The document discusses the optimal scenarios for leveraging cloud solutions in web security, emphasizing the need for effective alert management and resource allocation. It highlights the rapid adoption of cloud applications like Microsoft Office 365 and the importance of comprehensive security measures against emerging threats, particularly noting the risks associated with SSL traffic. The content also addresses budget constraints and strategic considerations for implementing cloud security while maintaining compliance and minimizing risks.

1. When to Leverage the Cloud
for Web Security
Rob Davis, CISSP – Founder, Managing Partner

2. https://pwnedlist.com

3. Becoming more effective:
§ Are you getting right alerts?
§ Reduce false positives
§ Reduce time to investigate
§ Increase headcount
§ Reduce time “maintaining tools”
Example: 40 alerts requiring investigation per day X .5 hrs/investigation / 8 hrs/day = 2.5 headcount

4. 4
Ongoing
90%
10% Software/Hardware Costs
The 90%
• Apply fixes, patches, upgrades
• Downtime
• Performance Tuning
• Rewrite customizations
• Rewrite integrations
• Maintain/upgrade hardware
• Power, cooling, rackspace

5. People love their cloud apps,
and for good reason
Anywhere Access TimeCost
5

7. Microsoft's cloud-based Office 365 is the
company's fastest growing commercial
product ever, and adoption shows no sign of
stalling. The company's cloud revenue (which
included Azure and Dynamics CRM as well as
Office 365) grew 128 percent in the most
recent quarter compared to the same period
last year, and the number of Office 365
commercial seats in use nearly doubled.
"Pretty much everyone is considering Office
365 now," says Jeffrey Mann, a research vice
president at Gartner. "They are at least
thinking about it, even if they don't end up
adopting it. Adoption was going in fits and
starts but now it is really starting to take off,
and bigger companies are implementing it."

8. 8
STEP 1:
Requirements for
Web Content
Security

10. 10© 2014 Critical Start LLC
The Magic Quadrant That Doesn’t Exist
Ongoing
90%
• Dynamic Malware Prevention
• Anti-Virus (known bad)
• Data Loss Prevention
• SSL Inspection
• File Type Control
• Browser Control
• Authentication Proxy
• URL Filtering
• Caching
• Bandwidth Controls

11. 11© 2014 Critical Start LLC
Flow management
Load balancers Edge
firewall
SSL
Server – side SSL tunnel
Aggregation firewall
SSL
PAC
File
1
2
3
28
27
26 10
15, 16
Client - side
SSL tunnel
SSLSandboxWeb Filter
11
Log files
Content Inspection
Best of Breed is Best

12. When Does Cloud Make Sense?

13. 13
Provide Protection at Every Location

14. 14© 2014 Critical Start LLC
Eliminate the Need to Backhaul Internet Traffic
VPN
Gateway(s)
MPLS
HQ
Unprotected !
MOBILE – 3G, 4G
Unprotected !
PRIVATE CLOUD | MOBILE APPS | CONSUMER CLOUD
COMMERCIAL CLOUD | PUBLIC CLOUD
BRANCH
REGIONAL HUB
BRANCH BRANCH
ON-THE-GO
HOME/HOTSPOT

15. 15© 2014 Critical Start LLC
Close Visibility Gaps
Ongoing
90%
“Less than 20% of
organizations with a firewall,
an intrusion prevention
system (IPS) or a unified
threat management (UTM)
appliance decrypt inbound or
outbound SSL traffic.”
Gartner

16. The Advent of 2048 Bit SSL Certificates
§ Some proxy vendors typically bypass SSL – performance overhead
§ Customers using SSL decryption are buying new hardware
Banking
Enterprise
Webmail
Social Networking
Search
SSL on Internet
Login Transactions All
App Coverage
Performance
Security
1024
bit
2048
bit
80% Performance Drop

17. 17© 2014 Critical Start LLC
The Future of SSL Attacks
Ongoing
90%
“Gartner believes that by 2017
more than 50% of the network
attacks targeting enterprises will
use SSL encryption. For this
majority of organizations that
do not decrypt data, most lack
the ability to decrypt and inspect
encrypted communications to
assess these threats.”
Gartner

18. 18© 2014 Critical Start LLC
Anti-Virus and Dynamic Malware Analysis
Ongoing
90%
• Dynamic Malware Prevention
• Anti-Virus (known bad)
• SSL Inspection
• File Type Control
§ EXE, encrypted archive
• Protection for remote laptops

19. 19© 2014 Critical Start LLC
Tight Budgets and Few Resources
Multiple appliances at every
Internet gateway All Cloud Delivered

20. 20© 2014 Critical Start LLC
Best of Breed Requires the Expertise on Each Point Product
©2013 Zscaler, Inc. All rights reserved.

21. 21© 2014 Critical Start LLC
Conduct an Annual Security Tools Assessment

22. SecCon
05
SecCon
04
SecCon
03
SecCon
02
SecCon
01
Operational
Operational security –
minimal resources and
budget allocated
Industry Average
Use security practices
that are typical for a
given peer group and
industry. Higher risk
tolerance.
Industry Best Practice
Use security practices
that are best practice
for their industry.
Lower risk tolerance.
Advanced
Goal is to detect and
effectively respond to
sophisticated, targeted
cyber attacks
Compliance
Security is an outcome
of compliance

23. The real face of shadow IT is you, me and even IT. We’re being asked to solve this
and to be strategic. It’s a new dynamic that we need to embrace. (big
picture/words)
Business Risk is the real shadow
Balancing people, budget,
and risk tolerance
Ultimately, this is simply
another business decision.

24. • Complex data loss prevention use cases
• Multi-vector dynamic malware
• Complex proxy requirements
• Regulatory constraints
• Bandwidth shaping between sites
• Very old NW equipment (tunnels)
• I can do it better
§ Security budget to afford
§ People and expertise to operate
When To Avoid Cloud Only

25. 25© 2014 Critical Start LLC
Example Cloud Architecture
Mobile AppsConsumer Cloud
Private Cloud
Commercial Cloud
Public Cloud
On-the-go Home officeHQ Regional offices Factories Internet of
things
Branches / stores Mobile

27. Rob Davis
rob.davis@criticalstart.com
214-674-1748
Brad Alstatt
balstatt@zscaler.com
214-675-2613
K.C. Kenney
kkenney@zscaler.com
469-322-4409