bezbednost nema alternativu - konferencija.coming.rs · cloud data warehouse data lake nosql...
TRANSCRIPT
Bezbednost nema alternativu17.05.2018. Crowne Plaza
Novi IT - novi bezbednosni izazovi
Miroslav Kržić[email protected]
Od tradicionalnog ka novom IT
Podrška za tradicionalne aplikacije i arhitekture uz pomoć efikasne virtuelizacije i cloudsistema zasnovanih na virtuelnoj infrastrukturi
Podrška za nove aplikacije i arhitekture uz pomoć skalabilnih, konvergentnih cloud rešenja
Zajednička softverski definisana platforma za tradicionalni i novi IT
Tradicionalni IT Novi IT
IT spreman za budućnost
Secure by DesignBezbedan od početka
Nova IT infrastruktura
APL infrastruktura
Hardver
Virtuelna Infrastruktura
Računarskiresursi
Mrežniresursi
StoridžResursi
Nezavisnost od lokacije
Virtuelne mašine
Virtuelne mreže
Virtuelni storidž
API infrastruktura
VI/Cloud
API infrastruktura – osnova Novog IT
Aplikacija je mreža
API infrastruktura <–> IT infrastrukura
vNet – raskinuti krute veze
Decoupled
Hardware
Software
General Purpose Networking Hardware
Network Hypervisor
Requirement: IP Transport
Virtual Network
Virtual Network
Virtual Network
Workload Workload Workload
L2, L3, L4-7 Network Services
General Purpose Server Hardware
Server Hypervisor
Requirement: x86
Virtual Machine
Virtual Machine
Virtual Machine
Application Application Application
x86 Environment
8CONFIDENTIAL
vNet – platforma za bezbednost
9
DMZ/Web VLAN
App VLAN
HR
Finance
Services/Management VLAN
DB VLAN
HR Finance
Services Mgmt
Finance HR
Perimeterfirewall
Inside firewall
Perimeterfirewall
DMZ/Web
App
DB
HR Group
App
DMZ/Web
DB
Finance Group
Services Mgmt
Services/Management Group
Traditional Data Center NSX Data Center
CONFIDENTIAL
▪ Each VM can now be its own perimeter
▪ Policies align with logical groups
▪ Control communication within a single VLAN
NSX segmentation simplifies network security
Slojevitost zaštite
Slojevi zaštite
– Kernel
– Biblioteke
– Fajl sistem[i]
– Korisnički prostor
– Infrastruktura kontejnera
– Kontejneri
– Aplikacije u kontejnerima
– IDS/IPS/WAF/DPI-Firewall
DB – posebno osetljiv element infrastrukrure
Organizations store their most critical, sensitive, and/or confidential data in databases
Most organizations do not actively protect their
databases from attacks or from unauthorized access
Built-in DB security & standard security measures do not adequately protect databases
Evo zašto DB!
•Database servers are involved in 25% of all breaches
•Database breaches account for 92% of all records breached• DBs are very highly scrutinized in almost any IT audit
# of Records Breached
Other
# of Breaches
DB
Business intelligence
Advanced Analytics & AI
DATA INSIGHTSDATA MANAGEMENT
Big data processing
Data warehousing
Operational data
Power BI
Machine Learning
Stream Analytics
Cognitive Services
SQL Server Reporting Services
SQL Server Analysis Services, R Services
HDInsight
CloudData Warehouse
Data Lake
NoSQLDocument DB
CloudSQL Database
SQL Server
SQL Server
ApacheHadoop
ON-PREM CLOUD
Nova DB arhitekturaDB sloj više nije ono što je bio do pre samo par godina…
DevOps
PLAN CODE BUILD TEST RELEASE OPERATE
COLLABORATION
DEPLOY
DevOps
VA
LU
E
Continuous Delivery
Continuous Integration
Agile Development
DEV OPS
Regulativa!
Dobrodošli u svet Novog IT!
Moderni portfolio bezbednosnih usluga i rešenja
Strategija, Rizici i Usaglašenost Procena i Odgovor na pretnje
Analitika i Operacije
Obezbeđenjekontinuitetaposlovanja
Upravljanje identitetima i
pristupom
Bezbednost podataka
Bezbednost aplikacija
Bezbednost mreža mobilnih uređaja i
krajnih tačaka
Analiza bezbednosnih pretnji i trendova
Coming - portfolio bezbednosnih usluga i rešenja
Coming portfolio bezbednosnih rešenja (1)
Endpoint and Mobile Security Network SecurityEndpoint Protection Next-Generation Firewall
Trend Micro OfficeScan Check PointTrend Micro Worry-Free Business Security Cisco ASA + FirePowerTrend Micro Deep Security Secure Web Gateway
Mobile Protection Blue Coat ProxySGCheck Point Mobile Threat Prevention Barracuda Web Security Gateway
Enterprise Mobility Management Network Access ControlAirWatch Cisco Identity Services Engine
User Activity Monitoring Network Advanced Threat DetectionTeramind Trend Micro Deep Discovery Inspector
Network SandboxingCheck Point SandBlastTrend Micro Deep Discovery Analyzer
DDoS ProtectionCheck Point DDoS Protector
Data Security Application and Web Security
Data Loss Protection Application Delivery Controller
McAfee DLP Kemp
Secure Data Access&Exchange F5 Big-IP LTM
Safe-T Box Web Application Firewall
Malware Protection F5 Big-IP ASM
ReSec ReSecure Database Security
Endpoint Data Encryption McAfee Database Security
Trend Micro Endpoint EncryptionCheck Point Full Disk / Media Encryption
HyTrust DataControl
Coming portfolio bezbednosnih rešenja (2)
Analitika i ostaloSecurity information and event management
HPE ArcSight ExpressMcAfee Enterprise Security Manager
Log Management & AnalyticsHPE ArcSight LoggerVMware vRealize Log Insight
Secure Mail GatewayTrend Micro InterScan Messaging SecurityTrend Micro ScanMail for Microsoft Exchange
Identity and Access ManagementCyberArk
ICS and IoT Security
Deception Technology
Coming portfolio bezbednosnih rešenja (3)