ORCHESTRATING SECURITY POLICIES - SIGS · orchestrating security policies microsegmentation v...
Transcript of ORCHESTRATING SECURITY POLICIES - SIGS · orchestrating security policies microsegmentation v...
ORCHESTRATING SECURITY POLICIES
MICROSEGMENTATION V LEGACY CONCEPTS - HETEROGENEOUS
NETWORKS & HYBRID CLOUDS
Mark WellinsVP Solutions
Tufin Software Technologies
SDN
• Ecclesiastes 1:9 - What has been will be again, what has been done
will be done again; there is nothing new under the sun
• The Internet was designed for resilience – distributed architecture
• Enterprises adopted the same architecture for their WAN
25 years later…
• Distributed is too complicated,
let’s try Centralized Enter SDN.
And all the mainframe guys say “I told you so…”
WHAT’S SO GOOD ABOUT THE CLOUD?
• The Cloud provides IT as a resource
• It is always available for use, like water, gas and electricity
• You can consume as much as you need
WHAT IS HAPPENING IN THE CYBER SPACE?
• Growing cyber threats
• Security technology continues to evolve – you can easily get lost!
• Many new types of cyber defenses
o NGFW
o APT
o Adaptive Security
o Context-Aware security – IP addresses losing dominance as the identifier
• Enterprises are less secure than 20 years ago
• Hackers today are much more sophisticated than 5 years ago
SECURITY CHALLENGES IN THE CLOUD
• New Stakeholders
• Private and Public clouds are usually managed by Server & App teams
• These people were traditionally less involved in security (bypass security)
• Agility
• Changes in the cloud are made on-the-fly (within minutes)
• How can we ensure security & compliance?
• Visibility & Control
• How to maintain visibility and control when everything is automated?
How can enterprises roll out mission-critical applications to the cloud?
HOW DO WE MAINTAIN SECURITY IN A MULTI-VENDOR, MULTI-
TECHNOLOGY, HETEROGENEOUS IT?
Data center
Data center
Firewalls & NGFWs
Firewalls & NGFWs
Micro Segmentation
Subnets & Zones
Security Groups
Security Groups
WHAT CAN WE DO TO IMPROVE SECURITY?
Abstraction
Central Security Management Single Pane of Glass Across All Platforms
AutomationModern Security
WHY DO YOU NEED ABSTRACTION?
• There will be no standard across all platforms
• Applications are the future focal point for security
o They allow us to focus on the layer that matters to business without dealing with the underlying network complexity
Abstraction of Complexities
Multi-vendor environments
Large enterprise networks
Multiple networking & security
technologies
Multiple command-lines, GUIs an APIs
CENTRAL SECURITY MANAGEMENT
• IT is becoming even more heterogeneous
Central Security Management (Single Pane of Glass Across All Platforms)
Traditional networks
Private cloud and SDDC
Public cloud(multiple vendors)
• We must control network security across all of these platforms
SECURITY POLICY ORCHESTRATION
Gain Visibility across Heterogeneous Environments
• Control policies across all platforms—physical networks, virtualized and cloud
SECURITY POLICY ORCHESTRATION
Centralize Management
• Enforce a Unified Security Policy across platforms, each with
its specialized capabilities
• Manage and visualize application connectivity centrally
SECURITY POLICY ORCHESTRATION
Automate Management of Network Security Policies
• Start to apply automation, not only to IT but to security
• Security automation must preserve control, yet still be
hands-free
• Security automation is application centric
SUMMARY
• The world of network security is changing – disruptions are
coming
• Cloud platforms enable agility and flexibility, but also increase
complexity
• What do I need from my security solution?
o Accept a multi-vendor, multi-technology, heterogeneous IT
o Gain a central view across all platforms
o Take advantage of platform specific capabilities but decouple from technical details
o Avoid complex home-grown scripting
o Automate all security activities but maintain visibility and control
o Move your focal point from the network to the app
o Manage Application connectivity and enhance delivery