Presentation is loading. Please wait.

Presentation is loading. Please wait.

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Published byDennis McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”"— Presentation transcript:

1 How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

2 Overview A little about STERIS Corp Why Care? Challenge – Protecting Web Access Lessons Learned

3 Background Manufacturing company 3,000 internal users & 2,000 remote users Facilities in Americas, Europe, & Asia (60+) Centralized Internet access through Mentor, OH (until last year) Acquired 10 companies in the last 2 years Moving to breakouts at larger facilities Small IT team…very small IT Security team Internet New (9/13) New (8/13) New (2012) New (2014)

4 Why Care Protecting Internet Access

5 Why Care? - Reputation Botnet Infections on Guest Network Zero Issues from 3,000+ employees Services now available to rate your security & your competition

6 Why Care? – Web Access Impacts Score 349 of 354 events related to protecting web access Botnet Infections Spam Propagation Potentially Exploited

7 Why Care – if you need more reasons Basic / 354 events Competitor Advanced/ 2 events Customers starting to care about the security of their partners Board of Directors are starting to care Protecting your web access plays a major role Core Network Industry: Healthcare/Wellness

8 Challenge – Protecting Web Access

9 Layered Defense (2012) On Premise Centralized Effective (facility) Ineffective (remote) Expensive FirewallIntrusion Prevention System (x2)URL Filtering/ReputationAnti-Virus (host)Patching/Rights Management

10 Evolving Layered Defense Looked at new solutions in 2013 to combat evolving threats Internet Breakouts changed my plans Firewall Intrusion Prevention System (x2) URL Filtering/ReputationAnti-VirusPatching/Rights Management Execution Analysis (sandboxing) Anti-Bot (firewall) Intrusion Prevention System (Host) Application White Listing

11 Options When Internet Breakouts Meet Evolving Threats On Premise Capital some expense Expensive to replicate same level of protection across the enterprise Remote users? Team does Policy, Reporting, & Maintaining Cloud Expense vs Capital Minimal equipment Protects facility & remote users Team does Policy & Reporting Hybrid Capital/Expense Standardization? Protects facility & remote users Staggered commitment

12 What are Cloud Solutions Providing? IPS Execution Analysis Reputation AV Third Party Intel Traffic Analysis Human Analysts Protections Community of Millions URL Filtering Reporting Policy Management Application Control Management Authentication

13 STERIS’s Approach Researched vendors – technology, integration, administration, locations, cost (talk to your research service) Pilot Cloud solutions for facilities & remote users First sites going Cloud are supporting acquisitions Expand out to remote users (XP was a driver) Large sites getting Internet breakouts? Primary & Disaster Recovery sites??? ResearchPilotAcquisitions Remote Users Large Sites Primary & DR Sites Today

14 Lessons Learned

15 Lessons Learned - Location Compare the vendor data center locations to your users (some sites tailor to source IP) Impact performance & user experience FacilityVendor 1Vendor 2 US (multiple) Mexico Canada France Finland China

16 Lessons Learned - Speed Will it be slower? Impact performance & experience? Didn’t see it Cloud Protections URL Filter (dynamic) AV IPS Sandboxing Cloud Protections URL Filter (dynamic) AV IPS Sandboxing Latency?

17 Lessons Learned - Compatibility Ran into issue that the IPS built into the VPN Client thought the Proxy Client was malicious Similar issue with the web filter built into the AV Support quickly provided a fixed client Cloud Service

18 Lessons Learned – Authentication How does the user authenticate? – What devices do you need to support? – Add a client or is it built into something already? Do you want the user to enter their credentials? Do you care if the user authenticates? – What’s the “value add” for authentication? – “best” is the enemy of “better”

19 Lessons Learned – Management Don’t assume managing the rules is the same as with on-prem devices An acquisition site wanted admin access to the policy How will you deploy & update the client for remote users? Involve your Client team. Reporting in the Cloud – Considering moving to the Cloud – Does it meet your log retention requirements? Features change quickly in the Cloud (good & bad)

20 Lessons Learned – Cost Don’t assume Cloud will cost less or more FacilityOn-PremCloud 1Cloud 2 Subscriptionx2x3x Proxy$1,000-- Proxy Support$500-- IPS$1,000-- IPS Support$500-- Firewallsame $3,000 IT Supportsame Value Add

21 Security Considerations Logs can be sensitive – What companies are your acquisition teams surfing? – Where are your executives surfing? Cloud companies could be nice targets – Surveillance? – Redirect? – Go after the Admin What country does the data reside? Is your organization “risk adverse” Good news…these are security companies that have a lot to lose

22 Cloud Protection at Home You can have the same Cloud protection at home Free tool Block by category Anti-virus, Intrusion Prevention, & reputation protections in the Cloud http://www.k9webprotection.com/

23 Summary Protecting Web Access is Important Look for opportunities for Cloud & On-Prem solutions Lessons Learned Location Speed Compatibility Management Cost Security Protection at Home

24 Questions? Ed Pollock epollock@steris.com

Download ppt "How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”"

Similar presentations

1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Chapter 12 Network Security.

Chapter 12 Network Security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Similar presentations

Ads by Google