Aug 12, 2015
In 2014, 1,000 retail businesses were hit by remote attacks. Ultimately, most retail attacks started with stolen credentials, which enabled attackers to move laterally, harvesting credentials along the way until they reached their final destination.
There is a worldwide shortage of 600 to 900 thousand cyber security professionals, while 62% of organizations feel unprepared to fend off a sophisticated attack. -ISACA
.. organizations seek new technologies to protect their networks from new cybersecurity threats, and layer these technologies onto existing ones.. The result is a patchwork of equipment and software. A layered approach to security -- using siloed, specialized security technologies -- makes organizations vulnerable to sophisticated attacks that exploit the gaps between each layer
Simplify
Orchestrate
Automate
Security Landscape
Security Gaps – What are they?§ Defence in Depth industry strategy contributes to Security Gaps.§ Diversity and limitations of existing single point solutions create security gaps in threat analysis,
operations and responsiveness.§ Deployment of new protection solutions are regularly delayed due to cumbersome but
necessary integration efforts.§ Personnel shortage of 1M in CyberSecurity alone.§ Average Time from Discovery to Remediation over 200 Days.§ Lack of Holistic Approach to Security.§ Lateral movement is the latest largest threat.
75 Percent of Mobile Security Breaches Will Be the Result of Mobile Applica=on Misconfigura=on -‐-‐Gartner
Identity and Data Security:BREAKING THE BOUNDARIES
7.Data
1.Network
2.Databases
3.Systems
4.Endpoints
6.Messaging & content
5.Applica<on infrastructure
Policy defini=on Enforcement Monitoring & response
Measurement
Network access control
Network Visibility
Wireless gateway
WLAN monitoring
Audit &
risk m
anagem
ent framew
ork
IPS
Firewall VPN
Database encryp<on
Vulnerability m
anagem
ent
Database monitoring
An<virus
Configura<on mgmt.
Storage Security/Cloud Security
Firewall/Host IPS
Directory
Applica<
on
assessmen
t
An<virus
An<spam
Email encryp<on & filtering
Web filtering
Enterprise SSO
An<virus/An<spyware Endpoint control /MDM
Firewall/Host IPS
Client encryp<on
Web SSO
IM filtering
Digital inves<g
a<on
& fo
rensics
SIEM
App encryp<on
Informa<on leak
protec<on Enterprise encryp<on & key management
Digital rights management
Iden
<ty & access m
anagem
ent /PIM
Strong authe
n<ca<o
n
Database config. mgmt.
Applica<on FW
Real World Customer§ Defence in Depth industry strategy
contributes to Security Gaps.§ Average Time from Compromise to
Discovery over 200 Days.§ Lack of Holistic Approach to Security.
§ Silos, Silos Everywhere.
§ Zero Automation.§ Applications have to integrate with
the entire stack.§ Security becomes a Disabler.
§ Dozens of support tickets.
Market Need:FIXING THE SECURITY GAPS
Minding the Security Gaps§ Simplify Standardize Security templates and workflow visualization.§ Simplify Agile deployment and Security coordination.§ Automate protection and leverage value from existing infrastructure.§ Automate standardized security processes into new business applications.§ Orchestrate ‘Defend the gaps’ by combining Data Security feeds, devices, behaviours and
Identity Management into access control decisions.§ Orchestrate threat mitigation through adaptive risk response.§ IoT/Cloud Ready with web scale and device management.
§ Ultimately.. Transform Security from a defensive obstacle into a competitive advantage.
Market Need:FIXING THE SECURITY GAPS
Cloud
Business Processes
Existing Infrastructure
Security Landscape
§ Enable Business led IT, with Standardized Business Processes
§ Self-Protect Applications
Establish the Foundation
Necessary Steps1. Customer focused mind-set2. Scale, scale, scale3. Business Alignment4. SecDevOps5. Orchestrated Response6. Continuous Monitoring
Love your Customer….Love your Business
Requirements1. KISSing builds love (Keep it Secure and Simple)2. Customers build the business3. Business Led IT4. Adaptive Authorization
Business Alignment:UTILIZE EXISTING PROCESSES
Requirements: Policies, Templates, Processes§ Workflow aligns with pre-defined business processes.§ Seal the gaps in reaction, coordination and operation.§ Applications are protected dynamically.§ Do more with Less: Simplify migrations, patching &
upgrades.§ Simple to communicate Business Processes.
Building BlocksSecurity Success
Business Benefits§ Automated§ Repeatable§ Auditable§ Easy to iterate
Standards§ Access Policy Documents§ Architecture Templates§ Application API’s§ Security Infrastructure Integration API’s
Jenkins
Chef
OrchIS
Applica<on Access
Applica<on Development
SecDevOps:USAGE SCENARIOS
Application Security Definitions§ SecDevOps – Policy Configuration/
automation with Remediation for cloud and on-premises security infrastructure.
§ DevOPS - Build/Deploy Infrastructure.
§ Continuous Integration - Build Deploy Application WAR/EAR Files.
Application Development Process
Automated Security Configuration§ Rapid repeatable architecture blueprints
enable setup via automated deployments in minutes.
§ Flexible UI to design, adapt and implement security component architectures.
§ Macro Policy Definition at the Application Tier.
§ Automated Micro Policies for Security Services.
§ Cross platform policy-writing and auditing.
§ Available for Cloud Apps.
§ Leverages existing infrastructure.§ Automation Reduces Manpower.
§ Remedy/Service Now Integration.
OrchIS:AUTOMATED SECURITY FOR APPLICATIONS
User Directory Policy Store Session
Mgmt PDP STS Other IAM Infrastructure MFA
SecDevOps
Applica<on Services (API)
Security Orchestra<on
WORKFLOW
ADAPTIVE ACCESS
DATA SECURITY
Integra<on Layer (API)
Risk Response
Audit/Re
por<ng
Support
Orchis:Structure
Imperva WAF
InstantIAM listeners takes Imperva notification and maps user to session then executes Workflow.
Syntegrity OrchIS™ AM System
Orchestrated Response Example
Workflow takes action on user account:
- Reduce AuthN level- Disable Account- Destroy Session- Audit Records- Other Options
SQL Injection is detected by Imperva and results are published out via SYSLOG.
User Access Application and inserts SQL injection.
1 2 3 4
CIDevelopReview
Test Commit
DevOpsDeploy
Test ClassifyDefine
SecurityPush Protection Policies
Integration API’sAuthorization Policies
AuthN PoliciesArchitecture Requirements
RemediateDrift Detection
Dynamic Role AssignmentAdaptive Access Control
Centralized Reusable Architecture and Governance
Simplified Drag and Drop Security Architecture§ Rapid repeatable architecture blueprints enable setup via automated deployments in minutes.
§ Flexible UI to design, adapt and implement security component architectures.§ Macro policy definitions based
on data sensitivity and compliance.
§ Cross platform policy-writing and auditing.
§ Automation of security policies and configuration for applications.
Business win: Simplification and Automation of Application Security
Simplified Security Architecture
Orchestrated Response:REAL-TIME REACTION TO THREATS
Orchestrated Response Interface§ Bridge the gaps-holistic security blanket
unifying the existing security estate.§ Common RESTful API for management of
Users, Sessions, Devices, and Applications.§ Ultra scale Session Management: in-memory
Data Grid harnessing Big Data Technologies.§ Adaptive Risk Based Response: limit
transactions based on risk profile of User, Session, Device, and Application level.
§ Increase ROI of existing Security investments.
Orchestrated Response: Scale, Scale, ScaleWEB-SCALE SESSION STORE
WAM is not enough§ < 40% Applications are protected§ Cumbersome deployments§ Expensive Integrations§ Binary responses§ Full trust Authorizations
WebScale Session Store§ Available for all applications§ 50k TPS/node (Medium AWS instance)§ Common Session API§ Stateful and Stateless tokens§ Risk Inculcated§ Memory Grid§ Integrates with existing IAM estate.
Users Sessions Devices Apps
Risk
Web-Scale Session Store§ Web-Scale for B2E or B2C 50,000+tps/node.§ Multi-dimensional array between users, devices,
sessions and applications with Risk tracking.§ Workflow based remediation matches the action
with the threat:§ Reduce Entitlements§ De-provision Account§ Step up AuthZ§ Create ticket, etc.
Orchestrated Response:Web-Scale SESSION STORE
Automated Security Configuration§ User Access and Behaviour Modelling.§ Applications Access Monitor with Data Sensitivity Risk.§ Device/User correlation
and tracking.§ Audit Capture: location,
duration, application sensitivity, devices.
Continuous MonitoringBEYOND TRADITIONAL SECURITY TOOLS
OrchIS:Orchestrated Response WORKFLOWS
IIAM Features:§ Adaptable security workflow that aligns business processes with security requirements.§ Adaptive Risk based Response: limit transactions based on risk profile of user, session, device, and
application. § Adaptable workflows for
policies, authentication, authorization and more.
§ Propagates rule-sets to existing mixed-vendor security platforms.
Orchestrated Response
How to say “No” without saying “No”§ Adaptive Access Control
§ Step up Authentication§ PEP redirect§ Increase Auditing§ Behavioral Anomalies§ Workflow Based Authorization
§ Increase Access while reducing Transactional Risk
Workflow:AUTHORIZATION
Correlation of User/Device/Session§ Seamless Many to Many Mapping
§ Able to instantiate complex business logic
Complex AuthN/AuthZ Policies§ Zero Day Vulnerability Protection
§ Block all IE 11 access
§ Allow only Android 4.2.2§ Untrusted Device Validation
§ Send IOS through Multiple levels of Auth
Incorporate Additional Data Elements§ Service layer API set is mapped to a business
process and (possibly) multiple separate low level RESTful APIs
§ Customer business processes can be inserted and/or extend default services
§ Customizable field validation in BPE
Simplified Management§ Enable Businesses and Applications to adapt to changing threat landscape.§ Provide Best Practice Security Workflows that align with Business Processes and
Regulations/Compliance.§ Audit capture of location, duration, application, sensitivity, and devices.
Automated Deployment§ Rapid Deployment based on Data Classification provides foundation for Business Agility.§ Drag and Drop Assembly of Security Components.
Orchestrated Response§ Adaptive Access Control provides dynamic policy enforcement.§ ‘Defend the gaps’ by combining Data Security feeds, devices, behaviours and Identity
Management into the access control decisions.
OrchIS:ORCHESTRATED INTELLIGENT SECURITY
User Trust:How?
Device Recognition/Validation
Moving Beyond the Password§ Strong Authentication§ Out of Band 2FA§ Voice Biometrics§ Picture Authentication
Device Trust:WHERE?
Device Validation via Network Data§ IP§ Geo Location§ Wi-Fi Networks§ SIM ID (Signature Based)§ Serial Number § Android ID§ MAC § Network Devices (MDM/Nac)§ Dozens of other Attributes
Nathanael Coffing, CEO / VP Business [email protected] | (360) 410-6397
Let’s see it in action!
OrchIS:DEMO
Identity as the Core
Core Business Mandate: Increase Access while Reducing Transactional Risk
§ In a world of excessive options personalization becomes everything..§ Applications require Access§ Sound Security Platforms§ Simplify new feature rollout§ Time to Market
Perimeter-less Federation
Cloud / SaaSBYOD, Mobility
Employees & Partners
Perimeter Federation
Employees
Perimeter
AttributesContext
Stateless
Consumers
Perimeter-less Federation
Cloud / SaaS
SCA
LE
Enterprise
IoT
Consumer
SCOPE
IIAM CAPABILIT
Y
Constrained Expansive
OrchIS:IDENTITY AT THE CORE
IIAM Features: System Optimization and Precision
§ Architected for transactions beyond the perimeter: Cloud, SAAS, BYOD, Mobile.
§ Orchestrated transactional security via Adaptive Access Response.
§ Web-Scale Session Management scales to the billions of users, devices, sessions.
§ Capture access and user behaviour heuristics and enforce security through a fraud prevention risk engine.
§ Business Coordinated Response handling.
Business win: Identity Solutions capture contextual meta-data on user’s what/where/when/how.
Intelligent Security Orchestration