options that Barracuda offers to best complement your AWS environment Who Should Attend: Directors, Security Managers, Security Engineers, Security Architects, IT System Administrators, System Administrators, IT Administrators, IT Managers, IT Architects, IT Security Engineers, Business Decision Makers

How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds

SBWebinars

Addressing public cloud security and compliance is overwhelming given the lack of visibility and monitoring security teams have over their assets in the cloud. This problem is further compounded given the cloud’s benefits of speed and scale and that legacy security tools simply can’t keep pace. Alarmingly, Gartner predicts that through 2022, at least 95 percent of cloud security failures will be the fault of the customer. Join us for a live webinar with Dan Hubbard, Chief Product Officer at Lacework on how to overcome the challenges of protecting your cloud and how to automate security and compliance across AWS, Azure, and GCP, including: Where traditional security falls short and common threats start Why end-to-end visibility is critical across all of your cloud environments How to scale compliance and audit control as your cloud footprint expands What to consider when securing workloads and containers

Kaspersky Labs - Hyperconverged Presentation.pptx

amalouwarda1

ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’e...

Cyber Security Alliance

Sur fond d’affaire PRISM, lier les mots sécurité et cloud semble de prime abord osé, nous verrons pourquoi cela ne l’est pas forcément. Cette conférence présentera le retour d’expérience concret d’un grand compte sur l’intégration d’infrastructures cloud (IaaS, PaaS et SaaS) dans une architecture existante, ainsi que les différents mécanismes de sécurité qu’il est sage d’utiliser. Nous aborderons techniquement des sujets tels que l’interconnexion de datacenters, les Virtual Private Clouds, l’authentification forte, la segmentation, la défense périmétrique ou la fédération d’identités.

AWS & Intel: A Partnership Dedicated to Cloud Innovations

Amazon Web Services

OK, I Need an IoT Service. Now What??

Guy Vinograd ☁

“In the current market, companies realize that the device itself is not enough. What’s more important is the service around it. Take Philips for example, and see how they managed to covert a basic light bulb business into a lucrative smart lighting experience. The question is 1. How do we do it? 2. To choose from 300+ IoT platforms? 3. To do it by myself? 4. Where do the cloud providers take place? All the answers – in the session.”

Customer Case Study: Achieving PCI Compliance in AWS

Amazon Web Services

PCI compliance is a steep enough challenge, but what happens when your entire infrastructure is in AWS? Do the same concepts of network segmentation and separation apply, and if so how? At what point do AWS compliance efforts intersect with your compliance efforts? This session will cover how Warren Rogers Associates is using the Palo Alto Networks VM-Series for AWS to maintain separation of data and traffic in AWS to improve security and achieve PCI compliance. Warren Rogers Associates pioneered the development of Statistical Inventory Reconciliation Analysis (SIRA) and Continual Reconciliation for monitoring underground fuel tanks and associated lines. These methods are certified in accordance with EPA requirements and have been used by petroleum marketers for more than 25 years. Today, Warren Rogers specializes in statistical analysis and precision fuel system diagnostics for the retail petroleum industry and develops innovative ways to identify and combat fuel shrinkage and theft. Session sponsored by Palo Alto Networks.

Similar to Enterprise Network Security & Compliance - A Vendor's Perspective (20)

AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...

Manjesh cv

040711 webcast securing vmachine

Security at the Speed of the Network

DNA Intelligent WAN Campus Day

Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...

Cisco Connect 2018 Thailand - Software defined access a transformational appr...

CloudOps evening presentation from Savvis

VMware NSX for vSphere - Intro and use cases

Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)

Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda

AWS Security and SecOps

Cyberoam SSL VPN

Barracuda WAF: Scalable Security for Applications on AWS

How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds

Kaspersky Labs - Hyperconverged Presentation.pptx

ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’e...

AWS & Intel: A Partnership Dedicated to Cloud Innovations

OK, I Need an IoT Service. Now What??

Customer Case Study: Achieving PCI Compliance in AWS

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Welocme to ViralQR, your best QR code generator.

ViralQR

Welcome to ViralQR, your best QR code generator available on the market! At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies. Our Vision We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide. Our Achievements Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes. Our Services At ViralQR, here is a comprehensive suite of services that caters to your very needs: Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses. Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding. Pricing and Packages Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service. Why choose us? ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations. Comprehensive Analytics Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country. So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Accelerate your Kubernetes clusters with Varnish Caching

Leading Change strategies and insights for effective change management pdf 1.pdf

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Key Trends Shaping the Future of Infrastructure.pdf

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Bits & Pixels using AI for Good.........

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Welocme to ViralQR, your best QR code generator.

Essentials of Automations: Optimizing FME Workflows with Parameters

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

Assure Contact Center Experiences for Your Customers With ThousandEyes

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Enterprise Network Security & Compliance - A Vendor's Perspective

1. ENTERPRISE NETWORK SECURITY & COMPLIANCE A VENDOR’S PERSPECTIVE Anusha Vaidyanathan Product Management

2. DISCLAIMER The views expressed here are my own, though I may draw examples from my past and present professional experiences.

3. AGENDA Scope  B2B - Vendors selling to enterprises  "Devices in your network" Not in scope  Not about specific security solutions Devices in your Network

4. COMPLIANCE ALPHABET SOUP FIPS 140-2 Common Criteria ICSA NSS PCI DSS HIPPA SOX ISO 27002 FIPS200 GLBA FISMA NERC IT Security & Compliance Product Security & Compliance Homologat ion FCC, UL, CB/CE DVTTCG – TPM Export Complian ce Hardware Security & Compliance

5. Internet Mobile Branch Saas Applications Paas/Iaas Applications White-box switches Data Center DEVICES IN YOUR ENTERPRISE NETWORK TODAY Courtesy: Palo Alto Networks Virtual Firewall

6. A BRIEF HISTORY Then Now Centralized+ Distributed Programmable VNFs /Service chaining Network Virtualization Tightly Coupled Rigid Monolithic Custom hardware

7. A BRIEF HISTORY Then Now Hypervisor IaaS Clouds Virtual Physical Orchestration Courtesy: Juniper SRX 5600 Courtesy: Silver Peak Systems Inc.

8. WHOSE ‘OS’ IS IT ANYWAY? Applications  Management and Orchestration  Malware analysis  Analytics  SIEMs  Anti-Virus  DLP Embedded Systems  SDN Controllers  Firewall  Routers  Switches  WAN optimization  Web Application Firewalls  Load balancers  Secure Web gateways  VPN devices  IPS Embedded Systems Cloud Apps (Iaas) Applications Cloud Apps (Saas/Paas)

9. A BRIEF HISTORY Then Now Service Chaining SD-WAN and Firewall VNFs Courtesy: Silver Peak Systems Inc.

10. A BRIEF HISTORY Then Now Centralized Orchestrator, Distributed Devices Courtesy: Silver Peak Systems Inc.

11. A BRIEF HISTORY Then Now Courtesy: Silver Peak Systems Inc.

12. • FIPS boundaries - hardware vs. software only • TPM for virtual • Common Criteria – Evolving => Assurance levels to Protection Profiles • IPSec/SSL encryption – commodity hardware, AES NI instructions Compliance Considerations

13. New Threat Vectors •Virtualization – Hypervisor, Containers Courtesy: Docker

14. New Threat Vectors & Considerations •Programmability • DDoS on REST APIs • Authentication • Distributed Data Plane – Backward & Forward compatibility •‘Outside the Box’ - Secure communications

15. RISING OPEN SOURCE USAGE Copy-left vs. Permissive licenses Vendors  Publish ALL 3rd party licenses  Publish source code for modified copy-left licenses  Maintain tabs on Bill of Materials  Provide trickle-down SLAs for open source vulnerabilities Courtesy: Blackduck Software

16. “SHARE MY PIE” Vendors Enterprises Vulnerability Assessment • OWASP top 10 • SANS 25 • TCP/IP attacks Penetration Testing • Privilege escalations • Availability • Security Posture

17. DEVOPS AND HOSTED CLOUD APPLICATIONS The release is dead, long live the release! Network vendors with physical, virtual, IaaS products  Follow (Agile) software release cycles Enterprises with cloud or web services Saas/Paas products  Devops model  Risks  Availability, Stability, DDoS Courtesy: http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr

18. SUMMARY  Enterprise networks are adapting to network virtualization and cloud applications  Programmable, hardware agnostic products introduce new threat vectors  Vendor compliance standards help in enterprise IT security & compliance  Vendor best practices for open source usage & vulnerability assessment

19. THANK YOU Questions?

Editor's Notes

Alphabet soup of IT security What applies to vendors - FIPS, ICSA, Common Criteria, NSS FIPS - crypto implementation, key management, random bit generation, X.509 certificates =>no weak protocols, physical security in level 2 and above CC - secure Communication channel (data in transit), RBAC, Audit logs, System services, protect stored keys (data at rest), ICSA, and NSS are firewall, network security certifications ICSA – basic firewall, NSS – effectiveness, price, performance Common requirements Encrypt data at rest, in transit – make sure crypto is right, RBAC, Audit logs, change management, Business Continuity, disaster recovery , NTP time sync, Firewall/IPS implementation is right - ICSA Hardware CB - safety of electrical and electronic components, CE for EU UL – independent 3rd party testing FCC – radiation DVT – very product centric. Includes functional, performance, environmental, mechanical, MTBF, electro magnetic tests after prototyping TPM, export compliance What doesn't apply to us, but what we design for - Industry-level certifications - PCI, HIPPA, SOX, FedRAMP, FISMA, ISO2700x, NERC, GLBA SOX – publicly traded company GLBA – bank, insurance, fin serv FISMA – govt, govt contractors, PCI – credit card merchants NERC – electric generator, provider etc.tc.
FIPS: Vendor dilemma, should I certify h/w or s/w – physical, virtual, cloud, should I pay my FIPS lab 3 times (expensive) TPM virtual – commodity h/w, not for virtual, how do I secure private keys in virtual? Encryption has changed – no h/w accelerators, though they are not going away. Intel processors have AES NI instructions. So AES encryption is now more popular than 3DES.
Hypervisor security Ex: lockdown on host OS, ensures that you enforce guest OS user access Can I copy and paste between VM consoles CPU, memory, storage are shared. Can one VM over-ride the other – have to restrict Container – set of namespaces or resource groups, without the overhead of a virtual/guest OS Containers with root privileges – privilege escalation , unintended Most networking vendors have Containers in their roadmap Container – 2016 survey – 16% of orgs already using containers in production – mostly for development, testing, 30% have headaches about security, isolation (Cloud Foundry survey – Leading paas platform, pivotal built on top, GE Predix cloud is built over it) Answers: Right now, onus is on enterprises, not on vendors for IAAS, virtual products.
“Many moving parts”- Centralized orchestrator, multiple devices in the network. TLS/Ipsec between each control/data connection ?
A permissive licence is as it says, and allows the user to copy, repackage, sell, or change the code in any way the user likes, as long as some form of attribution is given. A copyleft licence, such as the GPL, gives similar rights but ensures reciprocity by obliging those who distribute the code to pass on the same rights to others How it affects end user organizations – Opensource is a product security issue – it affects IP rights, right to commercially buy and sell a product Google has aimed to remove all GPLed software from Android's userland, and Apple won't allow GPLed software to be sold through its App Store,
Enterprise IT –” uncover all issues in my org, network and security posture” Vendors – “are all my products vul free, opensource components patched in a timely manner” Vendors leaning on vulnerability assessment vs. enterprises leaning towards pen test Vul assess frameworks OWASP top 10 – design for XSS, SQL inject, input-output vuln, session authentication, SANS 25 TCP/IP vulnerabilities – RFC compliance, FTP bounce attacks, IP smurf attacks, spoofed TCP resets
Started in 2009 with flickr – 10 deploys per day, model is do away with releases always develop on trunk, head of your code, so number of revisions doesn’t matter Fix fast, deploying faster, one step build and deploy Most web services, cloud apps Network vendors still use release cycles- Agile, from waterfall, not entirely devops Cloud apps are devops style Fix fast, Patching quicker, Responsible software development – one step development, build and deploy

Enterprise Network Security & Compliance - A Vendor's Perspective

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Enterprise Network Security & Compliance - A Vendor's Perspective

Similar to Enterprise Network Security & Compliance - A Vendor's Perspective (20)

Recently uploaded

Recently uploaded (20)

Enterprise Network Security & Compliance - A Vendor's Perspective

Editor's Notes