Avoid repeating the on-prem security mistakes in the cloudBest practices, security framework and digital receipts

Cloud Security Summit, Stockholm, March 26th - 11:45

Göran Walles, CTO @ Radpoint

About Göran?

1990 – v21

2000 – MFA/PKI

1995 - Internet

2009-2019 – CTO @ Radpoint

2005 – ”best of breed” security

2019

About Radpoint

Decades of experience with Palo Alto Networks security platform

Part of NetNordic Group, 350 employees, 1000+ customers

Solutions and Managed Services within: ❑ Cybersecurity❑Network infrastructure❑ Smart datacenters (SDx) ❑Unified Communications

”The Best Companion”

Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck

Otto Von Bismarck

Fools say that they learn by experience. I prefer to profit by others experience. — Otto Von Bismarck

Others experience, valuable for cloud security

Security is Security

Profit from best practices using a holistic security frameworkOther organisations cloud incident and breaches

Profit from the mistakes of others– don´t let it happen to you+

Four key dimensions of a holistic security framework

Framework - Security Controls

Inventory and control over cloud assets (SaaS, IaaS objects)

Cloud Vulnerability Management

Secure ”best practice configuration” for cloud assets (SaaS, IaaS objects)

Maintenance, monitoring and analysis of log (system and user account events)

Malware and exploit defenses(cloud)

Authentication – Identity Mgt

ISO/IEC 27001CIS Center for Internet Security

Critical Security Controls

Measurable and Rateable

Some examples of low hanging fruits

Multi-Factor authentication for SaaS

Recommendations:

Evaluate security solution that also understand Identity Access Management (on-prem and cloud)

Protect API´s

Recommendations:

Implement an API security strategy- Inventory, zero trust with vulnerability scan- Let DevOps follow OWASP REST API Cheat sheet- Evaluate tools and services for API protections

Follow security best practices for cloud configurations

Recommendations:

Establish processes to continously monitor and verify configurations with established best practices

- evaluate using automation tools

Visibility

Recommendations:

- Process/tool for asset inventory- IaaS: implement L7-network control with Threat prevention technologies and reporting- IaaS, PaaS, SaaS: system, application and account logging- Evaluate AI/ML services for anomaly detection and prevention

Users ApplicationsThreats

Systems Traffic

Security requirements 2019

Security defenses, processes and activitiesneeds to be measured and confirmed. Security and risks need to be reported

Right level of security based uponbusiness need

Gartner: “By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity”

14

IaaS & PaaS

YOUR CORPORATE NETWORK

INTERNET

ExpressRoute

BRANCH

Network layerPAN-OS FW

SaaS

Core security technologies

15

IaaS & PaaS

SaaS

YOUR CORPORATE NETWORK

INTERNET

ExpressRoute

BRANCH

Operating system and application

layer

Traps

SaaS Cloud layer

Aperture

SaaS

IaaS PaaSCloud layers

Redlock

IaaSPaaS

Compliance monitoring and

security analytics.

Operating system and application

layer

Traps

Core security technologies

16

IaaS & PaaS

SaaS

YOUR CORPORATE NETWORK

INTERNETBRANCH

Network layerPAN-OS FW

Operating system and application

layer

Traps

SaaS Cloud layer

Aperture

SaaS

IaaS PaaSCloud layers

Redlock

IaaSPaaS

Compliance monitoring and

security analytics.

Operating system and application

layer

Traps

Core security technologies

SaaS Cloud layer

Aperture

SaaS

17

IaaS & PaaS

SaaS

YOUR CORPORATE NETWORK

INTERNETBRANCH

Network layerPAN-OS FW

Operating system and application

layer

Traps

SaaS Cloud layer

Aperture

SaaS

IaaS PaaSCloud layers

Redlock

IaaSPaaS

Compliance monitoring and

security analytics.

Operating system and application

layer

Traps

Core security technologies

SaaS Cloud layer

Aperture

SaaS

IaaS PaaSCloud layers

Redlock

IaaSPaaS

Compliance monitoring and

security analytics.

CORTEX XDR: BREAKING SECURITY SILOS

CORTEX DATA LAKE

NETWORK

CORTEX XDRDETECTION & RESPONSE FOR

NETWORK, ENDPOINT AND CLOUD

ENDPOINT CLOUD

Automatically detect attacks

using rich data & cloud-

based behavioral analytics

Accelerate investigations

by stitching data together

to reveal root cause

Tightly integrate with

enforcement points to stop

Threats & Adapt defenses

Secure Operations Managed Security Services

Managed Firewall – perimeter – datacenter - cloud

Managed Endpoint – workstations – servers – cloud servers

”The Best Companion”