Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
Stephan FritscheCloud SecurityCloud Guard IaaS Sales Manager Central Europe
SAFE JOURNEY TO THE CLOUD
2©2018 Check Point Software Technologies Ltd.
GmbH
Stephan FritscheCloud Guard IaaS Sales Manager Central Europe
Check Point Software Technologies GmbHZeppelinstr. 1, D-85399 Hallbergmoos
Phone: +49 151 4221 4988E-Mail: [email protected]
3©2018 Check Point Software Technologies Ltd.
Times are changing
4©2018 Check Point Software Technologies Ltd.
“The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. ”
Alvin Toffler
5©2018 Check Point Software Technologies Ltd.
FROM DATA CENTER TO CLOUD
DATA CENTER WHAT USED TO TAKE WEEKS TAKES MINUTES WITH CLOUD
CLOUD
6©2018 Check Point Software Technologies Ltd.
WELCOME TO THE CLOUD
7©2018 Check Point Software Technologies Ltd.
Revenues Continue to ClimbIaaSSaaSPaaS
https://www.skyhighnetworks.com/cloud-security-blog/microsoft-azure-closes-iaas-adoption-gap-with-amazon-aws/
8©2018 Check Point Software Technologies Ltd.
Cloud Market
9©2018 Check Point Software Technologies Ltd.
CLOUD DIVERSITY67% OF ENTERPRISES ARE IN HYBRID CLOUD MODEL. MULTI CLOUD BECOMING THE NORMRightScaleSECURITY40% OF ENTERPRISES RATE CLOUD SECURITY AS SIGNIFICANTCHALLENGERightScale 2017
THE CLOUD IS HERE
10©2018 Check Point Software Technologies Ltd.
ADOPTION GROWTH80% OF ENTERPRISES ARE COMMITTED TO CLOUD STRATEGY BY 2017IDCCLOUD COMPUTING MARKET TO REACH $170B BY 2020Gartner
NEW TECHCONTAINERS MARKET TO REACH $3.5B AND SERVERLESS $8B BY 2021Gartner and 451 Research
THE CLOUD IS HERE
11©2018 Check Point Software Technologies Ltd.
Infrastructure DiversityIOT
12©2018 Check Point Software Technologies Ltd.
XaaS – “X” As a Service
13©2018 Check Point Software Technologies Ltd.
The Global Risks Report 2018
14©2018 Check Point Software Technologies Ltd.
STATE OF CLOUD CYBER SECURITY
esecurityplanet.com, September 19, 2017 pcmag.com, July 7, 2017
Lightreading.com – September 5, 2017Gizmodo.com – September 19, 2017 Scmagazine.com, September 5, 2017
ZDNet.com, August 16, 2017
15©2018 Check Point Software Technologies Ltd.
WHO’S RESPONSIBLE FOR CLOUD SECURITY?WHO’S RESPONSIBLE FOR CLOUD SECURITY?[PROTECTED] Distribution or Modification is subject to approval
16©2018 Check Point Software Technologies Ltd.
Traditional Security Not Designed FOR CLOUDStatic workloadsManually intensiveDevOps don't know SecurityIT Security doesn't know Cloud
17©2018 Check Point Software Technologies Ltd.
Customer responsible for security in the cloudCloud vendor responsible for security of the cloud
Cloud = Shared Responsibility
Cloud Global Infrastructure RegionsAvailability Zones Edge LocationsCompute Storage Database Networking
Customer DataPlatform, Applications, IAMOperating System, Network and FW ConfigsClient-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System / Data) Network Traffic Protection (Encryption, Integrity, Identity)
18©2018 Check Point Software Technologies Ltd.
NO Threat Prevention in real time (L4-L7 protections)NO unified management for all Clouds & Traditional Data CenterNO Identity based authentication access to applicationsNO URL FilteringNO Threat Extraction and Zero-day Sanboxing
WHERE CLOUD NATIVE SECURITY FALLS SHORT
19©2018 Check Point Software Technologies Ltd. 19©2018 Check Point Software Technologies Ltd.
Generations of Attacks and ProtectionsGen I Late 1980s –PC attacks - standaloneVirusGen II Mid 1990s –Attacks from the internetNetworksGen III Early 2000s -Exploiting vulnerabilities in applicationsApplications
The Anti Virus The Anti Virus The FirewallThe FirewallIntrusion Prevention (IPS) Intrusion Prevention (IPS)
Gen IV 2010 -Polymorphic ContentPayload SandBoxingand Anti-BotSandBoxingand Anti-Bot
20©2018 Check Point Software Technologies Ltd.
Where are we ?
1990 2000 2010 2015 2017
THREATS
PROTECTIONSNetworksGen II Applications
Gen III PayloadGen IV
GRADE IGRADE IIGRADE IIIGRADE VGRADE IV
VirusGen I Enterprises are between Gen 2-32.8
MegaGen V
21©2018 Check Point Software Technologies Ltd.
Lateral threat movements Data breach due to misconfiguration Abuse of cloud services API hacking Malicious insiders
THIS MIGHT EXPOSE YOU TO…
22©2018 Check Point Software Technologies Ltd.
4 STEPS TO SECURE YOUR CLOUD
23©2018 Check Point Software Technologies Ltd.
STEP #1: CONTROL THE CLOUD PERIMETER •Use advanced threat prevention at the cloud perimeter•Securely connect your cloud with your on-premise environment
CLOUD
ON-PREMISE
24©2018 Check Point Software Technologies Ltd.
STEP #2: SECURE THE CLOUD FROM THE INSIDE•Micro-segment your cloud to control inside communication •Prevent lateral threats movement between applications
App
App
App
App
25©2018 Check Point Software Technologies Ltd.
STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS• Deploy unified security management for your hybrid cloud (On-Premise and Cloud)• Ensure policy consistency• Reduce operation cost
CLOUD ON-PREMISE
26©2018 Check Point Software Technologies Ltd.
STEP #4: AUTOMATE YOUR SECURITY Security should be as elastic and dynamic as your cloud• Auto-provisioning via templates and APIs • Auto-scale security with Pay-as-you-Go• Adaptive to changes
27©2018 Check Point Software Technologies Ltd.
ADAPTIVE SECURITYReduce Firewall Tickets by 60%
Telefonica: “vSEC adaptive security is a game changer.”
Check Point Access Policy Rule From To Application Action3 Finance_App1
(vCenter Object)Database_Group(NSX SecGroup)
MSSQL Allow4 HR_App2
(Open StackObject) Finance_Group(ACI EndPoint Group) CRM Allow
5 User_ID SAP_App(Azure Object) SAP Allow
28©2018 Check Point Software Technologies Ltd.
Fast API connectLook for a security solution that talks to all major vendor Architectures
Security Workgroups
Public
PrivateFor AWS
For AzureFor NSX
For vCenter For ACIFor OpenStack
For Google
29©2018 Check Point Software Technologies Ltd.
Consistent security policy and control across ALL Private and Public CloudsACI
THE CloudGuard FAMILY
30©2018 Check Point Software Technologies Ltd.
CloudGuard IaaS FOR THE CLOUD
Infrastructure Security Next Generation Firewall & VPNApplication and Data Security Advanced Threat PreventionForensic Analysis
CloudVendor
31©2018 Check Point Software Technologies Ltd.
Firewall
Anti-Virus
Anti-Bot
Application
Control
IPS
Threat
Emulation
URL
Filtering
Utmost Protection from Modern Threats
32©2018 Check Point Software Technologies Ltd.
‘Cloud Ready’ Unified Access Policy
Users Devices Applications Data Gateways Mobile Public Cloud Private Cloud
33©2018 Check Point Software Technologies Ltd. ©2016 Check Point Software Technologies Ltd. 33
MICRO-SEGMENTATION WITH SUB-POLICIES* R80 Sub-Policies The only NGTP solution with policy designed for micro-segmented environment
34©2018 Check Point Software Technologies Ltd.
SUCCESSMore than 3,500 customers world-wide use CloudGuard to secure their cloud
34
35©2018 Check Point Software Technologies Ltd.
XERO is a global online accounting firm servicing over 1M accounts in AWS CloudGuard secures all their accounts in AWSAllegiant makes leisure travel affordableCloudGuard secures their new NSX-based Private Cloud
HAPPY CUSTOMERS
[Protected] Non-confidential content 35©2017 Check Point Software Technologies Ltd.
36©2018 Check Point Software Technologies Ltd.
SUMMARYCloud is eating the worldBad guys are everywhereCloud Native Controls are good, but…Own your security!You can get burned when it’s cloudy, protect yourself!
37©2018 Check Point Software Technologies Ltd.
CHECK POINT’S CLOUD SECURITY BLUEPRINT• Agile - security architecture that enables DevOps innovation• Efficient – adaptive policy and elastic operation • Multi-Clouds – unified security architecture for all environments
38©2018 Check Point Software Technologies Ltd.
CHECK POINT’S CLOUD SECURITY BLUEPRINT
39©2018 Check Point Software Technologies Ltd.
Spoke 1 Spoke 2 Spoke 3 Spoke N…
CHECK POINT’S CLOUD SECURITY BLUEPRINT
40©2018 Check Point Software Technologies Ltd.
Spoke 1 Spoke 2 Spoke 3 Spoke N…
CHECK POINT’S CLOUD SECURITY BLUEPRINT
41©2018 Check Point Software Technologies Ltd.
NorthboundHub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…
CHECK POINT’S CLOUD SECURITY BLUEPRINT
42©2018 Check Point Software Technologies Ltd.
NorthboundHub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…
CHECK POINT’S CLOUD SECURITY BLUEPRINT
43©2018 Check Point Software Technologies Ltd.
NorthboundHub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…
CHECK POINT’S CLOUD SECURITY BLUEPRINT
44©2018 Check Point Software Technologies Ltd.
NorthboundHub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…VPN
CHECK POINT’S CLOUD SECURITY BLUEPRINT
45©2018 Check Point Software Technologies Ltd.
CloudNorthbound-HUB
SPOKE-1 SPOKE-2
vSEC Auto-ScalevSEC-NvSEC-1SPOKE-N…
Southbound-HUBvSEC HAvSEC-2vSEC-1
WWWLoad Balancer
Load Balancer
Load BalancerSPOKE-3
VPN
Corporate
• North Bound Security is Auto-Scaled • Southbound Security is highly available • Supported Clouds
• Azure Transit- vNET• AWS Transit - VPC
ARCHITECTURE How To
46©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
THANK YOU