O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Continuous Multilayer Protection: Operationalizing a Security Framework

449 visualizações

Publicada em

Continuous Multilayer Protection: Operationalizing a Security Framework presented by Mats Nilsson from Ericsson.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Continuous Multilayer Protection: Operationalizing a Security Framework

  1. 1. Straw Program - Topics that highlight Ericsson’s IP expertise - Leverage Ericsson’s strengths and apply to new technology and issues to resolve. (e.g, MBH) - Focus on operator perspective and pain points - Cover emerging tech and tech we have “on the truck” - Include “friendly” partners to show not working in a vacuum - Industry thought leaders for keynotes to highlight technical business drivers - One track for non-technical business related content* - Possible Friday customer meetings • 2-3 distinct parallel tracks. • Could have side room for “Meet the Engineer” private sessions. Continuous Multilayer Protection: - Operationalizing a Security Framework Mats Nilsson
  2. 2. 2015-05-25 | Page 2 Connectivitymoreand more part ofour life 1875 20001975 10 30 50 15 years 50 billion connected devices 25 years 5 billion connected people 100 years 1 billion connected places 20 40 Connections(billion) 2020
  3. 3. 2015-05-25 | Page 3 Connectivityintegrated into our way oflife Collaboration Innovation Privacy Competence Trust Socializing Learning Everything PEOPLE do Media Commerce Security Government Education Transport Healthcare Utilities In all parts of SOCIETY & BUSINESS Will be done over a NETWORK
  4. 4. 2015-05-25 | Page 4 NEW OPPORTUNITIES – NEW CHALLENGES Increased network capacity More commerce & financial transactions More cloud storage & services Open and capable devices An IP based unified global network New things get connected More services get networked More decisions based on real-time data
  5. 5. Policyand regulation › Status and drivers – On top of political agendas – The (global) Economic and Social impact of the ICT enabled society – How to ensure core values and security in Cyberspace › Activities and consequences – Definition and scope of Critical Information Infrastructures (e.g. Communications, Healthcare Energy, Transport – Operational security requirements and audits › Voluntary but required to avoid liabilities – US › Law - EU – Mitigation through recommended Standards, Best practices, implementation incentives or law/liabilities › Examples of policy measures – US Executive Order 13636 and “Cyber security Framework” – EU › Cyber security strategy › EU proposed NIS directive › EU NIS platform – India › Security requirements and audits on operators. › Mandatory local testing of equipment (from 1 April 2015) however alignment with global standards – Many others….
  6. 6. 2015-05-25 | Page 6 our perspective onSecurity in the networked society • services should always be available • security should require minimum effort from users • communications should be protected • all access to information and data should be authorized • manipulation of data in the networks should be possible to detect • the right to privacy should be protected
  7. 7. SECURITYIN THE NETWORKED SOCIETY Operator Policies & Directives Secure Operations Secure Network Secure Products Laws & Regulation Standards: ISO 27001… 3GPP, ITU-T, IETF… 3GPP SECAM, ISO 15408…
  8. 8. 2015-05-25 | Page 8 System scale Users Thousands Millions Billions Enterprise Telecom Networks Multiple Networks Moderate Large Very large Our Focus: Large scalesecurity
  9. 9. 2015-05-25 | Page 9 Point security • Firewalls • Malware detection • Intrusion detection • Content scrubbing Network & Operational Security • Software and data integrity verification • Tamper protection • Identity management • Fraud prevention mechanisms • ISO 27 000 certified operations • Secure storage IntegratedSecurity CreatingLarge-scale system Security • Integrity • Robustness • Scalability • Efficiency • Confidentiality • Privacy • Coordinated defense • Fast response Integrated security Threat Threat Threat
  10. 10. 2015-05-25 | Page 10 People & Processes HW & SW Data TransactionsConfigurationsIdentities Devices …and much more What needs to betrusted
  11. 11. 2015-05-25 | Page 11 NEEDSTHE ERICSSONTRUST STACK TRUSTED BUSINESS TRUSTED OPERATIONS TRUSTED NETWORKS TRUSTED PRODUCTS ENABLES
  12. 12. 2015-05-25 | Page 12 NISTCS FW mappedto RESPONSIBILITIES Identify Protect Detect Respond Recover NIST CS FW
  13. 13. 2015-05-25 | Page 13 integrated process for Product andservice development PRODUCT SECURITY FUNCTIONS PRODUCT SECURITY ASSURANCE PRODUCT SECURITY DOCUMENTATION PRODUCT NEAR SECURITY SERVICES Developing the right security functions for a product or service Assuring that the security functionality works as expected Documenting security functionality to enable secure operations Provide services to ensure that security functionality is properly used Securityreliability model:
  14. 14. 2015-05-25 | Page 14 FROM: PROTECT ONLY 100% protection is possible Re-Inventionof CloudSecurity TheShift to Cloud Requires a New Focus Hardened end points, users not devices Illusion of liability protection: third party audits, certifications Data is locked down Perimeter-centric: access control, encryption Authenticate end points: trusted identity of users AND devices Data is portable, in compliance with local regulations Data - centric: every data asset is tagged, tracked, located, verified Onus for proof: independently verifiable, mathematical forensics
  15. 15. 2015-05-25 | Page 15 Ericsson WalletPlatformoverviewof securitycontrols Approval of sensitive operations Traceability & accountability Security configuration validation Eavesdropping and modification protection Two factor authentication Configurable access control System and API hardening Financial crime controls
  16. 16. 2015-05-25 | Page 16

×