Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Overlay Networks"
1 like•845 views
The document outlines VNS3's security and connectivity solutions for cloud applications, designed to protect against exploitation by hackers and other threats. It emphasizes the importance of application segmentation within enterprise clouds to enhance security against potential east-west attacks. The VNS3 application security controller is presented as a solution that creates micro-perimeters around critical applications, ensuring strict traffic flow controls in virtualized environments.
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Overlay Networks"
- 1. copyright 2015 Cloud Applications Secured
- 2. copyright 2015 Presenters 2 Patrick Kerpan CEO @pjktech Chris Swan CTO @cpswan
- 3. copyright 2015 Cohesive Networks - Cloud Applications Secured 3 VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments 1000+ customers in 20+ countries across all industry verticals and sectors Partner Network TECHNOLOGY PARTNER
- 4. copyright 2015 Our lineup 4 Application Security Controller turret free, self-service cloud connectivity vpn security and connectivity networking net scalable VPN end-to-end encryption multi-cloud, multi-region monitor & manage automatic failover secure app isolation ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ + + ✓ ✓ virtual network management system ms high availability & automatic failover ha ADD-ONs + +
- 5. copyright 2015 Available everywhere in Microsoft Azure 5
- 6. copyright 2015 6 VNS3 connectivity and security with L4-L7 plug-in system Isolated Docker containers withinVNS3 allows Partners and Customers to embed features and functions safely and securely into their Cloud Network. Router Switch Firewall Protocol Redistributor VPN Concentrator Scriptable SDN VNS3 Core Components Proxy Reverse Proxy Content Caching Load Balancer IDS Custom Container
- 7. copyright 2015 VNS3 and Cloud Application Segmentation 7
- 8. copyright 2015 I don’t need to tell you about the security landscape 8 FUD
- 9. copyright 2015 9 The Problem - Lots of apps sprawled across enterprise clouds The Solution -VNS3 Application Segmentation
- 10. copyright 2015 A typical business application 10 WebTier AppServer Tier Database Tier Message Queues
- 11. copyright 2015 PerimeterSecurity Public and Private clouds are filled with these applications, many of them “critical” infrastructure 11 80% of Security $s 20% of Security $s (RSA)
- 12. copyright 2015 PerimeterSecurity Hard on the outside, soft on the inside 12
- 13. copyright 2015 PerimeterSecurity One penetration creates significant potential for “East-West” expansion of the attack 13
- 14. copyright 2015 14 The Problem - Lots of apps sprawled across enterprise clouds The Solution -VNS3 Application Segmentation
- 15. copyright 2015 “Application Segmentation” completes the cloud security model 15 Hardware Managed by Azure Hypervisor Managed by Azure Application Policies Customers Control Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 3 Layer 2 Layer1 Layer 0 App 1 App 2 Limit of user access, control and visibility Azure Layer 3 Network Cloud Service Provider Cloud Customer
- 16. copyright 2015 Introducing theVNS3 Application Security Controller 16 M Virtual Adapter Virtual Adapter Virtual Adapter Layer 3 Encrypted Switch Layer 3 Encrypted Router GRE Protocol Bridge Protocol Re- Distributor Industry Standard L4 - L7 PLUGIN System Mesh Transaction Management Core Mesh Firewall Mesh Key Management Net Management Interfaces SSLVPN Edge IPsecVPN Edge Autonomics Agents RESTful API Service Cloud Capacity Interfaces Virtual CPU(s) AES-NI Interface Provisioned IOPS Enhanced Network Drivers App FW Custom Mods SSL/TLS Offload Content Cache Internal LB IDS IPS Application Security Controller NIC(s) Unique Encrypted Topology Identity UniqueEncryptedTopologyIdentity UniqueEncryptedTopologyIdentity
- 17. copyright 2015 VNS3 Application Segmentation 17 turret VNS3 creates a micro-perimeter around critical applications in any data center, cloud or virtualized environment Traffic only flows in permitted directions, from permitted locations. None of the servers talks to any other server without going through a secureVNS3 switch.
- 18. copyright 2015 Why now - “demand”? 18 NIST Cyber Security Framework PR.AC-5 Network integrity is protected, incorporating network segregation where appropriate
- 19. copyright 2015 Why now - “supply”? 19 Network FunctionVirtualization - we can make networks out of virtual machines and containers Software Defined Networking - we can manage networks through APIs DevOps and Containers - makes application networks just another config
- 20. copyright 2015 Once the micro-perimeter is established the broad policy enforcement mechanism is in place, with strict traffic flow controls. 20
- 22. copyright 2015 DemoTopology 22 VNS3 Manager 1 VNS3 Manager 2 VNS3 Manager 3 VNS3 Overlay Network - 192.168.56.0/24 Overlay IP: 192.168.56.111 Overlay IP: 192.168.56.101* Sinatra App Tier Primary DB Backup DB Active IPsec Tunnel Public IP: 104.40.234.149 Public IP: 191.236.146.199 Peered Overlay IP: 192.168.56.101 Public IP: 104.42.102.143 VNS3 Manager 4 Public IP: 191.236.53.137 VNS3 Overlay - 172.31.0.0/22 Nginx Server Overlay IP: 172.31.1.1 Peered Customer Corp Office West Europe West US North Central US East US
- 23. copyright 2015 Anywhere an application can go - it needs security & connectivity. • Perimeter based security models are no longer sufficient. One compromise becomes the starting point for East-West attacks across a series of application deployments. • Application Security Controllers use NFV and SDN to build an application-centric perimeter rather than traditional “edge” perimeter. • Application-centric Security is portable across Azure zones and locations. 23