8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 1/21

SafeMedia HaloNS Network and Application Layer Security for Cloud

SafeMedia 

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 2/21

Hybrid/Public Cloud Security

• Cloud Service revenue is presently at $127B annually and rapidlygrowing

• Medium, large corporations, and governmental agencies stilldominate the Cloud scene

• Cloud Computing is still considered a “No-Mans” land

• Security concerns are mentioned at every Cloud and Virtualizationconference

•

Cloud Security has yet to be assessed, standards are lax, and bestpractices have yet to be established

• Application communication has dominated Cloud traffic

• Malicious threats are focusing on attacking applications and notinfrastructure in the Cloud

•

There aren't any Cloud Security providers, and those who are tryingonly cover physical or virtual interfaces, ignoring applicationcommunication

• SafeMedia fills this gap, and offers “Systems Wide” infrastructureand application security coverage in Virtual Private, Hybrid andPublic Clouds

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 3/21

SafeMedia HaloNS Cloud Security

• IDPS monitoring system within Private/Hybrid/Public Cloudofferings – Passive IDS monitoring

 – Active in-line/in-band IPS choke points

• Granular controls that provide application layer security with“Down to the Bit” forensic drilldown capabilities 

• Protects Cloud deployments against the traditional and the newgenerations of threats and vulnerabilities

• Enables high-value, high-risk Cloud application deployments

• Mitigating risk associated with applications in Private/Hybrid or inthe Public Cloud

• Attack recognition beyond simple signature matching

• Dropping of malicious sessions as opposed to simple resetting of connections

• Deployment of dedicated hardware that can operate at "wirespeeds".

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 4/21

How? SafeMedia Private/Hybrid/Public Cloud Security

• Multi engine multi vector detection engines with 11specialized preprocessors dedicated to targeted

applications servers• Over 45,000 Rules and counter measures in 87

different application groups

• Cloud aware, encapsulating cloud infrastructure and

applications as an extension to internal networks• Flexible engine configuration supporting multi-mode

operations: alert mode or block mode

• User selectable rules activation with ability to alert or

block• Rules counter measures updated every 3 hours.

• Cloud and security in a box… need the cloud stack 

• “Single Pane of Glass” monitoring and managementGUI

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 5/21

• Network and Application Layer Security Coverage –

IDPS Solution covering all communication throughseven Layers of the OSI Model

 – Instances in Private/Hybrid/Public Clouds are coveredbefore going “LIVE” 

• Dedicated environment for Cloud Deployments

• Secure Private/Hybrid/Community/Public CloudEnvironments

• Ironclad security protocols in Private and PublicCloud Deployments

• “Single Pane of Glass” Element Management andSecurity Procedures

• Autonomous protection of all Cloud scenarios

HaloNS Network and Application Layer Security

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 6/21

HaloNS Network & Application Layer Security Coverage

Application Layer (7)

Presentation Layer (6)

Session Layer (5)

Transport Layer (4)

Network Layer (3)

Data-Link Layer (2)

Physical Layer (1)

Network and ApplicationLayer Security

Network Layer Security

Competitive Protection

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 7/21

• Hooks into the Key Orchestration

 – Injects hooks into orchestration flows

• Hooks into the Automation tool-sets

 – Coverage to virtual devices, before they go live

• Hooks into the Application Stack

 – Capture the virtualized identifiers of virtual

applications

• Hooks into the CMDB repository – Capture or recycle identifiers from instantiated or

de-instantiated virtual/physical inventory

SafeMedia’s HaloNS Integration

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 8/21

• Host Orchestration and Automations Stacks

integrated with SafeMedia HaloNS Application• Dedicated environment Cloud Deployments

• Secure Private/Hybrid/Community/Public

Environments

• Ironclad security protocols in Private and

Public Cloud Deployments

• “Single Pane of Glass” Element Management

and Security Procedures

• Autonomous protection of all Cloud scenarios

SafeMedia’s HaloNS Application Layer Security

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 9/21

Network and Application Layer Security

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 10/21

SafeMedia’s HaloNS Architecture

Security

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 11/21

• Interrogates incoming and outgoing traffic

through virtual infrastructure and enterpriseapplication or offerings

• Interrogates, not just physical/virtual instance

packets, but also application communication• Monitors outgoing network traffic to detect

and prevent unauthorized transfer of data

• Records threats, and intrusions by storing“Forensic Packet data”, for use later in

prosecuting offenders

SafeMedia Cloud Security Methodology

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 12/21

Security Through Encapsulating The Instance 

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 13/21

Cloud Stack HaloNS Detailed Architecture

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 14/21

 

Technology

Resources

Utility Computing

Virtualization Layer

System Level Automation

Data Center Service

Orchestration

Enterprise Architecture & IT Governance

 T  o o l   i   n g

 O

 p e r  a t   i   o n s  C  o n s  o l   e (   S  e c  u r  i   t   y V  i   e w H  A L  S  N S  )  

 M a

 n a g e m e n t   I   n t   e r  f   a c  e (   S  e c  u r  i   t   y I   n t   e g r  a t   i   o n

 H  A L  S  N S  )  

IT ServicesConsullt Build Operate Improve

Workload ManagementDynamic Provisioning

Dynamic Scheduling Autonomous Computing

Discovery

Performance

Management

Automated

Provisioning Capacity Management

BillingMetering

Unit Cost of IT Subscription

File Virtualization

Block/DeviceVirtualiztion

Partitioning

Clustering

Network Virtualization

On Demand Routing Scheduling

Application Delivery

Self 

Service

Portal

Server

Systems

Network

DBMS

App

Server

Message

Fabric

End Point

Devices

Block

Storage

File

Storage

App

TCO

Model

D  e s  i   g n

D 

 e p l   o y  m e n t  

 T  e s  t   i   n g

Public Service Provider

Integration & Service

Transfer

Operating

Models

EA Core

Diagrams

Governance

FrameworksPortfolio

Management

Class of 

Services

Strategy &

Balance

Scorecards

 H  a

 l   o N S  A  p p l   i   c  a t   i   o nL  a y e r  S  e c  u r  i   t   y (   H  A L  S  N S  )  

Security Protocols

HALSNS 

 S  e c  u r  i   t   y  A  u t   h  e n t   i   c  a t   i   o n a n d  A  u

 d  i   t   i   n g

Security 

Governance

HALSNS 

 Application Security 

HALSNS

Network Security 

HALSNS 

 Autonomous HALSNS 

HALSNS 

Private/Hybrid Cloud Security Architecture

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 15/21

HaloNS Use Case

Theory:

• To be able to instantiate virtual instances in the

Public Cloud (Amazon EC2)

• To capture identifier of containers

• To capture identifier of the virtual instances

• Capture any changes in virtual instance identifiers

• HaloNS recognizes devices as “internal

infrastructure” without a direct L2 VPN

established

• Instantiates coverage of that inventory

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 16/21

HaloNS  – Proof of Concept – Cloud Security

• We created 2 virtual instances in the Public Cloud (Amazon

EC2), and a Beanstalk instance of Tomcat• Captured identifier of containers and internal addresses

• Captured identifier of the virtual devices

• HaloNS recognized devices as “internal infrastructure”without a direct L2 VPN established

• We started seeing packet flow through HaloNS

• Instantiated DOS attacks, installed torrents, injectedTrojans, and opened up all ports in firewall rules – RuleApply to TCP Default: 0.0.0.0/0 open all ports

•

Captured all attacks, internal and external to the instances,even attacks that weren't launched by us, for referencematerial contact Jonathan Spindel @

 jonathan.spindel@safemedia.com (954) 562-9601

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 17/21

SafeMedia HaloNS SPECS

Targeted based processors 

DNS servers

SMTP servers

HTTP_SERVERS

sql servers

telnet servers

ssh serversIntelligent Behavior Library

Non-Collision Hash Tables

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 18/21

SafeMedia HaloNS SPECS

Targeted Based ports 

Targeted Based ports for HTTP

Targeted ports you want to look for SHELLCODE

Targeted ports you might see oracle

Targeted ports you want to look for SSH

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 19/21

SafeMedia HaloNS SPECS

Target Rule and counter-measures Groups:

Kernel engine: 

7,320 rules and counter- measures

Protocol behavior libraries

Non-collision hash tables

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 20/21

SafeMedia HaloNS SPECS

User Engine 

Total + 45,000 Rules and counter measures• activex

• attack-responses

• backdoor

• bad-traffic

• icmp-info

• blacklist

•

icmp_info• botcc

• map

• botcc-BLOCK

• inappropriate

• botnet-cnc

• info

• chat

• malware

• Cia/A rmy

• misc

• smtp• compromised

• mobile_malware

• snmp

• compromised-BLOCK

• multimedia

• specific-threats

• content-replace

• Priority: Enable Disable: mysql

• spyware-put

•

current_events• netbios

• sql

• ddos

• nntp

• telnet

• dns

• oracle

• tftp

•

dos• other-ids

• tor

• drop

• p2p

• tor-BLOCK

• drop-BLOCK

• phishing-spam

• trojan

• dshield

• policy

• user_agents• dshield-BLOCK

• pop2

• virus

• experimental

• pop3

• voip

• exploit

• rbn

• web-activex

•

file-identify• rbn-BLOCK

• web-attacks

• finger

• rbn-malvertisers

• web-cgi

• ftp

• rbn-malvertisers-BLOCK

• web-client

•

games• rpc

• web-coldfusion

• icmp

• rservices

• web-frontpage

• scada

• web-iis

• scada_special

• web-misc

• scan

• web-php• shellcode

• web_client

• web_server

• web_specific_apps

• worm

• x11

8/3/2019 SafeMedia Private/Hybrid/Community/Public Cloud Security

http://slidepdf.com/reader/full/safemedia-privatehybridcommunitypublic-cloud-security 21/21

For Proof of Concept Documentation

Please Contact

Jonathan Spindel

SafeMedia

Executive Vice President of Engineering jonathan.spindel@safemedia.com 

Main: (888) 235-7260

Direct: (561) 288-1142http://www.SafeMedia.com