IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect

•

0 j'aime•699 vues

Chris Swan, CTO at Cohesive Networks presented the talk "Application centric – how the cloud has changed the way we deploy, secure and connect" at IM World 2015. Day 2, on the Business Software Stage. About the talk: The cloud has brought a new model for how we deploy applications. In the enterprise everything was put on the same network, ‘the intranet’. People claimed that things were safe there because they were, ‘behind the firewall’. It was easy to build a spaghetti of interconnections because everything could talk to everything. Cloud has changed all of that. At first it was just lonely virtual machines fending for themselves on the Internet, but now we have virtual private clouds (VPCs) and a multitude of ways to connect to them. Pretty much nobody has built a cloud intranet. The cloud is used to host applications, and each application gets its own security and connectivity. We’re moving to an application centric world.

Technologie

Chris Swan, CTO, @cpswan
Application centric:
How the cloud has changed the way
we deploy, secure and connect

© 2015
Google moves its corporate apps to the Internet
2
Google Inc., taking a new approach to enterprise security, is moving its corporate
applications to the Internet. In doing so, the Internet giant is flipping common
corporate security practice on its head, shifting away from the idea of a trusted
internal corporate network secured by perimeter devices such as firewalls, in
favor of a model where corporate data can be accessed from anywhere with the
right device and user credentials.
The new model — called the BeyondCorp initiative — assumes that the
internal network is as dangerous as the Internet.
(Wall Street Journal | “Google Moves Its Corporate Applications to the Internet” | May 11, 2015 )

© 2015
Traditional apps
4
Business applications are collections of (virtual) servers
Is the “right” traffic going to/from our servers?
Database Tier
AppServer Tier
Web Tier
= type of server

© 2015
Modern architectures don’t change things that much
5
Micro services based applications are collections of services
Is the “right” traffic going to/from our services?
Persistence services
Business services
Front end services
= type of server

© 2015
Enterprise data center
6
Perimeter Security
Enterprise data centers are filled with these applications, often left
insecure by lack of focus on interior network paths.
20% of Security
Spend is on
“interior”, yet 80% of
the network traffic.
80% of Security Spend is on perimeter, 20% of traffic.

© 2015
Hard on the outside, soft on the inside
7
Perimeter Security
Hacker
Penetration

© 2015
One penetration creates major “East-West” exposure
8
Perimeter Security
On average
undetected for
234 days!

© 2015
Cloud architectures have been different

© 2015
2006 – The lonely (and exposed) VM
VM

© 2015
Containment often not enough – overlays stayed
VM
VMVM VM VM

© 2015
Lots of people did something like this
VM

© 2015
Some even did something like this
VM VM

© 2015
And the really large (or paranoid) might do this
VM
VM

© 2015
Thankfully almost nobody tries to do this

© 2015
What was that perimeter made of?
A quick detour to the worlds of:
Unified Threat Management (UTM)
and Application Delivery Controllers (ADC)

© 2015
Unified Threat Management
Firewall
NIDS/NIPS
AV
Anti Spam
VPN
DLP
Load Balancer
UTM

© 2015
Application Delivery Controllers
Cache
TLS offload
Compression
WAF
Multiplexing
Load Balancer
ADC
Traffic Shaping

© 2015
Networks made from and configured by software

© 2015
We can put a bunch of ‘network’ onto a VM
Firewall
VPN
Switch
Router

© 2015
And add more functions into containers
Firewall
VPN
Switch
Router
Cache
TLS offload
WAF
Load Balancer
NIDS/NIPS

© 2015
This could be thought of as an app centric perimeter

© 2015
But it refactors very readily into microservices

© 2015
Building in
CC photo by WorldSkills

© 2015
PaaS gives us the chance to ‘bolt in’

© 2015
But Docker adoption shows a movement against
opinionated platforms

© 2015
If a security event happens and it isn’t monitored

© 2015
ToDo: SecDevOps
APIs are necessary but not sufficient:
Need to have them integrated into the overall system
Control metadata (and its mutability):
Must be visible and understandable
Security events need to be captured:
Then turned into something humans can action

Contenu connexe

Tendances

A Practical Guide to Migrating Legacy Applications

Cloudsoft

Have cloud, will delight

Movate

Presented at Interop, Mumbai -2009. Due to its unique model, clouds are being loved by techies and businessmen alike. However, clouds also present unique challenges such as dependency on Internet connectivity, vendor lock-in, vendor infrastructure as a single point of failure as well as lack of control over the SaaS software release schedule. That said, each of these challenges can be effectively tackled. For instance, Internet connectivity challenges can be addressed by means of caching devices, while "Cloud Virtualizers" can help in addressing vendor lock-in and vendor infrastructure as a single point of failure. The goal of this session is to make the audience aware of the opportunities, while effectively tackling cloud-related challenges.

Walking In Clouds Thunderbolts Are Opportunities

Abhinav Jawadekar

IBM Cloud Point of View

Andrzej Osmak

Of Clouds and Container Ships

Brian McCallion

Engage more Customers Re-build Trust in Internet Services, Open-Xchange - Uni...

Univention GmbH

Federation - One Cloud

The Fiction Tribe ®

Telstra Cloud

Telstra_International

Secure your journey to the public cloud

Barracuda Networks Inc

Pulling Back the Curtain - Robert Ames

scoopnewsgroup

The Impact of Cloud Computing and the Event Industry's Cloud Killer

Michelle Bruno

Cast Iron for NetSuite Sales Training

Sean O'Connell

Comarch ICT - CLOUD EXPO

Comarch_Services

Adform Cloud Infrastructure

Matas Tvarijonas

Hybrid Cloud Point of View - IBM Event, 2015

Denny Muktar

Cloud for IT Apprentices

Simon May

At EVOLUTION Seattle on September 16, 2015, Peter Ferris, Equinix Senior Vice President, highlights how Equinix's leading interconnection platform can help accelerate the business of partners, customer and prospects inside the Seattle Space Needle. Along with discussing use cases on direct connectivity to the public cloud and hybrid cloud, and case studies that addressed business challenges, the presentation highlights the importance of embracing the speed of change. To learn more about Equinix products and solutions, contact a Sales Rep today: http://www.equinix.com/contact-us/sales/.

EVOLUTION Seattle

Equinix

TIBCO Silver at the SOA Forum in Paris Oct 6 2009

sfarestam

Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...

GovCloud Network

Sidecar patterns in modern infrastructure

Matas Tvarijonas

Tendances (20)

A Practical Guide to Migrating Legacy Applications

Have cloud, will delight

Walking In Clouds Thunderbolts Are Opportunities

IBM Cloud Point of View

Of Clouds and Container Ships

Engage more Customers Re-build Trust in Internet Services, Open-Xchange - Uni...

Federation - One Cloud

Telstra Cloud

Secure your journey to the public cloud

Pulling Back the Curtain - Robert Ames

The Impact of Cloud Computing and the Event Industry's Cloud Killer

Cast Iron for NetSuite Sales Training

Comarch ICT - CLOUD EXPO

Adform Cloud Infrastructure

Hybrid Cloud Point of View - IBM Event, 2015

Cloud for IT Apprentices

EVOLUTION Seattle

TIBCO Silver at the SOA Forum in Paris Oct 6 2009

Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...

Sidecar patterns in modern infrastructure

En vedette

Delivering petabyte-scale computational resources to a large community of users while meeting stringent security and compliance requirements presents a host of technical challenges. Seven Bridges Genomics met and overcame them when building the Cancer Genomics Cloud Pilot (CGC) for the National Cancer Institute. The CGC helps users to solve massive computational problems involving multidimensional data, which include: running diverse analyses in a reproducible manner, collaborating with other researchers, and keeping personal data secure to comply with NIH regulations on controlled data sets. Seven Bridges will highlight the lessons learned along the way, as well as best practices for constructing secure and compliant platform services using Amazon S3, Amazon Glacier, AWS Identity and Access Management (IAM), Amazon VPC, and Amazon Route 53.

(SEC313) Security & Compliance at the Petabyte Scale

Amazon Web Services

Modern deployment and hosting environments have created a new dynamism to application, network, and development architectures. Compute resources are ephemeral, networks are instantiated and configured with API calls, and new versions of applications are deployed in seconds... security has not met this challenge gracefully. In this talk, we explore some new and interesting ways to make security reactive within cloud environments by dynamically changing the environment in response to and in preparation for security incidents, baby steps toward an architecture that can protect itself.

Reactive Cloud Security | AWS Public Sector Summit 2016

Amazon Web Services

Madhu Akula, Automation Ninja We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will use AWS for managing and securing the infrastructure discussed in our talk. For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market. As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customise and deploy their very own FOSS based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.

Automated Infrastructure Security: Monitoring using FOSS

Sonatype

ITV& Bashton

Amazon Web Services

Developing highly scalable applications with Symfony and RabbitMQ

Alexey Petrov

Yirgacheffe Chelelelktu Washed Coffee 2015

Golden Future Trading Ltd

Chicago AWS user group meetup - May 2014 at Cohesive All slides from the May 2014 Meetup. Talks included: • "Mining crypto currency on AWS spot instance" - Scott VanDenPlas, Engineer at el el see @scottvdp • "HA for healthcare" - Ryan Koop, Director of Products & Marketing, Cohesive @ryankoop • "Using AWS for HA at BrightTag" - Matt Kemp, Engineer of Things™ at BrightTag @mattkemp • So nice, he's talking twice. - Scott VanDenPlas, Engineer at el el see @scottvdp Join us again June 24 at Mediafly and in July back at Cohesive!

Chicago AWS user group meetup - May 2014 at Cohesive

AWS Chicago

Jake Fox Pd. 5

LigScience2

Apache Ambari: Managing Hadoop and YARN

Hortonworks

Platform - Technical architecture

Security For Humans

Risk management

Een Gezond Gebit2

Alan Johnson Resume

Evolution of OPNFV CI System: What already exists and what can be introduced

OPNFV

Introduction to smpc

Cysinfo Cyber Security Community

AWS + Puppet = Dynamic Scale

Shiva Narayanaswamy

You know, for search

Peter van der Weerd

Persistence in the cloud with bosh

m_richardson

Neuigkeiten von DEPAROM & Co

Arne Krueger

En vedette (20)

(SEC313) Security & Compliance at the Petabyte Scale

Reactive Cloud Security | AWS Public Sector Summit 2016

Automated Infrastructure Security: Monitoring using FOSS

ITV& Bashton

Developing highly scalable applications with Symfony and RabbitMQ

Yirgacheffe Chelelelktu Washed Coffee 2015

Chicago AWS user group meetup - May 2014 at Cohesive

Jake Fox Pd. 5

Apache Ambari: Managing Hadoop and YARN

Platform - Technical architecture

Security For Humans

Risk management

Een Gezond Gebit2

Alan Johnson Resume

Evolution of OPNFV CI System: What already exists and what can be introduced

Introduction to smpc

AWS + Puppet = Dynamic Scale

You know, for search

Persistence in the cloud with bosh

Neuigkeiten von DEPAROM & Co

Similaire à IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect

Why 85% of workloads are not on public cloud, and why they will be

ProfitBricks

2015 cloud trend and cloud DR

bizmerce

Wavefront by vmware june 2019 - legraswindow

Anil Gupta (AJ) - vExpert

Did you know that on average, it takes organizations more than three months using legacy load balancers to scale their load balancing capacity? That includes tedious policy management, expensive over-provisioning (or even more expensive under-provisioning), and the risk of supply-chain delays. Join us for an eye-opening discussion of application delivery done right. By following the guiding principles of a cloud operating model, your team can get operational simplicity, multi-cloud consistency, pervasive analytics, holistic security and full life-cycle automation. This means less time spent on manual, repetitive tasks and troubleshooting, freeing up more time to proactively manage and automate your load balancers.

One And Done Multi-Cloud Load Balancing Done Right.pptx

Avi Networks

Providing development and engineering teams with access to cloud resources introduces challenges around deploying the proper security policies. Organizations need automated security solutions that enable their engineers to spin up their own secure environments for application development with a push of a button. Join our upcoming webinar with Palo Alto Networks, REAN Cloud, and AWS, to learn how organizations are leveraging Palo Alto Networks VM-Series and REAN Cloud to build a simple, fast, and automated solution on AWS that helps provision secure environments for developers.

Automate the Provisioning of Secure Developer Environments on AWS PPT

Amazon Web Services

View on demand webinar: https://securityintelligence.com/events/introducing-ibm-cloud-security-enforcer-casb-idaas-and-threat-prevention/ Cloud Security Enforcer is the first solution to combine Cloud Access Security Broker (CASB) functionality with identity services (IDaaS), policy enforcement and dynamic threat prevention intelligence into a single integrated SaaS solution. Join Daniel Wolff, Program Director Cloud Security Product Management, and Gonzalo de la Hoz, IAM European Segment Leader, as we discuss how IBM Cloud Security Enforcer has integrated multiple technologies crucial to enabling safe adoption of cloud applications in the enterprise: - Cloud application discovery and risk - Cloud identity services and application on-boarding - Closing the mobile device gap - Policy enforcement and threat prevention

Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention

IBM Security

Enabling Secure Use of Cloud Applications

Sonia Baratas Alves

Cloud Computing - Everything you wanted to know!

Debasish Patra

Cloud_computing Notes.docx

Bhavana Sangamnerkar

Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud

Aleksandar Francuz

Transformace IT s technologiemi VMware

MarketingArrowECS_CZ

Cloud Options for a Modern Architecture

Prolifics

IntoductionToCloudComputing.pptx

wawan-irawan

Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.

Sam Herath - Six Critical Criteria for Cloud Workload Security

centralohioissa

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). We conclude with a brief demonstration.

Delivering infrastructure, security, and operations as code - DEM06 - Santa C...

Amazon Web Services

Cloud computing offers much promise to the military by addressing the fundamentals of increasing mission agility / complexity in a climate of economic constraint. This presentation - given to the NATO IST-125 panel in Ankara, Turkey on the 11th Jun 2015 - analyses cloud usage in three project case studies then specifically considers the SECURITY challenge and how this can be addressed as cloud evolves in future.

Cloud for the Military - Projects, Promise

John Palfreyman

With the rise of cloud computing, Wi-Fi hotspots and the mobile workforce, the way we work has fundamentally changed. The complex, hardware-based and distributed legacy VPN technology of the past, is no longer relevant for today. Luckily, the emergence of cloud-based VPN and software-defined perimeter technology offers businesses the ability to protect critical company resources—based on-premise and in the cloud—in a simple and seamless way.

The Software-Defined Perimeter: Securing Network Access for the Modern Workforce

Perimeter 81

Cw13 securing your journey to the cloud by rami naccache-trend micro

TheInevitableCloud

Cloud computing ppt

shibamughal

Introduction to Cloud B2B Integration

Mark Morley, MBA

Similaire à IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect (20)

Why 85% of workloads are not on public cloud, and why they will be

2015 cloud trend and cloud DR

Wavefront by vmware june 2019 - legraswindow

One And Done Multi-Cloud Load Balancing Done Right.pptx

Automate the Provisioning of Secure Developer Environments on AWS PPT

Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention

Enabling Secure Use of Cloud Applications

Cloud Computing - Everything you wanted to know!

Cloud_computing Notes.docx

Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud

Transformace IT s technologiemi VMware

Cloud Options for a Modern Architecture

IntoductionToCloudComputing.pptx

Sam Herath - Six Critical Criteria for Cloud Workload Security

Delivering infrastructure, security, and operations as code - DEM06 - Santa C...

Cloud for the Military - Projects, Promise

The Software-Defined Perimeter: Securing Network Access for the Modern Workforce

Cw13 securing your journey to the cloud by rami naccache-trend micro

Cloud computing ppt

Introduction to Cloud B2B Integration

Plus de Cohesive Networks

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

Cohesive Networks

Defense in depth: practical steps to securing your data and achieving compliance Presented by Chris Purrington, the VP Sales Europe at Cohesive Networks Perimeter-based security approaches have not evolved to meet the modern application-focused enterprise. The weaknesses of the perimeter-based approach are on display in the east/west attacks on Sony, Target, and Home Depot exploits where hackers gained access to the perimeter, then ransacked the internal networks with minimal resistance. What can modern enterprises do? A “defense in depth” approach to security at the network layer. Enterprises must strengthen existing core networking hardware and virtualization layer security with added application security. In data centres, physical network isolation is not practical, and logical segmentation can be very difficult without using evolved networking approaches. As data centers became wholly virtualized and blur the line between data center and private cloud, we can finally add and control logical segmentation at the virtualization layer. This “Application Segmentation” provides the most comprehensive security model available today. You can apply application segmentation defense in depth using Cohesive Networks’ VNS3:turret. VNS3:turret creates a cryptographically unique micro-perimeter around each application topology. This presentation will examine how an defense in depth at the application layer can stop the next Sony attack.

Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...

Cohesive Networks

Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016 LocusView Solutions, a Chicago-based subsidiary of the Gas Technology Institute (GTI), applied the NIST Cybersecurity Framework to pass penetration tests and compliance auditing in 2015. LocusView provides a SaaS solutions to the natural gas industry, and wanted to go beyond standard regulatory compliance to save money and streamline the audit process. As organizations spend more time and efforts to fight data breaches and fears of fallout from a data loss, IT teams like LocusView can begin comparing existing cybersecurity practices to the NIST Framework to quickly identify any gaps in pinpointing, assessing, and managing risks in their networks. The NIST Framework was created for critical infrastructure — banking, aviation, defense — all organizations can easily apply the principles to their operations. While traditional audit-focused standards value policies and checklists, NIST’s risk-based approach focuses on business and customers. As part of an in-depth audit, LocusView used the NIST Framework to ensure everything from customer data to cloud-based networks are truly secure.

Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...

Cohesive Networks

Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360 presentation 2016 More vital organization data is living outside of a traditional data center in modern organizations, but why haven’t our security practices changed? The problem starts with the perimeter-heavy, fortify-the-exterior approach. When it fails to stop cybercrime, it can cost upwards of $100M. By focusing on the application, data, and user as the important security layers organizations can both prevent and mitigate attacks. Application layer network security can improve network performance, security and add control over applications. Software-defined networking (SDN) and network functions virtualization (NFV) have all but eliminated the cost and complexity of adding security at every level. Organizations can best control all data and network traffic by using secure, encrypted switches at every layer within a network. Monitored access, encryption, and application-specific firewall rules can all but eliminate malicious “east/west” movement inside a network. Learn how upcoming security compliance regulations – like NIST, PCI, and the EU banking standards – are focusing in on security requirements at all layers. 2016 will be a game-changing year for application security.

Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...

Cohesive Networks

Slides from the Chicago AWS user group on May 5th, 2016. Asaf Yigal, Co-Founder and VP Product at Logz.io, presented on using Elasticsearch, Logstash, and Kibana in Amazon Web Services. "Setting up the increasingly-popular open-source ELK Stack (Elasticsearch, Logstash, and Kibana) on AWS might seem like an easy task, but we have gone through several iterations in our architecture and have made some mistakes in our deployments that have turned out to be common in the industry. In this talk, we will go through what we did and explain what worked and what failed -- and why. We will also provide a complete blueprint of how to set up ELK for production on AWS." ~ @asafyigal

Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)

Cohesive Networks

The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...

Cohesive Networks

Comparison: VNS3 vs Vyatta

Cohesive Networks

Comparison: VNS3 and Openswan

Cohesive Networks

Get started with VNS3 Learn how to customize your VNS3 device and network setup. This guide will walk you through how to change your username and passwords, set up VNS3 Firewalls, take VNS3 Snapshots for backup and recovery, Upgrade your VNS3 license, configure other routes in your network, enable SNMP support, and even reset factory defaults. For additional help, please contact Cohesive Networks Support: https://cohesive.net/support/support-contacts

Cohesive Networks Support Docs: VNS3 Administration

Cohesive Networks

Get started with VNS3 virtual networking devices.Configure VNS3 for the first time from the web-based UI. Once you log in to VNS3, you can customize your device and network setup, including: generate clientpacks, peering VNS3 Controllers in a mesh, IPsec configurations with VNS3 Controllers, IPsec configuration with remove devices, client server connection options, overlay client server configurations, and how to review your VNS3 and overlay network configurations. For additional help, please contact Cohesive Networks Support: https://cohesive.net/support/support-contacts

Cohesive Networks Support Docs: VNS3 Configuration Guide

Cohesive Networks

Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) EC2 public cloud environments. Note: this guide is for AWS customers who are able to launch AMIs outside of VPC (using AWS before 2009) About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic

Cohesive Networks

Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC

Cohesive Networks

Use this VNS3 set up guide to get started in Microsoft Azure public cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration in Azure

Cohesive Networks

Use this VNS3 set up guide to get started in CenturyLink Cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud

Cohesive Networks

Use this VNS3 set up guide to get started in IBM Cloud and IBM Softlayer environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer

Cohesive Networks

Use this VNS3 set up guide to get started in ElasticHosts public cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts

Cohesive Networks

Use this VNS3 set up guide to get started in Google Cloud and GCE environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.

Cohesive Networks Support Docs: VNS3 Configuration for GCE

Cohesive Networks

Cohesive Networks Support Docs: Welcome to VNS3 3.5

Cohesive Networks

Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide

Cohesive Networks

Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide

Cohesive Networks

Plus de Cohesive Networks (20)

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...

Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...

Let’s rethink cloud application security in 2016 - Patrick Kerpan's Secure360...

Lessons Learned in Deploying the ELK Stack (Elasticsearch, Logstash, and Kibana)

The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...

Comparison: VNS3 vs Vyatta

Comparison: VNS3 and Openswan

Cohesive Networks Support Docs: VNS3 Administration

Cohesive Networks Support Docs: VNS3 Configuration Guide

Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic

Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC

Cohesive Networks Support Docs: VNS3 Configuration in Azure

Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud

Cohesive Networks Support Docs: VNS3 Configuration for IBM Softlayer

Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts

Cohesive Networks Support Docs: VNS3 Configuration for GCE

Cohesive Networks Support Docs: Welcome to VNS3 3.5

Cohesive Networks Support Docs: VNS3 Side by Side IPsec Tunnel Guide

Cohesive networks Support Docs: VNS3 3.5 Upgrade Guide

Dernier

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Introduction to use of FHIR Documents in ABDM

Kumar Satyam

Design and Development of a Provenance Capture Platform for Data Science

Paolo Missier

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

Event-Driven Architecture Masterclass: Challenges in Stream Processing

ScyllaDB

In the ever-evolving landscape of data management, Zero-ETL is an approach that is reshaping how businesses handle and integrate their data. This webinar explores Zero-ETL, a paradigm shift from the traditional Extract, Transform, Load (ETL) process, offering a more streamlined, efficient, and real-time data integration method. We will begin with an introduction to the concept of Zero-ETL, including how it allows direct access to data in its native environment and real-time data transformation, providing up-to-date information with significantly reduced data redundancy. Next, we'll take you through several demonstrations showing how Zero-ETL can deliver real-time data and enable the free movement of data between systems. We will also discuss the various tools that support all aspects of Zero-ETL, providing attendees with an understanding of how they can adopt this innovative approach in their organizations. Lastly, the session will conclude with an interactive Q&A segment, allowing participants to gain deeper insights into how Zero-ETL can be tailored to their specific business needs and how they can get started today. Join us to discover how Zero-ETL can elevate your organization's data strategy.

The Zero-ETL Approach: Enhancing Data Agility and Insight

Safe Software

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

caitlingebhard1

Intro to Passkeys and the State of Passwordless.pptx

FIDO Alliance

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

WSO2

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

WSO2

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

DBX First Quarter 2024 Investor Presentation

Dropbox

"The Ultimate Prompt Engineering Guide for Generative AI" provides a comprehensive guide to leveraging the power of AI assistants through effective prompt design. It explores fundamental prompt concepts and details strategies for crafting prompts that maximize output quality. Readers learn about iterative refinement, examples, constraints, and advanced techniques like chaining and decomposition. Case studies demonstrate real-world applications in content creation, coding, analysis, and more. Trends in multimodal, automated, and responsible prompting are also examined. This book is a must-read for anyone seeking to optimize generative AI capabilities.

The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...

SOFTTECHHUB

In this session, we will discuss the journey of API governance from its initial, ungoverned state to the development of sophisticated models that tackle contemporary challenges. We'll explore how APIs have become essential in the intersection of business and technology, adapting to advancements and evolving needs. We'll focus on how organizations have moved from launching to monetizing APIs, using models like pay-per-use and subscriptions, and finding the right balance between technical implementation and business strategy. We'll also highlight the impact of governance on monetization strategies, especially how data security, compliance, and service quality influence pricing. Real-world examples will demonstrate the effective integration of governance with monetization, including AI's role in dynamic pricing. Looking ahead, we'll share insights into future trends in API governance and monetization, emphasizing the importance of adaptability, continuous learning, and innovation.

API Governance and Monetization - The evolution of API governance

WSO2

How to Check CNIC Information Online with Pakdata cf

danishmna97

Simplifying Mobile A11y Presentation.pptx

MarkSteadman7

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

ADP Passwordless Journey Case Study.pptx

FIDO Alliance

Dernier (20)

Six Myths about Ontologies: The Basics of Formal Ontology

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Introduction to use of FHIR Documents in ABDM

Design and Development of a Provenance Capture Platform for Data Science

Overview of Hyperledger Foundation

Event-Driven Architecture Masterclass: Challenges in Stream Processing

The Zero-ETL Approach: Enhancing Data Agility and Insight

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Intro to Passkeys and the State of Passwordless.pptx

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Modernizing Legacy Systems Using Ballerina

Introduction to Multilingual Retrieval Augmented Generation (RAG)

DBX First Quarter 2024 Investor Presentation

The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...

API Governance and Monetization - The evolution of API governance

How to Check CNIC Information Online with Pakdata cf

Simplifying Mobile A11y Presentation.pptx

AI in Action: Real World Use Cases by Anitaraj

ADP Passwordless Journey Case Study.pptx

IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect

1. Chris Swan, CTO, @cpswan Application centric: How the cloud has changed the way we deploy, secure and connect

2. © 2015 Google moves its corporate apps to the Internet 2 Google Inc., taking a new approach to enterprise security, is moving its corporate applications to the Internet. In doing so, the Internet giant is flipping common corporate security practice on its head, shifting away from the idea of a trusted internal corporate network secured by perimeter devices such as firewalls, in favor of a model where corporate data can be accessed from anywhere with the right device and user credentials. The new model — called the BeyondCorp initiative — assumes that the internal network is as dangerous as the Internet. (Wall Street Journal | “Google Moves Its Corporate Applications to the Internet” | May 11, 2015 )

5. © 2015 Modern architectures don’t change things that much 5 Micro services based applications are collections of services Is the “right” traffic going to/from our services? Persistence services Business services Front end services = type of server

6. © 2015 Enterprise data center 6 Perimeter Security Enterprise data centers are filled with these applications, often left insecure by lack of focus on interior network paths. 20% of Security Spend is on “interior”, yet 80% of the network traffic. 80% of Security Spend is on perimeter, 20% of traffic.

38. © 2015 ToDo: SecDevOps APIs are necessary but not sufficient: Need to have them integrated into the overall system Control metadata (and its mutability): Must be visible and understandable Security events need to be captured: Then turned into something humans can action

IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect

Similaire à IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect (20)

Plus de Cohesive Networks

Plus de Cohesive Networks (20)

Dernier

Dernier (20)

IM World presentation from Chris Swan: Application centric – how the cloud has changed the way we deploy, secure and connect