How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Slides:

Advertisements

Similar presentations

1 Effective, secure and reliable hosted security and continuity solution.

Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Chapter 12 Network Security.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

EDUCAUSE Security 2006 Internet John Brown University.

Norman SecureSurf Protect your users when surfing the Internet.

Services Tailored Around You® Business Contingency Planning Overview July 2013.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.

PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

ShareTech 2015 Next-Gen UTM.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Module 14: Configuring Server Security Compliance

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Chapter 6 of the Executive Guide manual Technology.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Akamai Technologies - Overview RSA ® Conference 2013.

Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Alessandro Cardoso Microsoft MVP | Readify National Manager |

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.

© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.

©2013 Check Point Software Technologies Ltd. Small Business. Big Security New SMB Appliances Clinton Cutajar Team Leader – Information Security Computime.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Santa Clara, CA (408)

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

Hosted Voice. 2 Business Priorities Minimize CAPEX Maximize employee productivity Increase business revenue Increase customer satisfaction Business continuity.

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Hybrid Cloud Web Filtering Platform

Avenues International Inc.

Cloud Computing Q&A Presented by:

Barracuda Web Security Flex

BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.

Cloud Firewall.

Barracuda Web Filtering Service

Data Center Firewall.

Network Security Analysis Name : Waleed Al-Rumaih ID :

Securing the Network Perimeter with ISA 2004

Threat Management Gateway

Jon Peppler, Menlo Security Channels

Check Point Connectra NGX R60

Chapter 4: Protecting the Organization

Implementing Client Security on Windows 2000 and Windows XP Level 150

(With Hybrid Network Support)

Securing web applications Externally

Presentation transcript:

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Overview A little about STERIS Corp Why Care? Challenge – Protecting Web Access Lessons Learned

Background Manufacturing company 3,000 internal users & 2,000 remote users Facilities in Americas, Europe, & Asia (60+) Centralized Internet access through Mentor, OH (until last year) Acquired 10 companies in the last 2 years Moving to breakouts at larger facilities Small IT team…very small IT Security team Internet New (9/13) New (8/13) New (2012) New (2014)

Why Care Protecting Internet Access

Why Care? - Reputation Botnet Infections on Guest Network Zero Issues from 3,000+ employees Services now available to rate your security & your competition

Why Care? – Web Access Impacts Score 349 of 354 events related to protecting web access Botnet Infections Spam Propagation Potentially Exploited

Why Care – if you need more reasons Basic / 354 events Competitor Advanced/ 2 events Customers starting to care about the security of their partners Board of Directors are starting to care Protecting your web access plays a major role Core Network Industry: Healthcare/Wellness

Challenge – Protecting Web Access

Layered Defense (2012) On Premise Centralized Effective (facility) Ineffective (remote) Expensive FirewallIntrusion Prevention System (x2)URL Filtering/ReputationAnti-Virus (host)Patching/Rights Management

Evolving Layered Defense Looked at new solutions in 2013 to combat evolving threats Internet Breakouts changed my plans Firewall Intrusion Prevention System (x2) URL Filtering/ReputationAnti-VirusPatching/Rights Management Execution Analysis (sandboxing) Anti-Bot (firewall) Intrusion Prevention System (Host) Application White Listing

Options When Internet Breakouts Meet Evolving Threats On Premise Capital some expense Expensive to replicate same level of protection across the enterprise Remote users? Team does Policy, Reporting, & Maintaining Cloud Expense vs Capital Minimal equipment Protects facility & remote users Team does Policy & Reporting Hybrid Capital/Expense Standardization? Protects facility & remote users Staggered commitment

What are Cloud Solutions Providing? IPS Execution Analysis Reputation AV Third Party Intel Traffic Analysis Human Analysts Protections Community of Millions URL Filtering Reporting Policy Management Application Control Management Authentication

STERIS’s Approach Researched vendors – technology, integration, administration, locations, cost (talk to your research service) Pilot Cloud solutions for facilities & remote users First sites going Cloud are supporting acquisitions Expand out to remote users (XP was a driver) Large sites getting Internet breakouts? Primary & Disaster Recovery sites??? ResearchPilotAcquisitions Remote Users Large Sites Primary & DR Sites Today

Lessons Learned

Lessons Learned - Location Compare the vendor data center locations to your users (some sites tailor to source IP) Impact performance & user experience FacilityVendor 1Vendor 2 US (multiple) Mexico Canada France Finland China

Lessons Learned - Speed Will it be slower? Impact performance & experience? Didn’t see it Cloud Protections URL Filter (dynamic) AV IPS Sandboxing Cloud Protections URL Filter (dynamic) AV IPS Sandboxing Latency?

Lessons Learned - Compatibility Ran into issue that the IPS built into the VPN Client thought the Proxy Client was malicious Similar issue with the web filter built into the AV Support quickly provided a fixed client Cloud Service

Lessons Learned – Authentication How does the user authenticate? – What devices do you need to support? – Add a client or is it built into something already? Do you want the user to enter their credentials? Do you care if the user authenticates? – What’s the “value add” for authentication? – “best” is the enemy of “better”

Lessons Learned – Management Don’t assume managing the rules is the same as with on-prem devices An acquisition site wanted admin access to the policy How will you deploy & update the client for remote users? Involve your Client team. Reporting in the Cloud – Considering moving to the Cloud – Does it meet your log retention requirements? Features change quickly in the Cloud (good & bad)

Lessons Learned – Cost Don’t assume Cloud will cost less or more FacilityOn-PremCloud 1Cloud 2 Subscriptionx2x3x Proxy$1,000-- Proxy Support$500-- IPS$1,000-- IPS Support$500-- Firewallsame $3,000 IT Supportsame Value Add

Security Considerations Logs can be sensitive – What companies are your acquisition teams surfing? – Where are your executives surfing? Cloud companies could be nice targets – Surveillance? – Redirect? – Go after the Admin What country does the data reside? Is your organization “risk adverse” Good news…these are security companies that have a lot to lose

Cloud Protection at Home You can have the same Cloud protection at home Free tool Block by category Anti-virus, Intrusion Prevention, & reputation protections in the Cloud

Summary Protecting Web Access is Important Look for opportunities for Cloud & On-Prem solutions Lessons Learned Location Speed Compatibility Management Cost Security Protection at Home

Questions? Ed Pollock