SlideShare uma empresa Scribd logo

Cryptzone: The Software-Defined Perimeter

Transferir como PPTX, PDF
Cryptzone
Cryptzone

How Visible Is Your Network? See how a Software-Defined Perimeter from Cryptzone helps secure your network by dynamically creating a 1:1 network connections between users and the data they access.

Software
1 de 17
What is a Software-Defined Perimeter?
What is a Software-Defined Perimeter (SDP)? Simple. Secure. Dynamic. A new network security model that dynamically creates 1:1 network connections between users and the data they access 2
How Does a SDP Work? Software-Defined Perimeter Traditional TCP/IP Not Identity Centric – Allows Anyone Access Identity-Centric – Only Authorized Users “Connect First, Authenticate Second” “Authenticate First, Connect Second” 3
SDP Architecture • Controller is the authentication point, containing user access policies • Clients are securely onboarded • All connections based on mutual TLS connectivity • Traffic is securely tunneled from Client through Gateway 4 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model
SDP in Action 5 Protected Applications AppGate Controller AppGate Gateway AppGate Client Control Channel Encrypted, Tunneled Data Channel
SDP in Action 6 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console 1 Protected Applications AppGate Controller AppGate Gateway AppGate Client Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
SDP in Action 7 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway 1 2 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
3 SDP in Action 8 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS 1 2 3 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
4 3 SDP in Action 9 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS Clients access resources via Gateway • Mutual TLS tunnels for data • Real-time policy enforcement by Gateway 1 2 3 4 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
4 3 SDP in Action 10 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS Clients access resources via Gateway • Mutual TLS tunnels for data • Real-time policy enforcement by Gateway Controller can enhance SIEM and IDS with detailed user activity logs Controller can query ITSM and other systems for context and attributes to be used in Policies 1 2 3 4 5 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Integration with other IT and Security Systems 5 SIEM IDS ITSM Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions Descriptive Entitlements
All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 12 Descriptive Entitlements 1
All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 13 Descriptive Entitlements 1 2
All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Cloud API Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* Gateway connects to local cloud API • What are the instances that have a tag with Key SSH and Value containing ProjectX • Translate it to IP access rules ProjectX ProjectX2 Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 14 Descriptive Entitlements 1 2 3
All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Cloud API Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* Gateway connects to local cloud API • What are the instances that have a tag with Key SSH and Value containing ProjectX • Translate it to IP access rules Detect changes • Update IP access rules again ProjectX ProjectX2 Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 15 Descriptive Entitlements 1 2 3 4
Summary 16 Utilizes an authenticate first approach Removes attacks including zero day, DDOS and lateral movement The Cloud Fabric can now be extended all the way to the user and device Leverages legacy applications by extending the SDP Architecture No longer need traditional network defense equipment (Firewall, VLAN, VPN, etc.) • Identity-centric security • Policies on user and cloud instances Identity-Centric Network Security
To Learn More View Why a Software-Defined Perimeter

Recomendados

Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 

Recomendados

Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
Microservices Security: dos and don'ts
Microservices Security: dos and don'tsMicroservices Security: dos and don'ts
Microservices Security: dos and don'tsMinded Security
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
Gravitee.io
Gravitee.ioGravitee.io
Gravitee.ioKnoldus Inc.
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewNick Owen
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...Priyanka Aash
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ....NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...NETFest
 
Azure security basics
Azure security basicsAzure security basics
Azure security basicsStas Lebedenko
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringPriyanka Aash
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dAppsOWASP
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Letters
LettersLetters
LettersDrosia Primary School
 

Mais conteúdo relacionado

Mais procurados

Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...Priyanka Aash
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewNick Owen
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...Priyanka Aash
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ....NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...NETFest
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringPriyanka Aash
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Markus Schlichting
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dAppsOWASP
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
 

Mais procurados (20)

Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
 
Gravitee.io
Gravitee.ioGravitee.io
Gravitee.io
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems Overview
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ....NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...
 
Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of Monitoring
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
 
Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)Token vs Cookies (DevoxxMA 2015)
Token vs Cookies (DevoxxMA 2015)
 
[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 

Destaque

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Наталья Гульчевская. Ретроспектива по Диснею
Наталья Гульчевская. Ретроспектива по ДиснеюНаталья Гульчевская. Ретроспектива по Диснею
Наталья Гульчевская. Ретроспектива по ДиснеюScrumTrek
 
Downtown Wilmington Growth and Development
Downtown Wilmington Growth and DevelopmentDowntown Wilmington Growth and Development
Downtown Wilmington Growth and DevelopmentAlexis Milas
 
Modelo de Examen de reparación de Ciencias Naturales Séptimo Grado
Modelo de Examen de reparación de Ciencias Naturales Séptimo GradoModelo de Examen de reparación de Ciencias Naturales Séptimo Grado
Modelo de Examen de reparación de Ciencias Naturales Séptimo GradoCliffor Jerry Herrera Castrillo
 
Modelo de Examen de reparación de Filosofía Undécimo Grado
Modelo de Examen de reparación de Filosofía Undécimo GradoModelo de Examen de reparación de Filosofía Undécimo Grado
Modelo de Examen de reparación de Filosofía Undécimo GradoCliffor Jerry Herrera Castrillo
 
March 2017 Corporate Presentation
March 2017 Corporate PresentationMarch 2017 Corporate Presentation
March 2017 Corporate Presentationoncolyticsinc
 
Adopting Kubernetes with Puppet
Adopting Kubernetes with PuppetAdopting Kubernetes with Puppet
Adopting Kubernetes with PuppetPuppet
 
"Ελίτσα Μαυρομάτα" από την Έφη
"Ελίτσα Μαυρομάτα" από την Έφη"Ελίτσα Μαυρομάτα" από την Έφη
"Ελίτσα Μαυρομάτα" από την Έφηmagdalinikalatheri
 

Destaque (17)

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Letters
LettersLetters
Letters
 
Наталья Гульчевская. Ретроспектива по Диснею
Наталья Гульчевская. Ретроспектива по ДиснеюНаталья Гульчевская. Ретроспектива по Диснею
Наталья Гульчевская. Ретроспектива по Диснею
 
Love in Action: Episcopal Churches Welcome Refugees
Love in Action: Episcopal Churches Welcome Refugees Love in Action: Episcopal Churches Welcome Refugees
Love in Action: Episcopal Churches Welcome Refugees
 
Downtown Wilmington Growth and Development
Downtown Wilmington Growth and DevelopmentDowntown Wilmington Growth and Development
Downtown Wilmington Growth and Development
 
Media phots
Media photsMedia phots
Media phots
 
Reel History
Reel HistoryReel History
Reel History
 
Receta de albondigas y sus nutrientes
Receta de albondigas y sus nutrientesReceta de albondigas y sus nutrientes
Receta de albondigas y sus nutrientes
 
Modelo de Examen de reparación de Ciencias Naturales Séptimo Grado
Modelo de Examen de reparación de Ciencias Naturales Séptimo GradoModelo de Examen de reparación de Ciencias Naturales Séptimo Grado
Modelo de Examen de reparación de Ciencias Naturales Séptimo Grado
 
Modelo de Examen de reparación de Filosofía Undécimo Grado
Modelo de Examen de reparación de Filosofía Undécimo GradoModelo de Examen de reparación de Filosofía Undécimo Grado
Modelo de Examen de reparación de Filosofía Undécimo Grado
 
March 2017 Corporate Presentation
March 2017 Corporate PresentationMarch 2017 Corporate Presentation
March 2017 Corporate Presentation
 
Adopting Kubernetes with Puppet
Adopting Kubernetes with PuppetAdopting Kubernetes with Puppet
Adopting Kubernetes with Puppet
 
Presentation
PresentationPresentation
Presentation
 
Menú especial
Menú especialMenú especial
Menú especial
 
90 90-90
90 90-9090 90-90
90 90-90
 
Benjamin Wardell | Recruiters Campaign CV | Contracting
Benjamin Wardell | Recruiters Campaign CV | ContractingBenjamin Wardell | Recruiters Campaign CV | Contracting
Benjamin Wardell | Recruiters Campaign CV | Contracting
 
"Ελίτσα Μαυρομάτα" από την Έφη
"Ελίτσα Μαυρομάτα" από την Έφη"Ελίτσα Μαυρομάτα" από την Έφη
"Ελίτσα Μαυρομάτα" από την Έφη
 

Semelhante a Cryptzone: The Software-Defined Perimeter

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Arnaud Le Hors
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas Destor
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best PracticeShiu-Fun Poon
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Workshop AWS IoT @ IoT World Paris
Workshop AWS IoT @ IoT World ParisWorkshop AWS IoT @ IoT World Paris
Workshop AWS IoT @ IoT World ParisJulien SIMON
 
Hyperleger Composer Architecure Deep Dive
Hyperleger Composer Architecure Deep DiveHyperleger Composer Architecure Deep Dive
Hyperleger Composer Architecure Deep DiveDan Selman
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentEdin Kapic
 

Semelhante a Cryptzone: The Software-Defined Perimeter (20)

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
Workshop AWS IoT @ IoT World Paris
Workshop AWS IoT @ IoT World ParisWorkshop AWS IoT @ IoT World Paris
Workshop AWS IoT @ IoT World Paris
 
Hyperleger Composer Architecure Deep Dive
Hyperleger Composer Architecure Deep DiveHyperleger Composer Architecure Deep Dive
Hyperleger Composer Architecure Deep Dive
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises Development
 

Último

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Último (20)

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

Cryptzone: The Software-Defined Perimeter

  • 2. What is a Software-Defined Perimeter (SDP)? Simple. Secure. Dynamic. A new network security model that dynamically creates 1:1 network connections between users and the data they access 2
  • 3. How Does a SDP Work? Software-Defined Perimeter Traditional TCP/IP Not Identity Centric – Allows Anyone Access Identity-Centric – Only Authorized Users “Connect First, Authenticate Second” “Authenticate First, Connect Second” 3
  • 4. SDP Architecture • Controller is the authentication point, containing user access policies • Clients are securely onboarded • All connections based on mutual TLS connectivity • Traffic is securely tunneled from Client through Gateway 4 Protected Applications SDP Controller SDP Gateway (Accepting Host) SDP Client (Initiating host) PKI Identity Management Policy Model
  • 6. SDP in Action 6 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console 1 Protected Applications AppGate Controller AppGate Gateway AppGate Client Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
  • 7. SDP in Action 7 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway 1 2 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
  • 8. 3 SDP in Action 8 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS 1 2 3 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
  • 9. 4 3 SDP in Action 9 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS Clients access resources via Gateway • Mutual TLS tunnels for data • Real-time policy enforcement by Gateway 1 2 3 4 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
  • 10. 4 3 SDP in Action 10 Controller uses PKI and IAM to establish trust Controller is an authentication point and policy store System is administered via graphical admin console Gateways protect cloud and network resources Application network traffic passes through Gateway Clients securely onboarded, authenticate to Controller, communicate with mutual TLS Clients access resources via Gateway • Mutual TLS tunnels for data • Real-time policy enforcement by Gateway Controller can enhance SIEM and IDS with detailed user activity logs Controller can query ITSM and other systems for context and attributes to be used in Policies 1 2 3 4 5 Protected Applications AppGate Controller AppGate Gateway AppGate Client 2 Integration with other IT and Security Systems 5 SIEM IDS ITSM Control Channel Encrypted, Tunneled Data Channel PKI Identity Management Policy Model Graphical Admin Console 1
  • 11. All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions Descriptive Entitlements
  • 12. All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 12 Descriptive Entitlements 1
  • 13. All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* ProjectX Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 13 Descriptive Entitlements 1 2
  • 14. All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Cloud API Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* Gateway connects to local cloud API • What are the instances that have a tag with Key SSH and Value containing ProjectX • Translate it to IP access rules ProjectX ProjectX2 Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 14 Descriptive Entitlements 1 2 3
  • 15. All users in ProjectX allowed SSH access to all virtual instances where Tag key equals SSH and value contains ProjectX, if client Anti-Virus has latest updates Controller Cloud API Identity provider Y Client will authenticate to controller • Check for an Identity claim ProjectX • Launch a script to collect AV state • Send matching entitlements to client Client connects to Gateway • Brings the descriptive entitlement: • SSH access to AWS://tag:SSH=*ProjectX* Gateway connects to local cloud API • What are the instances that have a tag with Key SSH and Value containing ProjectX • Translate it to IP access rules Detect changes • Update IP access rules again ProjectX ProjectX2 Device Posture Multifactor Authentication Network Location Contextual Attributes Enterprise Identity Auto-detect Cloud Changes Custom Attributes Time Endpoint Agents Application Permissions 15 Descriptive Entitlements 1 2 3 4
  • 16. Summary 16 Utilizes an authenticate first approach Removes attacks including zero day, DDOS and lateral movement The Cloud Fabric can now be extended all the way to the user and device Leverages legacy applications by extending the SDP Architecture No longer need traditional network defense equipment (Firewall, VLAN, VPN, etc.) • Identity-centric security • Policies on user and cloud instances Identity-Centric Network Security
  • 17. To Learn More View Why a Software-Defined Perimeter

Notas do Editor

  1. New slides
  2. Secure military networks Controller is the authentication point typically linked with one or more Identity providers Controller contains descriptive user access policies define access to applications Clients are securely onboarded All connections based on mutual TLS connectivity Traffic is securely tunneled from Client through Gateway to Protected Applications
  3. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications
  4. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications
  5. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications
  6. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications
  7. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications
  8. Bring Controllers online Integration with Identity, Multi-Factor and PKI services Bring Gateways online Create a mutual TLS connection with Controller after SPA Do not acknowledge Communication from any other host Do not respond to any non-provisioned request Gateways are now in “stealth mode” Bringing Clients online Create mutual TLS connection to Controller after SPA Authenticate to Controller List of authorized Gateways determined for this Client Controller could contact remote services for context Controller creates a list of Gateways Translate your descriptive network entitlements into IP access rules by talking to local cloud API’s. All other apps remain invisible Upload the network entitlements to the matching sites by launching a micro private firewall instance and build an encrypted data tunnel to each one Accept communication from Client Controller instructs Gateways to accept communication from this Client Receive list of IP’s of SDP Gateways Initiating host receives a list of IP’s to connect to Set up mutual TLS Tunnels to transfer data after SPA Client can now connect to the proper applications