2. copyright 2015
About Us
2
Partner
Network
TECHNOLOGY PARTNER
Founded by Enterprise IT, Capital
Markets and ISV professionals
VNS3 cloud security appliance
launched in 2008
Secured over 500 million virtual
device hours in public, private, &
hybrid clouds
Chicago, London, and Palo Alto
VNS3 family of security and
connectivity solutions protects
cloud-based applications from
exploitation by hackers, criminal
gangs, and foreign governments.
1000+ customers in 20+ countries
across all industry verticals and
sectors
3. copyright 2015
Servers are moving by the millions per year into cloud and virtual
infrastructures, and applications are moving with them.
3
Millions of
Applications
by 2020
System Integrators
as a Service businesses
TECH
Geezeo®
ISV as a Service Offering
Cloud ERP Cloud
as a Service
4. copyright 2015
Everywhere these virtualized applications go,
they need security, integration and connectivity.
4
This creates the market for application security and
network services (Layers 3-7) for applications
deployed to public cloud.
ConnectivityIntegrationSecurity
5. copyright 2015
Network Penetration has gone Professional
•In the post-Snowden era, all servers
“on a wire” are compromised, or a
target to be, by hackers, criminals or
foreign governments.
•Regulatory implementation and
reporting demands are increasing
(HIPAA, PCI, NIST Cybersecurity, EU
Data Privacy, etc.)
5
By the Office of Compliance Inspections and Examinations1
Volume IV, Issue 2 April 15, 2014
OCIE CYBERSECURITY INITIATIVE
I. Introduction
The U.S. Securities and Exchange Commission’s Office of
Compliance Inspections and Examinations (OCIE) previously
announced that its 2014 Examination Priorities included a focus on
technology, including cybersecurity preparedness.2
OCIE is issuing
this Risk Alert to provide additional information concerning its
initiative to assess cybersecurity preparedness in the securities
industry.
II. Background
On March 26, 2014, the SEC sponsored a Cybersecurity
Roundtable. In opening the Roundtable, Chair Mary Jo White
underscored the importance of this area to the integrity of our
market system and customer data protection. Chair White also
emphasized the “compelling need for stronger partnerships between
the government and private sector” to address cyber threats.3
Commissioner Aguilar, who
recommended holding a Cybersecurity Roundtable, emphasized the importance for the
Commission to gather information and “consider what additional steps the Commission should
take to address cyber-threats.”4
1
The statements and views expressed herein are those of the staff of OCIE. This guidance is not a rule,
regulation, or statement of the Commission. The Commission has expressed no view on its contents. This
document was prepared by the SEC staff and is not legal advice.
2
Examination Priorities for 2014, available at: http://www.sec.gov/about/offices/ocie/national-examination-
Topic: Cybersecurity
Examinations
Key Takeaways: OCIE will be
conducting examinations of more
than 50 registered broker-
dealers and registered
investment advisers, focusing on
areas related to cybersecurity.
In order to empower compliance
professionals with questions and
tools they can use to assess their
respective firms’ cybersecurity
preparedness, OCIE has included
a sample cybersecurity document
request in the Appendix to this
Risk Alert.
6. copyright 2015
Others Agree
• FBI Director James Comey - http://goo.gl/34SEdy
"There are two kinds of big companies in the United States.There
are those who've been hacked by the Chinese and those who
don't know they've been hacked by the Chinese."
• ITRC - http://goo.gl/BtjNrC
621 data breaches, exposing over 77,890,487 records in 2014.
6
Source: Information is Beautiful http://goo.gl/QWllpM
CourtVentures
200,000,000
Yahoo Japan
22,000,000Dropbox
Adobe
152,000,000
!
!
JP Morgan
Chase
76,000,000
Gmail
5,000,000
2011 2012 2013 2014
Ebay
145,000,000
Health
4,500,000
Target
70,000,000
Home Depot
56,000,000AOL
2,400,000
Mozilla
NYTaxi
Kissinger
1,700,000
Vodafone
2,000,000Citi
150,000
Zappos
24,000,000
Facebook
6,000,000
Drupal
Korea Credit
Bureau
20,000,000
SC
Gov
D&B
MA
Gov
NY Gas
1,800,000
UPS
Snap
chat
Ubuntu
Sony Online
24,600,000
Evernote
24,600,000
Blizzard
14,000,000
Honda
CA
Emory
315,000
8. copyright 2015
A classic enterprise deployment pattern
for critical business infrastructure
8
Web Tier
AppServer
Tier
Database
Tier
User Traffic
Message
Queues
ETL
Usage
API
Usage
10. copyright 2015
In the post-Snowden era, with network penetrations performed by governments and
criminal gangs alike, penetration of one app, means potentially penetration of them all
10
13. copyright 2015
Introducing the next generation in application security
VNS3:turret
13
Application Security Controller
M
Virtual Adapter Virtual Adapter Virtual Adapter
Layer 3
Encrypted
Switch
Layer 3
Encrypted
Router
GRE
Protocol
Bridge
Protocol
Re-
Distributor
Industry Standard L4 - L7 PLUGIN System
Mesh Transaction
Management
Core Mesh
Firewall
Mesh Key
Management
Net Management
Interfaces
SSLVPN
Edge
IPsecVPN
Edge
Autonomics
Agents
RESTful
API Service Cloud Capacity Interfaces
Virtual
CPU(s)
AES-NI
Interface
Provisioned
IPOs
Enhanced
Network
Drivers
App
FW
Custom
Mods
SSL
Offload
Content
Cache
Internal
LB
IDS
IPS
Application Security Controller NIC(s)
Unique Encrypted Topology Identity
UniqueEncryptedTopologyIdentity
UniqueEncryptedTopologyIdentity
14. copyright 2015
Cloud Edge Protection
Cloud Isolation
CloudVLAN
Cloud Network Firewall
Cloud Network Service
VNS3
Database Tier
App Server
Tier
WebTier
Message
Queues
Application Security Controller creates unique
perimeters for each virtualized application
14
• Unique cryptographic
overlay network for each
application
• Deployed at each application
edge, fortifies and reinforces
security policies
• Cloud Native and Software
Defined
• Complements and extends
the DMZ (“hard edge”) of
the data center
15. copyright 2015
“Application Segmentation” completes the security model
15
Layer 3
!
Layer 2
!
Layer 1
!
Layer 0
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Application
Segmentation
Virtual
Segmentation
Limit of user access, control and visibility
Physical
Segmentation
Alcatel
DCN
VCN
VNS3 nodes are software-
only network security and
connectivity appliances.
!
“Application Segmentation”
provides the most
comprehensive application
security model available
today.
!
Create a cryptographically
unique Layer 3 network
for each application
deployment.
16. copyright 2015
VNS3: turret application security controllers are deployed as an encrypted, clustered micro-perimeter
to secure your mission critical business systems in public/private cloud.
16
17. copyright 2015
Deploy your applications inside theTurret’s unique, encrypted
overlay network, specific to that critical business infrastructure
17
18. copyright 2015
No server in your deployment talks to any other server without going through a mediating
security control. Turret acts as an encrypted smart-switch via its interior network interfaces.
18
19. copyright 2015
Once the micro-perimeter is established the broad policy
enforcement mechanism is in place, with strict traffic flow controls.
19
20. copyright 2015
L4-L7 plugins provide security and compliance automation for
BOTH edge operations and interior operations.
20
21. copyright 2015
Even if there is an initial penetration event, east-west risk is dramatically reduced by
network virtualized security, and the attempts are easier to recognize and isolate.
21
VNS3:turret protected virtual infrastructure
X
X
23. copyright 2015
Cloud Applications Secured
23
System Integrators
helping customers build
cloud-based businesses
“As a Service”
businesses being built in the cloud
Enterprise
extending business to the cloud
24. copyright 2015
VNS3 Product Family
24
Application Security Controller
provides an application micro-
perimeter platform
Security and connectivity
appliance with optional L4-L7
plug-in system
Virtual network management
providing a single pane of glass for
cloud-based virtual networks
High availability solution for self-
healing virtual networks
27. copyright 2015
✓ Deployed as part of customer’s cloud-based application.
✓ Patented system for network control in the cloud.
✓ Platform for customer and partner cloud network innovation
InsideVNS3:net
27