3. 3
Dedicated Server
per App
Improved
Operations
Remote
Operations
Consuming
Services
Invest multiple DC Invest multiple DC
No capital
investments
No infrastructure
Manage DC Manage DC
No DC or HW
infra to manage
No OS or software
to manage
Overprovisioned Overprovisioned
On demand
infrastructure
On demand,
pay-as-you-go
PRIVATE
CLOUD
LEGACY
DC
PUBLIC
CLOUD
CLOUD BASED
SERVICES
WORKLOAD EVOLUTION
4. 4
Physical Security
Infrastructure hardening
OS hardening
Application hardening
IAM
Gated network access
OS hardening
Application hardening
IAM
)Gated network access(
IAM
YOU (ONLY) SECURE WHAT YOU OWN!
PRIVATE
CLOUD
LEGACY
DC
PUBLIC
CLOUD
CLOUD BASED
SERVICES
SECURITY EVOLUTION
5. 5
SO IT IS GETTING EASIER… RIGHT??
SecOps
CISO
How to run agents on services that are not mine?
Serverless containers have a lifetime of a couple of ms…
Infrastructure is dynamic, it changes and moves all the time…
New environments are being created and destroyed
all the time…
How to give my business units freedom to innovate at their
pace without increasing my attack surface?
How do I prevent my business units start deploying their
own shadow clouds?
9. 9
PROMISCUOUS PERMISSIONS
ARE #1 THREAT TO CLOUD
Cloud environments create new attack surfaces not known in premise-based computing
YOUR PERMISSIONS = YOUR ATTACK SURFACE
12. 12
services packaged in containers
deployed as microservices
managed on elastic infrastructure
through agile DevOps processes
and continuous delivery workflows
WHAT IS CLOUD NATIVE ?
Cloud-native is about how applications are
created and deployed, not where.
13. 13
MONOLITHIC SOA/ESB
Service Oriented
Architecture
Enterprise Service Bus
MSA
Microservice
Architecture
SERVICE
MESH
M o n o l i t h s d i e h a r d …
PRIVATE
CLOUD
LEGACY
DC
PUBLIC
CLOUD
CLOUD BASED
SERVICES
DEV EVOLUTION
DevOps
Pipeline automation, programmable infrastructure
14. 14
SERVICE
REGISTRY
API Gateway
Load Balance
Chain and Secure
query
N-S
API
N-SE-W E-W
K8S
Clustering
MICROSERVICE ARCHITECTURE
APIAPI API
ENCRYPTED & PROTECTED
NO ENCRYPTION | NO PROTECTION
µService
Logic
+
data
µService
Logic
+
data
µService
Logic
+
data
µService
Logic
+
data
container
15. 15
SERVICE MESH
µService µService µService µService
ISTIO
Management &
Control
K8S
N-SN-S
END-TO-END ENCRYPTION!
N-S AND E-W
E-W
API
DARK DATA
Pod
27. 27
SCRIPT BOT HEADLESS BROWSER BOT HUMAN-LIKE BOT DISTRIBUTED BOT
U S E R B E H A V I O R A L A N A L Y S I S
BLACKLISTS
IP, User Agent
DEVICE/BROWSER
Cookie, JS, Fingerprinting
INTERACTION (SHALLOW)
Mouse movement & keystrokes anomalies
INTENT (DEEP)
Correlation in intent signatures
across devices
TECHNOLOGYBOTS
4th GENERATION
BOT-ATTACK MITIGATION
28. 28
SEMI-SUPERVISED:
Best of both approaches
Detect anomalies + Leverage big data
UNSUPERVISED MACHINE-
LEARNING
Clustering by commonalities
No direction on good vs bad
SUPERVISED
MACHINE-LEARNING
Guided classification based on history
New data samples create noise
NEED FOR ADVANCED
MACHINE LEARNING
30. 30
“ANYTHING
that can be connected,
will be connected”
“80 B I L L I O N
Connected Devices in 2025
for generating 180 trillion GB
of Data” - IDC, Feb 2018
IoT – INTERNET OF THINGS
31. 31
IOT , SMARTGRIDS,
CITIES, HOMES
MACHINE TO
MACHINE
EVENT DRIVEN
APPs
FAAS SERVERLESS
MOBILE APPs
CLOUD NATIVE &
CLOUD BASED
API USE CASES
32. 32
1. The Attack Surface of the Public Cloud is defined by Permissions
2. The Insider threat of the Public Cloud is the Outsider
3. HIDs, NIDs, and Flow Collectors are pointless for Securing
Cloud-based Applications
4. WAF does not keep up with Cloud Native Applications
5. East-West Traffic is getting Encrypted
6. Attackers are getting Automated
7. Attacks are getting more Sophisticated
8. APIs are the new Front-end
9. Machine and Deep Learning become essential
for Threat Detection
10. 5G will fuel the next IoT Explosion
TOP 10 SECURITY FACTS
34. 34
TERMS AND CONDITIONS OF USE
• License. Subject to the terms and conditions herein, RADWARE hereby grants you a limited, nontransferable and nonexclusive license, subject to the
restrictions set forth below, to access and use the Presentation, solely for informational and non-commercial purposes, for internal use and/or for the
purpose of selling and supporting RADWARE. RADWARE reserves the right to amend the terms of this License from time to time without notice, by posting
the revised terms on its Website.
• Intellectual Property Rights. You acknowledge and agree that this License is not intended to convey or transfer to you any intellectual property rights or to
grant any licenses in or to any technology or intellectual property or content, other than as expressly provided herein. The content contained in this
Presentation, including, but not limited to, software, product information, technology information, user guides, white papers, analysis, trade names,
graphics, designs, icons, audio or video clips and logos, is RADWARE proprietary information, protected by copyright, trademark, patent and/or other
intellectual property rights, under US and international law. Third-party trademarks and information are the property of their respective owners.
• Disclaimer of Warranty. Although RADWARE attempts to provide accurate and up-to-date information in this Presentation, RADWARE makes no warranty
with respect to the accuracy or completeness of the information. Information, software and documentation provided in this Presentation are provided "as
is" and without warranty of any kind either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a
particular purpose and non-infringement.
• Limitation of Liability. RADWARE shall not be liable to you or any other party for any indirect, special, incidental or consequential damages, including, but
not limited to, any amounts representing loss of profits, loss of business, loss of information or punitive damages.
• Links to Third-party Websites. This Presentation may contain links to third-party Websites. Such links are provided for convenience only and RADWARE
makes no warranty, nor does it assume any responsibility or liability in connection with the access and use of any other Website.
• Safe Harbor. This Presentation may contain forward-looking statements that are subject to risks and uncertainties. Factors that could cause actual results to
differ materially from these forward-looking statements include, but are not limited to, general business conditions in the Application Delivery or Network
Security industry, and other risks detailed from time to time in RADWARE's filings with the Securities and Exchange Commission, including RADWARE's Form
20-F.
• Governing Law. This Agreement and any action related thereto shall be governed, controlled, interpreted and defined in accordance with the laws of the
State of Israel, without regard to the conflicts of laws provisions thereof.