next generation security for cloud · next generation security for cloud ... insecure vpc fails...
TRANSCRIPT
![Page 1: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/1.jpg)
Next Generation Security for Cloud클라우드에있는내소중한앱과데이터를지켜라
김병장전무 ([email protected])
Palo Alto Networks, 2018/10/25 @ PASCON
![Page 2: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/2.jpg)
TECHNOLOGY ISPART OF OUR LIVES
2 | © 2018 Palo Alto Networks. All Rights Reserved.
![Page 3: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/3.jpg)
TRUST
3 | © 2018 Palo Alto Networks. All Rights Reserved.
![Page 4: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/4.jpg)
Source identity @2018 Dark Reading: 2017 Smashed World’s Records for Most Data Breaches, Exposed Information by Kelly Jackson Higgins.White House Council of Economic Advisers Report. February 2018
Breaches reported in 2017
5,207Breaches reported in 2017
5,207US breach cost in 2016
$109BUS breach cost in 2016
$109B
4 | © 2018 Palo Alto Networks. All Rights Reserved.
![Page 5: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/5.jpg)
Cloud Automation Analytics
IoT SaaS Cloud/Virtualization Mobility
CONTINUOUS EVOLUTION
5 | © 2018 Palo Alto Networks. All Rights Reserved.
Enablers of digital transformation
Distributed users, apps, and data | Delivers flexibility and speed; increases risk
![Page 6: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/6.jpg)
DATA AND APPLICATIONS ARE EVERYWHERE
6 | © 2018, Palo Alto Networks. Confidential and Proprietary.
SAASPRIVATE
PHYSICAL
IAAS PAAS
![Page 7: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/7.jpg)
SECURING THE CLOUD IS HARD
7 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Fragmented Security
Human Error
Manual Security
![Page 8: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/8.jpg)
WHAT’S NEEDED
8 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Frictionless Deployment & Management
Advanced Application & Data Breach Prevention
Consistent Protections Across Locations & Clouds
![Page 9: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/9.jpg)
SHARED RESPONSIBILITY MODEL
9 | © 2018, Palo Alto Networks Confidential
https://aws.amazon.com/ko/compliance/shared-responsibility-model/
![Page 10: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/10.jpg)
SHARED RESPONSIBILITIES MODEL
• Palo Alto Networks complements native Cloud security to protect Cloud deployments
• Apply consistent policies from the network to the cloud for security and compliance
![Page 11: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/11.jpg)
APPLICATIONS ARE INCREASINGLY USING PAAS SERVICES
11 | © 2018, Palo Alto Networks. Confidential and Proprietary.
On-Premises
Cloud Application
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
![Page 12: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/12.jpg)
INSUFFICIENT IAAS/PAAS SECURITY APPROACHES
12 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Cloud NativeSecurity
Single Cloud
Cloud Security Point ProductLimited scope
Legacy Network Security
Negates cloud value
![Page 13: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/13.jpg)
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
CRITICAL CLOUD PROTECTIONS
13 | © 2018, Palo Alto Networks. Confidential and Proprietary.
INLINEProtect and
Segment Cloud Workloads
API
HOSTSecure OS & App Within Workloads
APIContinuous Security & ComplianceOn-Premises
Cloud Application
![Page 14: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/14.jpg)
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
PROTECT AND SEGMENT CLOUD WORKLOADSVM-SERIES
14 | © 2018, Palo Alto Networks. Confidential and Proprietary.
On-Premises
Application visibility and workload segmentation
Auto-scale based on triggers
Prevent outbound and inbound attacks
Cloud Application
![Page 15: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/15.jpg)
CONTINUOUS COMPLIANCE AND SECURITY WITH EVIDENT
API
Is MFA Enabled?
Is any sensitive data exposed?
What services are running?
Who has access to this resource?Evident
Discover and Monitor Resources
Secure Storage Services
Compliance Reporting
![Page 16: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/16.jpg)
TOP HIGH RISKS DETECTED WITH EVIDENT
16
Insecure VPC Fails password policy
MFA not enabled Unprotected root
58% 48%
55% 29%
![Page 17: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/17.jpg)
SHOCKING, NO GOOD, REALLY BAD RISKS DETECTED WITH EVIDENT
17
No Non-Root Accounts S3 Global Upload/Delete
Root API Keys Detected S3 Global ACL Access
9% 8%
6% 4%
![Page 18: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/18.jpg)
GDPR Reporting with Evident
18 | © 2018, Palo Alto Networks. All Rights Reserved.
![Page 19: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/19.jpg)
One-click Compliance Reporting
19 | © 2018, Palo Alto Networks. All Rights Reserved.
![Page 20: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/20.jpg)
CUSTOM COMPLIANCE SOLUTION
Create your own custom control framework
Copy, modify, edit controls from frameworks like PCI, NIST
GUI-based wizard makes set-up & configuration easy
![Page 21: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/21.jpg)
PUBLIC CLOUD SERVICES INFRASTRUCTURE PROTECTION
21 | © 2018, Palo Alto Networks. All Rights Reserved.
1-CLICK REPORTING
MULTI-CLOUD
CONTINUOUS & REAL-TIME
BUILT FOR DEVOPS, SECOPS, COMPLIANCE
AGENTLESS
CUSTOMIZE TO MATCH YOUR POLICY
![Page 22: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/22.jpg)
APP WORKLOAD
Lightweight Agent
Real-time Exploit and Malware Protection
Protects Unpatched Workloads
WORKLOAD PROTECTION TRAPS
22 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Multi-method Attack Prevention
Traps Advanced Endpoint
Protections
NEW
![Page 23: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/23.jpg)
Cloud environment
SIX YEARS OF EXPLOIT PROTECTION INNOVATION
23 | © 2018, Palo Alto Networks. All Rights Reserved.
NEW
2012/13 2014 2015 2016 2017 2018
TRAPS ADVANCED ENDPOINT PROTECTION
EXPLOIT PREVENTION MODULESGS Cookie
SysExit
CPL ProtectionROP Mitigation
Enhanced JIT Protection
Enhanced DLL Security
Child Process Protection
Exploit Kit Fingerprinting
Kernel Privilege Escalation
Dylib-Hijacking Protection
Gatekeeper Enhancement
Kernel APC Protection
Child Process Protection
DLL File Protection
ShellLink Protection
Null Dereference Protection
Shellcode & Library Preallocation
Hot Patch Protection
Font Protection
Heap Spray Checks
UASLR
DEP
DLL Security
Packed DLLs
JIT Mitigation
Brute Force Protection
Local Privilege Escalation Protection
ROP Mitigation (Linux)
JAVA
DLL Hijacking
Heap Corruption Mitigation
Heap Spray Mitigation
Null Dereference Protection
T01 Compatibility
SEH Protection
![Page 24: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/24.jpg)
PLATFORM AUTOMATION
24 | © 2018, Palo Alto Networks. Confidential and Proprietary.
URL Filtering
CLOUD-DELIVERED SECURITY SERVICES
WEB
Object Storage Caching Database
IaaSPaaS
WebServer
APP
AppServer
API
3rd party feeds
Customerdata
Amazon GuardDuty
MineMeld
Threat Prevention
Malware Analysis
![Page 25: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/25.jpg)
PALO ALTO NETWORKS LEADERSHIP IN CYBERSECURITY
25 | © 2018 Palo Alto Networks. All Rights Reserved.
63% of the Global 2Kare Palo Alto Networks customers
29% year over yearrevenue growth*
85of Fortune 100
rely on Palo Alto Networks
#1 in Enterprise
Security
54,000+customers
in 150+ countries
Revenue trend40% CAGRFY14 - FY18
FY14 FY15 FY16 FY17 FY18
• Q4FY2018. Fiscal year ends July 31.• Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018
![Page 26: Next Generation Security for Cloud · Next Generation Security for Cloud ... Insecure VPC Fails password policy MFA not enabled Unprotected root 58% 48% 55% 29% . SHOCKING, NO GOOD,](https://reader030.vdocuments.mx/reader030/viewer/2022041120/5f327035547129752c7d564d/html5/thumbnails/26.jpg)
Gartner Market share & Magic Quadrant
26 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
- 2018 Q1 Enterprise Network Security Revenue 1위
- 7년연속 Gartner MQ Leader Group