2. 2
• Hybrid - The New Normal
• More than Zero Trust
• Security Driven Networking
• Reasonable Level of Care
• Summary
AGENDA
3. 3
THE STATE OF ENTERPRISE SECURITY
FUNCTIONAL
OPERATIONAL SILOS
LACK OF VISIBILITY EVOLVING
NATURE OF THREATS
SECURITY TEAMS LACK THE MANPOWER, EXPERTISE, TOOLS AND PROCESSES
+
SECURITY SHOULD NOT BE A DIY EXERCISE
8. 8
Fundamental Failures in Data Breaches
§ Lessons from 12,000+ breaches:
» Failure to prioritize funding for cyber security -
lowest among peer group
» Lacked effective leadership and managerial
structure to implement reliable IT security policies
» Failure to implement critical basic security
measures, like two-factor authentication,
segmentation, awareness training, etc.
» Networks were “insecurely architected” and
running significant amounts of legacy
infrastructure - not integrated
» IT security program struggled to meet many
compliance requirements
» Lack of visibility, awareness & control
9. 9
A Reasonable Level of Due Care
Standard by which we’ll be judged...
§ due care Noun
… the care that a reasonable person would exercise under the
circumstances; the standard for determining legal duty
§ Equifax breach 143M affected “entirely preventable”
» Exploit of known Apache Strut vulnerability
» Breached in May-July but notified public in September 2017
» Exfiltration possible due to expired security certificate
» 2018 two credit freeze websites used expired certificates
» Default passwords “admin”
» Reasonable?
Critically, the Court found that, given the foreseeable risk of a data
breach, Equifax owed consumers an independent legal duty of care
to take reasonable measures to safeguard their personal
information in Equifax’s custody.
10. 10
Achieving a Reasonable Level of Due Care
Much more than zero trust...
§ Networking and Security as first Consideration
» Compliance is not enough
» Hybrid digital infrastructure & security as one
» Distributed segmentation & virtualization
» Outcome-based solutions - Business intent
§ Segmentation & Zero Trust Principles
» Identify, verify & authenticate
» Validate need to access (apps & ports)
» Log & monitor everything
» Integrated, automated response
» Backup per SLAs
» Encrypt as practical
§ Behavioral based detection & AI
§ Broad, integrated & automated
11. 11
Security Fabric Requirements
Beyond Products & Platforms
Open Ecosystem
Network
Security
Network Security
Device, Access, and
Application Security
Multi-Cloud Security
Network
Operations
Security Operations
Multi-Cloud
Security
Endpoint/Device
Protection
Secure
Access
Application
Security
Fabric
APIs
Fabric
Connectors
Security
Operations
INTEGRATED
AI-driven breach prevention across
devices, networks, and applications
AUTOMATED
Operations, orchestration,
and response
BROAD
Visibility of the entire
digital attack surface
12. 12
Where Who What When
Access Visibility: Endpoints, Users & Applications
DALLAS
AUSTIN
HOUSTON
VPN
14. 14
Branch
Access and
off-load
UCPE
3G/4G/5G
wireless
Transport
/ SDWAN
DC /
Private Cloud
Consumer
Access and
off-load
DC /
Cloud Services
Security Driven Networking
Consistent Security
§ Consistent and compliant policy
and visibility across physical,
virtual, cloud
§ Secure VPN connectivity from
private to public clouds
§ Segment applications and data
between clouds in hybrid and
multi-cloud environments
End-to-End Segmentation
§ Deploy into flat open
networks w/o disruption
§ Fine-grained policy based
on users/apps/data
§ Increased throughput for
inspecting east-west traffic
Automatically Scale Protection
§ Auto-scale inspection capacity
across cluster
§ Auto-provision rules to new
workloads
§ Orchestrate physical and virtual
service insertion