Data Center Security in a World Without PerimetersData Center Security in a World Without Perimeters

PATRICK PETERSONVP, Technology, IronPort Systems

Agenda

About IronPort Systems

Perimeter Security Circa 1597

What happened to my perimeter?– Three “perimeter-less” threats

Recommendations

Complete Email Perimeter Security

Anti-Spam

Anti-Virus

Policy Management

Mail Routing

Before IronPort

Internet

Firewall

MTAs

Groupware

Users

IronPort Email Security Appliance

After IronPort

Internet

Users

Groupware

Firewall

Appliance + Security Services 75% reduction in admin time

Key words, intellectual property,regulatory compliance

EMAILSecurity Gateway

MANAGEMENTController

Internet

WEBSecurity Gateway

INSTANT MESSAGING

Security Gateway

Application-Specific Security GatewaysWith Common Security Database and Management Framework

SenderBase(the common

security database)

VOIPSecurity Gateway

APPLICATION-SPECIFICSECURITY

GATEWAYS

LAN/WAN

Block incoming threats:•Spam, Phishing/Fraud•Viruses, Trojans, Worms•Spyware, Adware•Unauthorized Access

Block incoming threats:•Spam, Phishing/Fraud•Viruses, Trojans, Worms•Spyware, Adware•Unauthorized Access

Enforce policy:•Acceptable Use•Regulatory Compliance•Intellectual Property•Encryption

Enforce policy:•Acceptable Use•Regulatory Compliance•Intellectual Property•Encryption

Centralize admin:•Per-user policy•Per-user reporting•Quarantine•Archiving

Centralize admin:•Per-user policy•Per-user reporting•Quarantine•Archiving

Network Layer Equipment

Agenda

About IronPort Systems

Perimeter Security Circa 1597

What happened to my perimeter?– Three “perimeter-less” threats

Recommendations

Protect the Crown Jewels!

Agenda

About IronPort Systems

Perimeter Security Circa 1597

What happened to my perimeter?– Three “perimeter-less” threats

Recommendations

What happened to the perimeter?

1. Drawbridge is always down– SMTP on port 25– HTTP and HTTPS on ports 80 and 443– Instant Messaging

2. Crown jewels are outside the castle– Data on employee laptops, backup tapes– Data with 3rd parties

3. Every citizen can be an infiltrator– Infected mobile workers joining LAN– Infected users provide credentials and path to data center

1. Drawbridge is down

• SMTP on Port 25– Spam, viruses, phishing, spyware– No solution is 100%, some are far worse– Virus outbreaks– Blended threats– Corporate phishing

• HTTP(S) on Ports 80 and 443– Numerous browser, application and OS exploits– Spyware download is identical to valid user request– Spyware is running rampant: up to 75% of enterprise PCs have

some form of spyware– Spyware can operate encrypted over HTTPS– Spyware with key loggers

• Instant Messaging– URL-based malware infection most common

One Spyware Example

An ‘Anti-Virus’ site

–‘Free AV’ program is actually a a spyware application– Covert download and installationbegins without any advance warning– Closing the window has no effect

2. Crown jewels are outside the castle

• Data on employee laptops– Fidelity laptop stolen with 196,000 accounts

• Data on backup tapes– Time Warner backup tapes stolen from Iron Mountain,

600,000 employees’ data– Bank of America lost tapes with 1.2 million federal

employees data• Data with 3rd parties

– Information on 40 million Visa, MasterCard and other cards stolen from CardSystems

– Engineering, financial and HR data commonly stored by third parties

• Criminals are aggregating data from multiple theftsFor a frightening list of data losses, seehttp://www.neoscale.com/ssb/databreach.php?page=da

3. Every citizen can be an infiltrator

• Laptop use outside the perimeter– Internet cafes, Home office, Hotels

• These area can be active security threats– Fake or insecure wireless hotspots for data theft

• Infiltrator provides easy access to crown jewels– Infected users move inside the perimeter– Infected users provide credentials and path to data center– Key loggers no longer log only financial information– Interpol recovered phisher’s laptop. Included data from IT

professional• Bank logins, tax return login, IM connection to help desk on

VPN, PC help desk issues, login to corporate HR site

Agenda

About IronPort Systems

Perimeter Security Circa 1597

What happened to my perimeter?– Three “perimeter-less” threats

Recommendations

What not to do

Recommendations

• Understand your business requirements– E.g. Financial institution vs university

• “Citizen infiltrators”– Secure home office, policies for other locations– NAC (Network Access Control) for re-entry to LAN

• “Drawbridge down” threats– Eliminate email viruses– Solution with proactive and reactive security– Measure the spyware problem and solve it

• Evolve from security laws to a risk paradigm– Good visibility and cross-functional teams