safemedia private/hybrid/community/public cloud security
TRANSCRIPT
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 1/21
SafeMedia HaloNS Network and Application Layer Security for Cloud
SafeMedia
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 2/21
Hybrid/Public Cloud Security
• Cloud Service revenue is presently at $127B annually and rapidlygrowing
• Medium, large corporations, and governmental agencies stilldominate the Cloud scene
• Cloud Computing is still considered a “No-Mans” land
• Security concerns are mentioned at every Cloud and Virtualizationconference
•
Cloud Security has yet to be assessed, standards are lax, and bestpractices have yet to be established
• Application communication has dominated Cloud traffic
• Malicious threats are focusing on attacking applications and notinfrastructure in the Cloud
•
There aren't any Cloud Security providers, and those who are tryingonly cover physical or virtual interfaces, ignoring applicationcommunication
• SafeMedia fills this gap, and offers “Systems Wide” infrastructureand application security coverage in Virtual Private, Hybrid andPublic Clouds
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 3/21
SafeMedia HaloNS Cloud Security
• IDPS monitoring system within Private/Hybrid/Public Cloudofferings – Passive IDS monitoring
– Active in-line/in-band IPS choke points
• Granular controls that provide application layer security with“Down to the Bit” forensic drilldown capabilities
• Protects Cloud deployments against the traditional and the newgenerations of threats and vulnerabilities
• Enables high-value, high-risk Cloud application deployments
• Mitigating risk associated with applications in Private/Hybrid or inthe Public Cloud
• Attack recognition beyond simple signature matching
• Dropping of malicious sessions as opposed to simple resetting of connections
• Deployment of dedicated hardware that can operate at "wirespeeds".
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 4/21
How? SafeMedia Private/Hybrid/Public Cloud Security
• Multi engine multi vector detection engines with 11specialized preprocessors dedicated to targeted
applications servers• Over 45,000 Rules and counter measures in 87
different application groups
• Cloud aware, encapsulating cloud infrastructure and
applications as an extension to internal networks• Flexible engine configuration supporting multi-mode
operations: alert mode or block mode
• User selectable rules activation with ability to alert or
block• Rules counter measures updated every 3 hours.
• Cloud and security in a box… need the cloud stack
• “Single Pane of Glass” monitoring and managementGUI
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 5/21
• Network and Application Layer Security Coverage –
IDPS Solution covering all communication throughseven Layers of the OSI Model
– Instances in Private/Hybrid/Public Clouds are coveredbefore going “LIVE”
• Dedicated environment for Cloud Deployments
• Secure Private/Hybrid/Community/Public CloudEnvironments
• Ironclad security protocols in Private and PublicCloud Deployments
• “Single Pane of Glass” Element Management andSecurity Procedures
• Autonomous protection of all Cloud scenarios
HaloNS Network and Application Layer Security
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 6/21
HaloNS Network & Application Layer Security Coverage
Application Layer (7)
Presentation Layer (6)
Session Layer (5)
Transport Layer (4)
Network Layer (3)
Data-Link Layer (2)
Physical Layer (1)
Network and ApplicationLayer Security
Network Layer Security
Competitive Protection
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 7/21
• Hooks into the Key Orchestration
– Injects hooks into orchestration flows
• Hooks into the Automation tool-sets
– Coverage to virtual devices, before they go live
• Hooks into the Application Stack
– Capture the virtualized identifiers of virtual
applications
• Hooks into the CMDB repository – Capture or recycle identifiers from instantiated or
de-instantiated virtual/physical inventory
SafeMedia’s HaloNS Integration
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 8/21
• Host Orchestration and Automations Stacks
integrated with SafeMedia HaloNS Application• Dedicated environment Cloud Deployments
• Secure Private/Hybrid/Community/Public
Environments
• Ironclad security protocols in Private and
Public Cloud Deployments
• “Single Pane of Glass” Element Management
and Security Procedures
• Autonomous protection of all Cloud scenarios
SafeMedia’s HaloNS Application Layer Security
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 9/21
Network and Application Layer Security
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 10/21
SafeMedia’s HaloNS Architecture
Security
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 11/21
• Interrogates incoming and outgoing traffic
through virtual infrastructure and enterpriseapplication or offerings
• Interrogates, not just physical/virtual instance
packets, but also application communication• Monitors outgoing network traffic to detect
and prevent unauthorized transfer of data
• Records threats, and intrusions by storing“Forensic Packet data”, for use later in
prosecuting offenders
SafeMedia Cloud Security Methodology
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 12/21
Security Through Encapsulating The Instance
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 13/21
Cloud Stack HaloNS Detailed Architecture
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 14/21
Technology
Resources
Utility Computing
Virtualization Layer
System Level Automation
Data Center Service
Orchestration
Enterprise Architecture & IT Governance
T o o l i n g
O
p e r a t i o n s C o n s o l e ( S e c u r i t y V i e w H A L S N S )
M a
n a g e m e n t I n t e r f a c e ( S e c u r i t y I n t e g r a t i o n
H A L S N S )
IT ServicesConsullt Build Operate Improve
Workload ManagementDynamic Provisioning
Dynamic Scheduling Autonomous Computing
Discovery
Performance
Management
Automated
Provisioning Capacity Management
BillingMetering
Unit Cost of IT Subscription
File Virtualization
Block/DeviceVirtualiztion
Partitioning
Clustering
Network Virtualization
On Demand Routing Scheduling
Application Delivery
Self
Service
Portal
Server
Systems
Network
DBMS
App
Server
Message
Fabric
End Point
Devices
Block
Storage
File
Storage
App
TCO
Model
D e s i g n
D
e p l o y m e n t
T e s t i n g
Public Service Provider
Integration & Service
Transfer
Operating
Models
EA Core
Diagrams
Governance
FrameworksPortfolio
Management
Class of
Services
Strategy &
Balance
Scorecards
H a
l o N S A p p l i c a t i o nL a y e r S e c u r i t y ( H A L S N S )
Security Protocols
HALSNS
S e c u r i t y A u t h e n t i c a t i o n a n d A u
d i t i n g
Security
Governance
HALSNS
Application Security
HALSNS
Network Security
HALSNS
Autonomous HALSNS
HALSNS
Private/Hybrid Cloud Security Architecture
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 15/21
HaloNS Use Case
Theory:
• To be able to instantiate virtual instances in the
Public Cloud (Amazon EC2)
• To capture identifier of containers
• To capture identifier of the virtual instances
• Capture any changes in virtual instance identifiers
• HaloNS recognizes devices as “internal
infrastructure” without a direct L2 VPN
established
• Instantiates coverage of that inventory
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 16/21
HaloNS – Proof of Concept – Cloud Security
• We created 2 virtual instances in the Public Cloud (Amazon
EC2), and a Beanstalk instance of Tomcat• Captured identifier of containers and internal addresses
• Captured identifier of the virtual devices
• HaloNS recognized devices as “internal infrastructure”without a direct L2 VPN established
• We started seeing packet flow through HaloNS
• Instantiated DOS attacks, installed torrents, injectedTrojans, and opened up all ports in firewall rules – RuleApply to TCP Default: 0.0.0.0/0 open all ports
•
Captured all attacks, internal and external to the instances,even attacks that weren't launched by us, for referencematerial contact Jonathan Spindel @
[email protected] (954) 562-9601
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 17/21
SafeMedia HaloNS SPECS
Targeted based processors
DNS servers
SMTP servers
HTTP_SERVERS
sql servers
telnet servers
ssh serversIntelligent Behavior Library
Non-Collision Hash Tables
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 18/21
SafeMedia HaloNS SPECS
Targeted Based ports
Targeted Based ports for HTTP
Targeted ports you want to look for SHELLCODE
Targeted ports you might see oracle
Targeted ports you want to look for SSH
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 19/21
SafeMedia HaloNS SPECS
Target Rule and counter-measures Groups:
Kernel engine:
7,320 rules and counter- measures
Protocol behavior libraries
Non-collision hash tables
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 20/21
SafeMedia HaloNS SPECS
User Engine
Total + 45,000 Rules and counter measures• activex
• attack-responses
• backdoor
• bad-traffic
• icmp-info
• blacklist
•
icmp_info• botcc
• map
• botcc-BLOCK
• inappropriate
• botnet-cnc
• info
• chat
• malware
• Cia/A rmy
• misc
• smtp• compromised
• mobile_malware
• snmp
• compromised-BLOCK
• multimedia
• specific-threats
• content-replace
• Priority: Enable Disable: mysql
• spyware-put
•
current_events• netbios
• sql
• ddos
• nntp
• telnet
• dns
• oracle
• tftp
•
dos• other-ids
• tor
• drop
• p2p
• tor-BLOCK
• drop-BLOCK
• phishing-spam
• trojan
• dshield
• policy
• user_agents• dshield-BLOCK
• pop2
• virus
• experimental
• pop3
• voip
• exploit
• rbn
• web-activex
•
file-identify• rbn-BLOCK
• web-attacks
• finger
• rbn-malvertisers
• web-cgi
• ftp
• rbn-malvertisers-BLOCK
• web-client
•
games• rpc
• web-coldfusion
• icmp
• rservices
• web-frontpage
• scada
• web-iis
• scada_special
• web-misc
• scan
• web-php• shellcode
• web_client
• web_server
• web_specific_apps
• worm
• x11
8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security
http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 21/21
For Proof of Concept Documentation
Please Contact
Jonathan Spindel
SafeMedia
Executive Vice President of Engineering [email protected]
Main: (888) 235-7260
Direct: (561) 288-1142http://www.SafeMedia.com