IT Bezbednostod politike ka tehnolokim reenjima i nazad

Miroslav Kri,Coming Computer Engineering

Beograd, April 2017.

Digitalna transformacijadramatina promena okruenja

Transformacija IT: Tri dominantna trenda danas

Hibridni oblak

Korisniki pristup i ureaji

Softverski definisan datacentar

irok izbor ureaja

Sve odmah

Pristup svemu sa bilo kog mesta

Gde su granice preduzea/organizacije danas?

Privatni

Oblak

Javni Oblak

JavniOblak

JavniOblak

vCloudConnectorHibridni

oblak

A single pane of glass to consume private & public cloud resources

Od homogenog ka heterogenom korisnikom okruenju

Lini ureaji

Kompanijski ureaji

arenilo aplikacija

arenilo platformi

Podaci na

raznim mestima

arenilo

ureaja

Razliite

lokacije

Kompleksnost i slojevitost moderne IT infrastrukture

Softver

Hardver

Virtuelna Infrastruktura

Raunarskiresursi

Mreniresursi

StoridResursi

Nezavisnost od lokacije

Virtuelne maine

Virtuelne mree

Virtuelni storid

Aplikacije

Uticaj na bezbednostizazovi pretnje prilike

Source: IBM X-Force Threat Intelligence Quarterly 1Q 2015

Tipovi napada

201240% poveanje

2013800,000,000+ zapisa

2014Udar bez presedana

XSS SQLiMisconfig. Watering

Hole

Brute

Force

Physical

Access

Heartbleed Phishing DDoS Malware Undisclosed

Rast broja i raznovrsnosti pretnji

V2015-07-30

$6.5Maverage cost of a U.S. data breachaverage time to detect APTs

256 danaSource: 2015 Cost of Data Breach Study, Ponemon Institute

Copyright 2017 Trend Micro Inc.9

POZNATO LOE POZNATO DOBRO

Klasine tehnike zatite bave se ovim!

Application ControlWhitelisting

Encryption

Blacklisting

Content Filtering

Anti Malware

Copyright 2017 Trend Micro Inc.10

NEPOZNATO

Zero-day attacks Ransomware

Lateral movement

Targeted attacks

Business Email Compromise

Danas: sive zone je mnogo tee detektovati i prepoznati!

Copyright 2017 Trend Micro Inc.11

Web & File ReputationExploit PreventionApplication ControlVariant Protection

Behavioral Analysis

Safe files allowed

Malicious files blocked

Pre-execution Machine Learning

LEG

END

Known Good Data

Known Bad Data

Unknown Data

Noise Cancellation

Runtime Machine Learning

Standardne tehnike nisu dovoljne ka ML/AI

NEW!

NEW!

Ka modernom portfoliju bezbednosnih reenja i uslugaComing Computer Engineering

Bezbednosne politike standardi postupci i praksaPristup mrei

mora biti

obezbeen kroz

jedinstven nalog i

lozinku

Lozinka mora

sadrati bar po

jedno veliko i

malo slovo,

cifru i interp.

znak

Lozinka

mora biti

dugaka bar

8 karaktera

Od politike do bezbednog sistema i nazad - u deset koraka

Moderni portfolio bezbednosnih usluga i reenja

Strategija, Rizici i Usaglaenost Procena i Odgovor na pretnje

Analitika i Operacije

ObezbeenjeKontinuitetaposlovanja

Upravljanje identitetima i

pristupom

Bezbednost podataka

Bezbednost aplikacija

Bezbednost mrea mobilnih ureaja i

krajnih taaka

Analiza bezbednosnih pretnji i trendova

Moderan portfolio bezbednosnih usluga i reenja

Kljuni bezbednosni trendovi

Naprednepretnje

Nedostatakvetina

Cloud Mobilni ureaji iIOT

Obavezna usaglaenost

Inovativnost oko

glavnih trendova

Vostvo u kljunim

segmentima

Coming portfolio bezbednosnih reenja (1)

Endpoint and Mobile Security Network SecurityEndpoint Protection Next-Generation Firewall

Trend Micro OfficeScan Check PointTrend Micro Worry-Free Business Security Cisco ASA + FirePowerTrend Micro Deep Security Secure Web Gateway

Mobile Protection Blue Coat ProxySGCheck Point Mobile Threat Prevention Barracuda Web Security Gateway

Enterprise Mobility Management Network Access ControlAirWatch Cisco Identity Services Engine

User Activity Monitoring Network Advanced Threat DetectionTeramind Trend Micro Deep Discovery Inspector

Network SandboxingCheck Point SandBlastTrend Micro Deep Discovery Analyzer

DDoS ProtectionCheck Point DDoS Protector

Data Security Application and Web Security

Data Loss Protection Application Delivery Controller

McAfee DLP Kemp

Secure Data Access&Exchange F5 Big-IP LTM

Safe-T Box Web Application Firewall

Malware Protection F5 Big-IP ASM

ReSec ReSecure Database Security

Endpoint Data Encryption McAfee Database Security

Trend Micro Endpoint EncryptionCheck Point Full Disk / Media Encryption

HyTrust DataControl

Coming portfolio bezbednosnih reenja (2)

Analitika i ostaloSecurity information and event management

HPE ArcSight ExpressMcAfee Enterprise Security Manager

Log Management & AnalyticsHPE ArcSight LoggerVMware vRealize Log Insight

Secure Mail GatewayTrend Micro InterScan Messaging SecurityTrend Micro ScanMail for Microsoft Exchange

Identity and Access ManagementCyberArk

ICS and IoT Security

Deception Technology

Coming portfolio bezbednosnih reenja (3)

Izabrali smo da vam prikaemo danas

1. Zatita perimetra mree CheckPoint2. Siguran pristup razmena i deljenje podataka/dokumenata Safe T3. Obezbeenje kontinuiteta poslovanja DR/Backup Veeam VMware

Umesto zakljuka poziv na diskusiju!