How to Enable Secure Cloud Transformation Tamas Barna CISSP, CISM, CCSP, Security+ Enterprise Technology Specialist, EMEA Cloud Infrastructure Security
How to Enable Secure Cloud Transformation
Tamas Barna CISSP, CISM, CCSP, Security+
Enterprise Technology Specialist, EMEA
Cloud Infrastructure Security
2
Today’s Enterprise Landscape TransformationsApplications and Infrastructures
Cloud IaaS/PaaS
Offices | Remote Sites
Private Cloud
On-Prem / Hosted
SaaS Providers
Business Acceleration
3
Hybrid Cloud: Data Centers and Service Transformation
Physical Server Public Cloud Container and PaaS
Monolithic Fixed
Virtual ServerPrivate Cloud
Serverless
Loosely Coupled
4
Hybrid Cloud: Resulting Challenges
Physical Server Public Cloud Container and PaaS
Monolithic Fixed
Virtual ServerPrivate Cloud
Serverless
Complexity, Speed & Shared Responsibilities
Loosely CoupledComplete Visibility, Protection & Provisioning
Shadow IT, Efficient Management & Compliance
5
IaaS Fastest Growing Segment of Cloud
Source: Gartner Forecasts Worldwide Public Cloud Revenue press release April 12, 2018
IaaS 35.9% CAGR
SaaS 22.2% CAGR
6
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
The Cloud (First) Enterprise Challenges
Service Provider Responsibility
Customer Responsibility
Customer’s responsibilityin securing IaaS is much
greater than in SaaS.
7
Data Classification & Accountability
Client & End-Point Protection
Identity & Access Management
Application Level Controls
Network Control
Host Infrastructure
Physical Security
SaaSPaaSIaaS
The Cloud (First) Enterprise Challenges
Service Provider Responsibility
Customer Responsibility
Customer’s responsibilityin securing IaaS is much
greater than in SaaS.
8
IaaS Security Layers
Infrastructure1Detect and correct security misconfigurations
2Detect and secureWorkloads and Containers
Workloads and Containers
3 Protect the data in the apps Apps
IaaS
9
IaaS—Securing Infrastructure and Apps
Infrastructure1Detect and correct security misconfigurations
2Detect and SecureWorkloads and Containers
Workloads and Containers
3 Protect the data in the apps Apps
IaaS
10
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
IaaS
11
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
12
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
Security ConfigurationControl
13
1. Security Configuration AuditPrevent regulated/high-value data being stored in the cloud.
§ Continuously monitor IaaS security settings for misconfiguration.
14
1. Security Configuration AuditPrevent regulated/high-value data being stored in the cloud.
§ As IaaS admins correct misconfigured settings, McAfee automatically resolves the incident.
15
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
Shadow IaaS Control
16
2. Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
§ Identify risky or unsanctioned IaaS platforms in use.
17
2. Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
§ Enforce governance policies and coach users to approved IaaS platform.
18
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
Visibility of Confidential Data Inside PaaS Storage
19
3. Visibility of Confidential Data
Gain visibility of regulated/high-value data stored in AWS S3 and Azure Storage.
§ Perform on-demand scans to identify sensitive or protected data stored in IaaS storage services.
20
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised AccountsMisconfiguration
Rogue User
Confidential Data Leaks
Rogue IaaS Accounts
User Behavior Analytics
Forensics
21
4. Advanced Threat Protection
Detect compromised accounts, insider threats, and malware.
§ Threat funnel correlates multiple anomalies, minimizing false positives.
22
4. Advanced Threat Protection
Detect compromised accounts, insider threats, and malware.
§ No pre-defined policies or thresholds, automatic models based on activity.
23
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
§ Categorizes 100s of activities into 13 categories for easy filtering/navigation.
24
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
§ Expand the scope of an investigation and browse a geo-location map.
25
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
§ Investigate activities for a specific user centered around an incident.
26
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
§ IP reputation to identify access by a malicious IP such as a TOR network.
27
IaaS—Securing Infrastructure and Apps
Infrastructure1Detect and correct security misconfigurations
2Detect and SecureWorkloads and Containers
Workloads and Containers
3 Protect the data in the Apps Apps
IaaS
28
McAfee Cloud Workload Security (CWS)
Defend Against Advanced AttackAutomate Discovery & Deployment
Correct Anomalies
Segment patient zero agentlessly using Security Groups
McAfee ePOSingle Management & Protection
Visualize & Detect Network Threats
Virtual NSP Network Flow Logs
29
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
Management
IaaSLack of Workload and Container
Visibility
30
Lack of Workload and Container
Visibility
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
Management
31
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
Management
Lack of Workload and Container
Visibility
32
Uninterrupted visibility across physical, virtual, and cloud server workloads.
Detect Shadow IT activities.
Discover all virtual datacenters, all public cloud accounts and more.
Visibility and compliance of cloud workloads in McAfee ePolicy Orchestrator® (McAfee ePO™) within 5 minutes.
Discover
Discover all IaaS computing resources, including shadow IT
33
Discover and Manage Multiple Public Cloud Accounts Security Controls
Live Status with details
Views:
§ Workload
§ Events
§ VPC
Issue Details
Workload Count
Take Action
34
Lack of Workload and Container
Visibility
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
ManagementWorkload/Container Inventory
35
Lack of Workload and Container
Visibility
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
ManagementNetwork Flow and Threat Protection
36
Visualize
§ Faster time-to-detect malicious network traffic occurring on any of your cloud workloads.
§ Visualize* traffic to any unprotected or unmanaged workloads.
§ Detect any network misconfigurations via the traffic flow.
§ Container visibility and management within McAfee ePO.
* Cloud Workload Security Essentials and Cloud Workload Security Advanced customers.
Extreme insight and control over data, applications, network traffic, containers, and workloads.
37
Traffic & Network VisibilityGraphical traffic analysis for both E-W & N-S traffic (traffic moving to, from, and between workloads)
Correction• Shutdown• Update
\Firewall rules in AWS/Azure Security Groups
Threat Events• Workload
threats• Network threats
Detection• GTI IP
Reputation• Heuristics
(Blocked E-W connections, Activity on high-risk ports)
• Alerts from vNSP
38
Lack of Workload and Container
Visibility
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
ManagementAgent Installation & Security Configuration
Single-Click Quarantine
39
Protect
§ Integrated and advanced security for hybrid environments.
§ Protect critical assets against advanced threats while maintaining compliance.
§ Quarantine infected workloads & containers.
§ Comprehensive security across all compute, storage, and network resources, no matter the location of the workloads, the data, and the user.
§ New Import and synch tag information between AWS or Azure and McAfee ePO.
§ Protect against advance network threats* with integrated Virtual NSP.
§ Block network attack using micro-segmentation (agentless security).
§ New Auto-remediation based on defined McAfee ePO policies.
* Cloud Workload Security Essentials and Cloud Workload Security Advanced customers.
Complete protection of critical assets against advanced attacks.
40
Safeguard WorkloadsQuarantine Infected Workloads and Containers
Identify malicious connections
Reduce misconfiguration risk and increase initial remediation efficiency by nearly 90%
Isolate workloads or containers
41
Discovery to Complete Protection in Just a Few ClicksCloud Workload Security (CWS) and Virtual Network Security Platform (vNSP)
Threat Prevention
Behavioral Detection
IntrusionPrevention
ApplicationWhitelisting
IntegrityMonitoring
Shared Threat Intelligence
Quarantine Workloads
Micro & Nano-segmentation
IntegrityMonitoring
Advanced Memory Protection
42
Lack of Workload and Container
Visibility
IaaS Workload and Containers Challenges
Malware and Viruses
Difficulty Detecting Breaches
Lack of Network Traffic Visibility
FragmentedPolicy
ManagementUnified Policy Management
and Reporting
43
Simplify
§ Single security policy, single pane of glass console management across data center and public and private clouds with McAfee ePO.
§ Automated policy management across all on-premise and off-premise infrastructure.
§ APIs, automation and integration with Cloud tools e.g. Chef, Puppet.
§ Efficient security management keeps operational expenses under control.
§ Security smart enough to scale up and scale down with the load.
Efficiently manage all security policies across on-premise and public, private and hybrid cloud environments.
McAfee ePO
Device Security | Data ProtectionSecurity Operations Center
Network & Web Security | Cloud Workloads Security
Native Security
McAFEE
McAfee, the McAfee logo are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries.Other names and brands may be claimed as the property of others. Copyright © 2017 McAfee LLC.