SlideShare a Scribd company logo

Software-Defined Segmentation Done Easily, Quickly and Right

Download as PPTX, PDF
S
SBWebinars

Recently there has been a realization that traditional methods of segmentation like VLANs and Firewalls are not suitable for today’s rapidly changing enterprise environments. In this webinar come learn about how modern software-defined segmentation solutions: Start with visibility. Provide enterprises with easy ways to identify and label workloads. Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain. Enables DevOp automation, provisioning and management. Is decoupled from and works in an agnostic fashion across every enterprise platform. Provides unparalleled security while enabling compliance and ongoing compliance validation.

Technology
1 of 51
1 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore
2 // Guardicore – Security Boulevard Webinar2 // Guardicore – Security Boulevard Webinar Goals of Today’s Webinar 1. What are the Challenges Driving Software-Defined Segmentation? 3. What are the Software Segmentation Rollout Steps? FINAL GOAL: Software-Defined Segmentation Done Easily, Quickly & Right! 4. Why Traditional Segmentation, Firewalls & First Generation of Software-Defined Segmentation Failed? 2. Why Software- Defined Segmentation? What are the Use Cases? 5. What are the Solution Requirements for Software Segmentation?
3 // Guardicore – Security Boulevard Webinar The Challenges that Have Led to Software-Defined Segmentation
4 // Guardicore – Security Boulevard Webinar4 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges  Even in enterprises that haven’t moved to cloud.  Even in traditional environments and use cases.
5 // Guardicore – Security Boulevard Webinar5 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges For Both…
6 // Guardicore – Security Boulevard Webinar6 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges For IT… Visibility & Management
7 // Guardicore – Security Boulevard Webinar7 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Software-Defined Segmentation The Solution
8 // Guardicore – Security Boulevard Webinar8 // Guardicore – Security Boulevard Webinar A Point on the Name ▪ Also known as Micro Segmentation • But term is often misconstrued/misinterpreted as a single use case where segmentation is used between the tiers of an application. ▪ Software-Defined Segmentation • A better term for the solution. • Hundreds of use cases where Software-Defined Segmentation can be utilized.
9 // Guardicore – Security Boulevard Webinar9 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases Point of Sale Systems Medical Devices Dev/User Acceptance/Production Environment Separation Separation of IoT/Building Controls/Users/Data Centers Protection of Legacy Apps/OS’ Micro-Segmentation Between Tiers of an Application. Digital Crown Jewels Protection Compliance Data Center Transformation
10 // Guardicore – Security Boulevard Webinar10 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases PCI SWIFT HIPAA GDPR California Privacy NY SHIELD Digital Crown Jewels Protection Compliance Data Center Transformation
11 // Guardicore – Security Boulevard Webinar11 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases Digital Crown Jewels Protection Compliance Data Center Transformation Mergers & Acquisitions Cloud Migration Hybrid Cloud Integration
12 // Guardicore – Security Boulevard Webinar Steps to Rollout Software- Defined Segmentation
13 // Guardicore – Security Boulevard Webinar13 // Guardicore – Security Boulevard Webinar 5 Steps To Software Defined Segmentation Discover, Visualize & Map Label & Group Define Policies Monitor & Refine Enforce
14 // Guardicore – Security Boulevard Webinar Learning from Traditional Segmentation Fails
15 // Guardicore – Security Boulevard Webinar15 // Guardicore – Security Boulevard Webinar Traditional Segmentation Platform Specific VLANs for on-premises only Security groups only for cloud Security Groups per VPC per cloud provider Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity VLANs & ACLs Security Groups Premises Clouds
16 // Guardicore – Security Boulevard Webinar16 // Guardicore – Security Boulevard Webinar Traditional Segmentation Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Multiple management platforms means resource and cost intensive “It takes me months to change VLANs” “IP address changes are a nightmare” Delays, stalled or failed projects VLANs & ACLs Security Groups Premises Clouds
17 // Guardicore – Security Boulevard Webinar17 // Guardicore – Security Boulevard Webinar Traditional Segmentation Can’t easily identify traffic flows & app dependencies Leads to delays, false positive blocks. Production downtime VLANs & ACLs Security Groups Premises Clouds Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
18 // Guardicore – Security Boulevard Webinar18 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server tomcat Policies are only IP address & port based! Doesn’t segment enough! Doesn’t reduce risk! Doesn’t lead to compliance! Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
19 // Guardicore – Security Boulevard Webinar19 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO PROCESS LEVEL POLICIES Web Server tomcat Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity nginx Proxy Server Port 443 evil Web Server Tomcat
20 // Guardicore – Security Boulevard Webinar20 // Guardicore – Security Boulevard Webinar Process based policies? = NO nginx Proxy Server Port 443 evil Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO PROCESS LEVEL POLICIES tomcat Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Actual with VLANs, ACLs & Security Groups Web Server Tomcat Policies are only IP address & port based!
21 // Guardicore – Security Boulevard Webinar21 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server NO IDENTITY BASED RULES accounting databases Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity jumpbox
22 // Guardicore – Security Boulevard Webinar22 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server accounting databases Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting Actual with VLANs, ACLs & Security Groups NO IDENTITY BASED RULES Identity based policies? = NO Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity jumpbox Policies are only IP address & port based!
23 // Guardicore – Security Boulevard Webinar23 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO FQDN RULES accounting databases Port 443 accounting GitHub Web Server Internet Ubuntu DevOps Web Servers DevOps Other Servers Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
24 // Guardicore – Security Boulevard Webinar24 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO FQDN RULES accounting databases FQDN based policies? = NO Port 443 accounting GitHub Web Server Internet Ubuntu DevOps Web Servers DevOps Other Servers Actual with VLANs, ACLs & Security Groups Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Policies are only IP address & port based!
25 // Guardicore – Security Boulevard Webinar Segmentation Fails Firewalls
26 // Guardicore – Security Boulevard Webinar26 // Guardicore – Security Boulevard Webinar Traditional Segmentation Firewalls Perimeter Perimeter Based Not at the right location. Doesn’t follow the workloads Cost prohibitive
27 // Guardicore – Security Boulevard Webinar27 // Guardicore – Security Boulevard Webinar Traditional Segmentation Firewalls Perimeter Not at the right location. Doesn’t follow the workloads Cost prohibitive Perimeter Based You need to be every where
28 // Guardicore – Security Boulevard Webinar Segmentation Fails First Generation Software-Defined Segmentation
29 // Guardicore – Security Boulevard Webinar29 // Guardicore – Security Boulevard Webinar First Gen Software Defined Segmentation Vendors Means L4 policies – same problems as traditional segmentation methods Not platform agnostic. Have to have the hypervisor firewall proximity Two the three vendors in this space have moved on to non-hypervisor methods using agents Clouds Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
30 // Guardicore – Security Boulevard Webinar30 // Guardicore – Security Boulevard Webinar First Gen SDS Vendors In Linux means IP Tables – this means the same L4 IP and Port only policies. Just like traditional methods In Windows while you have better granularity you are missing important other policy types No Black Lists/Deny Lists Means you are fighting local admins for the policies on the box More latency in native OS firewalls Clouds #1 ISSUE FOUND TODAY IN MOST SOLUTIONS Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
31 // Guardicore – Security Boulevard Webinar31 // Guardicore – Security Boulevard Webinar First Gen SDS Vendors Integrated visibility is essential in order to create appropriate labels and policies It accelerates segmentation projects Visibility means you won’t make mistakes Clouds Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
32 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation Done Right
33 // Guardicore – Security Boulevard Webinar33 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Segmentation Done Fast Segmentation Done Right Segmentation Done Easily We’ve covered the use cases, the why, the steps, now the how…
34 // Guardicore – Security Boulevard Webinar34 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Widest Possible platform Support Platforms Bare Metal Hypervisors Clouds Containers Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
35 // Guardicore – Security Boulevard Webinar35 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
36 // Guardicore – Security Boulevard Webinar36 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
37 // Guardicore – Security Boulevard Webinar37 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
38 // Guardicore – Security Boulevard Webinar38 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Enterprises run a very wide array of OS’ imaginable Automated way to ingest new OS kernels/releases quickly Support end of life systems as well Legacy/End of Life Modern Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
39 // Guardicore – Security Boulevard Webinar39 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Policy Granularity Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting accountin g GitHub Web Server Intern et Ubuntu DevOps Web Servers DevOps Other Servers By Process By User By FQDN Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native) nginx Proxy Server evil Web Server Tomcat
40 // Guardicore – Security Boulevard Webinar40 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Policy Black Lists Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native) Production ftpd telnetd tftpd To=cat
41 // Guardicore – Security Boulevard Webinar41 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements No Contention with Admins for Control Consistent Policies & Enforcement Across All Platforms & OS’ Less Latency Server tomcatOS Firewall Agent FW You have control Admin/Root SDS System You have less latency Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
42 // Guardicore – Security Boulevard Webinar42 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Real time an historical visibility. Easily allows you to create/apply labels Easily understand application dependencies Allows you to sort in a variety of ways that people wish to see the enterprise Visibility Flexible Labeling Schema Policy Wizards RESTAPI
43 // Guardicore – Security Boulevard Webinar43 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Platform Visibility Flexible Labeling Schema Policy Wizards RESTAPI
44 // Guardicore – Security Boulevard Webinar44 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Environment Visibility Flexible Labeling Schema Policy Wizards RESTAPI
45 // Guardicore – Security Boulevard Webinar45 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Compliance Visibility Flexible Labeling Schema Policy Wizards RESTAPI
46 // Guardicore – Security Boulevard Webinar46 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Application Dependencies Visibility Flexible Labeling Schema Policy Wizards RESTAPI
47 // Guardicore – Security Boulevard Webinar47 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Allows for flexible visibility (as shown prior) Allows for dynamic workload automation Thus removing the need for manual Move, Adds, Changes & Deletes Within UI & DevOps Scripting Visibility Flexible Labeling Schema Policy Wizards RESTAPI
48 // Guardicore – Security Boulevard Webinar48 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Easy policy creation based on your particular role and need Visibility Flexible Labeling Schema Policy Wizards RESTAPI
49 // Guardicore – Security Boulevard Webinar49 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Ways to digest additional enterprise data like CMDB Ways to to push and pull additional information Automation Visibility Flexible Labeling Schema Policy Wizards RESTAPI
50 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore Q & A
51 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore Web: https://www.guardicore.com Email: Dave.Klein@guardicore.com Thank You

Recommended

Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
Mir Mustafa Ali
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Sylvain Martinez
 

Recommended

Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
Mir Mustafa Ali
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Sylvain Martinez
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
AccuKnox
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
Dragos, Inc.
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Onward Security
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 
Dragos year in review (yir) 2018
Dragos year in review (yir) 2018Dragos year in review (yir) 2018
Dragos year in review (yir) 2018
Dragos, Inc.
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
CA Technologies
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Jason Mashak
 

More Related Content

What's hot

Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
Shah Sheikh
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
AccuKnox
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
Dragos, Inc.
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Onward Security
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 
Dragos year in review (yir) 2018
Dragos year in review (yir) 2018Dragos year in review (yir) 2018
Dragos year in review (yir) 2018
Dragos, Inc.
 

What's hot (20)

Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
DTS Solution - Crypto Flow Segmentation addressing NESA IAF and ISO27001 comp...
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Dragos year in review (yir) 2018
Dragos year in review (yir) 2018Dragos year in review (yir) 2018
Dragos year in review (yir) 2018
 

Similar to Software-Defined Segmentation Done Easily, Quickly and Right

Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
CA Technologies
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Jason Mashak
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Khazret Sapenov
 
Aerohive and Barracuda Whitepaper
Aerohive and Barracuda WhitepaperAerohive and Barracuda Whitepaper
Aerohive and Barracuda Whitepaper
Kappa Data
 
Barracuda integration with aerohive
Barracuda integration with aerohiveBarracuda integration with aerohive
Barracuda integration with aerohive
Kappa Data
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
Abasse KPEGOUNI
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of Segmentation
Adrian Cockcroft
 
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
VMworld
 
CyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_ContentCyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_Content
priyanshamadhwal2
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
GENIANS, INC.
 
Abicloud Technical Overview
Abicloud Technical OverviewAbicloud Technical Overview
Abicloud Technical Overview
Abiquo, Inc.
 
VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015
William L. Brown Jr., CISSP
 
VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015
William L. Brown Jr., CISSP
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Spark Summit
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Webinar: Overcoming the Top Challenges of Recovery to the Cloud
Webinar: Overcoming the Top Challenges of Recovery to the CloudWebinar: Overcoming the Top Challenges of Recovery to the Cloud
Webinar: Overcoming the Top Challenges of Recovery to the Cloud
iland Cloud
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
shezy22
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
AlgoSec
 

Similar to Software-Defined Segmentation Done Easily, Quickly and Right (20)

Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Aerohive and Barracuda Whitepaper
Aerohive and Barracuda WhitepaperAerohive and Barracuda Whitepaper
Aerohive and Barracuda Whitepaper
 
Barracuda integration with aerohive
Barracuda integration with aerohiveBarracuda integration with aerohive
Barracuda integration with aerohive
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
 
In Search of Segmentation
In Search of SegmentationIn Search of Segmentation
In Search of Segmentation
 
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
VMworld 2013: VMware Compliance Reference Architecture Framework: Accelerate ...
 
CyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_ContentCyberArk_Certification_Training_Course_Content
CyberArk_Certification_Training_Course_Content
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
What we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 InfosecWhat we learned from MISA Ontario 2020 Infosec
What we learned from MISA Ontario 2020 Infosec
 
Abicloud Technical Overview
Abicloud Technical OverviewAbicloud Technical Overview
Abicloud Technical Overview
 
VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015
 
VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015VideoEdge Cybersecurity v4.6 - May 2015
VideoEdge Cybersecurity v4.6 - May 2015
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Webinar: Overcoming the Top Challenges of Recovery to the Cloud
Webinar: Overcoming the Top Challenges of Recovery to the CloudWebinar: Overcoming the Top Challenges of Recovery to the Cloud
Webinar: Overcoming the Top Challenges of Recovery to the Cloud
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 

More from SBWebinars

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
SBWebinars
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
SBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
SBWebinars
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
SBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
SBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
SBWebinars
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation Backlog
SBWebinars
 

More from SBWebinars (20)

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation Backlog
 

Recently uploaded

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 

Recently uploaded (20)

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 

Software-Defined Segmentation Done Easily, Quickly and Right

  • 1. 1 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore
  • 2. 2 // Guardicore – Security Boulevard Webinar2 // Guardicore – Security Boulevard Webinar Goals of Today’s Webinar 1. What are the Challenges Driving Software-Defined Segmentation? 3. What are the Software Segmentation Rollout Steps? FINAL GOAL: Software-Defined Segmentation Done Easily, Quickly & Right! 4. Why Traditional Segmentation, Firewalls & First Generation of Software-Defined Segmentation Failed? 2. Why Software- Defined Segmentation? What are the Use Cases? 5. What are the Solution Requirements for Software Segmentation?
  • 3. 3 // Guardicore – Security Boulevard Webinar The Challenges that Have Led to Software-Defined Segmentation
  • 4. 4 // Guardicore – Security Boulevard Webinar4 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges  Even in enterprises that haven’t moved to cloud.  Even in traditional environments and use cases.
  • 5. 5 // Guardicore – Security Boulevard Webinar5 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges For Both…
  • 6. 6 // Guardicore – Security Boulevard Webinar6 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Current Challenges For IT… Visibility & Management
  • 7. 7 // Guardicore – Security Boulevard Webinar7 // Guardicore – Security Boulevard Webinar The Era of Software-Defined Segmentation Software-Defined Segmentation The Solution
  • 8. 8 // Guardicore – Security Boulevard Webinar8 // Guardicore – Security Boulevard Webinar A Point on the Name ▪ Also known as Micro Segmentation • But term is often misconstrued/misinterpreted as a single use case where segmentation is used between the tiers of an application. ▪ Software-Defined Segmentation • A better term for the solution. • Hundreds of use cases where Software-Defined Segmentation can be utilized.
  • 9. 9 // Guardicore – Security Boulevard Webinar9 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases Point of Sale Systems Medical Devices Dev/User Acceptance/Production Environment Separation Separation of IoT/Building Controls/Users/Data Centers Protection of Legacy Apps/OS’ Micro-Segmentation Between Tiers of an Application. Digital Crown Jewels Protection Compliance Data Center Transformation
  • 10. 10 // Guardicore – Security Boulevard Webinar10 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases PCI SWIFT HIPAA GDPR California Privacy NY SHIELD Digital Crown Jewels Protection Compliance Data Center Transformation
  • 11. 11 // Guardicore – Security Boulevard Webinar11 // Guardicore – Security Boulevard Webinar Sample Software-Defined Segmentation Use Cases Digital Crown Jewels Protection Compliance Data Center Transformation Mergers & Acquisitions Cloud Migration Hybrid Cloud Integration
  • 12. 12 // Guardicore – Security Boulevard Webinar Steps to Rollout Software- Defined Segmentation
  • 13. 13 // Guardicore – Security Boulevard Webinar13 // Guardicore – Security Boulevard Webinar 5 Steps To Software Defined Segmentation Discover, Visualize & Map Label & Group Define Policies Monitor & Refine Enforce
  • 14. 14 // Guardicore – Security Boulevard Webinar Learning from Traditional Segmentation Fails
  • 15. 15 // Guardicore – Security Boulevard Webinar15 // Guardicore – Security Boulevard Webinar Traditional Segmentation Platform Specific VLANs for on-premises only Security groups only for cloud Security Groups per VPC per cloud provider Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity VLANs & ACLs Security Groups Premises Clouds
  • 16. 16 // Guardicore – Security Boulevard Webinar16 // Guardicore – Security Boulevard Webinar Traditional Segmentation Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Multiple management platforms means resource and cost intensive “It takes me months to change VLANs” “IP address changes are a nightmare” Delays, stalled or failed projects VLANs & ACLs Security Groups Premises Clouds
  • 17. 17 // Guardicore – Security Boulevard Webinar17 // Guardicore – Security Boulevard Webinar Traditional Segmentation Can’t easily identify traffic flows & app dependencies Leads to delays, false positive blocks. Production downtime VLANs & ACLs Security Groups Premises Clouds Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
  • 18. 18 // Guardicore – Security Boulevard Webinar18 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server tomcat Policies are only IP address & port based! Doesn’t segment enough! Doesn’t reduce risk! Doesn’t lead to compliance! Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
  • 19. 19 // Guardicore – Security Boulevard Webinar19 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO PROCESS LEVEL POLICIES Web Server tomcat Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity nginx Proxy Server Port 443 evil Web Server Tomcat
  • 20. 20 // Guardicore – Security Boulevard Webinar20 // Guardicore – Security Boulevard Webinar Process based policies? = NO nginx Proxy Server Port 443 evil Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO PROCESS LEVEL POLICIES tomcat Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Actual with VLANs, ACLs & Security Groups Web Server Tomcat Policies are only IP address & port based!
  • 21. 21 // Guardicore – Security Boulevard Webinar21 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server NO IDENTITY BASED RULES accounting databases Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity jumpbox
  • 22. 22 // Guardicore – Security Boulevard Webinar22 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds Web Server accounting databases Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting Actual with VLANs, ACLs & Security Groups NO IDENTITY BASED RULES Identity based policies? = NO Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity jumpbox Policies are only IP address & port based!
  • 23. 23 // Guardicore – Security Boulevard Webinar23 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO FQDN RULES accounting databases Port 443 accounting GitHub Web Server Internet Ubuntu DevOps Web Servers DevOps Other Servers Desired Rule Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity
  • 24. 24 // Guardicore – Security Boulevard Webinar24 // Guardicore – Security Boulevard Webinar Traditional Segmentation VLANs & ACLs Security Groups Premises Clouds NO FQDN RULES accounting databases FQDN based policies? = NO Port 443 accounting GitHub Web Server Internet Ubuntu DevOps Web Servers DevOps Other Servers Actual with VLANs, ACLs & Security Groups Multiple Segmentation Techniques Have to be Combined. Management & Resource Intensive Zero Visibility Lack of Granularity Policies are only IP address & port based!
  • 25. 25 // Guardicore – Security Boulevard Webinar Segmentation Fails Firewalls
  • 26. 26 // Guardicore – Security Boulevard Webinar26 // Guardicore – Security Boulevard Webinar Traditional Segmentation Firewalls Perimeter Perimeter Based Not at the right location. Doesn’t follow the workloads Cost prohibitive
  • 27. 27 // Guardicore – Security Boulevard Webinar27 // Guardicore – Security Boulevard Webinar Traditional Segmentation Firewalls Perimeter Not at the right location. Doesn’t follow the workloads Cost prohibitive Perimeter Based You need to be every where
  • 28. 28 // Guardicore – Security Boulevard Webinar Segmentation Fails First Generation Software-Defined Segmentation
  • 29. 29 // Guardicore – Security Boulevard Webinar29 // Guardicore – Security Boulevard Webinar First Gen Software Defined Segmentation Vendors Means L4 policies – same problems as traditional segmentation methods Not platform agnostic. Have to have the hypervisor firewall proximity Two the three vendors in this space have moved on to non-hypervisor methods using agents Clouds Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
  • 30. 30 // Guardicore – Security Boulevard Webinar30 // Guardicore – Security Boulevard Webinar First Gen SDS Vendors In Linux means IP Tables – this means the same L4 IP and Port only policies. Just like traditional methods In Windows while you have better granularity you are missing important other policy types No Black Lists/Deny Lists Means you are fighting local admins for the policies on the box More latency in native OS firewalls Clouds #1 ISSUE FOUND TODAY IN MOST SOLUTIONS Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
  • 31. 31 // Guardicore – Security Boulevard Webinar31 // Guardicore – Security Boulevard Webinar First Gen SDS Vendors Integrated visibility is essential in order to create appropriate labels and policies It accelerates segmentation projects Visibility means you won’t make mistakes Clouds Vendors Who Offer Limited Visibility Through a Secondary or Tertiary Package Vendors who Focus on Hypervisor(s) Vendors who use agents with enforcement done by native OS firewalls
  • 32. 32 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation Done Right
  • 33. 33 // Guardicore – Security Boulevard Webinar33 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Segmentation Done Fast Segmentation Done Right Segmentation Done Easily We’ve covered the use cases, the why, the steps, now the how…
  • 34. 34 // Guardicore – Security Boulevard Webinar34 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Widest Possible platform Support Platforms Bare Metal Hypervisors Clouds Containers Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 35. 35 // Guardicore – Security Boulevard Webinar35 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 36. 36 // Guardicore – Security Boulevard Webinar36 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 37. 37 // Guardicore – Security Boulevard Webinar37 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Orchestration meta-data integration Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 38. 38 // Guardicore – Security Boulevard Webinar38 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Enterprises run a very wide array of OS’ imaginable Automated way to ingest new OS kernels/releases quickly Support end of life systems as well Legacy/End of Life Modern Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 39. 39 // Guardicore – Security Boulevard Webinar39 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Policy Granularity Alison Diane putty putty Accounting Appsshd sshd diagnostics accounting accountin g GitHub Web Server Intern et Ubuntu DevOps Web Servers DevOps Other Servers By Process By User By FQDN Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native) nginx Proxy Server evil Web Server Tomcat
  • 40. 40 // Guardicore – Security Boulevard Webinar40 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Policy Black Lists Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native) Production ftpd telnetd tftpd To=cat
  • 41. 41 // Guardicore – Security Boulevard Webinar41 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements No Contention with Admins for Control Consistent Policies & Enforcement Across All Platforms & OS’ Less Latency Server tomcatOS Firewall Agent FW You have control Admin/Root SDS System You have less latency Widest Possible platform Support Meta-data Integration Broadest OS Support Agent with Own Firewall (not OS Native)
  • 42. 42 // Guardicore – Security Boulevard Webinar42 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Real time an historical visibility. Easily allows you to create/apply labels Easily understand application dependencies Allows you to sort in a variety of ways that people wish to see the enterprise Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 43. 43 // Guardicore – Security Boulevard Webinar43 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Platform Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 44. 44 // Guardicore – Security Boulevard Webinar44 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Environment Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 45. 45 // Guardicore – Security Boulevard Webinar45 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Compliance Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 46. 46 // Guardicore – Security Boulevard Webinar46 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements By Application Dependencies Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 47. 47 // Guardicore – Security Boulevard Webinar47 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Allows for flexible visibility (as shown prior) Allows for dynamic workload automation Thus removing the need for manual Move, Adds, Changes & Deletes Within UI & DevOps Scripting Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 48. 48 // Guardicore – Security Boulevard Webinar48 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Easy policy creation based on your particular role and need Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 49. 49 // Guardicore – Security Boulevard Webinar49 // Guardicore – Security Boulevard Webinar Software-Defined Segmentation – Key Elements Ways to digest additional enterprise data like CMDB Ways to to push and pull additional information Automation Visibility Flexible Labeling Schema Policy Wizards RESTAPI
  • 50. 50 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore Q & A
  • 51. 51 // Guardicore – Security Boulevard Webinar Dave Klein Senior Director Engineering & Architecture Guardicore Web: https://www.guardicore.com Email: Dave.Klein@guardicore.com Thank You