SlideShare ist ein Scribd-Unternehmen logo

SACON - Beyond corp (Arnab Chattopadhayay)

Priyanka Aash
Priyanka Aash

SACON - Beyond corp (Arnab Chattopadhayay)

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
SACON SACON International 2017 Arnab Chattopadhyay Capgemini Senior Director India | Bangalore | November 10 – 11 | Hotel Lalit Ashok Beyond Corp
SACON 2017 How your Enterprise is set today
SACON 2017 Convergence breaks wall – it does not work
SACON 2017 Need a different approach – Google BeyondCorp Principles • Connecting from a particular network must not determine your trust level • Access to service is granted based on what we know about you and your device • All access to services must be Authenticated, Authorized and Encrypted • Zero-Trust Model
SACON 2017 • To have every Google employee work successfully from untrusted networks without use of a VPN Google’s Mission was
SACON 2017 • Methodology for Building Security Architecture: • Business-driven • Risk and opportunity focused • Includes security service management • Comprised of a number of integrated frameworks, models, methods and processes BeyondCorp Architecture contd.
SACON 2017 BeyondCorp Architecture Contd. Access Proxy Single Sign On Access Control Engine User Inventory Device Inventory Trust Repository
SACON 2017 BeyondCorp Architecture Contd. SECURIT BeyondCorp: Design to Deployment at Goog Components of BeyondCorp Using the components described below, BeyondCorp integrated so they don’t need to access more sensitive services like billin systems. Figure 1: Architecture of the BeyondCorp Infrastructure Components
SACON 2017 Components of BeyondCorp • Device and Hosts • Device: collection of physical and virtual components that acts as computer. Example: PC, Servers, VMs • Host: snapshot of a device state at a given point of time. Example: device might be a mobile phone, while a host would be specifics of operating system and software running on the device • Device Inventory Service • Contains information on devices, hosts, and their trust decisions • Continuously updated pipeline that imports data from a broad range of sources • System management source: Active Directory, Puppet, Simian • On-device agents, CMS, Corporate Asset Management • Out-of-band data source: vulnerability scanners, Certificate Authorities, Network Infrastructure Elements (e.g. ARP tables) • Full or incremental data set • Google’s Scale: initial phases ingested billions of deltas from 15+ data sources at 3 million data per day totaling to 80 Terabytes • Retaining historical data allowed Google to understand end-to-end lifecycle of a device, track and analyze trends, perform security audits and forensic analysis
SACON 2017 Components of BeyondCorp • Tiered Access • Trust levels are organized into tiers and assigned to each device by the Trust Inferer • Each resource is associated with minimum trust tier required for access • To get access, each device’s trust tier assignment must be >= resource’s trust tier • Trust Inferer also supports network segmentation effort by dynamically assigning VLAN based on device state • Example: a device without adequate OS patch level becomes untrustworthy and hence assigned to a quarantine network
SACON 2017 Device Inventory ECURITY eyondCorp: Design to Deployment at Google gure 2: Device Inventory Service
SACON 2017 Types of Data • Observed Data • The last time security scan was performed on the device and the result of the scan • The last-synced policies and timestamp from Active Directory • OS version and Patch Level • Installed Software • Prescribed Data • Manually maintained by IT Operations • Assigned Owner of Device • User and Groups allowed to access a device • DNS and DHCP Assignment • Explicit access to a particular VLAN
SACON 2017 Data Processing Flow BeyondCorp: Design that must be expended at acce allows us to be confident that are using a consistent data se even for inactive devices at th we denied access for any devi Stagefright [2] before such de request. Precomputation also framework in which we can w changes and canary small-pe Trust Inferer without impact Of course, precomputation al relied on completely. For exam real-time two-factor authenti from known-malicious netblo surprisingly, latency between and the ability of gateways to problematic. Our update laten The fact that not all informat more substantial concern. Figure 3: The data processing pipeline Transform into common data format Correlation Exceptions
SACON 2017 Transformation • All data must be transformed to a common data format • Use Tooling where possible to push changes to system • Poll where tooling is not possible
SACON 2017 Correlation • Device data coming from distinct data sources must be reconciled into unique device specific records • Complex: many data sources do not have overlapping identifiers • Example: Asset management system stores device serial number but a disk encryption escrow service stores had disk serial number, CA stores X.509 certificate fingerprint, ARP database stores MAC id • Challenge is: What exactly constitutes a device? • What happens when a mother board is changed, Cases replaced, NIC replaced or even swapped between devices?
SACON 2017 Trust Evaluation • Trust Inferer is notified to trigger re-evaluation once incoming records are merged • References a variety of fields and aggregates the results in order to assign trust tier • Trust Inferer refers dozens of both platform-specific and platform-agnostics fields across various data sources • Example: to qualify for a higher trust level, we might require a device must meet all of the following requirements: • Be encrypted • Successfully execute all management and configuration agents • Install the most recent OS security patch • Have a consistent state of data from all inputs • Pre-computation reduces the amount of data , allows to enforcement gateways to work on consistent data set • Allows to change trust for inactive devices • Might be problematic for real-time 2FA or restricting access originating from known malicious net-block
SACON 2017 Exceptions • Trust Evaluation considers pre-defined exceptions • Exceptions are aimed at reducing delay in deploying policy changes or new policies • Example • Block a device that’s vulnerable to zero-day exploit even before security scanners have been updated • Permit untrusted devices to connect to lab network • Permit IoT devices since installing certificate in them may be infeasible
SACON 2017 Deployment • Initial Phase • Objective was to reduce user friction • Subset of Gateways integrated with an interim meta-inventory service • A small number of data sources with prescribed data • Mirror IP based perimeter security model • Apply new policies to untrusted device only • Access enforcement for trusted device remain unchanged • The strategy would allow to safely deploy various components of BeyondCorp before it was fully complete and polished • In parallel, scale up meta inventory solution • As the meta-inventory model matures, gradually replace IP based policies with trust tier assignments • Once workflow is verified for lower-trust tier devices, apply fine-grained restrictions to higher trust-tiered devices and enterprise resources • Given the complexities of identifying a device, use X.509 as persistence device identifier • If certificate changes, device is considered different • If certificate is installed on a different device, the correlation logic notice collision and mismatch of other device information and degrades trust tier
SACON 2017 Mobile • Almost all communication from Mobile App is over HTTP • Easier to deploy tiered trust model • Mobile devices use certificates • Cryptographically secured communications • Native Apps subjected to same authorization enforcement as web browser • API end-points of services reside behind proxies integrated with Access Control Engine
SACON 2017 Legacy and 3rd Party Systems • Use multiple protocols • Tunnel arbitrary TCP and UDP traffic via SSH tunnel and SSL/TLS proxies • Gateways only allow tunneled traffic that conforms with policies of of Access Control Engine • RADIUS is integrated with device inventory • Assigns VLAN dynamically via setting appropriate IETF Headers • Use IEEE 802.1x authentication using X.509 certificate as artifact
SACON 2017 Challenges • Correlation accuracy depends on the data quality • Data set is sparse • Reasonably small set of heuristics can correlate majority of deltas from a subset of data source • But to have accuracy close to 100% requires extremely complex sets of heuristics to cater to seemingly endless list of corner cases • A tiny fraction of devices can potentially lock majority of the employees to be productive • Mitigation: monitor traffic and take manual action where necessary • Latency introduced by Device Inventory Service • Corporate Communication • Disaster Recovery • BeyondCorp is complex • Failure can be catastrophic – may prevent support staff to access the system to recover • Must have a direct access route to the infrastructure for an extremely small set of staff who would be able to bootstrap the system from last-known-good-state
SACON 2017 Thank You

Empfohlen

SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)Priyanka Aash
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)Priyanka Aash
 
Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Priyanka Aash
 
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Priyanka Aash
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)Priyanka Aash
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)Priyanka Aash
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Priyanka Aash
 

Empfohlen

SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)SACON - API Security (Suhas Desai)
SACON - API Security (Suhas Desai)Priyanka Aash
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)SACON - Incident Response Automation & Orchestration (Amit Modi)
SACON - Incident Response Automation & Orchestration (Amit Modi)Priyanka Aash
 
Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Sacon Threat Modeling Overview (Abhishek Datta)
Sacon Threat Modeling Overview (Abhishek Datta)Priyanka Aash
 
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)Priyanka Aash
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)Priyanka Aash
 
SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)SACON - Mobile App Security (Srinath Venkataramani)
SACON - Mobile App Security (Srinath Venkataramani)Priyanka Aash
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)Priyanka Aash
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)Priyanka Aash
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat huntingPriyanka Aash
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy NetworkCollaborators
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Microsoft Tech Community
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...Priyanka Aash
 
Comprehensive Information on CASB
Comprehensive Information on CASBComprehensive Information on CASB
Comprehensive Information on CASBHTS Hosting
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 

Weitere ähnliche Inhalte

Was ist angesagt?

SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)Priyanka Aash
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)Priyanka Aash
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)Priyanka Aash
 
SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)Priyanka Aash
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat huntingPriyanka Aash
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy NetworkCollaborators
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...Priyanka Aash
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Microsoft Tech Community
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) rkulandaivel
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...Priyanka Aash
 
Comprehensive Information on CASB
Comprehensive Information on CASBComprehensive Information on CASB
Comprehensive Information on CASBHTS Hosting
 

Was ist angesagt? (20)

SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
 
SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)SACON - Security Architecture (Arnab Chattopadhayay)
SACON - Security Architecture (Arnab Chattopadhayay)
 
(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting(SACON) Wasim Halani - OSINT threat hunting
(SACON) Wasim Halani - OSINT threat hunting
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Security
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
 
Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB) Cloud Access Security Broker (CASB)
Cloud Access Security Broker (CASB)
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
 
Comprehensive Information on CASB
Comprehensive Information on CASBComprehensive Information on CASB
Comprehensive Information on CASB
 

Andere mochten auch

SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)Priyanka Aash
 
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)Priyanka Aash
 
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)Priyanka Aash
 
SACON - Enterprise Security Architecture (Bikash Barai)
SACON - Enterprise Security Architecture (Bikash Barai)SACON - Enterprise Security Architecture (Bikash Barai)
SACON - Enterprise Security Architecture (Bikash Barai)Priyanka Aash
 
SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)Priyanka Aash
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)Priyanka Aash
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 

Andere mochten auch (9)

SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
 
SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)
 
SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)SACON - Connected cars (Aditya Kakrania)
SACON - Connected cars (Aditya Kakrania)
 
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
SACON - Cyber Risk Assessment Using Bayesian Network (R Venkat)
 
SACON - Enterprise Security Architecture (Bikash Barai)
SACON - Enterprise Security Architecture (Bikash Barai)SACON - Enterprise Security Architecture (Bikash Barai)
SACON - Enterprise Security Architecture (Bikash Barai)
 
SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)SACON - Windows Forensic (Dr. Phil Polstra)
SACON - Windows Forensic (Dr. Phil Polstra)
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 

Ähnlich wie SACON - Beyond corp (Arnab Chattopadhayay)

Should healthcare abandon the cloud final
Should healthcare abandon the cloud finalShould healthcare abandon the cloud final
Should healthcare abandon the cloud finalsapenov
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneCorecom Consulting
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...ThousandEyes
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern ApplicationRahul Kumar Gupta
 
Cloud computing case studies with ProfitBricks IaaS
Cloud computing case studies with ProfitBricks IaaSCloud computing case studies with ProfitBricks IaaS
Cloud computing case studies with ProfitBricks IaaSProfitBricks
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love CloudVuzion
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Benefits of Operating an On-Premises Infrastructure
Benefits of Operating an On-Premises InfrastructureBenefits of Operating an On-Premises Infrastructure
Benefits of Operating an On-Premises InfrastructureRebekah Rodriguez
 
2022 Trends in Enterprise Analytics
2022 Trends in Enterprise Analytics2022 Trends in Enterprise Analytics
2022 Trends in Enterprise AnalyticsDATAVERSITY
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudA New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudNETSCOUT
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV ReadyThousandEyes
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
 

Ähnlich wie SACON - Beyond corp (Arnab Chattopadhayay) (20)

Should healthcare abandon the cloud final
Should healthcare abandon the cloud finalShould healthcare abandon the cloud final
Should healthcare abandon the cloud final
 
How to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortuneHow to move to the cloud, get it right, stay secure and not cost a fortune
How to move to the cloud, get it right, stay secure and not cost a fortune
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Ms.azure in detail
Ms.azure in detailMs.azure in detail
Ms.azure in detail
 
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern Application
 
Cloud computing case studies with ProfitBricks IaaS
Cloud computing case studies with ProfitBricks IaaSCloud computing case studies with ProfitBricks IaaS
Cloud computing case studies with ProfitBricks IaaS
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Benefits of Operating an On-Premises Infrastructure
Benefits of Operating an On-Premises InfrastructureBenefits of Operating an On-Premises Infrastructure
Benefits of Operating an On-Premises Infrastructure
 
2022 Trends in Enterprise Analytics
2022 Trends in Enterprise Analytics2022 Trends in Enterprise Analytics
2022 Trends in Enterprise Analytics
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
 
Ahmed El Mawaziny CV
Ahmed El Mawaziny CVAhmed El Mawaziny CV
Ahmed El Mawaziny CV
 
A New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudA New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the Cloud
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
 
Azure Migration .pptx
Azure Migration .pptxAzure Migration .pptx
Azure Migration .pptx
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

SACON - Beyond corp (Arnab Chattopadhayay)

  • 2. SACON 2017 How your Enterprise is set today
  • 4. SACON 2017 Need a different approach – Google BeyondCorp Principles • Connecting from a particular network must not determine your trust level • Access to service is granted based on what we know about you and your device • All access to services must be Authenticated, Authorized and Encrypted • Zero-Trust Model
  • 6. SACON 2017 • Methodology for Building Security Architecture: • Business-driven • Risk and opportunity focused • Includes security service management • Comprised of a number of integrated frameworks, models, methods and processes BeyondCorp Architecture contd.
  • 7. SACON 2017 BeyondCorp Architecture Contd. Access Proxy Single Sign On Access Control Engine User Inventory Device Inventory Trust Repository
  • 8. SACON 2017 BeyondCorp Architecture Contd. SECURIT BeyondCorp: Design to Deployment at Goog Components of BeyondCorp Using the components described below, BeyondCorp integrated so they don’t need to access more sensitive services like billin systems. Figure 1: Architecture of the BeyondCorp Infrastructure Components
  • 9. SACON 2017 Components of BeyondCorp • Device and Hosts • Device: collection of physical and virtual components that acts as computer. Example: PC, Servers, VMs • Host: snapshot of a device state at a given point of time. Example: device might be a mobile phone, while a host would be specifics of operating system and software running on the device • Device Inventory Service • Contains information on devices, hosts, and their trust decisions • Continuously updated pipeline that imports data from a broad range of sources • System management source: Active Directory, Puppet, Simian • On-device agents, CMS, Corporate Asset Management • Out-of-band data source: vulnerability scanners, Certificate Authorities, Network Infrastructure Elements (e.g. ARP tables) • Full or incremental data set • Google’s Scale: initial phases ingested billions of deltas from 15+ data sources at 3 million data per day totaling to 80 Terabytes • Retaining historical data allowed Google to understand end-to-end lifecycle of a device, track and analyze trends, perform security audits and forensic analysis
  • 10. SACON 2017 Components of BeyondCorp • Tiered Access • Trust levels are organized into tiers and assigned to each device by the Trust Inferer • Each resource is associated with minimum trust tier required for access • To get access, each device’s trust tier assignment must be >= resource’s trust tier • Trust Inferer also supports network segmentation effort by dynamically assigning VLAN based on device state • Example: a device without adequate OS patch level becomes untrustworthy and hence assigned to a quarantine network
  • 11. SACON 2017 Device Inventory ECURITY eyondCorp: Design to Deployment at Google gure 2: Device Inventory Service
  • 12. SACON 2017 Types of Data • Observed Data • The last time security scan was performed on the device and the result of the scan • The last-synced policies and timestamp from Active Directory • OS version and Patch Level • Installed Software • Prescribed Data • Manually maintained by IT Operations • Assigned Owner of Device • User and Groups allowed to access a device • DNS and DHCP Assignment • Explicit access to a particular VLAN
  • 13. SACON 2017 Data Processing Flow BeyondCorp: Design that must be expended at acce allows us to be confident that are using a consistent data se even for inactive devices at th we denied access for any devi Stagefright [2] before such de request. Precomputation also framework in which we can w changes and canary small-pe Trust Inferer without impact Of course, precomputation al relied on completely. For exam real-time two-factor authenti from known-malicious netblo surprisingly, latency between and the ability of gateways to problematic. Our update laten The fact that not all informat more substantial concern. Figure 3: The data processing pipeline Transform into common data format Correlation Exceptions
  • 14. SACON 2017 Transformation • All data must be transformed to a common data format • Use Tooling where possible to push changes to system • Poll where tooling is not possible
  • 15. SACON 2017 Correlation • Device data coming from distinct data sources must be reconciled into unique device specific records • Complex: many data sources do not have overlapping identifiers • Example: Asset management system stores device serial number but a disk encryption escrow service stores had disk serial number, CA stores X.509 certificate fingerprint, ARP database stores MAC id • Challenge is: What exactly constitutes a device? • What happens when a mother board is changed, Cases replaced, NIC replaced or even swapped between devices?
  • 16. SACON 2017 Trust Evaluation • Trust Inferer is notified to trigger re-evaluation once incoming records are merged • References a variety of fields and aggregates the results in order to assign trust tier • Trust Inferer refers dozens of both platform-specific and platform-agnostics fields across various data sources • Example: to qualify for a higher trust level, we might require a device must meet all of the following requirements: • Be encrypted • Successfully execute all management and configuration agents • Install the most recent OS security patch • Have a consistent state of data from all inputs • Pre-computation reduces the amount of data , allows to enforcement gateways to work on consistent data set • Allows to change trust for inactive devices • Might be problematic for real-time 2FA or restricting access originating from known malicious net-block
  • 17. SACON 2017 Exceptions • Trust Evaluation considers pre-defined exceptions • Exceptions are aimed at reducing delay in deploying policy changes or new policies • Example • Block a device that’s vulnerable to zero-day exploit even before security scanners have been updated • Permit untrusted devices to connect to lab network • Permit IoT devices since installing certificate in them may be infeasible
  • 18. SACON 2017 Deployment • Initial Phase • Objective was to reduce user friction • Subset of Gateways integrated with an interim meta-inventory service • A small number of data sources with prescribed data • Mirror IP based perimeter security model • Apply new policies to untrusted device only • Access enforcement for trusted device remain unchanged • The strategy would allow to safely deploy various components of BeyondCorp before it was fully complete and polished • In parallel, scale up meta inventory solution • As the meta-inventory model matures, gradually replace IP based policies with trust tier assignments • Once workflow is verified for lower-trust tier devices, apply fine-grained restrictions to higher trust-tiered devices and enterprise resources • Given the complexities of identifying a device, use X.509 as persistence device identifier • If certificate changes, device is considered different • If certificate is installed on a different device, the correlation logic notice collision and mismatch of other device information and degrades trust tier
  • 19. SACON 2017 Mobile • Almost all communication from Mobile App is over HTTP • Easier to deploy tiered trust model • Mobile devices use certificates • Cryptographically secured communications • Native Apps subjected to same authorization enforcement as web browser • API end-points of services reside behind proxies integrated with Access Control Engine
  • 20. SACON 2017 Legacy and 3rd Party Systems • Use multiple protocols • Tunnel arbitrary TCP and UDP traffic via SSH tunnel and SSL/TLS proxies • Gateways only allow tunneled traffic that conforms with policies of of Access Control Engine • RADIUS is integrated with device inventory • Assigns VLAN dynamically via setting appropriate IETF Headers • Use IEEE 802.1x authentication using X.509 certificate as artifact
  • 21. SACON 2017 Challenges • Correlation accuracy depends on the data quality • Data set is sparse • Reasonably small set of heuristics can correlate majority of deltas from a subset of data source • But to have accuracy close to 100% requires extremely complex sets of heuristics to cater to seemingly endless list of corner cases • A tiny fraction of devices can potentially lock majority of the employees to be productive • Mitigation: monitor traffic and take manual action where necessary • Latency introduced by Device Inventory Service • Corporate Communication • Disaster Recovery • BeyondCorp is complex • Failure can be catastrophic – may prevent support staff to access the system to recover • Must have a direct access route to the infrastructure for an extremely small set of staff who would be able to bootstrap the system from last-known-good-state