Consistency is Key with Cloud Security

On-Demand

Video Transcript

Peter Krass:
Hi, everyone. Good morning, good afternoon, or good evening, depending on where you are, and welcome to today’s webinar, Consistency is Key with Cloud Security. It’s brought to you by Dark Reading and FireMon and broadcast by UBM. My name is Peter Krass and I’ll be your moderator today.

Peter Krass:
Before we get started, I have a few very quick announcements. Here they are. The slides will advance automatically throughout the event. You can also download a copy of the slides. To do that, click on the green folder icon located at the bottom of your screen.

Peter Krass:
We will have a question and answer session toward the end, and you can participate in the Q&A by asking a question at any time during the webinar. Just type your question into the Q&A window that’s to the right of the presentation window, and then click submit. We’ll address your questions during the Q&A.

Peter Krass:
Also toward the end of the webinar, we will ask you to complete a feedback form. Your feedback provides us with valuable information on how we can improve future events. You can also launch this survey at any time, just click on the red survey button that’s at the bottom of the console. Also at this time, we recommend that you disable your browser’s pop-up blockers if you haven’t done so already.

Peter Krass:
Finally, if you have any technical problems during the webinar, type your issue into the Q&A text area and we’ll be glad to offer one-on-one assistance.

Peter Krass:
That’s it for the announcements. Let’s move on to our presentation, Consistency is Key with Cloud Security. Discussing today’s topic. We have Elisa Lippincott. She’s the Director of Product Marketing at FireMon. Lisa is charged with demonstrating FireMon’s value proposition across the enterprise cloud security market. She’s got a long resume in the cybersecurity industry, spans more than 18 years, most recently with Trend Micro’s Network Defense Team.

Peter Krass:
During her career, she’s worked on intrusion prevention, next generation firewall, threat intelligence, network access control, identity and access management, security information and event management, and cloud security. So you’re in very good hands. With that, I’m going to turn it over to Elisa Lippincott. Elisa.

Elisa Lippincott:
Thank you, Peter. I want to thank everyone for joining us today. When I conduct webinars like this, I try to have a little fun so that I’m not just poisoning you with PowerPoint slides. Although, the majority of this webinar is PowerPoint. So you’ll see a few memes in here just to kind of break up the monotony of slides. So hopefully, you will find them amusing. With that, let’s go ahead and get started.

Elisa Lippincott:
Here’s the first one. So obviously, there are many things you have to consider when you move to the cloud, but today, I’m going to focus specifically on consistency. It’s common sense, right? Making sure all of your security policies are consistent can be very challenging, especially if you’re managing very large hybrid infrastructure. Just like you and me and everyone else on this call, your resources are probably stretched way too thin and your to-do list keeps growing and growing.

Elisa Lippincott:
But there are other challenges that you’re probably having to deal with at the same time, like an increasing attack surface. We all know that our attack surface is growing and there are organizations that think they know what they have on their network. So more often than not, many are surprised when they find an extra 100000 end points or IOT devices that they didn’t know about.

Elisa Lippincott:
In Cisco’s 2018 annual cybersecurity report, they found that IT organizations underestimated the number of devices on their network by over 30%. This visibility gap is very problematic because the devices that you may not know are about as likely to be unmanaged and unpatched, which increases the probability of weak paths, which can be defined as either a policy or segmentation violation, or an unauthorized misconfigured connection created to the internet on an enterprise network, including from the cloud, that allows traffic to be forwarded to a location on the internet, such as a malicious website.

Elisa Lippincott:
These paths can be especially problematic in cloud environments where there’s less network visibility and probably fewer security controls in place. Network segmentation, it’s always a good idea, but sometimes embarking on a network segmentation project can be really overwhelming. So overwhelming, in fact, that many organizations end up abandoning their efforts, leaving them stuck with a flat network.

Elisa Lippincott:
But even on the flip side of that, you can also under segment your network. An example would be not separating a network from the rest of your environment, or even over segmenting your network with too many zones that will end up adding additional complexity and becoming an audit nightmare for you down the road.

Elisa Lippincott:
How do you even prioritize the vulnerabilities to fix? If you’re getting 10000 security alerts a minute, it’s difficult for you to determine if 9999 of those alerts were not critical, and one is, but you have no way to even begin to prioritize.

Elisa Lippincott:
Equifax. Yes, they didn’t patch and they got grilled in the press for that, but the bigger story was actually a lack of visibility, not being able to see what was on their network. It didn’t help that they were forced to work on a complex legacy IT system that was built in the 1970s, which you can imagine makes it impossible to scan, patch, or modify anything effectively. In fact, they knew so little about their legacy system that its patch management policy relied on employees to know the source and version of all the software running on certain applications so that they could update each one manually.

Elisa Lippincott:
Which takes me to my next point, how consistent can you actually be if you’re making updates and pushing security policies manually? Time is of the essence and manual processes slow down your response time to breaches. Your data and systems will be vulnerable to attacks, and you’re potentially giving attackers more time to exfiltrate data because you can’t get to those critical systems in time.

Elisa Lippincott:
The second statistic in the middle is interesting. According to Gartner, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws. What this is telling me is A, this is probably due to lack of resources that I already mentioned, or limited knowledge of the solution, or B, hackers are taking advantage of you and your organizations, and the fact that you’re so lean on resources that you can’t manage everything in your network effectively.

Elisa Lippincott:
Then there’s cloud. Things are speeding up faster than you, and you probably don’t even know about it. You can only hope and pray that the team that’s spun up something on AWS, is at least using AWS cloud security, but here you’re running into the same thing. The team probably isn’t that versed in all things AWS, so they’re just winging it, which can lead to misconfigurations in the cloud.

Elisa Lippincott:
Direct Stack put out a report where they found that 73% of the 200 plus companies that they analyze, had critical AWS cloud security misconfigurations. Everything from allowing direct access to the AWS console to leaving FSH wide open.

Elisa Lippincott:
If you’re dealing with internal or external compliance items, this lack of consistency will probably be exposed during an audit. I’ve had conversations with customers who are constantly in audit. They’re daily to-do list doesn’t go away during an audit, so again, we’re dealing with strained resources and limited tools. You need to do everything you can to set those baseline requirements to improve your security posture. If you can improve your security, you can minimize your losses and not end up losing millions in sales, repair costs, and legal fees. Because the fines are real. I believe 18.5 million in fines and claims, and over $200 million in legal fees.

Elisa Lippincott:
Touched on the cloud misconfiguration issue earlier, but I also want to touch on a couple of other issues. If you are lucky enough to be involved in your cloud security initiatives, you know that the cloud is fast. It can spin up an AWS VPC pretty quickly and ask for forgiveness later. But the perception is that the security team is always going to say no, and they might be saying this because it’s going to take too long to configure it, et cetera, et cetera. But at the end of the day, you don’t want to be that checkpoint acuity, that choke point, in meeting a business objective, which is evident in a report from another threat stack that states 52% of companies admit cutting back on security measures to meet a business deadline or objectives.

Elisa Lippincott:
In another pod report from Oracle and KPMG, 38% of companies indicate their biggest concern is the ability to detect and respond to security incidents in a cloud environment. Powell also has a stat where 52% of companies think the biggest security threat in public clouds is misconfiguration of a cloud platform or the wrong setup.

Elisa Lippincott:
Difficult to have consistent security policies when we can’t see what’s going on in your cloud environment, and you don’t have the resources to configure your cloud security policies correctly.

Elisa Lippincott:
It should be simple, right? Identify the problem and fix it. Configure errors happen in one of two ways. One is misconfigured cloud native security controls. This is a small sampling of some of the recent headlines highlighting cloud misconfigurations. And this is probably due to the lack of knowledge about how to use and implement cloud native security controls properly.

Elisa Lippincott:
I know many network security professionals who are rock stars when it comes to traditional network security, but when you start talking about cloud, it’s an entirely different story. But it’s more the norm that an organization would just move forward with moving data to the cloud thinking they’ll just figure it out later, but then the next thing you know, they have a leaky AWS bucket and they’re caught in the headlines and subject to compliance fines tied to regulations like GDPR. Organizations need to invest in employees with AWS security skills and/or have the current team get the training necessary to be up to speed on everything in the cloud.

Elisa Lippincott:
Quick side note, I do want to bring up that I read about recently related to AWS, but it reaches. As of this past November, Amazon actually now has S3 bucket lock public access that basically allows account owners and administrators to essentially block existing public access. Whether this made possible by an access control list or policy, and to make sure that newly created items aren’t inadvertently granted public access. I thought that was something worth bringing up. I just found out about that.

Elisa Lippincott:
I do want to touch on infrastructure as a service and platform as a service, this new 2019 cloud adoption and risk report from McAfee highlights the fact that enterprise is having an average of 14 misconfigured infrastructure as a service and platform as a service instances running at one time, resulting in an average of over almost 2300 individual misconfiguration incidents per month.

Elisa Lippincott:
Consistency can pose a big problem here, especially if these enterprises are using multi-cloud. So how can you ensure consistency if you’re using both AWS and Azure?

Elisa Lippincott:
The second configuration area is misconfigured internal enterprise security controls, which is common when product and DevOps team is prioritized time to market over security. Or if there’s just plain human error, misconfiguring their own security controls.

Elisa Lippincott:
Every effort should be made to mimic your on-premise implementation so that you have that consistency of security policy enforcement across your different environments. For example, your firewall controls in the cloud should mirror those on-premise. And I say should in air quotes, because it may not be that easy. When you’re going to the cloud, a lot of times these cloud implementations don’t always give you as much control over the security architecture as you have on-premise and sometimes you’re ending up at the mercy of your cloud provider and operating within their parameters, and this is a key reason why having the right security personnel, they need to be included in your cloud migration initiatives in the very beginning, because you could end up with the wrong cloud provider and that can have serious security implications.

Elisa Lippincott:
I promise this is the last meme. So ultimately, how can you get that consistency between your on-premise and cloud security controls? And I always say this from the beginning, you have to start with visibility, period. If you’re not familiar with the SANS Institute CIS Critical Security Controls, they are a recommended set of actions for effective cyber defense and they’re divided into three main categories, basic, foundational and organizational.

Elisa Lippincott:
If you look at the very first CIS control in the basic category, it reads inventory and control of hardware assets. Basically this control recommends that you actively manage, and this means inventory, track, and correct all hardware devices on the network, so that only authorized devices are given access and unauthorized and unmanaged devices are found and prevented from gaining access. With the second control, it reads almost the same. You just change hardware to software.

Elisa Lippincott:
But even begin to work toward that consistency across all of your controls you need real time visibility of everything that’s on your network. And I will touch on how pharma can help on a visibility front in an upcoming slide.

Elisa Lippincott:
According to a report from O’Reilly Media titled Cloud Native Evolution, 92% of companies anticipate going cloud native by 2021. Now it doesn’t mean that on-premise is going away. There are several reasons why companies are still investing in on-prem even as they adopt cloud more and more. There’s rate of change. There’s security concerns. There’s lack of resources that are familiar with cloud. And even the cost associated with migration. In fact, I believe it was a report from Forrester, I’ll follow up and double check that, but I believe the cost of migrating an enterprise application to a public cloud dwarfed the cost of the cloud provider itself, with labor accounting for up to 50%.

Elisa Lippincott:
With network security policy management, we can play a critical role in making sure that your security policies are consistent across your on-premise and cloud environments. We have seen a number of use cases pop up where FireMon can help, Being able to provide that full real-time visibility and unified security policy across your on-prem and cloud networks, helping you accelerate applications migrations to the public cloud, automating change management to eliminate those misconfigurations that can get you and your organization in trouble, helping you stay on top of assessing your risk to avoid downtime, and making sure that your clients are compliant across the board.

Elisa Lippincott:
I won’t go through all of the items on this slide, but I will highlight a couple. These are just a sampling of the projects and strategies where a network security policy management solution like FireMon can help you secure your hybrid environment.

Elisa Lippincott:
We can help with projects like micro-segmentation, change management, et cetera. For example, we can help you with policy compliance. I spoke earlier about many organizations that are still using manual processes. This can make your life impossible if you’re going through line by line through hundreds, or even thousands, of firewall to determine if they’re still needed.

Elisa Lippincott:
We can help you break through your outdated manual processes with real-time compliance assessments, and by also helping you automate your rule review, recertification, and documentation process.

Elisa Lippincott:
We can also help you reduce costs by cleaning up your firewall. We had a customer recently who thought they needed to upgrade their firewalls because the performance was lagging. They started using FireMon and looked at cleaning up their firewall rules. And they were able to go through, clean up the rules that were redundant, or not needed, or just plain old, and at the end of the day, they realized they didn’t need to upgrade their firewall. Once they cleaned up all the rules, they saw upwards of 60% improvement in performance.

Elisa Lippincott:
We can also help you make that move to the cloud. We’re going to give you that comprehensive visibility into your cloud systems. Going back to that consistency story, making sure that you’re consistent as you orchestrate security policy in the cloud, the same way that you do on-premise. And you can do all of this from the single FireMon console.

Elisa Lippincott:
I would be remiss if I didn’t talk about our API. Most likely, most of you have security solutions in the network from multiple vendors, and they need to be able to work together and you need to be able to centralize your management of these devices to make your job easier. We support integration with the standard architecture that lets you incorporate all the critical information necessary to help you perform that conclusive analysis of firewall devices and other networks solutions, your policies, and your underlying risks.

Elisa Lippincott:
We also support integration leveraging nearly any web based language to support your unique requirements. And we can integrate with solutions including, but not limited to, ticketing and management systems and service providers, vulnerability management tools, and much more. And if you’re adopting a zero trust network, APIs are mandatory. This quote is from Forrester Research and it basically says any vendor or technologies worth their salt will have advanced API integration available for your team to use for development purposes, as well as to integrate other security solutions into your zero trust ecosystem.

Elisa Lippincott:
What you don’t see on this slide is the rest of that quote. And I wish I had put it on here, but I’ll do it next time. But the rest of that quote actually says, “If your selected technology does not have solid API to use, find another vendor that does.” Pretty powerful statement from Forrester.

Elisa Lippincott:
Again, I won’t read everything on this slide, but I did want to highlight the breadth of our entire FireMon product portfolio. I spoke about visibility being the starting point to get on that road to consistency with your security controls. In 2018, FireMon acquired Lumeta, And with the addition of Lumeta to our portfolio, we can provide that real time network visibility for virtual cloud, mobile, and software defining networks.

Elisa Lippincott:
I’ll give you a quick example. We had a customer who thought they had around 600,000 endpoints and they deployed the Lumeta solution. They wanted to make sure that they knew everything that was on their network, so they could deployed the Lumeta solution to identify any new physical or virtual assets. And after all was said and done the Lumeta solution found 1.2 million. So pretty much double of what they thought they had. That’s a 50% visibility gap that we were able to close down to zero. Very powerful stuff.

Elisa Lippincott:
Our foundational product security manager provides single pane, real time, centralized management across the enterprise network with a quick at a glance intelligence to help you make the right security decisions. Added to security manager, we also have policy planner, which lets you automate change workflow in a customizable manner that integrates with any of your existing service models.

Elisa Lippincott:
Our policy optimizer solution, you can automate wool reviews and link security teams with policy owners to help you validate rules for that continuous and consistent assessment and audit.

Elisa Lippincott:
With risk analyzer, we can help you analyze and prioritize vulnerabilities. We can even evaluate the impact of attack scenarios on your organization and provide predictive remediation and patch recommendations.

Elisa Lippincott:
With our global policy controller, this is the first security intent orchestration platform which leverages our core security manager technology to help define business intent and allow the context of the network assets and the policy to automatically determine and enforce the necessary access using your existing infrastructure.

Elisa Lippincott:
Ultimately, as you make the move to the cloud, FireMon can help you gain real-time visibility and control of your hybrid environment, as well as ensure continuous compliance of security policies from single pane. We’ll help you optimize your vulnerability management and to find a path to remediation by prioritizing exposures and analyzing network traffic flows. And we’ll give you the guard rails to help automate your security policy workflow with confidence, all while managing change to ensure security and prevent downtime.

Elisa Lippincott:
If you want additional information and/or a demo, please visit us firemon.com. My contact information is listed on the site as well. You can also reach me via email at elisa.lippincott@firemon.com. And now I will pass it back over to Peter.

Peter Krass:
Thanks, Elisa. That was great. We’re going to go to Q&A everyone, but before we do, I’d ask you to please fill out that feedback form that I mentioned earlier. It should have opened on your computer screen. If your pop-up blockers prevented the form from launching, you can click the red survey icon that’s at the bottom of the screen. And then to complete the form, please press the submit answer button that’s at the bottom of the page. Again, thanks in advance for filling out the feedback. Your participation in this survey will help us to serve you better in the future.

Peter Krass:
Let’s move on to our question and answer. It is not too late. If you’d like to submit a question for Lisa, now is a good time. And we do indeed have some questions. If you want to put a question in, just type it into the text box that’s located to the right of the presentation window, or you can click there’s a Q&A icon at the bottom of your screen, either way. Then click the submit button and we will have it.

Peter Krass:
Let’s take a look at our first question. “How can DevOps and network security teams work together for a successful migration to the cloud?”

Elisa Lippincott:
That’s the $6 million question, isn’t it? To me, the key here is collaboration. You want security to be involved early in the process to ensure that consistency that I spoke about. And you want to make sure that there’s a balance between the business objectives and security right from the start. So if you have someone on your team that’s in charge of your on-premise security solutions, but they’re not part of the cloud migration team, chances are the person on the cloud migration team that is setting up the cloud security controls, they probably aren’t familiar with what’s happening on the on-premise side.

Elisa Lippincott:
Remember going back where I said, you should try to mirror what you do on-premise in the cloud? So if they’re not part of the on-premise team, they’re not going to know what to mirror, right? And so the chances are they’re going to deploy something in the cloud with configuration problems that are vulnerable to exploit.

Elisa Lippincott:
Setting up cloud controls, I think what happens many times is that there are people out there they’ll use the cloud native controls that are available through the various providers, but the setup is probably not as detailed as someone who’s more versed in those solutions would be. So I think it’s, again, going back to that collaboration and making sure that it’s across all the stakeholders so that when you when you finally make that move to the cloud, you know that your controls are going to be consistent.

Peter Krass:
Okay, great. Here’s a question from Daniel. He says, “I’ve never configured cloud security controls before. How challenging is it? Cloud misconfiguration seems like a common mistake. Is this due to a lack of thoroughness in configuring a cloud for an organization’s IT system?” So basically two questions. One, how challenging is it to configure the cloud and then two, what’s misconfiguration due to?

Elisa Lippincott:
I’ve never set one up myself, but I will say that based on stories I hear from customers and what have you, I think the common area where organizations can run into trouble is the fact that when they are setting, they’re spinning up these VPCs in AWS, for example, they’re going with the default settings, and that’s where that AWS, that new feature that I mentioned in the previous slide, that was something that Amazon came up with because they realized that a lot of people were just leaving default settings, and some of those default settings included unauthorized public access directly to your AWS console.

Elisa Lippincott:
You can have many arguments here going, okay, who’s responsible for security wherever your data sits? That’s probably a whole separate webinar, but I mean, the responsibility in my opinion, sits with both. AWS, for example, they have their controls, but it’s also up to you to make sure that you know how to configure those correctly and do everything that you can to mirror what you have on your on-premise environment.

Elisa Lippincott:
But again, going back to the previous question, if your on-premise team isn’t collaborating your cloud migration team and they’re working in silos, then there’s not going to be that consistency and the higher probability that something will be misconfigured. Hopefully I answered that.

Peter Krass:
Yeah, that’s good. Thank you. All right, next question. “How does FireMon fit in a zero trust network?”

Elisa Lippincott:
For those of you that aren’t familiar, Forrester came out with a zero trust network. They defined zero trust network a few years ago. And they’ve set out guidelines on what people need to do to ensure that they have a network set up and they have all these criteria and different vendors offering different solutions.

Elisa Lippincott:
But according to their definition of their zero trust extended ecosystem, they do consider FireMon a zero trust platform. They have various categories and we fit in several actually, including security automation and orchestration, security visibility and analytics, and network segmentation. And the nice thing about zero trust, or nice is probably the wrong word, but it’s a comprehensive guide that helps organizations kind of go through and figure out what they need to do to be successful and making sure that they’re doing everything in their power to protect themselves.

Peter Krass:
Here’s a question. You mentioned open APIs being important for a multiple vendor environment, so here’s a question about that. “Can you give an example of how your APIs work with other technologies?”

Elisa Lippincott:
Sure. So, I’ll use vulnerability management as an example. So, if you’re using vulnerability management solution, like those from Qualis or Rapid7 or, our risk analyzer solution can actually grab those vulnerability scan results and correlate them with the network topology and security configuration data from our security managers solution.

Elisa Lippincott:
What we do then is we use that combined information to determine whether vulnerabilities can actually be reached by attackers or they’re mitigated by other network defenses. So ultimately this will help you prioritize what you need to focus on first.

Elisa Lippincott:
But here’s the additional cool part, we can actually check the effectiveness of these remediation efforts by performing simulated attacks using our interactive network maps. So we can actually give you an idea of how this vulnerability could potentially impact your network, so you’re getting kind of a preview ahead of time. That’s one quick example of how our APIs work together, pulling in that data from a solution that you’re using.

Elisa Lippincott:
Our APIs actually the supported options, the standard credit, which is the create remove and all of our APIs have documentation details, so pretty detailed information once you log into the FireMon console, so you can look at model examples, any parameters, any response content, any calls, to retrieve data for developers, which is pretty key in the DevSecOps world, request URL and response body code and headers.

Peter Krass:
That’s good. I just want to remind everyone, we still have plenty of time for your questions. It’s not too late. If you’d like to ask Elisa a question, please type it into the text box, which is located to the right of the presentation window, or click the Q&A icon at the bottom of your screen, type in your question, and submit.

Peter Krass:
We have another question, Elisa. Here it is. “Can FireMon look at network traffic for behavior patterns to help refine security policy?’

Elisa Lippincott:
Yes, we can actually do that through a feature we have called traffic flow analysis. We can monitor traffic through a firewall rule and basically look at the empirical behaviors on the network. Then we can take that information, let administrators know which rules they can create to allow only the necessary access, and we can even take it a step further beyond that. Now we can even look at application data and we can identify which applications are being used in a rule and it’s in-between which sources and destinations.

Elisa Lippincott:
The way that we present the data to customers is a list, and the list includes all applications for use, or excuse me, all applications in use, for the monitor traffic, as well as structuring it in a flow, which includes source, destination, service, and application.

Elisa Lippincott:
All this traffic monitored can be broken into flows that can be used to create more refined rules in the policy. And so as you make the steps to migrate to the cloud, we can even monitor and analyze traffic coming to and from the cloud in the same way, with the same level of functionality and detail.

Peter Krass:
Okay, Elisa, it looks like we’ve answered all the questions, so thank you very much.

Elisa Lippincott:
Great. Thank you.

Peter Krass:
Yeah, thank you. And now we’re going to move on. And I’d like to tell everybody that you can get more information related to today’s webinar by visiting any of the resource links, they’re on your screen, they’re in the green folder icon at the bottom of your screen. Also, within the next 24 hours, you’ll receive a personalized follow-up email. It will contain details and a link to today’s presentation on demand.

Peter Krass:
Thanks everyone for attending today’s webinar, Consistency is Key With Cloud Security, brought to you by Dark Reading and FireMon. This webinar is copyright 2019 by UBM. Presentation materials are owned by, or copyrighted by, Dark Reading and FireMon. And the individual speakers are responsible for their content and opinions.

Peter Krass:
On behalf of our guest speaker, Elisa Lippincott, I’m Peter Krass. Thanks for your time, and have a great rest of your day. (silence).

Read more

Get 90% Better. See How to Get:

  • 90% EFFICIENCY GAIN by automating firewall support operations
  • 90%+ FASTER time to globally block malicious actors to a new line
  • 90% REDUCTION in FTE hours to implement firewalls

SCHEDULE A DEMO