2. copyright 2015
New realities of cybersecurity
2
• Attacks have become professional
• All servers “on a wire” are compromised or a target
to be by hackers, criminals or foreign governments
• Regulatory requirements and reporting demands are
increasing (HIPAA, PCI, NIST Cybersecurity, EU Data
Privacy, etc.)
3. copyright 2015
• FBI Director James Comey: "There are two kinds of big companies in
the United States.There are those who've been hacked by the
Chinese and those who don't know they've been hacked by the
Chinese."
• ITRC: 621 data breaches, exposing over 77,890,487 records in 2014
Each hack proves the need for preventive security
3
Source: Information is Beautiful http://goo.gl/QWllpM
CourtVentures
200,000,000
Yahoo Japan
22,000,000Dropbox
Adobe
152,000,000
JP Morgan
Chase
76,000,000
Gmail
5,000,000
2011 2012 2013 2014
Ebay
145,000,000
Target
70,000,000
Home Depot
56,000,000AOL
2,400,000
Mozilla
NYTaxi
Kissinger
1,700,000
Vodafone
2,000,000Citi
150,000
Zappos
24,000,000
Facebook
6,000,000
Drupal
Korea Credit
Bureau
20,000,000
SC
Gov
D&B
MA
Gov
NY Gas
1,800,000
Snap
chat
Sony Online
24,600,000
Evernote
24,600,000
Blizzard
14,000,000
Honda
CA
Emory
315,000
Anthem
80,000,000
Health
4,500,000
UPS
Ubuntu
4. copyright 2015 4
The Problem - Sony Case-Study
The Solution -VNS3 Application Segmentation
5. copyright 2015
A typical business application
5
WebTier
AppServer
Tier
Database
Tier
Message
Queues
9. copyright 2015 9
The Problem - Sony Case-Study
The Solution - An Application Security Controller
10. copyright 2015
Create a micro-perimeter around critical applications
in any data centre, cloud or virtualised environment
10
11. copyright 2015
PerimeterSecurity
Even if there is an initial penetration event, East-West access is
dramatically reduced and the attempts are easier to recognise and isolate
11
X X
12. copyright 2015
What makes an application perimeter?
12
Bastion host
Embedded firewall
(and TLS and proxy)
Integrated network
intrusion detection
Encrypted overlay networking
14. copyright 2015
Why now - demand
14
NIST Cyber Security Framework
PR.AC-5
Network integrity is protected,
incorporating network segregation
where appropriate
15. copyright 2015
Why now - supply
15
Network FunctionVirtualisation
- we can make networks out of
virtual machines and containers
Software Defined Networking
-we can manage networks
through APIs
16. copyright 2015
VNS3 product family
16
Application Security Controller
turret
free, self-service cloud connectivity
vpn
security and connectivity networking
net
scalable
VPN
end-to-end
encryption
multi-cloud,
multi-region
monitor &
manage
automatic
failover
secure app
isolation
✓ ✓ ✓ ✓ ✓ ✓
✓ ✓ ✓ + +
✓ ✓
virtual network management system
ms
high availability & automatic failover
ha
ADD-ONs
+
+
17. copyright 2015
Anywhere an application can go - it needs
security & connectivity.
Summary
• Applications accessible via the Internet (public or private
cloud) are targets.
• One compromise becomes the starting point for East-West
attacks across an Intranet.
• Application Security Controllers use NFV and SDN to build an
application centric perimeter within the established Enterprise
perimeter.
• Brings the public cloud model home to the Enterprise.
17
18. copyright 2015
Cohesive Networks - cloud security made easy
18
VNS3 family of security and
connectivity solutions protects
cloud-based applications from
exploitation by hackers, criminal
gangs, and foreign governments
1000+ customers in 20+ countries
across all industry verticals and
sectors
Partner
Network
TECHNOLOGY PARTNER
Questions?