Intelligent MultiCloud Security Visibility Compliance Governance The Cloud
Intelligent Multi-Cloud Security Visibility, Compliance, Governance
The Cloud Security Journey Visibility, Compliance & Governance for Your Open. Stack & Hybrid Cloud Speaker: Nathan Randall Abstract: The self-service and dynamic nature of the cloud creates challenges for risk and compliance professionals tasked with measuring and demonstrating adherence to security and privacy controls. Traditional tools and controls that worked well for audit and compliance assurance in the datacenter, fail in the cloud. In this session, we walk through the steps to achieving continuous cloud security governance for your Open. Stack environments and their hosted applications. First, we examine how to discover, visualize and intuitively audit to uncover existing risks and threats throughout your cloud landscape. Second, we implement cloud-native policy guardrails that identify, alert-on and remediate risks. Third, we move to automated enforcement of these policies across multiple Open. Stack clouds. This session will include demonstration of these techniques. © 2019 Cloudvisory - Confidential
2018 Cloud Security Report by Cybersecurity Insiders Cloud Security Concerns Are On The Rise § Cloud Security Headaches – As more workloads move to the cloud, cybersecurity professionals are increasingly realizing the complications to protect these workloads. The top three security control challenges security operations centers (SOCs) and cybersecurity professionals are struggling with are: 1. Visibility into infrastructure security (43%) 2. Compliance (38%) 3. Setting consistent security policies across multi-cloud environments (35%) § Legacy Security Tools Limited in the Cloud – Only 16% of organizations report that the capabilities of traditional security tools are sufficient to manage security across the cloud, a 6 -percentage point drop from our previous survey. 84% say traditional security solutions either don’t work at all in cloud environments or have only limited functionality © 2019 Cloudvisory - Confidential
Central Security in a Cloud Dev. Ops World Culture Clash Dev. Ops Sec. Ops Motivations Strategies Tools & Behavior © 2019 Cloudvisory - Confidential
Central Security in a Cloud Dev. Ops World Sec. Ops Challenges § Self-service Multi-tenancy Creates Sec. Ops Challenges – In order to improve developer efficiency and operational agility, many organizations adopt self-service operating models for infrastructure provisioning (at minimum). This trend created the following challenges for Sec. Ops: 1. Assets became dynamic / ephemeral by default 2. Developers started managing security policies 3. The ”perimeter” dispersed into non-existence 4. Sec. Ops lost visibility and control while cloud deployments grew © 2019 Cloudvisory - Confidential
The Problem: Multi-Cloud Security Visibility, Compliance & Governance The Solution: Cloudvisory Security Platform (CSP) Cloud environments are “black boxes”. How can I gain visibility, manage risk and improve my security 1. posture? • CSP provides detailed Visibility into automatically discovered cloud assets and their metadata, security controls & events • CSP continuously analyzes Risks across your multi-cloud environments • CSP detects vulnerabilities, orchestrates Risk Remediations & makes recommendations to improve your Security Posture Cloud-native security and Operating Systems (OS) controls are often misconfigured and left too “open”. How 2. can I detect, alert and remediate these configuration errors? • CSP continuously checks and enforces guardrail policies to ensure Compliance with regulatory requirements • CSP Recommends, Orchestrates & Enforces least-privilege, cloud-native security policies across multiple providers Attacks are often undetected until it is too late in the datacenter. The complexity of containing threats is 3. compounded in multi-cloud environments. How can I detect, alert, block and quarantine these attacks? • CSP deploys active Protection leveraging Microsegmentation and Machine Learning on data from OS, Cloud APIs & Logs © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform Intelligent Multi-Cloud Security Visibility, Compliance & Governance 7 © 2019 Cloudvisory - Confidential
© 8 The Cloud Journey To Multi-Cloud Security Posture Management 2 0 1 9 Different Needs Based On The Cloud Maturity Level of An Enterprise C l o u d v i s o r y C o n © 2019 Cloudvisory - Confidential
© 9 Cloudvisory Security Platform (CSP) – Multi-Cloud Visibility, Compliance & Governance 2 0 1 9 Single Pane of Glass to Manage Risk: Detect & Remediate Misconfigurations, Threats C l o u d v i s o r y C o n © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – Continuous Visibility & Ad-hoc Audit Key Benefits and Features § Identify Risk with the most comprehensive visual mapping that provides unparalleled hybrid multi-cloud visibility § Vulnerability detection based on Threat Intelligence feeds, Microsegmentation, Compliance check failures, Machine Learning and Artificial Intelligence § Complete historical CSP Inventory of cloud assets and their associated events, metadata and security controls § Visibility into network data traffic for workloads, applications and microservices § Powerful interface for generating ad-hoc queries against CSP Inventory and Audit trails § Convert ad-hoc queries into recurring Audit Reports and/or Visualization Scopes © 2019 Cloudvisory - Confidential
1 © Cloudvisory Security Platform (CSP) – Ad-Hoc Audit Queries Custom Checks 2 2 Single Pane of Glass: Audit, Check & Enforce Compliance Policies on Multiple Clouds 0 1 9 C l o u d v i s o r y C o n © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – Compliance Monitoring & Remediation Key Benefits and Features § Compliance Checks to continuously discover security gaps and detect vulnerabilities in your Cloud Provider & Workload Operating Systems, including templated checks for benchmarks such as: § CIS § HIPAA § GDPR § NIST § Open. Stack Security Checklist § PCI § Configurable severity, alerting, auto-remediation and notifications for Compliance Checks and/or Groups. Integration with external systems through APIs, Syslog, Kafka § Orchestrated remediation of compliance failures via either “push button” (UI) or automatic enforcement with detailed audit trail § Pluggable Compliance Framework: add your own checks, groups, remediations and business workflow § Convert ad-hoc queries into recurring Compliance Checks © 2019 Cloudvisory - Confidential
1 © Cloudvisory Security Platform (CSP) – Risk Management 4 2 Single Pane of Glass: Drill-down to Remediate Risks in Any Cloud 0 1 9 C l o u d v i s o r y C o n © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – AWS Compliance Report Key Benefits and Features © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – Azure Compliance Report Key Benefits and Features © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – Open. Stack Compliance Report Key Benefits and Features © 2019 Cloudvisory - Confidential
1 © Cloudvisory Security Platform (CSP) – Hybrid Multi-Cloud Workload Protection 8 2 Single Pane of Glass to Automate, Orchestrate and Enforce Least Privilege Policies 0 1 9 C l o u d v i s o r y C o n © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform (CSP) – Hybrid Multi-Cloud Workload Protection Key Benefits and Features § Workload Operating Systems vulnerability scanning based on CIS benchmark checks § Detect, Alert, Block and Quarantine Attacks using Cloud -Native Microsegmentation: • Enable a Zero Trust Model • Isolate data assets by regulatory mandates, improving protections and visibility for sensitive assets • Advisor Services: Machine Learning & Data Analytics insights help you quickly build better Least-Privilege Policies and detect Anomalies and Threats • Non-Intrusive deployment (Agentless, Cloud API-driven) § Centralized, Automated SGs/NSGs Policy Management, Orchestration & Enforcement § Policies are portable across hybrid cloud environments • Automatically translates policies to SGs/NSGs in each cloud provider © 2019 Cloudvisory - Confidential
Cloudvisory Security Platform Demo 21 © 2019 Cloudvisory - Confidential
- Slides: 19