from enterprise perimeter to distributed, virtual ... · a/s pki enterprise access to mail...
TRANSCRIPT
![Page 1: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/1.jpg)
From Enterprise Perimeter to Distributed, Virtual Enterprise Security
Ed Amoroso
SVP, CSO – AT&T
Page 1
![Page 2: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/2.jpg)
Sandbags Piled in Front of AT&T Building – 12/15/41
Page 2
![Page 3: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/3.jpg)
Enterprise Perimeter
Untrusted External
Actor
“Inside the Firewall”
“Outside the Firewall”
Original Perimeter Objective (Circa 1995)
Page 3
![Page 4: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/4.jpg)
Web (External)
Untrusted External
Actor
Enabling Browser Access to Enterprise Website
Page 4
![Page 5: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/5.jpg)
Web (External)
Untrusted External
Actor
Page 5
Rule Added to Firewall to Allow Inbound Access
to TCP/Port 80 (http)
Packets from Browsers “Anywhere” Enter the
Perimeter
“Off the Shelf” Web Software and Tools with Potentially Exploitable Vulnerabilities
![Page 6: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/6.jpg)
FW
SIEM
Proxy A/V
IPS DLP
UTM Firewall Router
Enterprise Access to
Web Server
Admin Access to
Web Server RBAC 2FA Log
“Allowed” A/S
PKI Scan
Perimeter Design
Page 6
Web (External)
![Page 7: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/7.jpg)
Page 7
Web (External)
![Page 8: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/8.jpg)
VPN
Enabling External VPN Access to Enterprise
Page 8
Web (External)
Designed for VPN/RA
Client
![Page 9: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/9.jpg)
FW
SIEM
Proxy A/V
IPS DLP
UTM Firewall Router
Enterprise Access to
Web Server
Admin Access to
Web Server RBAC 2FA Log
“Allowed” A/S
PKI Scan
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW Admin
Access to VPN Server
RBAC 2FA Log
Firewall Router
Enterprise Access to
VPN Server “Allowed”
Integrate into Common Physical
Perimeter
Page 9
Perimeter Design
Web (External)
VPN
![Page 10: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/10.jpg)
Page 10
Web (External)
VPN
![Page 11: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/11.jpg)
Third Party Gateway
Adding Third Party Gateway Access to Enterprise
Page 11
Web (External)
VPN Designed
for Third Party Care, Contact, Support, etc.
![Page 12: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/12.jpg)
FW
SIEM
Proxy A/V
IPS DLP
UTM Admin Access to
Third Party Gateways
A/S
PKI Scan
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW
2FA
Log
RBAC
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW
Typically Source IP-Based Authentication
Enterprise Access to
Third Party Gateways
“Allowed”
Page 12
Web (External)
VPN
Third Party Gateway
Integrate into Common Physical Perimeter
Integrate into Common Physical
Perimeter
Perimeter Design
![Page 13: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/13.jpg)
Enterprise Assets
Page 13
Web (External)
VPN
Third Party Gateway
![Page 14: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/14.jpg)
Enterprise Assets
Page 14
Web (External)
VPN
Third Party Gateway
Adding Inbound Email to Enterprise
![Page 15: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/15.jpg)
FW
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW
Integrate into Common Physical
Perimeter
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW
Enterprise Access to
“Allowed”
FW
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
Integrate into Common Physical
Perimeter
Allow Exchange with any Sender or
Receiver
Page 15
Integrate into Common Physical Perimeter
Web (External)
VPN
Third Party Gateway
Perimeter Design
![Page 16: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/16.jpg)
Enterprise Assets
Page 16
Web (External)
VPN
Third Party Gateway
![Page 17: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/17.jpg)
Enterprise Assets Additional
Firewall Rule Exceptions
Additional Firewall Rule
Exceptions
Page 17
Web (External)
VPN
Third Party Gateway
“Hundreds” to “Millions” of Rules (1995 – 2015)
![Page 18: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/18.jpg)
Enterprise Assets
Page 18
Web (External)
VPN
Third Party
Expanded Third Party Gateways
Additional Firewall Rule
Exceptions
Additional Firewall Rule
Exceptions
Additional Third Parties, Retail Dealers, Outsourcing,
Offshoring
![Page 19: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/19.jpg)
Enterprise Assets
Additional Remote Access, Employee Telework,
Road Warriors
Page 19
Web (External)
VPN Third Party
Expanded Employee Remote Access
Additional Firewall Rule
Exceptions
Additional Firewall Rule
Exceptions
Additional Third Parties, Retail Dealers, Outsourcing,
Offshoring
![Page 20: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/20.jpg)
Enterprise Assets
Unauthorized Network Connections
(Internet Exposing)
Network Misconfigurations (Internet Exposing)
Page 20
Web (External)
VPN Third Party
Network Vulnerabilities
Additional Firewall Rule
Exceptions
Additional Firewall Rule
Exceptions
Additional Remote Access, Employee Telework,
Road Warriors
Additional Third Parties, Retail Dealers, Outsourcing,
Offshoring
![Page 21: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/21.jpg)
Enterprise Assets
Enterprise Use of Mobility
Page 21
Web (External)
VPN Third Party
Employee Use of Mobile
Additional Firewall Rule
Exceptions
Additional Firewall Rule
Exceptions
Additional Remote Access, Employee Telework,
Road Warriors
Additional Third Parties, Retail Dealers, Outsourcing,
Offshoring
Unauthorized Network Connections
(Internet Exposing)
Network Misconfigurations (Internet Exposing)
![Page 22: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/22.jpg)
Enterprise Assets
Page 22
Web (External)
VPN Third Party
Typical State of the Practice Enterprise Design
Additional Firewall Rule
Exceptions
Additional Firewall Rule
Exceptions
Unauthorized Network Connections
(Internet Exposing)
Network Misconfigurations (Internet Exposing)
Enterprise Use of Mobility
Additional Remote Access, Employee Telework,
Road Warriors
Additional Third Parties, Retail Dealers, Outsourcing,
Offshoring
![Page 23: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/23.jpg)
Enterprise Perimeter
Outside
Page 23
Enterprise Perimeter Reality (Circa 2015)
![Page 24: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/24.jpg)
North/South Exploit (Perimeter)
East/West Exploit (Enterprise)
Successfully attack this . . . and gain access to this . . .
Phishing Attack Data Exfiltration
Page 24
Nation State Exfiltration Attacks
![Page 25: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/25.jpg)
North/South Exploit (Perimeter)
East/West Exploit (Enterprise)
Page 25
Nation State Exfiltration Attacks
Inbound Filtering
Outbound Filtering
Many Solutions Exist to Reduce Risk
Inbound
Many Solutions Exist to Reduce Risk
Outbound
No Good Solutions Exist to Reduce Traversal Risk
![Page 26: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/26.jpg)
Page 26
Baseline Perimeter
![Page 27: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/27.jpg)
Page 27
Web
Enabling Browser Access to Web Server
![Page 28: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/28.jpg)
Virtual Micro Perimeter
Page 28
Web
Micro-Perimeter Design (Web Server)
![Page 29: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/29.jpg)
Step 1: Provision Web Server into Integrated Cloud
FW
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
Step 2: Provision Virtual Micro-Perimeter into Run Time System
Page 29
Web
Micro-Perimeter Provisioning to Cloud
![Page 30: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/30.jpg)
Tenant
Security Orchestration
. . .
Hypervisor
FW Proxy A/S FW Web
Cloud
Virtual Appliances
Page 30
East-West Protection for Web
Virtual Perimeter
Sampling of Vendors with
Virtual Appliances
![Page 31: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/31.jpg)
Virtual Micro Perimeter
Page 31
Web
![Page 32: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/32.jpg)
Security C&C
Virtual Micro Perimeter
Virtual Micro Perimeter
Page 32
Web
Adding Security Command & Control – Virtual
![Page 33: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/33.jpg)
Step 1: Provision Security Cmd/Ctrl into Virtual Data Center
Step 2: Provision Virtual Micro-Perimeter into Run Time System
FW
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
FW
SIEM
Proxy A/V
IPS DLP
UTM
A/S
PKI Scan
Integrate into Common Virtual
Perimeter
Security C&C
Page 33
Web
Micro-Perimeter Provisioning to Cloud
![Page 34: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/34.jpg)
Tenant
Security Orchestration
. . .
Hypervisor
Web Server
Tenant
Security Alerting Security Reporting Risk Compliance
Virtual Appliances
Security APIs
SIEM
Tenant
Security Orchestration
. . .
Hypervisor
C&C
Virtual Appliances
FW Proxy A/S FW
FW Proxy A/S FW
Security APIs
Page 34
East-West Protection for Web and C&C
Cloud
![Page 35: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/35.jpg)
Enterprise Assets
Virtual Micro Perimeter
Virtual Micro Perimeter
SOC
Page 35
Web
![Page 36: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/36.jpg)
Enterprise Assets
Gateway
Virtual Micro Perimeter
Virtual Micro Perimeter
Virtual Micro Perimeter
SOC
Page 36
Web
Adding Gateway – Virtual
![Page 37: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/37.jpg)
Tenant
Security Orchestration
. . .
Hypervisor
Web Server
Tenant
Security Alerting Security Reporting Risk Compliance
Cloud
Virtual Appliances
Security APIs
SIEM
Tenant
Security Orchestration
. . .
Hypervisor
SOC
Virtual Appliances
FW Proxy A/S FW
FW Proxy A/S FW
Security APIs
Tenant
Security Orchestration
. . .
Hypervisor
Gate way
Virtual Appliances
FW Proxy A/S FW
Page 37
East-West Protection for Web, C&C, and
Gateway
![Page 38: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/38.jpg)
Enterprise Assets
Gateway
Virtual Micro Perimeter
Virtual Micro Perimeter
Virtual Micro Perimeter
SOC
Page 38
Web
![Page 39: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/39.jpg)
North/South Exploit (Perimeter)
East/West Exploit (Enterprise)
Successfully attack this . . . and gain NO access to this . . .
Page 39
East-West Traversal Mitigated by Virtual Perimeter
![Page 40: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/40.jpg)
Enterprise Assets
Gateway
Legacy Assets
Virtual Micro Perimeter
Virtual Micro Perimeter
Virtual Micro Perimeter
SOC
Page 40
Web
Legacy Assets Dependent on Existing Perimeter
![Page 41: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/41.jpg)
Gateway
Legacy
Enterprise Perimeter
(Legacy Assets)
SOC
Page 41
Web
Legacy Assets Dependent on Existing Perimeter
![Page 42: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/42.jpg)
Gateway
Legacy
Enterprise Perimeter Has Less to Defend
SOC
Page 42
Web
![Page 43: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/43.jpg)
Gateway
Legacy
SOC
Page 43
Web
![Page 44: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/44.jpg)
Gateway
Legacy
Web Back-End
SOC
Page 44
Web
![Page 45: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/45.jpg)
Gateway
Legacy
Web Back-End
SOC (Primary)
SOC (Backup)
Page 45
Web
![Page 46: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/46.jpg)
Gateway
Legacy
Web Back-End
SOC (Primary)
SOC (Backup)
Page 46
Web
![Page 47: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/47.jpg)
Gateway
Legacy
Web Back-End
SOC (Primary)
SOC (Backup)
Page 47
Web
![Page 48: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/48.jpg)
Gateway
Legacy Web
Back-End
SOC (Primary)
SOC (Backup)
Page 48
Web
![Page 49: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/49.jpg)
Gateway Legacy
Web Back-End
SOC (Primary)
SOC (Backup)
Page 49
Web
![Page 50: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/50.jpg)
Gateway Legacy
Web Back-End
SOC (Primary)
SOC (Backup)
Page 50
Web
![Page 51: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/51.jpg)
Ring (Gateway)
Ring (Legacy)
Ring (Back-End)
Ring (Web Server)
SOC (Primary)
SOC (Backup)
Page 51
![Page 52: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/52.jpg)
SOC (Primary)
SOC (Backup)
Page 52
![Page 53: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/53.jpg)
Page 53
![Page 54: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/54.jpg)
Page 54
![Page 55: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/55.jpg)
Page 55
![Page 56: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/56.jpg)
Page 56
![Page 57: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/57.jpg)
Security Command and Control (C&C)
Micro-Domain Rings
Micro-Domain Rings
Page 57
![Page 58: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/58.jpg)
Security Command and Control (C&C)
Micro-Domain Rings
Robust, Secure Communication
with Multiple C&C
Micro-Domain Rings
Security Software Drop Locations
Page 58
![Page 59: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/59.jpg)
Botnet Command and Control (C&C)
Bots
Robust, Secure Communication
with Multiple C&C
Botnet Software Drop Locations
Bots
Page 59
![Page 60: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/60.jpg)
ZeroAccess Botnet (Click Fraud)
Massive Industry Botnet Takedown Effort
Resilient!!
Page 60
Resilience of Botnets
![Page 61: From Enterprise Perimeter to Distributed, Virtual ... · A/S PKI Enterprise Access to Mail “Allowed” Proxy DLP IPS A/S Scan PKI Integrate into Common Physical Perimeter Allow](https://reader030.vdocuments.mx/reader030/viewer/2022040623/5d45abed88c9936f738d212d/html5/thumbnails/61.jpg)
Security Command and Control (C&C)
Micro-Domain Rings
Robust, Secure Communication
with Multiple C&C
Security Software Drop Locations
Micro-Domain Rings
Page 61
Distributed, Virtual Enterprise Perimeter Design