Bezbednost nema alternativu17.05.2018. Crowne Plaza

Novi IT - novi bezbednosni izazovi

Miroslav Kržićmiroslav.krzic@coming.rs

Od tradicionalnog ka novom IT

Podrška za tradicionalne aplikacije i arhitekture uz pomoć efikasne virtuelizacije i cloudsistema zasnovanih na virtuelnoj infrastrukturi

Podrška za nove aplikacije i arhitekture uz pomoć skalabilnih, konvergentnih cloud rešenja

Zajednička softverski definisana platforma za tradicionalni i novi IT

Tradicionalni IT Novi IT

IT spreman za budućnost

Secure by DesignBezbedan od početka

Nova IT infrastruktura

APL infrastruktura

Hardver

Virtuelna Infrastruktura

Računarskiresursi

Mrežniresursi

StoridžResursi

Nezavisnost od lokacije

Virtuelne mašine

Virtuelne mreže

Virtuelni storidž

API infrastruktura

VI/Cloud

API infrastruktura – osnova Novog IT

Aplikacija je mreža

API infrastruktura <–> IT infrastrukura

vNet – raskinuti krute veze

Decoupled

Hardware

Software

General Purpose Networking Hardware

Network Hypervisor

Requirement: IP Transport

Virtual Network

Virtual Network

Virtual Network

Workload Workload Workload

L2, L3, L4-7 Network Services

General Purpose Server Hardware

Server Hypervisor

Requirement: x86

Virtual Machine

Virtual Machine

Virtual Machine

Application Application Application

x86 Environment

8CONFIDENTIAL

vNet – platforma za bezbednost

9

DMZ/Web VLAN

App VLAN

HR

Finance

Services/Management VLAN

DB VLAN

HR Finance

Services Mgmt

Finance HR

Perimeterfirewall

Inside firewall

Perimeterfirewall

DMZ/Web

App

DB

HR Group

App

DMZ/Web

DB

Finance Group

Services Mgmt

Services/Management Group

Traditional Data Center NSX Data Center

CONFIDENTIAL

▪ Each VM can now be its own perimeter

▪ Policies align with logical groups

▪ Control communication within a single VLAN

NSX segmentation simplifies network security

Slojevitost zaštite

Slojevi zaštite

– Kernel

– Biblioteke

– Fajl sistem[i]

– Korisnički prostor

– Infrastruktura kontejnera

– Kontejneri

– Aplikacije u kontejnerima

– IDS/IPS/WAF/DPI-Firewall

DB – posebno osetljiv element infrastrukrure

Organizations store their most critical, sensitive, and/or confidential data in databases

Most organizations do not actively protect their

databases from attacks or from unauthorized access

Built-in DB security & standard security measures do not adequately protect databases

Evo zašto DB!

•Database servers are involved in 25% of all breaches

•Database breaches account for 92% of all records breached• DBs are very highly scrutinized in almost any IT audit

# of Records Breached

Other

# of Breaches

DB

Business intelligence

Advanced Analytics & AI

DATA INSIGHTSDATA MANAGEMENT

Big data processing

Data warehousing

Operational data

Power BI

Machine Learning

Stream Analytics

Cognitive Services

SQL Server Reporting Services

SQL Server Analysis Services, R Services

HDInsight

CloudData Warehouse

Data Lake

NoSQLDocument DB

CloudSQL Database

SQL Server

SQL Server

ApacheHadoop

ON-PREM CLOUD

Nova DB arhitekturaDB sloj više nije ono što je bio do pre samo par godina…

DevOps

PLAN CODE BUILD TEST RELEASE OPERATE

COLLABORATION

DEPLOY

DevOps

VA

LU

E

Continuous Delivery

Continuous Integration

Agile Development

DEV OPS

Regulativa!

Dobrodošli u svet Novog IT!

Moderni portfolio bezbednosnih usluga i rešenja

Strategija, Rizici i Usaglašenost Procena i Odgovor na pretnje

Analitika i Operacije

Obezbeđenjekontinuitetaposlovanja

Upravljanje identitetima i

pristupom

Bezbednost podataka

Bezbednost aplikacija

Bezbednost mreža mobilnih uređaja i

krajnih tačaka

Analiza bezbednosnih pretnji i trendova

Coming - portfolio bezbednosnih usluga i rešenja

Coming portfolio bezbednosnih rešenja (1)

Endpoint and Mobile Security Network SecurityEndpoint Protection Next-Generation Firewall

Trend Micro OfficeScan Check PointTrend Micro Worry-Free Business Security Cisco ASA + FirePowerTrend Micro Deep Security Secure Web Gateway

Mobile Protection Blue Coat ProxySGCheck Point Mobile Threat Prevention Barracuda Web Security Gateway

Enterprise Mobility Management Network Access ControlAirWatch Cisco Identity Services Engine

User Activity Monitoring Network Advanced Threat DetectionTeramind Trend Micro Deep Discovery Inspector

Network SandboxingCheck Point SandBlastTrend Micro Deep Discovery Analyzer

DDoS ProtectionCheck Point DDoS Protector

Data Security Application and Web Security

Data Loss Protection Application Delivery Controller

McAfee DLP Kemp

Secure Data Access&Exchange F5 Big-IP LTM

Safe-T Box Web Application Firewall

Malware Protection F5 Big-IP ASM

ReSec ReSecure Database Security

Endpoint Data Encryption McAfee Database Security

Trend Micro Endpoint EncryptionCheck Point Full Disk / Media Encryption

HyTrust DataControl

Coming portfolio bezbednosnih rešenja (2)

Analitika i ostaloSecurity information and event management

HPE ArcSight ExpressMcAfee Enterprise Security Manager

Log Management & AnalyticsHPE ArcSight LoggerVMware vRealize Log Insight

Secure Mail GatewayTrend Micro InterScan Messaging SecurityTrend Micro ScanMail for Microsoft Exchange

Identity and Access ManagementCyberArk

ICS and IoT Security

Deception Technology

Coming portfolio bezbednosnih rešenja (3)