Upload
others
View
22
Download
0
Embed Size (px)
Citation preview
Next Generation Security for Cloud클라우드에있는내소중한앱과데이터를지켜라
김병장전무 ([email protected])
Palo Alto Networks, 2018/10/25 @ PASCON
TECHNOLOGY ISPART OF OUR LIVES
2 | © 2018 Palo Alto Networks. All Rights Reserved.
TRUST
3 | © 2018 Palo Alto Networks. All Rights Reserved.
Source identity @2018 Dark Reading: 2017 Smashed World’s Records for Most Data Breaches, Exposed Information by Kelly Jackson Higgins.White House Council of Economic Advisers Report. February 2018
Breaches reported in 2017
5,207Breaches reported in 2017
5,207US breach cost in 2016
$109BUS breach cost in 2016
$109B
4 | © 2018 Palo Alto Networks. All Rights Reserved.
Cloud Automation Analytics
IoT SaaS Cloud/Virtualization Mobility
CONTINUOUS EVOLUTION
5 | © 2018 Palo Alto Networks. All Rights Reserved.
Enablers of digital transformation
Distributed users, apps, and data | Delivers flexibility and speed; increases risk
DATA AND APPLICATIONS ARE EVERYWHERE
6 | © 2018, Palo Alto Networks. Confidential and Proprietary.
SAASPRIVATE
PHYSICAL
IAAS PAAS
SECURING THE CLOUD IS HARD
7 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Fragmented Security
Human Error
Manual Security
WHAT’S NEEDED
8 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Frictionless Deployment & Management
Advanced Application & Data Breach Prevention
Consistent Protections Across Locations & Clouds
SHARED RESPONSIBILITY MODEL
9 | © 2018, Palo Alto Networks Confidential
https://aws.amazon.com/ko/compliance/shared-responsibility-model/
SHARED RESPONSIBILITIES MODEL
• Palo Alto Networks complements native Cloud security to protect Cloud deployments
• Apply consistent policies from the network to the cloud for security and compliance
APPLICATIONS ARE INCREASINGLY USING PAAS SERVICES
11 | © 2018, Palo Alto Networks. Confidential and Proprietary.
On-Premises
Cloud Application
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
INSUFFICIENT IAAS/PAAS SECURITY APPROACHES
12 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Cloud NativeSecurity
Single Cloud
Cloud Security Point ProductLimited scope
Legacy Network Security
Negates cloud value
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
CRITICAL CLOUD PROTECTIONS
13 | © 2018, Palo Alto Networks. Confidential and Proprietary.
INLINEProtect and
Segment Cloud Workloads
API
HOSTSecure OS & App Within Workloads
APIContinuous Security & ComplianceOn-Premises
Cloud Application
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
PROTECT AND SEGMENT CLOUD WORKLOADSVM-SERIES
14 | © 2018, Palo Alto Networks. Confidential and Proprietary.
On-Premises
Application visibility and workload segmentation
Auto-scale based on triggers
Prevent outbound and inbound attacks
Cloud Application
CONTINUOUS COMPLIANCE AND SECURITY WITH EVIDENT
API
Is MFA Enabled?
Is any sensitive data exposed?
What services are running?
Who has access to this resource?Evident
Discover and Monitor Resources
Secure Storage Services
Compliance Reporting
TOP HIGH RISKS DETECTED WITH EVIDENT
16
Insecure VPC Fails password policy
MFA not enabled Unprotected root
58% 48%
55% 29%
SHOCKING, NO GOOD, REALLY BAD RISKS DETECTED WITH EVIDENT
17
No Non-Root Accounts S3 Global Upload/Delete
Root API Keys Detected S3 Global ACL Access
9% 8%
6% 4%
GDPR Reporting with Evident
18 | © 2018, Palo Alto Networks. All Rights Reserved.
One-click Compliance Reporting
19 | © 2018, Palo Alto Networks. All Rights Reserved.
CUSTOM COMPLIANCE SOLUTION
Create your own custom control framework
Copy, modify, edit controls from frameworks like PCI, NIST
GUI-based wizard makes set-up & configuration easy
PUBLIC CLOUD SERVICES INFRASTRUCTURE PROTECTION
21 | © 2018, Palo Alto Networks. All Rights Reserved.
1-CLICK REPORTING
MULTI-CLOUD
CONTINUOUS & REAL-TIME
BUILT FOR DEVOPS, SECOPS, COMPLIANCE
AGENTLESS
CUSTOMIZE TO MATCH YOUR POLICY
APP WORKLOAD
Lightweight Agent
Real-time Exploit and Malware Protection
Protects Unpatched Workloads
WORKLOAD PROTECTION TRAPS
22 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Multi-method Attack Prevention
Traps Advanced Endpoint
Protections
NEW
Cloud environment
SIX YEARS OF EXPLOIT PROTECTION INNOVATION
23 | © 2018, Palo Alto Networks. All Rights Reserved.
NEW
2012/13 2014 2015 2016 2017 2018
TRAPS ADVANCED ENDPOINT PROTECTION
EXPLOIT PREVENTION MODULESGS Cookie
SysExit
CPL ProtectionROP Mitigation
Enhanced JIT Protection
Enhanced DLL Security
Child Process Protection
Exploit Kit Fingerprinting
Kernel Privilege Escalation
Dylib-Hijacking Protection
Gatekeeper Enhancement
Kernel APC Protection
Child Process Protection
DLL File Protection
ShellLink Protection
Null Dereference Protection
Shellcode & Library Preallocation
Hot Patch Protection
Font Protection
Heap Spray Checks
UASLR
DEP
DLL Security
Packed DLLs
JIT Mitigation
Brute Force Protection
Local Privilege Escalation Protection
ROP Mitigation (Linux)
JAVA
DLL Hijacking
Heap Corruption Mitigation
Heap Spray Mitigation
Null Dereference Protection
T01 Compatibility
SEH Protection
PLATFORM AUTOMATION
24 | © 2018, Palo Alto Networks. Confidential and Proprietary.
URL Filtering
CLOUD-DELIVERED SECURITY SERVICES
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
API
3rd party feeds
Customerdata
Amazon GuardDuty
MineMeld
Threat Prevention
Malware Analysis
PALO ALTO NETWORKS LEADERSHIP IN CYBERSECURITY
25 | © 2018 Palo Alto Networks. All Rights Reserved.
63% of the Global 2Kare Palo Alto Networks customers
29% year over yearrevenue growth*
85of Fortune 100
rely on Palo Alto Networks
#1 in Enterprise
Security
54,000+customers
in 150+ countries
Revenue trend40% CAGRFY14 - FY18
FY14 FY15 FY16 FY17 FY18
• Q4FY2018. Fiscal year ends July 31.• Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018
Gartner Market share & Magic Quadrant
26 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
- 2018 Q1 Enterprise Network Security Revenue 1위
- 7년연속 Gartner MQ Leader Group
THANK YOU
Email: [email protected] l Twitter: @PaloAltoNtwks