130 likes | 303 Views
Protecting security clouds with intelligent IPS solutions. Dominic Storey Technical Director Sourcefire EMA. “What's in a name? that which we call a rose By any other name would smell as sweet ;”. Cloud Computing = Outsourcing. Cloud computing MAY use virtualization.
E N D
Protecting security clouds with intelligent IPS solutions Dominic Storey Technical Director Sourcefire EMA
“What's in a name? that which we call a rose By any other name would smell as sweet;”
Cloud computing and security • NOT • Your network • Your applications • Your security problem? • Think again • Your data • Your availability • Your identity • Your business risk
What are we protecting? • In the cloud: • Physical machines • Virtual servers • Virtual services • Asset sprawl “My concern right now isn’t what I’m being attacked with, its finding what I need to defend” Sourcefire customer
How can Sourcefire help? • Monitor for intruders • Identify network assets • Monitor network behaviour • Enforce network configuration • Link to user identity • Automate everything to decrease response time and increase repeatability
Monitoring virtualized services DC Sensor SF-Linux SF-Linux Sourcefire Virtual 3D Sensor™ Sourcefire Virtual Defense Center™
Context is everything Event: Attempted Privilege Gain Target: 96.16.242.135(vulnerable) Host OS: Blackberry Applications: Mail, Browswer, Twitter Location: Whitehouse, US User ID: bobama Full Name: Barack Obama Department: Executive Branch How much security context would you like? Network and user context Event: Attempted Privilege Gain Target: 96.16.242.135(vulnerable) Host OS: Blackberry Applications: Mail, Browser, Twitter Location: Whitehouse, US Network context No context Event: Attempted Privilege Gain Target: 96.16.242.135
Summary • Cloud computing is a new business paradigm, NOT a new technical paradigm • Security as important in the cloud • It’s YOUR business - security ultimately YOUR responsibility • You DO have a choice • Challenge your cloud vendor about their security practice • Ask for regular report and/or co-monitoring • Protect your own boundaries