enterprise network security & compliance - a vendor's perspective
TRANSCRIPT
![Page 1: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/1.jpg)
ENTERPRISE NETWORK SECURITY & COMPLIANCE
A VENDOR’S PERSPECTIVE
Anusha VaidyanathanProduct Management
![Page 2: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/2.jpg)
DISCLAIMER
The views expressed here are my own, though I may draw examples from my past and present professional experiences.
![Page 3: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/3.jpg)
AGENDA
Scope
B2B - Vendors selling to enterprises
"Devices in your network"
Not in scope
Not about specific security solutions
Devices in your Network
![Page 4: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/4.jpg)
COMPLIANCE ALPHABET SOUP
FIPS 140-2
Common Criteria
ICSA NSS
PCI DSS HIPPA SOXISO
27002FIPS200 GLBA FISMA NERC
IT Security &
Compliance
Product
Security &
Compliance
Homologation
FCC, UL, CB/CE
DVTTCG –TPM
Export Complian
ceHardware
Security &
Compliance
![Page 5: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/5.jpg)
Internet
Mobile
Branch
Saas
ApplicationsPaas/Iaas
Applications
White-box
switches
Data Center
DEVICES IN YOUR ENTERPRISE NETWORK TODAY
Courtesy: Palo Alto Networks Virtual Firewall
![Page 6: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/6.jpg)
A BRIEF HISTORY
Then Now
Centralized+ Distributed
Programmable
VNFs /Service chaining
Network Virtualization
Tightly Coupled
Rigid
Monolithic
Custom hardware
![Page 7: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/7.jpg)
A BRIEF HISTORY
Then Now
Hypervisor
IaaS Clouds
Virtual
Physical
Orchestration
Courtesy: Juniper SRX 5600
Courtesy: Silver Peak Systems Inc.
![Page 8: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/8.jpg)
WHOSE ‘OS’ IS IT ANYWAY?
Applications
Management and Orchestration
Malware analysis
Analytics
SIEMs
Anti-Virus
DLP
Embedded Systems
SDN Controllers
Firewall
Routers
Switches
WAN optimization
Web Application Firewalls
Load balancers
Secure Web gateways
VPN devices
IPS
Embedded Systems
Cloud Apps (Iaas)
ApplicationsCloud Apps
(Saas/Paas)
![Page 9: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/9.jpg)
A BRIEF HISTORY
Then Now
Service Chaining SD-WAN and Firewall VNFs
Courtesy: Silver Peak Systems Inc.
![Page 10: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/10.jpg)
A BRIEF HISTORY
Then Now
Centralized Orchestrator, Distributed Devices
Courtesy: Silver Peak Systems Inc.
![Page 11: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/11.jpg)
A BRIEF HISTORY
Then Now
Courtesy: Silver Peak Systems Inc.
![Page 12: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/12.jpg)
• FIPS boundaries - hardware vs. software only
• TPM for virtual
• Common Criteria – Evolving => Assurance levels to Protection Profiles
• IPSec/SSL encryption – commodity hardware, AES NI instructions
Compliance Considerations
![Page 13: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/13.jpg)
New Threat Vectors
•Virtualization – Hypervisor, Containers
Courtesy: Docker
![Page 14: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/14.jpg)
New Threat Vectors & Considerations
•Programmability
• DDoS on REST APIs
• Authentication
• Distributed Data Plane – Backward & Forward compatibility
•‘Outside the Box’ - Secure communications
![Page 15: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/15.jpg)
RISING OPEN SOURCE USAGE
Copy-left vs. Permissive licenses
Vendors
Publish ALL 3rd party licenses
Publish source code for modified copy-left licenses
Maintain tabs on Bill of Materials
Provide trickle-down SLAs for open source vulnerabilities
Courtesy: Blackduck Software
![Page 16: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/16.jpg)
“SHARE MY PIE”
Vendors Enterprises
Vulnerability Assessment
• OWASP top 10
• SANS 25
• TCP/IP attacks
Penetration Testing
• Privilege escalations
• Availability
• Security Posture
![Page 17: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/17.jpg)
DEVOPS AND HOSTED CLOUD APPLICATIONS
The release is dead, long live the release!
Network vendors with physical, virtual, IaaS products
Follow (Agile) software release cycles
Enterprises with cloud or web services
Saas/Paas products
Devops model
Risks
Availability, Stability, DDoS
Courtesy: http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 18: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/18.jpg)
SUMMARY
Enterprise networks are adapting to network virtualization and cloud applications
Programmable, hardware agnostic products introduce new threat vectors
Vendor compliance standards help in enterprise IT security & compliance
Vendor best practices for open source usage & vulnerability assessment
![Page 19: Enterprise Network Security & Compliance - A Vendor's Perspective](https://reader031.vdocuments.mx/reader031/viewer/2022020410/58f2a42c1a28abcd048b4587/html5/thumbnails/19.jpg)
THANK YOU Questions?