safe journey to the cloud - controlware...• market-leading threat prevention –anti-bots, ips,...
TRANSCRIPT
1©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
Chris Strebl
Cloud Security Architect EMEA
SAFE JOURNEY TO THE CLOUD
2©2018 Check Point Software Technologies Ltd.
XaaS – “X” As a Service
3©2018 Check Point Software Technologies Ltd.
Customer responsible for security in the cloud
Cloud vendor responsible for security of the cloud
Cloud = Shared Responsibility
Cloud Global Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption (File System / Data)
Network Traffic Protection (Encryption,
Integrity, Identity)
4©2018 Check Point Software Technologies Ltd.
STATE OF CLOUD CYBER SECURITY
esecurityplanet.com, September 19, 2017 pcmag.com, July 7, 2017
Lightreading.com – September 5, 2017Gizmodo.com – September 19, 2017 Scmagazine.com, September 5, 2017
ZDNet.com, August 16, 2017
5©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
CloudGuard IaaS + Dome9 = Comprehensive Multi-Cloud Security
• Market-leading threat prevention – anti-bots, IPS, anti-malware, AV and more
• Securely connect your hybrid cloud
• Adaptive policy for macro-segmentation
• Full security visibility and control
• Cloud services and applications are never exposed
• Continuous compliance for cloud native services
• Auto-remediation of security misconfigurations
• Active protection against identity theft and data loss
6©2018 Check Point Software Technologies Ltd.
About Dome9
300+customers
100Global 2000
100+employees
Mountain View, CA
Tel Aviv, Israel
6
7©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Network Security
Privileged Identity Protection
Cloud Threat Intelligence
Protecting your Cloud workloads and services is no longer complex. Get full security visibility & control with continuous compliance
Continuous Compliance
Check Point CloudGuard Dome9SaaS Platform for Security and Compliance Automation in the Public Cloud
Native Support for the Big 3 Clouds
8©2018 Check Point Software Technologies Ltd.
Clarity: Complete Network & Security Visibility
9©2018 Check Point Software Technologies Ltd.
Dome9 Compliance Bundles
10©2018 Check Point Software Technologies Ltd.
Compliance Engine: Cloud Compliance and Best Practices
11©2018 Check Point Software Technologies Ltd.
Continues Compliance
Alerts Console
Email (Scheduled Report)
Email (Immediate Notification)
SNS (Slack, Sumo Logic / Splunk;
ElasticSearch; S3; Remediation script/functions)
Ticketing System
Service Now
Jira
PagerDuty
AWS Security Hub
12©2018 Check Point Software Technologies Ltd.
Dome9 Magellan: Context-Aware Security Intelligence
Enriched FlowLogs
Visual Traffic Map Detailed Properties
Canned & Custom Queries
13©2018 Check Point Software Technologies Ltd.
Traditional Security Not Designed FOR CLOUD
Static workloads
Manually intensive
DevOps don't know Security
IT Security doesn't know Cloud
14©2018 Check Point Software Technologies Ltd.
NO Threat Prevention in real time (L4-L7 protections)
NO unified management for all Clouds & Traditional Data Center
NO Identity based authentication access to applications
NO URL Filtering
NO Threat Extraction and Zero-day Sanboxing
WHERE CLOUD NATIVE SECURITY FALLS SHORT
15©2018 Check Point Software Technologies Ltd.
Where are we ?
1990 2000 2010 2015 2017
THREATS
PROTECTIONS
Networks
Gen II
Applications
Gen III
Payload
Gen IV
GRADE I
GRADE II
GRADE III
GRADE V
GRADE IV
Virus
Gen I
Enterprises are between
Gen 2-3
2.8
Mega
Gen V
16©2018 Check Point Software Technologies Ltd.
Lateral threat movements
Data breach due to misconfiguration
Abuse of cloud services
API hacking
Malicious insiders
THIS MIGHT EXPOSE YOU TO…
17©2018 Check Point Software Technologies Ltd.
4 STEPS TO SECURE YOUR CLOUD
18©2018 Check Point Software Technologies Ltd.
STEP #1: CONTROL THE CLOUD PERIMETER
•Use advanced threat prevention at the cloud perimeter
•Securely connect your cloud with your on-premise environment
CLOUD
ON-PREMISE
19©2018 Check Point Software Technologies Ltd.
STEP #2: SECURE THE CLOUD FROM THE INSIDE
•Micro-segment your cloud to control inside communication
•Prevent lateral threats movement between applications
App
App
App
App
20©2018 Check Point Software Technologies Ltd.
STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS
• Deploy unified security management for your hybrid cloud (On-Premise and Cloud)
• Ensure policy consistency
• Reduce operation cost
CLOUD
ON-PREMISE
21©2018 Check Point Software Technologies Ltd.
STEP #4: AUTOMATE YOUR SECURITY
Security should be as elastic and dynamic as your cloud
• Auto-provisioning via templates and APIs
• Auto-scale security with Pay-as-you-Go
• Adaptive to changes
22©2018 Check Point Software Technologies Ltd.
Consistent security policy and control across ALL Private and Public CloudsACI
THE CloudGuard FAMILY
23©2018 Check Point Software Technologies Ltd.
Fast API connectLook for a security solution that talks to all major vendor Architectures
Security Workgroups
Public
Private
For AWS
For Azure
For NSX
For vCenter For ACIFor OpenStack
For Google
24©2018 Check Point Software Technologies Ltd.
ADAPTIVE SECURITY
Reduce Firewall Tickets by 60%
Telefonica: “vSEC adaptive security is a game changer.”
Check Point Access Policy
Rule From To Application Action
3 Finance_App1(vCenter Object)
Database_Group
(NSX SecGroup)MSSQL Allow
4 HR_App2(Open StackObject)
Finance_Group(ACI EndPoint Group)
CRM Allow
5 User_ID SAP_App(Azure Object)
SAP Allow
25©2018 Check Point Software Technologies Ltd.
CloudGuard IaaS FOR THE CLOUD
Infrastructure Security
Next Generation Firewall & VPN
Application and Data Security
Advanced Threat Prevention
Forensic Analysis
CloudVendor
26©2018 Check Point Software Technologies Ltd.
‘Cloud Ready’ Unified Access Policy
Users Devices Applications Data Gateways Mobile Public Cloud Private Cloud
27©2018 Check Point Software Technologies Ltd.
SUMMARY
Cloud is eating the world
Bad guys are everywhere
Cloud Native Controls are good, but…
Own your security!
You can get burned when it’s cloudy, protect yourself!
28©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
THANK YOU