The document discusses how IT is evolving in a cloud world. Key points include:
- Business is driving digital transformation and IT must change from technology-first to business-first to remain relevant.
- There is only one global network that businesses don't control, so the focus must shift from security controls to managing risk.
- Transformation starts with changing organizational mindsets to embrace new business models.
- Zscaler's cloud security platform can help organizations securely adopt the cloud by providing a consistent security policy for all users on any network or device.
The document discusses how digital transformation is driving the need for cloud-based security solutions and modernized network architectures. It describes Zscaler's cloud security platform as enabling organizations to securely access applications in the cloud while simplifying their networks. The presentation outlines how Zscaler has helped one large global organization transition to the cloud by providing a consistent security posture across its network.
Adopting an SD-WAN solution is the best option that network organizations have to respond to a range of requirements such as lowering cost, increasing availability and providing high quality user experiences. However, network organizations are also under pressure to deliver best-of-breed security and in virtually all instances, adopting an SD-WAN solution results in implementing Direct Internet Access (DIA) which is challenging to secure using security appliances.
With the majority of everyday work handled over the internet, it no longer makes sense to backhaul traffic to centralized data centers—the MPLS costs are too high and the bandwidth too scarce. You need a new approach to networking and security.
NIST Cloud Computing Forum and Workshop VIII
July 2015
Cloud Computing Forensic Science
Posted as a courtesy by:
Dave Sweigert
CISA CISSP HCISPP PMP SEC+
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
SAP Cloud Security provides the highest levels of security and data protection for SAP and their customers. They implement internationally recognized security standards and certifications like ISO 27001 for information security. The document discusses SAP's commitment to security, as well as technical details about the security architecture of HANA Enterprise Cloud, including virtualization technologies, network isolation, storage isolation, and identity and access management. It also covers certifications and attestations that SAP undergoes to ensure security standards are met.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
The document discusses how digital transformation is driving the need for cloud-based security solutions and modernized network architectures. It describes Zscaler's cloud security platform as enabling organizations to securely access applications in the cloud while simplifying their networks. The presentation outlines how Zscaler has helped one large global organization transition to the cloud by providing a consistent security posture across its network.
Adopting an SD-WAN solution is the best option that network organizations have to respond to a range of requirements such as lowering cost, increasing availability and providing high quality user experiences. However, network organizations are also under pressure to deliver best-of-breed security and in virtually all instances, adopting an SD-WAN solution results in implementing Direct Internet Access (DIA) which is challenging to secure using security appliances.
With the majority of everyday work handled over the internet, it no longer makes sense to backhaul traffic to centralized data centers—the MPLS costs are too high and the bandwidth too scarce. You need a new approach to networking and security.
NIST Cloud Computing Forum and Workshop VIII
July 2015
Cloud Computing Forensic Science
Posted as a courtesy by:
Dave Sweigert
CISA CISSP HCISPP PMP SEC+
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
SAP Cloud Security provides the highest levels of security and data protection for SAP and their customers. They implement internationally recognized security standards and certifications like ISO 27001 for information security. The document discusses SAP's commitment to security, as well as technical details about the security architecture of HANA Enterprise Cloud, including virtualization technologies, network isolation, storage isolation, and identity and access management. It also covers certifications and attestations that SAP undergoes to ensure security standards are met.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
Vectra uses AI and machine learning to detect cyber threats by analyzing network traffic and other data sources. It characterizes fundamental attacker behaviors and uses these models to detect threats without signatures. Vectra's Cognito detects a wide range of attacker behaviors across the entire cyber kill chain, and scores hosts and detections to prioritize the highest risks. In evaluations, it reduced workload by 44 times and detected red team activity that other tools missed. Vectra is helping organizations reduce cyber attack dwell time by automating threat hunting and detection.
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
This document discusses identity and access management (IAM) programs that can help secure data in modern enterprises. It outlines why identity has become central to security and notes that recent high-profile data breaches involved compromised credentials. The document recommends implementing IAM programs around user management, entitlement management, privileged access management and federation. It also discusses emerging standards like OAuth 2.0, SCIM and OpenID Connect that can help improve security and management of identities.
The document discusses cloud data privacy and outlines two main sections. The first section provides context on cloud data privacy, including how the 2018 Cloud Act in the US erodes privacy protections by allowing data transfers when requested by other countries. It also discusses common data privacy frameworks. The second section outlines challenges of data privacy in the cloud for organizations and methods to address these, including data anonymization, tokenization, and encryption.
Three Key Steps for Moving Your Branches to the CloudZscaler
Is backhauling traffic the most efficient way to route traffic when your workloads move to the cloud? The migration of applications from the data center to the cloud calls for a new approach to networking and security. But, keeping up with application demands and user expectations can be a struggle. Explore the challenges and benefits of establishing secure local breakouts from someone who has done it.
The document discusses identity and access management (IAM). It outlines common IAM problems like weak passwords, password sharing, and lack of single sign-on. The presentation then discusses how IAM solutions can provide benefits like improved user experience through single sign-on, enhanced integration across systems, centralized administration to reduce costs, and increased security. Critical success factors for IAM projects include identifying business champions, thorough vendor analysis, defining requirements, understanding product features, and ensuring business support.
This document provides an overview of the key topics within the Security Architecture & Design domain for the CISSP certification. It covers computing platforms such as early electro-mechanical machines, the von Neumann model, and transistor-based computers. It also discusses security models, evaluation and certification, security architecture concepts and implementation models. Specific topics include operating systems, CPU and memory components, software elements, process scheduling, and operating modes. The document serves as a high-level study aid for understanding the domain's important foundational concepts.
Cloud computing allows users to access data and software over the internet rather than locally. While convenient, this presents security risks as users lose some control over their data. Common threats include hacking, malware, and insider privileges being misused. However, the document outlines security measures for cloud computing like encryption, access control, backups, and continuous monitoring that can help protect users if implemented properly. The key is treating security as an ongoing process rather than a one-time event.
Vectra's Cognito platform uses artificial intelligence to empower threat hunters by providing better network visibility and detection of attackers. The platform consists of Cognito Detect, which performs automated threat detection through machine learning models of attacker behaviors, and Cognito Recall, which stores and allows searching of historical network metadata to enable retrospective threat hunting. It was designed for scalability in large enterprises and has been shown in evaluations to detect threats with low noise and at scale.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
Schneider Electric provides a comprehensive approach to cyber security for critical infrastructure. They recognize cyber attacks have expanded from disrupting IT systems to endangering physical assets and human life. The document outlines Schneider's investments in security technologies and services to protect customers across industries. It describes their defense-in-depth strategy including secure product design, testing, compliance with standards, and security services to monitor, detect, and respond to threats. The goal is to help customers comply with regulations and mitigate risks through an integrated portfolio.
This document discusses Citrix's unification of its product portfolio and transition to new names. Key changes include Citrix ADC transitioning from NetScaler ADC, Citrix SD-WAN transitioning from NetScaler SD-WAN, and Citrix Gateway transitioning from NetScaler Unified Gateway and NetScaler Access Gateway among others. The goal is to create awareness and understanding of the portfolio changes to gain adoption of the new solutions while preserving equity in the old names as long as necessary.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Identity & Access Management Project Challenges and RecoveryHanno Ekdahl
Presented by Hanno Ekdahl at ISACA Atlanta's #GeekWeek2017.
ISACA's 10th Annual Geek Week Conference in Atlanta, GA featured speakers across a wide range of security topics from Risk Management to Penetration Testing. During the conference, policy and technical tracks provided a forum for participants to exchange experiences from the front lines of IT security, including industry best practices as well as driving both accountability and effectiveness for security programs within the organization. The week-long event included plenary and panel sessions, practical workshops and technology demonstrations. This summary presents the key themes, ideas, and considerations that emerged from our Identity Management Presentation at the conference.
Security architecture - Perform a gap analysisCarlo Dapino
This document discusses security architecture and strategies for evaluating security posture. It describes how security strategies have changed from perimeter-based to zero-trust models. It also summarizes differences between securing on-premises versus cloud environments, and recommends evaluating security using a layered analysis approach. Lastly, it provides tips for threat modeling, incident response, and ensuring security architecture is integrated with enterprise architecture.
This document provides an overview of Akamai's security portfolio and summit. It discusses how security challenges have increased over the decades as threats evolve faster than organizations can respond. The cloud and digital transformations also introduce new risks. Akamai's edge security platform aims to help by providing consistent global protection, visibility into attacks, and automatic protections that adapt to businesses and threats.
The control points that CISOs were responsible for have largely disappeared so innovative CISOs have to deploy a risk-based security approach. And CIOs must move from thinking of their data center as the corporate epicenter, and admit that the Internet is their new corporate network.
This document discusses the benefits of using Zscaler's cloud-based network and internet security solution over traditional on-premise appliance solutions. It summarizes that Zscaler provides comprehensive security across multiple threat vectors through a single cloud platform. It is more cost effective than appliance solutions and improves performance and user experience while reducing complexity and management overhead. The document also highlights key capabilities of Zscaler such as real-time inspection of all traffic including SSL, global policy management, and unified reporting and administration.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
Vectra uses AI and machine learning to detect cyber threats by analyzing network traffic and other data sources. It characterizes fundamental attacker behaviors and uses these models to detect threats without signatures. Vectra's Cognito detects a wide range of attacker behaviors across the entire cyber kill chain, and scores hosts and detections to prioritize the highest risks. In evaluations, it reduced workload by 44 times and detected red team activity that other tools missed. Vectra is helping organizations reduce cyber attack dwell time by automating threat hunting and detection.
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
This document discusses identity and access management (IAM) programs that can help secure data in modern enterprises. It outlines why identity has become central to security and notes that recent high-profile data breaches involved compromised credentials. The document recommends implementing IAM programs around user management, entitlement management, privileged access management and federation. It also discusses emerging standards like OAuth 2.0, SCIM and OpenID Connect that can help improve security and management of identities.
The document discusses cloud data privacy and outlines two main sections. The first section provides context on cloud data privacy, including how the 2018 Cloud Act in the US erodes privacy protections by allowing data transfers when requested by other countries. It also discusses common data privacy frameworks. The second section outlines challenges of data privacy in the cloud for organizations and methods to address these, including data anonymization, tokenization, and encryption.
Three Key Steps for Moving Your Branches to the CloudZscaler
Is backhauling traffic the most efficient way to route traffic when your workloads move to the cloud? The migration of applications from the data center to the cloud calls for a new approach to networking and security. But, keeping up with application demands and user expectations can be a struggle. Explore the challenges and benefits of establishing secure local breakouts from someone who has done it.
The document discusses identity and access management (IAM). It outlines common IAM problems like weak passwords, password sharing, and lack of single sign-on. The presentation then discusses how IAM solutions can provide benefits like improved user experience through single sign-on, enhanced integration across systems, centralized administration to reduce costs, and increased security. Critical success factors for IAM projects include identifying business champions, thorough vendor analysis, defining requirements, understanding product features, and ensuring business support.
This document provides an overview of the key topics within the Security Architecture & Design domain for the CISSP certification. It covers computing platforms such as early electro-mechanical machines, the von Neumann model, and transistor-based computers. It also discusses security models, evaluation and certification, security architecture concepts and implementation models. Specific topics include operating systems, CPU and memory components, software elements, process scheduling, and operating modes. The document serves as a high-level study aid for understanding the domain's important foundational concepts.
Cloud computing allows users to access data and software over the internet rather than locally. While convenient, this presents security risks as users lose some control over their data. Common threats include hacking, malware, and insider privileges being misused. However, the document outlines security measures for cloud computing like encryption, access control, backups, and continuous monitoring that can help protect users if implemented properly. The key is treating security as an ongoing process rather than a one-time event.
Vectra's Cognito platform uses artificial intelligence to empower threat hunters by providing better network visibility and detection of attackers. The platform consists of Cognito Detect, which performs automated threat detection through machine learning models of attacker behaviors, and Cognito Recall, which stores and allows searching of historical network metadata to enable retrospective threat hunting. It was designed for scalability in large enterprises and has been shown in evaluations to detect threats with low noise and at scale.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
Schneider Electric provides a comprehensive approach to cyber security for critical infrastructure. They recognize cyber attacks have expanded from disrupting IT systems to endangering physical assets and human life. The document outlines Schneider's investments in security technologies and services to protect customers across industries. It describes their defense-in-depth strategy including secure product design, testing, compliance with standards, and security services to monitor, detect, and respond to threats. The goal is to help customers comply with regulations and mitigate risks through an integrated portfolio.
This document discusses Citrix's unification of its product portfolio and transition to new names. Key changes include Citrix ADC transitioning from NetScaler ADC, Citrix SD-WAN transitioning from NetScaler SD-WAN, and Citrix Gateway transitioning from NetScaler Unified Gateway and NetScaler Access Gateway among others. The goal is to create awareness and understanding of the portfolio changes to gain adoption of the new solutions while preserving equity in the old names as long as necessary.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Identity & Access Management Project Challenges and RecoveryHanno Ekdahl
Presented by Hanno Ekdahl at ISACA Atlanta's #GeekWeek2017.
ISACA's 10th Annual Geek Week Conference in Atlanta, GA featured speakers across a wide range of security topics from Risk Management to Penetration Testing. During the conference, policy and technical tracks provided a forum for participants to exchange experiences from the front lines of IT security, including industry best practices as well as driving both accountability and effectiveness for security programs within the organization. The week-long event included plenary and panel sessions, practical workshops and technology demonstrations. This summary presents the key themes, ideas, and considerations that emerged from our Identity Management Presentation at the conference.
Security architecture - Perform a gap analysisCarlo Dapino
This document discusses security architecture and strategies for evaluating security posture. It describes how security strategies have changed from perimeter-based to zero-trust models. It also summarizes differences between securing on-premises versus cloud environments, and recommends evaluating security using a layered analysis approach. Lastly, it provides tips for threat modeling, incident response, and ensuring security architecture is integrated with enterprise architecture.
This document provides an overview of Akamai's security portfolio and summit. It discusses how security challenges have increased over the decades as threats evolve faster than organizations can respond. The cloud and digital transformations also introduce new risks. Akamai's edge security platform aims to help by providing consistent global protection, visibility into attacks, and automatic protections that adapt to businesses and threats.
The control points that CISOs were responsible for have largely disappeared so innovative CISOs have to deploy a risk-based security approach. And CIOs must move from thinking of their data center as the corporate epicenter, and admit that the Internet is their new corporate network.
This document discusses the benefits of using Zscaler's cloud-based network and internet security solution over traditional on-premise appliance solutions. It summarizes that Zscaler provides comprehensive security across multiple threat vectors through a single cloud platform. It is more cost effective than appliance solutions and improves performance and user experience while reducing complexity and management overhead. The document also highlights key capabilities of Zscaler such as real-time inspection of all traffic including SSL, global policy management, and unified reporting and administration.
EMEA10: Trepidation in Moving to the CloudCompTIA UK
Today’s buzz centres on cloud computing. What is it exactly? Will it dent your revenues or does it have potential to add capabilities to your business? How do you deliver value when you don’t “install” anything? Learn how to use this new approach to delivering IT services in your business, what to consider and where it makes sense – and where it doesn’t! Dave Sobel, CEO of Evolve Technologies, talks to you about how to develop cloud offerings and how you position your business for growth around online services. Strategies come from real life experience, industry data, and collaboration with other solution providers to give you the best way to take on the big, bad cloud.
On-premises web gateways are being disrupted, and the model of providing web content security is changing. The pace of technology change and evolving employee work habits are pushing on-premises gateways out of the picture. Many companies are outsourcing their Security to Managed Security Service Providers.
Zscaler is the only carrier-grade Security as a Service platform.
Zscaler serves large enterprises, governments & mid-sized organizations in 185+ countries.
Zscaler protects 13M+ users across 5,000+ clients.
Cyber Security in the market place: HP CTO DaySymantec
Cyber Security in the market place overview presented at HP CTO Day,covering: the current cyber-security threats to Enterprise Businesses and Government Departments, along with the board-level concerns and priorities for investment in systems and services to protect and secure their information.
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security.
Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources.
In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.
Rethinking Cybersecurity for the Digital Transformation EraZscaler
The document summarizes a company's journey of transforming their network and security architecture to the cloud over 5 phases. Some key points:
- Phase 1 consolidated their WAN vendor and migrated email/collaboration tools to Office 365 to simplify their infrastructure.
- Phase 2 deployed the Zscaler Cloud Security Platform to enable local internet access from branches instead of deploying appliances to 870 locations.
- Phase 3 eliminated more on-prem appliances and deployed Zscaler services to provide consistent security for mobile users.
- Phases 4-5 migrated applications to cloud platforms, consolidated data centers, and deployed Zscaler Private Access to provide a zero-trust network model and simplified application access without VPNs.
Digital transformation in the oil and gas industry is being driven by emerging technologies like big data, artificial intelligence, and public cloud adoption. Cybersecurity is crucial as companies integrate IT and operational technology systems. A leading company underwent a three-year cybersecurity transformation that prioritized competency, risk management, hygiene, response and resilience. Their strategy was built on the NIST cybersecurity framework and included goals like achieving certain cyber maturity levels for identify, protect, detect, respond and recover functions. A vulnerability assessment of one company's operational technology environment reviewed policies, physical security, network security, host security and safety aspects across process domains to identify risks.
This document provides an overview of Sangfor Technologies Inc., a network security company. It discusses Sangfor's history and growth over 23 years, with R&D centers in China, the US, and elsewhere. Sangfor has developed security solutions like next-generation firewalls, endpoint security, and a business intelligence platform. The document highlights Sangfor's focus on innovation through a 20% R&D budget and over 1,500 patents. It also outlines Sangfor's global expansion, with offices and support centers around the world.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
Introduction of Cloudflare Solution for Mobile PaymentJean Ryu
On 29th Apr, I've run a webinar together with my colleagues about how Cloudflare can help mobile payment industry, focusing on how to accelerate and secure mobile payment applications. Although the rapid move to cloud is happening in every industry, there're still challenges and technical debts that are unaddressed. In this webinar we draw an overview picture of Cloudflare as a Cloud based solution and describes how it can help financial industry and introduces reference customers.
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Tudor Damian
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
Patomphon Vimolket introduces Cisco's vision for enabling next-generation data center transformations through software-defined technologies. The document discusses challenges like evolving threats, manual operations, and digital disruption. It presents Cisco's data center reference architecture and portfolio including Cisco CloudCenter, Nexus, UCS, HyperFlex, ACI, Intersight, and security solutions like Tetration and AppDynamics. These provide application visibility, infrastructure optimization, and security to help businesses adapt to challenges like multicloud, microservices, and more dynamic environments.
Cloud & Big Data - Digital Transformation in Banking Sutedjo Tjahjadi
Datacomm Cloud Business Overview
Making Indonesia 4.0
Digital Transformation in Banking Industry
Introduction to Cloud Computing
Big Data Analytics Introduction
Big Data Analytics Application in Banking
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
This presentation aims to give an overview of the “big picture” of :
Current IT trends, explaining with some detail each one, to give a high level approach to the present.
Where the future of IT is going, and where the major opportunities and challenges are.
Professional IT Roles demanded by each of the areas / trends.
Technologies, processes and tools used and applied in the day to day of each role.
Introduction to Symantec Endpoint Management75.pptxArrow ECS UK
Symantec Endpoint Management provides solutions to common IT challenges of managing remote and diverse devices, software licenses, and vulnerabilities. It allows users to manage endpoints anywhere, across various platforms from a single console, provides software and patch management, and offers data insights for faster issue remediation and planning. The document introduces Symantec's Endpoint, Asset, and Server Management suites and their key capabilities.
This document discusses smart city solutions and enterprise-grade IoT frameworks. It begins with an overview of the growth of IoT spending and adoption globally. It then discusses challenges of IoT at enterprise scale, including data orchestration, security, connectivity, and device management. The presentation introduces VMware's IoT platform and solutions to address these challenges, including tools for data orchestration, operational analytics, security, and device management. It emphasizes the need for IT and OT to converge at the edge to securely manage diverse IoT systems and simplify deployment and scaling of IoT use cases.
Similar to The evolution of IT in a cloud world (20)
It’s 2019 and your users are working from anywhere but the office, enterprise applications have migrated to the cloud or hybrid environment, and VPN is no longer the answer to private application access in this new world of user-to-app connectivity.
As security professionals, how can we be sure that we’re ready for 2019? After the last few years, when our practices and conventions have been tested again and again, it’s a little daunting to consider what may face us in the year ahead. Will attackers set their sights on cloud apps? Will hackers join forces with organized crime? Will governments look to the private sector to deal with the skills gap? What will happen to cybersecurity budgets? Join us to get answers to these questions and more.
Three ways-zero-trust-security-redefines-partner-access-chZscaler
One of the toughest IT challenges has been figuring out how to allow users to bring their own devices to work while maintaining the security of internal apps. It becomes even more complicated when a good chunk of users are partners, contractors, and other third parties—those who present a disproportionately high security risk.
IT teams have begun to leverage a zero trust security strategy that enables third parties and users on unmanaged devices to securely access internal apps. But can such access be accomplished without placing users on the network and without a mobile client?
With over 10,000 users and 900 locations across 22 countries, Kelly Services exemplifies the diversified multinational organization. But as Kelly Services looked to standardize on Office 365, it became apparent that full application support across the Office 365 suite would require a complete network transformation, from a legacy hub-and-spoke network to a modern direct-to-cloud architecture.
Join this session to hear first-hand how Kelly Services was able to drive down MPLS and networking costs, deliver a fast Office 365 application experience to users around the globe, and fundamentally transform its network infrastructure.
1. The document discusses how Zscaler Private Access (ZPA) can simplify security for mergers and acquisitions by providing zero trust network access without requiring changes to the existing network infrastructure.
2. Traditionally, integrating an acquired company's network required ordering new circuits, complex IP addressing schemes, and coordinating firewall changes which could take years.
3. With ZPA, a company can subscribe and instantly provide any user with secure access to approved internal applications from any device without requiring network access. This accelerates the integration of acquired companies while standardizing security policies.
Get an office 365 expereience your users will love v8.1Zscaler
The document discusses challenges with deploying Office 365 and recommends using Zscaler's cloud security platform as a better solution. It notes that traditional hub-and-spoke VPN architectures and routing traffic through on-premises appliances increases latency and hurts the user experience. Zscaler differentiates Office 365 traffic and sends it directly to Microsoft while applying full security controls. It also provides benefits like one-click configuration, local DNS for faster connections, bandwidth control to prioritize Office 365, and visibility into usage. The summary concludes that Zscaler is fully compliant with Microsoft's recommendations and provides the best user experience and rapid deployment.
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
One of the toughest IT challenges has been figuring out how to allow users to bring their own devices to work while maintaining the security of internal apps. It becomes even more complicated when a good chunk of users are partners, contractors, and other third parties—those who present a disproportionately high security risk.
Schneider electric powers security transformation with one simple app copyZscaler
When Schneider Electric decided to undergo a digital transformation initiative, they knew their approach to security would also need to transform. As their apps moved to the cloud and their users left the network, the Schneider team needed a way to deliver consistent security controls across a globally dispersed workforce of 140,000 users.
The era of cloud and mobility has changed the way we work and transformed the internet into the transport network for most enterprises. Even so, many continue to rely on security technologies designed for the old world, when users and data were on the network and applications were housed in the data center.
ESG believes that the challenge of using legacy security methods in the cloud era will be a key catalysts for the adoption of a new user- and application-centric approach known as zero trust security. The zero trust model is enabled by the software-defined perimeter (SDP), delivering secure anywhere access to internal applications without the use of VPN technology.
Today’s threat landscape has triggered an explosion of new security solutions all promising to identify threats and reduce risk. Yet, with all these new approaches, breaches continue to rise as organizations struggle to use their security controls effectively and quickly respond to threats.
Moving from appliances to cloud security with phoenix children's hospitalZscaler
Applying consistent and robust security controls across your remote workforce hasn’t gotten any easier. The complexity brought about by mobile devices, cloud apps, untrusted networks, and more are compounded by the inspection demands of SSL traffic and the performance limitations of security appliances
Ready to deploy Office 365? If you think it’s going to be easy enough, you may want to think again. Microsoft Office 365 was designed to be accessed directly via the internet, and most companies simply don’t have the appropriate network setup.
Faster, simpler, more secure remote access to apps in awsZscaler
1) The document discusses Zscaler's cloud-based platform for providing secure access to applications in AWS and hybrid cloud environments. It outlines how Zscaler Private Access (ZPA) implements a zero-trust network architecture by brokering secure connections between users and applications without placing users on the internal network.
2) ZPA provides policy-based access to internally managed applications using software-defined perimeters rather than traditional VPNs. It segments applications and enforces security policies through the Zscaler cloud.
3) The document provides an example workflow showing how ZPA can be configured to enable secure access to migrated applications in AWS within an hour, without requiring inbound connectivity or remote access to internal networks.
Moving the crown jewels to the cloud requires a trusted cloud provider. This is why almost 40% of enterprises choose to run internal applications on Azure, which was designed to deliver more choice, scalability, and speed. However, this also extends the security perimeter to the Internet - rendering network-centric security methods obsolete.
Ready to deploy Office 365? If you think it’s going to be easy enough, you may want to think again. Microsoft Office 365 was designed to be accessed directly via the internet, and most companies simply don’t have the appropriate network setup. It’s no surprise, then, that deploying Office 365 without proper guidance can delay deployments and cause a terrible user experience
This document summarizes a webcast by Zscaler on analyzing security threats hiding in encrypted SSL/TLS traffic. Some key points:
- Over 70% of enterprise web traffic and 54% of threats blocked by Zscaler are encrypted.
- Threats like malware downloads, phishing attacks, and botnet callbacks are increasingly being hidden in encrypted traffic.
- Zscaler's global cloud security platform is able to inspect encrypted traffic at scale using its cloud sandbox and advanced threat protection techniques.
- Case studies show how Zscaler has helped organizations catch more threats than traditional on-premise security solutions, which often cannot inspect SSL/TLS traffic.
Rethinking Cybersecurity for the Digital Transformation EraZscaler
The document discusses a large global organization's journey to cloud transformation over 5 phases. Phase 1 focused on WAN consolidation and embracing SaaS. Phase 2 implemented Zscaler to improve internet access. Phase 3 extended consistent security to mobile users. Phase 4 migrated apps to IaaS and consolidated data centers. Phase 5 implemented Zscaler Private Access for a zero-trust network and positive user experience. The transformation provided cost savings, a more agile IT environment, consistent user experience, and reduced business risk.
The document discusses top reasons why Office 365 deployments fail and provides recommendations for successful deployment. Specifically, it notes that 45% of customers surveyed had problems accessing Office 365 due to bandwidth and latency issues. It recommends differentiating Office 365 traffic, egressing it close to the user without network hairpins, and using a direct internet connection instead of hub and spoke networks or VPNs. Zscaler is presented as a cloud security platform that can provide these capabilities for Office 365 as well as security, visibility, and control of all internet traffic.
On May 25, 2018, the General Data Protection Regulation (GDPR) will go into effect. Are you properly prepared? According to Gartner, not many will be: “By the end of 2018, over 50% of companies affected by the GDPR will not be in full compliance with its requirements".
10 Conversion Rate Optimization (CRO) Techniques to Boost Your Website’s Perf...Web Inspire
What is CRO?
Conversion Rate Optimization, or CRO, is the process of enhancing your website to increase the percentage of visitors who take a desired action. This could be anything from purchasing a product to signing up for a newsletter. Essentially, CRO is about making your website more effective in turning visitors into customers.
Why is CRO Important?
CRO is crucial because it directly impacts your bottom line. A higher conversion rate means more customers and revenue without needing to increase your website traffic. Plus, a well-optimized site improves user experience, which can lead to higher customer satisfaction and loyalty.
Top UI/UX Design Trends for 2024: What Business Owners Need to KnowOnepixll
Discover the top UI/UX design trends for 2024 that every business owner needs to know. This infographic covers five key trends: Dark Mode Dominance, Neumorphism and Soft UI, Voice User Interface (VUI) Integration, Personalization and AI-Driven Design, and Accessibility-First Design. By staying ahead of these trends, you can create engaging, user-friendly digital products that cater to evolving user needs and preferences. Enhance your digital presence and ensure your designs are modern, accessible, and effective.
Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger InternetAPNIC
Paul Wilson, Director General of APNIC, presented on 'Seizing the IPv6 Advantage: For a Bigger, Faster and Stronger Internet' during the APAC IPv6 Council held in Hanoi, Viet Nam on 7 June 2024.
The Internet of Things (IoT) is rapidly expanding, with over 75 billion connected devices expected by 2025. This growth demands robust security solutions, as IoT-related data breaches in 2022 averaged $9.44 million in costs. Additionally, 57% of IoT device owners have faced cybersecurity incidents or breaches in the past two years. For top-notch IoT security solutions, trust Lumiverse Solutions. Contact us at 9371099207.
'Secure and Sustainable Internet Infrastructure for Emerging Technologies'APNIC
Paul Wilson, Director General of APNIC delivers keynote presentation titled 'Secure and Sustainable Internet Infrastructure for Emerging Technologies' at VNNIC Internet Conference 2024, held in Hanoi, Vietnam from 4 to 7 June 2024.
Decentralized Justice in Gaming and EsportsFederico Ast
Discover how Kleros is transforming the landscape of dispute resolution in the gaming and eSports industry through the power of decentralized justice.
This presentation, delivered by Federico Ast, CEO of Kleros, explores the innovative application of blockchain technology, crowdsourcing, and incentivized mechanisms to create fair and efficient arbitration processes.
Key Highlights:
- Introduction to Decentralized Justice: Learn about the foundational principles of Kleros and how it combines blockchain with crowdsourcing to develop a novel justice system.
- Challenges in Traditional Arbitration: Understand the limitations of conventional arbitration methods, such as high costs and long resolution times, particularly for small claims in the gaming sector.
- How Kleros Works: A step-by-step guide on the functioning of Kleros, from the initiation of a smart contract to the final decision by a jury of peers.
- Case Studies in eSports: Explore real-world scenarios where Kleros has been applied to resolve disputes in eSports, including issues like cheating, governance, player behavior, and contractual disagreements.
- Practical Implementation: Detailed walkthroughs of how disputes are handled in eSports tournaments, emphasizing speed, cost-efficiency, and fairness.
- Enhanced Transparency: The role of blockchain in providing an immutable and transparent record of proceedings, ensuring trust in the resolution process.
- Future Prospects: The potential expansion of decentralized justice mechanisms across various sectors within the gaming industry.
For more information, visit kleros.io or follow Federico Ast and Kleros on social media:
• Twitter: @federicoast
• Twitter: @kleros_io
1. The evolution of IT in a cloud world
Larry Biagini, Chief Technical Evangelist
2. Cloud adoption will accelerate…
Creating new opportunities and threats
The point is…
1
3. Improved analytics, cloud and user interfaces are
driving agility and user experiences…
the Internet is the foundation of business transformation
Business must embrace the Internet as their greatest weapon
2
4. CEOs are taking notice of how digital has changed the game
Business Transformation is real
3
5. Technology is no longer the sole domain of technologists
4
IT must change or
become irrelevant
4
7. There is only one network in the world
AND YOU DON’T CONTROL IT
6
8. Business is going to drive the change – like it or not
It’s back to the
drawing board if you
want to thrive
7
9. Transformation does not start in the data center
8
It starts with the organizational mindset of
doing business differently
8
10. What has to change?
CISO
• Shift from “security
and controls” to “risk
and enablement”
CIO
• Shift from technology-
first to business-first
CTO
• Shift from
architecting corporate
networks to
embracing the cloud
9
12. • It is a business discussion
around why unsanctioned apps are
being used
• Understanding the usage helps frame
the risk associated
• Is usage malicious or careless?
• Either way, do we have a data leakage
or exfiltration problem?
To keep from breaking new business processes and models, and be
compliant…change the conversation from ’CONTROL' to ’RISK'
CISO’s evolving mindset
11
13. The New CISO
• Stop talking Security with your board
• Get visibility into cloud services that are being consumed in your
environment
• Separate your critical assets from the consumers of those assets
• Get Identity right - Invest in identity and access management
• Create a risk assessment and risk appetite so that the business
has a means to make decisions
12
14. The New CIO/CTO
• Focus on Growth
• Move from an IT shop to a Digital Enabler
• Address your legacy environment head on
• Be honest with the board about technology debt
• Go fast - Speed is the new currency
13
15. Controls Based
No You Can’t
Build Services
Prevention
Requirements
Network-Centric
IT
Risk Based
Yes… and here’s how
Create Value
Detection & Response
Innovation – Fail Fast
User-Centric
IT & OT
Transform…
14
16. How Zscaler can help: cloud security
for every campus, user, application and
device on the Internet
15
17. So you don’t need to put a perimeter around every campus, user, application or device
Gain visibility into all of the
applications, users, threats, and
botnet-infected machines.
GLOBAL, REAL-TIME
REPORTING
SINGLE POLICY CONSOLE
Define policies by user,
group, location. Policy
follows the user.
MOBILE EMPLOYEES
Connect – Control – Secure
Nothing bad comes in, nothing good leaks
Zscaler App GRE
SIMPLY CONFIGURE THE ROUTER OR ENDPOINT DEVICE TO FORWARD TRAFFIC TO ZSCALER
HQ REMOTE OFFICES
ID PROVIDER
Zscaler builds a perimeter around the Internet…
16
18. Zscaler Internet Access (ZIA) - Secure all users, all the time from Internet threats
Zscaler Private Access (ZPA) - Allow policy based access to any internal or external servic
without requiring network access.
Zscaler Solution…
17
19. HQ/IOT
MOBILE BRANCH
Zscaler App
or PAC File
GRE/Ipsec
Tunnel
Default Internet route
Block the bad, protect the good
The Secure Internet and Web
Gateway Delivered as a Service
Global real-time policy and
analytics engine
Security stack with Access Control,
Threat and Data Prevention
Full Inline Content
Inspection with native SSL
Cloud-Effect: Find once,
block everywhere
60+ Threat Feeds and
120k updates/day
The Zscaler architecture is the best
approach for SD-WAN and Office 365
Zscaler Internet Access
18
20. Access to the Internet and apps1
IDENTITY & ACCESS4 REPORTING & ANALYTICS5
DEVICE MANAGEMENT
& PROTECTION
3 BRANCH (SD-WAN)2
HQMOBILE
BRANCHIOT
APPS
Zscaler: A foundation for modern access and security
19
21. MOBILE
An Innovative
Software Defined Perimeter (SDP)
Bringing users
on network
increases risk
Users are never
on network which
reduces risk
Zscaler uses policy
to connect users to
internal applications
Traditional application
access requires
network access
CLOUD
INTERNAL APP
DATA CENTER
INTERNAL APP
How leading Organizations use
Zscaler Private Access
Access to
Internal Apps
VPN
replacement
Secure Partner
Access
M&A and
Divestitures
Apps are Invisible, never exposed
Replace VPN - Use Internet as secure network
Easily deliver application segmentation
Move apps to AWS/Azure easily
Zscaler Private Access
20
22. A three-step journey to secure IT transformation
SECURE
Up-level your security
Make Zscaler your next hop to the Internet.
Fast to deploy.
No infrastructure changes required.
SIMPLIFY
Remove point products
Phase out gateway appliances at your own pace.
Reduce cost and
management overhead.
(BROADBAND)
Enable secure SD-WAN / local Internet
breakouts – optimize backhaul.
Deliver a better and more secure
user experience.
TRANSFORM
Cloud-enable your network
21
23. Unmatched security – all
users, branches, and
devices
Consistent policy and
protection by design vs.
exception
Always up-to-date
No need to be patient zero
Consolidate point products
and simplify IT
Cloud-enabled network
Rapid deployment
Policy based Access for
Internal, Cloud and SaaS
No Capex, elastic
subscription fee
Reduced Opex, no box
management
Manage Security &
Compliance policy vs.
Technology
No yearly maintenance fee
Reduced MPLS costs
Higher productivity –
local breakouts
Prioritize business apps
Consistent User experience
Empowers users to leverage
cloud apps
Intelligent Peering for
SaaS/O365
Anywhere Access with ZPA
Fast Response Time
(End-Users)
Reduced Risk
(CISO)
IT Simplification
(CTO / IT Head)
Impressive Value
(CIO / CFO)
The foundation of a modern access and security architecture
22
24. Powered by Patented Technologies
SSMA
All security engines fire with
each content scan – only
microsecond delay
ByteScanTM
Each outbound/inbound
byte scanned, native SSL
scanning
PageRiskTM
Risk of each object
computed inline,
dynamically
NanoLogTM
50:1 compression,
real-time global log
consolidation
PolicyNow
Polices follow the user
for Same on-premise,
off-premise protection
ACCESS CONTROL
CLOUD FIREWALL
URL FILTERING
BANDWIDTH CONTROL
DNS FILTERING
THREAT PREVENTION
ADVANCED PROTECTION
ANTI-VIRUS
CLOUD SANDBOX
DNS SECURITY
DATA PROTECTION
FILE TYPE CONTROLS
DATA LOSS PREVENTION
CLOUD APPS (CASB)
Zscaler Cloud Security Platform
Consolidate and simplify point appliances
23
25. Zscaler cloud traffic – compared to other transaction volumes
0.5
2
4
5.4
7.7
35
0 5 10 15 20 25 30 35
Tweets on Twitter
Facebook Active Users
Google Searches
Salesforce.com Transactions
YouTube Views
Zscaler Transactions
Daily Volume (Billions)
Zscaler Internal & Confidential 24
27. Key Takeaways
• Move from IT and Security shops to digital enablers
• Speed is the new currency in the connected world, friction is unacceptable
• Legacy technology can and will hold you back, address it
• Realize work is an activity, not a place
• Get visibility into cloud services consumed by your users
• Legacy controls cannot keep you safe in the digital world
• Stop talking Security with your board, start talking about addressable risk
26
28. Create a frictionless experience
Protect your users from the Internet – Zscaler Internet Access
Protect your network from your users – Zscaler Private Access
Editor's Notes
I appreciate you taking the time to meet with us today. We’re very excited to share some significant changes that are happening in the industry and provide some color around how and why a lot of our customers are transforming their enterprise IT through cloud enablement.
We believe that in this new world of IT, the network security stack — and the need to buy, build, and manage appliances — is no longer relevant. With the amount of ransomware hitting organizations, it no longer makes sense. The question in this new world of globally dispersed and mobile users becomes, how do you secure it?
You need to flip the security model and take a new approach to how applications are accessed and where security is enforced. Security needs to move to the cloud and application access needs to shift from network-based to policy-based — and it needs to securely connect the right user to the right app. Easier said than done. You can’t simply deploy the same set of appliances sitting in your gateway today.
It won’t scale and it won’t perform. You’re essentially relocating the problem. The Zscaler cloud, built from scratch, is a multi-tenant cloud security platform equipped to secure this new world of IT.
If you recall, we described the gateways as having outbound and inbound components. For the outbound gateway, we have Zscaler Internet Access, which provides secure access to the Open Internet and SaaS applications — or your external apps. And for the inbound gateway, we have Zscaler Private Access, which is a completely new way of accessing internal apps. It provides secure access to internal apps, whether in the data center or cloud, without VPN.
We believe that in this new world of IT, the network security stack — and the need to buy, build, and manage appliances — is no longer relevant. With the amount of ransomware hitting organizations, it no longer makes sense. The question in this new world of globally dispersed and mobile users becomes, how do you secure it?
You need to flip the security model and take a new approach to how applications are accessed and where security is enforced. Security needs to move to the cloud and application access needs to shift from network-based to policy-based — and it needs to securely connect the right user to the right app. Easier said than done. You can’t simply deploy the same set of appliances sitting in your gateway today.
It won’t scale and it won’t perform. You’re essentially relocating the problem. The Zscaler cloud, built from scratch, is a multi-tenant cloud security platform equipped to secure this new world of IT.
If you recall, we described the gateways as having outbound and inbound components. For the outbound gateway, we have Zscaler Internet Access, which provides secure access to the Open Internet and SaaS applications — or your external apps. And for the inbound gateway, we have Zscaler Private Access, which is a completely new way of accessing internal apps. It provides secure access to internal apps, whether in the data center or cloud, without VPN.
With Zscaler it’s simple to get started. In fact, we’ve cut over 40,000 in 1 weekend night and 160,000 users over 60 days.
All you need to do to make Zscaler your next hop to the Internet is to make Zscaler your default route. A number of customers did this to block threats that were going undetected by their current security appliances without making any policy changes. Some also start by securing their mobile workers, then migrating their office locations. This allows them to take their security from a 6 or 7 to a 9 or 9.5 out of 10. No one is perfect. One ZPA customer got started with one of the uses cases before replacing their entire VPN infrastructure.
The second phase of the journey involves phasing out security appliances to reduce cost and complexity. This can be done at your pace, but more often than not, this is typically shortly after or in tandem with starting to send traffic to Zscaler.
With Zscaler in place, the third phase of the journey is about routing traffic locally via Internet breakouts to Zscaler. By routing traffic locally companies can optimize their MPLS spend and deliver a more secure and better user experience. Office 365 has been a key accelerator for local breakouts as Microsoft now recommends routing traffic locally and doing local DNS. So users are connecting to the closest Office 365 pop and on their CDN Network as fast as possible. ExpressRoute is now only recommending for very specific use cases. Microsoft also cautions against hub-and spoke-architectures with centralized proxies for a variety of reasons.
With Zscaler fully deployed, it provides a lot of value to all key users and stakeholders.
For users we deliver a fast user experience by eliminating the latency associated with stacks of appliances and backhaul.
From a risk perspective, there is no question on the value of protection our cloud delivers.
The shift to the cloud eliminates patch management, outage windows, and vendor end-of-life issues — allowing you to focus on more important things than updating boxes.
From a financial perspective, it’s all Opex and we can optimize MPLS spend.
So if you’re looking to either improve your overall security posture or secure your mobile worker, evaluating SD-WAN transformation to simply the branch and reduce costs, deploying Office 365 and/or migrating your apps from the data center to AWS or Azure, we can help.
The Zscaler cloud security platform was purpose-built as a multi-tenant architecture and is powered by patented technologies. We architected the platform for performance and scale, and paid particular attention to maintaining user privacy. We never store content and we only write log files to disk in a location of your choice.
We built the proxy based next-gen firewall that handles all ports and all protocols. We are not a just a Web proxy. It’s only one aspect of the platform.
SSMA – in a single scan we fire all of our engines
ByteScan – we scan all inbound and outbound traffic, including native SSL-inspection. Every page consists of hundreds of objects pulling from different sources, including CDNs and ad networks. All pose a threat. So we scan it all, regardless of the domain reputation
PageRisk – here we correlate information about the Web object and page and perform dynamic scoring of the content to determine it’s risk level
NanoLog – this is how we process log files, a functionality that is unique to Zscaler. It is one of the main reasons we can provide near real-time access of logs for all users in all locations within 1-2 minutes. We apply WAN op techniques and can even anonymize log files, and only those that know the user ID can associate a log file to a user
The platform consists of a series of tightly integrated services, and we categorize them into 3 buckets: Access Control, a cloud firewall that is a full next-gen firewall with a best-of-breed DPI engine, bandwidth control to prioritize business apps like Office 365 over other Internet traffic; DNS filtering, which some of our customers use for guest Wi-Fi to enforce an AUP; and of course URL filtering, which is pretty much table stakes.
For threat prevention we offer AV, DNS security, and a cloud sandbox with unique capabilities like patient zero quarantine. Appliance sandboxes are extremely expensive and most customers can’t afford to use them for all traffic. So they often deploy them in tap mode and loosely chain them together with other appliances. Sandboxing is essential to protect against zeroday threats and the only effective way to consume it is via a cloud service.
What really differentiates our security is our Advanced Threat Protection — which allows us to deliver better security. Advanced Threat Protection uses the underlying technologies we described earlier to inspect all content, identify patterns in callbacks to C&Cs and phishing sites, and look for cross-site scripts and code that’s been obfuscated to avoid detection.
The third pillar is data protection. It only takes a few clicks to attach any confidential file in Gmail and send it out. By default no document saving acme confidential should be sent out over Gmail. And since we were already inspecting traffic, adding another engine was relatively straightforward. A lot of our larger customers have on-premises DLP and we complement them by adding protection to branches and mobile users. We can also tie it in with the on-premises DLP solution by sending it information for policies enforced.
Other Zscaler data protection services include inline CASB functionality where we can block file types, and limit a user to only view Facebook without being able to post content or upload files.