Virtualization security must be as dynamic as the environment it is protecting. Learn how to build security automation into your virtual and cloud computing environments by using VMware's vShield API.
In this webinar, you will learn:
1. An introduction to security automation and why it matters
2. An overview of VMware's vShield and its API
3. Real world cloud examples of how to use the vShield API for security automation
The security practitioner's role is changing significantly. Trends like mobile, cloud, DevOps, and Zero Trust are creating new roles and erasing others. This presentation navigates these changes and makes some recommendations for folks wanting to keep up with the curve.
Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure.
To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.
In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.
The presentation covers:
• Challenges surrounding increased migration to public clouds
• Using automation for secure DevOps
• How to ensure effective and efficient operations
To watch the on-demand webcast, visit https://lps.qualys.com/securing-your-public-cloud-infrastructure.html
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.
During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments.
Understand how:
• To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment
• To track remediation progress as you patch against Spectre and Meltdown
• The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress
Watch the on-demand webcast: https://goo.gl/6FQ6uJ
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications.
You will learn how Qualys Cloud Platform allows you to:
• Have all of your data analyzed in real time
• Respond to threats immediately
• See the results in one place, in just seconds
• Protect your digital transformation efforts
Watch the on-demand recording: https://goo.gl/gC7jZR
Data Protection & Shadow IT in a cloud eraDavid De Vos
The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
Skybox Security addresses recent trends and changes in strategy in the network security space and the challenges facing IT security professionals and CISOs.
The security practitioner's role is changing significantly. Trends like mobile, cloud, DevOps, and Zero Trust are creating new roles and erasing others. This presentation navigates these changes and makes some recommendations for folks wanting to keep up with the curve.
Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure.
To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.
In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.
The presentation covers:
• Challenges surrounding increased migration to public clouds
• Using automation for secure DevOps
• How to ensure effective and efficient operations
To watch the on-demand webcast, visit https://lps.qualys.com/securing-your-public-cloud-infrastructure.html
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.
During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments.
Understand how:
• To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment
• To track remediation progress as you patch against Spectre and Meltdown
• The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress
Watch the on-demand webcast: https://goo.gl/6FQ6uJ
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications.
You will learn how Qualys Cloud Platform allows you to:
• Have all of your data analyzed in real time
• Respond to threats immediately
• See the results in one place, in just seconds
• Protect your digital transformation efforts
Watch the on-demand recording: https://goo.gl/gC7jZR
Data Protection & Shadow IT in a cloud eraDavid De Vos
The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
Skybox Security addresses recent trends and changes in strategy in the network security space and the challenges facing IT security professionals and CISOs.
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never?
In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies.
We will examine:
• Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks
• Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues
• Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely
• Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
The belief that cloud computing is not as secure as on-site servers stems from a number of myths that have been floating around since the first cloud-based solutions were introduced. Some of the most common myths about cloud security are presented on the following slides — along with the facts that dispel these myths.
The following slides present an
application security checklist — a look at how your company can counter the
impact of seven top application security threats.
Can Cloud Solutions Transform Network SecurityEC-Council
Cloud computing today has become an integral part of network security. In fact, cloud computing has benefited businesses in many ways. Read more on 7 Ways Cloud Computing Transforms Network Security.
https://www.eccouncil.org/programs/certified-network-security-course/
#cloudcomputing #networksecurity #cybersecurity #eccouncil
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
Transforming the digital experience of your workforceRES
The workforce is changing and organizations must adapt fast. These new ways in which employees work are putting lots of demands on IT. Learn how automation and an intuitive service app store can strike the balance between enabling employees to work how they want, from any device all while giving IT greater governance around both application and service access. See a live demo of how you can improve user experience while streamlining IT processes.
Achieving Continuous Monitoring with Security AutomationTripwire
This presentation provides:
An overview of continuous monitoring
Discusses federal requirements for continuing monitoring
Explains why it is critical for risk mitigation
Describes an effective continuous monitoring strategy that brings together data from different security controls in one place
Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never?
In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies.
We will examine:
• Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks
• Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues
• Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely
• Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
The belief that cloud computing is not as secure as on-site servers stems from a number of myths that have been floating around since the first cloud-based solutions were introduced. Some of the most common myths about cloud security are presented on the following slides — along with the facts that dispel these myths.
The following slides present an
application security checklist — a look at how your company can counter the
impact of seven top application security threats.
Can Cloud Solutions Transform Network SecurityEC-Council
Cloud computing today has become an integral part of network security. In fact, cloud computing has benefited businesses in many ways. Read more on 7 Ways Cloud Computing Transforms Network Security.
https://www.eccouncil.org/programs/certified-network-security-course/
#cloudcomputing #networksecurity #cybersecurity #eccouncil
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
Transforming the digital experience of your workforceRES
The workforce is changing and organizations must adapt fast. These new ways in which employees work are putting lots of demands on IT. Learn how automation and an intuitive service app store can strike the balance between enabling employees to work how they want, from any device all while giving IT greater governance around both application and service access. See a live demo of how you can improve user experience while streamlining IT processes.
Achieving Continuous Monitoring with Security AutomationTripwire
This presentation provides:
An overview of continuous monitoring
Discusses federal requirements for continuing monitoring
Explains why it is critical for risk mitigation
Describes an effective continuous monitoring strategy that brings together data from different security controls in one place
Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/
A short powerpoint that goes "Around the World in 8 Pages" as far as geography and literature is concerned. Also addresses common themes among world literature.
Powerpoint presented to Content Investigations class. Contains an overview of my Holes and Goals project and the products that make up that assignment.
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
Cloud technology has made enterprise-wide digital transformation an achievable reality, even for the largest financial services companies. Organizations can now rearchitect operating models to improve the way they interact with customers, regulators, employees and service partners. It is also opening avenues to experiment with innovations like IoT, blockchain and machine learning, among others. However, a common misperception is blocking adoption for many organizations: on-premise IT infrastructure is more secure than the cloud. The reality is financial services organizations migrating to the cloud have access to some of the most innovative security technologies on the market today—systems so robust that they would cost millions of dollars to build in-house. In this session, you will hear an overview of how cloud-enabled programs can enhance your organization’s security postures and make you more secure than your on-premise status.
Steve Porter : cloud Computing SecurityGurbir Singh
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.
Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run.
Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team.
It doesn't have to be that way.
Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem.
When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on.
In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture.
Presented at BC Aware Day, 31-Jan-2017
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
- Design a workload-centric security architecture
- Improve visibility of AWS-only or hybrid environments
- Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
To protect and ensure the availability of network services in charge to control critical infrastructure of organizations
The SIMOC is a platform that allows the creation of segregated cyber environments, with FOCUS on SECURITY.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
4. “ The ‘fortress mentality’ is outdated – and is no longer realistic or practical… Automation will quickly become a ‘must-have’ component in the overall security strategy of every IT organization. There is simply no other way to detect threats swiftly enough, let alone to contain the damage and recover from it. ” - Accenture Technology Vision 2011
5. Presentation Outline 1 2 Virtualization Security Challenges vShield Vision and Overview 4 3 Achieving the Security Automation VIsion Security Integration Use Cases
17. vShield Vision for Security vShield is security middleware between disparate devices. Security products work together to adjust to changes in the environment.
18. vShield as security middleware is a realistic vision for virtual environments vShield Is NOT A Silver Bullet ≠ vShield
21. Our Focus Today Policy Violations Application 1 3rd Party Vendor X FW rule changes vShield App/Edge X VMware vSphere
22. Example of REST API GET command GET https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ----> (username, password) <----------------------------- vShield XML Ruleset
23. REST API POST Command POST https://10.1.1.1/api/2.0/app/firewall/datacenter01/config----> <------------------------------------ Ruleset Acknowledgement
25. vShield and Private Cloud Provisioning Provision Secure Maintain Security Request User-Initiated Automated Automated Automated User requests virtual infrastructure via Web portal vCenter, vCloudAPIs are used to provision VM(s) vShield APIs are used to provision VM firewall rulesets Third party security products use vShield & vCenter APIs to update security configuration
26. Use Case: Virtual Server Deployment Virtual Server Portal Step 1: User requests a VM from a Web portal Your Contact Information VM Configuration Your Org Information, Cost Code, etc. 2 CPU CPU Region 2 GB Memory Server Type 40 GB Lease timeframe Disk Storage More…
27. Use Case: Virtual Server Deployment Step 2: vCloud Director provisions the VM
28. Step 3: Apply security group and firewall ruleset Use Case: Virtual Server Deployment
29. Step 4: Third party products update configuration Use Case: Virtual Server Deployment 443 vShield API Third Party Security Vendor
30. Step 4 (optional): VM Quarantine can be used Use Case: Virtual Server Deployment vShield API Third Party Security Vendor
32. vShield and Multitenant Clouds Step 3 Maintain Security Step 2 Secure Cloud Step 1 Provision Cloud Tenant requests a datacenter vCloud Director provisions a resource pool and a port group vShield Edge is deployed on port group with appropriate firewall, NAT, and load balancing configuration Automated IT-Initiated Automated Update firewall configuration as required
33. Use Case: Public Cloud Deployment Step 1: Tenant requests datacenter Resource pool and port group are provisioned Port Group Resource Pool CPU Memory Storage Network VMware vSphere + vCenter
34. Use Case: Public Cloud Deployment Step 2: vShield Edge is deployed SHARED SERVICES Physical Datacenter Virtual Datacenter Tenant A NAT NAT VMware vSphere + vCenter
35. Step 3: Update firewall configuration as required Virtual Datacenter Tenant A Use Case: Public Cloud Deployment VMware vSphere + vCenter
37. Virtual Environments are Dynamic Source: Christofer Hoff, Virtualization & the End of Network Security
38. Operation Shady RAT “ There are only two types of Fortune 2000 companies – those that know they’ve been compromised, and those that don’t know. ” - Dmitri Alperovitch, McAfee Threat Research
39. “ In the past, IT has architected everything around the idea of ‘100 percent security’… there is no such thing as watertight IT security. This fortress mentality must now give way to a realistic and practical approach… the speed and frequency of attacks dictate that human responses must make way for automated capabilities. ” - Accenture Technology Vision 2011
40. ” “ Never send a man to do a machine’s job. Agent Smith
41. “ Applications are like fish and data is like wine. Only one gets better with age. ” James Governor, RedMonk
42. vCenter Integration Becomes Crucial VM and Host Inventory Migration & Snapshot History VM Online/Offline Status
43. Security APIs Become Important IDS/IPS Antivirus Firewall API Data Exchange Flow Analysis Vulnerability Assessment Full Packet Capture
44. So How Do I Get Started? So how do I get started with security automation?
45. 1 2 VMware vSphere Implement Security in Virtual Environments Bridge the Enterprise Silos 4 3 Consider Open Source Vendor Integrations Require vShieldIntegration and APIs
I wanted to also share this quote from the Accenture Technology Vision report of 2011. This report addresses some of the big trends in technology such as big data and cloud computing. About IT security, the report makes the point that there needs to be a shift in how security professionals think. Security used to be about setting up a secure perimeter and if this perimeter were breached then the entire organization is at risk. But the reality is a lot more complex. Organizations are getting compromised all the time, and some attacks are really successful and some are not. But no organization has the resources to adequately investigate every single compromise and figure out what happened. This is why automation is so important.
So with that said, let’s go into the main outline of this presentation. I’ll break it into 4 major parts. The first will be about why we’ve seen so many challenges in properly implementing security in virtual environments, and why we are hopefully seeing changes. The second part will give a brief overview of the vShield vision and how its API works. The third part will go through some use cases of how to use this API for security integration and automation. We’ll also talk about how APIs from other security products can also be used to help. And then we’ll end with some practical steps for how one can start implementing more security automation solutions.
How much are we seeing security in virtual environments? Unfortunately, not as much as we would like.One of the big issues I’ve seen in customer environments is the existence of silos. This has been the nature of enterprise IT – each group runs its own separate hardware and software. Networking, virtual, and security teams have traditionally owned and run their own gear.In many situations, the VMware group needs to focus on critical factors such as hardware consolidation, ROI, and speed of deployment. So security tends to fall lower on the priority list. And because security is a separate silo with its own concerns, it hasn’t gotten too involved in that virtual environment.
Another challenge with security is its static natureMany security tools make the assumption that the environment is static and policies don’t have to change very often. As one example, look at how long it takes to make a firewall rule change. It could take a few days.
But we don’t live in a static world, especially given the dynamic nature of virtual environmentsThink about how many VMs are being created, or moved around between locations, or changing because of snapshot reversions.I think the recently announced VXLAN will help to ease migration of VMs between private and public clouds but there’s still the open question of how you update all of your security devices in different clouds as you are moving these VMs.What all this means, is that the static nature of security is another hindrance. Security devices may fragment the virtual network and create overly rigid topologies. This keeps the virtual environment from being as dynamic as it should be so it can’t provide the appropriate business benefits. Or the security tools may not even work properly because they can’t see inside the virtual environment or their policies are obsolete. If any of this happens then the security just won’t be put in because it gets in the way or it isn’t worth it.(Devices are chokepoints and fragment the virtual architecture; capacity is never right-sized, no intra-VM visibility, rigid topologies)You also may need lots of different boxes that each perform different functions. Integrating together is challengingLastly, vendors may not even have virtual-specific solutions that you can use
But I think we’re seeing some positive trends now. One key driver is the new PCI virtualizationguideilnes, released this past June. And they really try to clarify how PCI applies to virtual environments. If you deal with PCI at all, I highly recommend you download this document from the PCI Web site and take a look. Here is a high level summary of what’s in the document:You need to implement some type of network security to monitor and protect virtual assetsYou need to enforce segregation of duties and least privilege in a virtual environment – which means that no one group can no longer have root access over everything.Mixed mode virtual environments are possible but you need to put in extensive security controls to show your auditor that isolation between trust zones is properly enforced.Finally, In-scope virtual systems and the hypervisor are subject to hardening and monitoring requirementsThe bottom line is that we should see greater collaboration between virtual and security teams because they need to work together to ensure their environment complies with the PCI requirements.
Here’s another driver for security, which is the steadily increasing percentage of virtualized assets in the enterprise. This graphic here from this past year’s Partner Exchange last February and shows that we have hit a crucial milestone at 30% virtualization. So the easy stuff has been virtualized and enterprises are now looking to virtualize their mission critical apps such as their database and SAP servers. I know that many of you would argue that you’ve already done this in your environments but we’re talking about doing this across the board in general.So to get to the point where 40-50% of applications are virtualized, and this is one of VMware’s big goals for this year, security becomes a much bigger deal. It’s not as critical for some of these easy apps, but it needs to be addressed or at least discussed for the mission critical apps.
And this brings us to how security products themselves need to change to be more dynamic.And this is where the vShield vision comes in. vShield is promoting a vision of integration between different security devices to protect the environment and adhere to regulations. It becomes the “security middleware” so products can work more seamlessly.vShield is not intended to be a manager of managers, but it enables multiple security products to work together to understand the virtual environment and adjust to changes. Policy violations is just one example.
vShield is NOT a silver bullet for security or compliance in virtual environments because this doesn’t exist. It’s too complex of a problem. But I think this vision of vShield as security middleware is realistic and I hope it will bring multiple security vendors together.
Which brings me to this phrase here that “code is law”. Lawrence Lessig is a lawyer who used this phrase to basically say that source code determines what is real and what is not. This phrase applies here too. vShield isn’t just fluffy vaporware. We have a documented API and source code samples. And we can see what this API can and can’t do. So let’s explore the API in more detail and see what’s possible.
Here’s a quick overview of the main components of vShield. They’ve been well discussed by now. We’ll mainly focus on vShield App and Edge and their network security functions.Edge is a virtual router supporting firewall and various other functionsApp is primarily a NIC-level firewall for VMs – each virtual NIC can have its own separate firewall rules
So here’s a specific example of vShield and policy enforcement. So as a third party security vendors sees behavior in a virtual environment that violates policy, it uses the vShield API to change the environment’s security configuration. The API changes firewall rules or security groups so you can block traffic or quarantine an entire VM.This specific diagram is showing App but the same principle applies to Edge, where the firewall sits at the edge of the virtual datacenter.
The API is very simple. A REST API is based on HTTP URLs. The URL determines the command. You do a GET to retrieve data, and you do a POST to send data back. So in this case we want to look at all the firewall rules for a virtual datacenter. You do an HTTP GET to this URL while submitting your username and password with HTTP authentication, and vShield Manager sends back the ruleset in XML format. This is for a datacenter object but you could get rules at different levels of granularity: clusters, resource pools, vApps, or port groups.This means that you can have rulesets down to the individual port group. So as VMs are migrated between physical ESX hosts, if they are connected to a distributed switch then their port group configuration remains the same. This means that rulesets can essentially “follow” VMs as they are migrated between hosts.
Now that you have your rules, you make a change such as adding a new rule. And then you call the same URL with an HTTP POST command and submit the new XML ruleset.That’s how you would see and change firewall rules. The most important principle is that it is very straightforward to use these URLs to access security configurations, make changes to them, then push them back to activate them.
I’ve included other examples of REST commands. Hopefully they are self-explanatory. The first URL enables you to get or edit the NAT configuration, the second will start the load balancers, and the third will enable you to get or edit a list of syslog servers to send data to
Now that we understand some more about vShield and its API, let’s see how they fit into the bigger picture of security automation. In this specific example, you want to automate security for the provisioning process of a new VM. Here I’m talking about a private cloud. But this concept can also apply to non-cloud virtual environments too.Here’s a 4 step process: Request a new VM. Then provision the instance. Then provision its security policy in the form of a firewall. And finally, maintain this policy over time by making the appropriate changes. So the security automation is in the provisioning and ongoing maintenance stages.
To provide even more detail, let’s go through an actual use case. I know this is highly simplified and there are a lot more details I could have included but I wanted to just get the main points across. An enterprise has built a private cloud for virtual server deployment. This example is also well suited for virtual desktop deployment and you can substitute virtual desktop as we go through this. But integration between vCloud Director and VMware View is still down the road.In any case, this enterprise has built a portal so multiple groups worldwide can request a server VM to be created. And the Server Type such as Web server, LDAP server, etc. determines the server’s function and its security policy as well. LDAP servers should only have ports 389 and 636 open, along with a few other management ports. Instead of individual servers, you could also request entire applications because we’ll be provisioning vApps on the back end.
The next step is for a vApp to be created from the appropriate Org datacenter with the appropriate resources. The vApp consists of a single VM. There are different ways of assigning the IP address but once it’s obtained, it is then registered for that VM.Internal database: register IP, MACvCloud Director: provision cloudWeb PortalFront End displaying information regarding the service and form to request a systemMicrosoft SharePointWorkflow Engine including Lifecycle ManagementIntegration Point for internal systems including Chargeback and Hostmaster Registration SystemVMware vCloud DirectorWeb Based User Interface to consume cloud resourcesEnables the Private CloudVMware vShield Application / EdgeVirtual Appliance to implement, manage and maintain security policySecurity in the Private Cloud
Step 3: vShield App is deployed and configured [does any part of this happen before new VMs are added?]each VM is automatically put into the required Security Group (determined by what user requested in portal) Deploy vShield App on all hosts which will have VMs in this vDC/private cloud Configure vShield App for datacenter level rules (L2/L3 ICMP, ARP DENY, etc. - get from slides] Configure vSheild App for SG level rules (VDI can’t talk to each other, etc. - get from slides]
Firewall changes can be permanent or temporary
Step 4 (optional): vShield App can also quarantine the VM if it is considered to violate a security or policy thresholdQuarantine can be temporary or permanent, i.e. requiring operator intervention to restoreSo that ends the first example of how you would security automation to apply a security policy for provisioning and then enforce that policy over time.
Now I’ll go through a public cloud example with a multitenant environment. Automation is similar in that you’re using it in the provisioning and ongoing operations stages, but the architecture is different. And you may make different kinds of security policy changes, which I’ll show in a bit.
In that org datacenter, you deploy an Edge security appliance is provisioned via vShield API with the appropriate firewall, NAT, load balancing servicesYou would also use the API to assign internal and external IP addressDefine NAT rulesDefine firewall rules for that Edge device.
And the final stage is that you would update the tenant’s firewall configuration as required. In this example, the tenant has subscribed for a protection service where they want the firewall to block additional IP addresses that could be members of botnets. So an ongoing basis, the firewall configuration is updated with addresses from a variety of third party security sources to provide additional protection.So here is another example of security automation, this time in a multitenant environment. You’re once again using the vShield APIs for security provisioning and then you also them to provide additional security services.
So at this point I want to do a reality check and ask you, do you think all of this is really practical? I’m sure for some of you, you’re wondering if you ever want to allow these type of dynamic firewall rule updates? After all, change control processes exist for a reason. Lack of change control helped to create this kind of environment shown here. You need some sort of order to hold back the chaos that will result. And you may also need processes for compliance or regulatory reasons.
I don’t claim to have all of these answers, and I think we collectively as a security industry will have to figure this out over time. But I do know that we don’t live in a static world. And we can’t assume anymore that static security will adequately protect us.I touched on the highly dynamic nature of virtual environments previously. No one can manually keep track of what is going on. Static security policies will constantly be out of date. And these obsolete security policies not only don’t adequately protect the environment, they get in the way of the business. Legitimate applications get blocked, and this just lends ammunition to NOT putting security into a virtual environment.
And we can never forget that there is an adversary out there that is constantly changing, getting smarter, always looking for new ways of breaking into systems and stealing data. That’s ultimately why the security industry exists. Many of you may have heard of Operation Shady RAT, where multiple governments and defense contractors were compromised in a 5-year hacking campaign. Targets were found in 14 different countries. There are other examples of compromises that we know about, such as Sony, RSA, Epsilon, and Citibank. There are many others that we don’t know about, and it’s not clear that the organizations who have been hacked are even aware of this.The bottom line is that we as a security industry – both vendors and enterprises – need to think beyond what we’ve been doing and look at new tactics. Automation has transformed the IT industry in general and there’s every reason to think that it can transform our industry as well.
I just wanted to mention another quote from the Accenture report underscoring this point. We can’t keep the hackers out 100% of the time. Watertight IT security doesn’t exist, as the quote says. This isn’t realistic. Instead we build automation to detect attacks and to respond to them as the first line of defense. What we’ve talked about today, about automating the provisioning process and policy enforcement, are just first steps. There’s so much more that we need to do.
Put another way: let’s not do manually what we should be doing automatically.
Before we end, I want to shift gears a bit and go beyond just vShield automation and talk about how security products can become more tightly integrated with one another to automate the analyst’s job.What is the value of integrating security products together? From what I can tell by talking with lots of customers out there, it’s all about the data. Each security product generates its own dataset, and what security analysts really need is a way of taking multiple security datasets and intelligently combining it together. Security products shouldn’t be focused on keeping the data locked up in its own product but the data should be freely available via APIs and database queries so it can be used for analysis.
And this is where contextual data about the virtual environment can be helpful too. Security products can use this data to determine some really useful things:Which VMs are located on an ESX hostWhen a migration takes place and where toHow security policies may change or break because of a migration Whether a VM is online or offline and available for scanning or patchingAll this data is accessible via the vSphere SDK.One of the signs of a security vendor who understands the virtual environment is one who is pulling this data and doing something useful with it.
So as I talk about combining security datasets for useful analysis, I’m not just talking about what SIMs do, where they aggregate the data in one place and then use correlation rules.I’m talking about selecting combining data to make intelligent decisions. This is what security analysts do today. If they see something strange in one security console, they will jump from product to product manually to figure out if this represents an actual compromise. This manual process is what we need to automate so the security person can focus on more important tasks, such as defining the architecture.Many of you may have heard the term “big data”. It’s becoming somewhat of a fad but it’s the idea of taking massive datasets and utilizing automated analysis techniques such as machine learning to figure out useful trends. Machine learning recommends new books for us to buy, or it identifies spam. We need these tools to identify anomalies in security data or mutations in existing malware because humans can’t look through all the data themselves.
So this vision of security automation may appeal but you’re not sure where to begin. You don’t know how to use these APIs, and you don’t have to time to build integrations.
We’re at the beginning of this transition to automation so it will take time and we have to go one step at a time. Step 1 is to make security a priority for your virtual environment. Create a specific security policy for VMs as they are provisioned or migrated. Are you going to scan them? What do you do about offline VMs? Think about how you should segment your VMs, either on the same host or between hosts. Think about where vShield will fit in.Step 2 should be a result of step 1 but it’s really about working together on a shared goal. It really will take a bridging of the silos to implement proper security.Step 3: Talk to your vendors and ask them about their plans for vShield integration. What is their vision for understanding the virtual environment and dynamically adjusting to changes? How can they make their data available for analysis by other products?Step 4: This may be a bit controversial but some integrations between vendors may still be open source and not “officially” supported. But take a look at them and see if they add value. If they do then consider pushing a vendor to officially support them.
This is my conclusion. My biggest point is that we need security automation in a dynamic environment because security people just don’t have time to find and react to all of the malicious activity out there. Automation should be our first line of defense.
If you haven’t already, take a closer look at vShield. It has a vision of dynamic security that is provisioned “at birth” and hooks into other security products. I’ll be the first to say that there are many other improvements that could be made to vShield. I have a whole list of feature requests. But at least they have a vision for security automation and they are on the right path.
Finally, we as vendors need to do a better job with automation in general. We also need to more fully plug into the virtual environment, being aware of what’s going on and responding to changes dynamically.
