Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
- 1. 2020 © Netskope. All rights reserved.
Reimagine your perimeter
Why everyone needs a cloud-first security program
SASEfaction guaranteed!
JR:JR
- 2. 2020 © Netskope. All rights reserved.
Introductions
James Robinson Ross Asquith
Deputy CISO,
Netskope
jrobinson@netskope.com
Security Transformation Principal,
Netskope
ross@netskope.com
JR:RA
- 3. 2020 © Netskope. All rights reserved.
Work from the office
Work from home
RA:RA
For many organizations there is increasingly
little difference between working in the office
and working remotely. This is due to the
network perimeter changing…
- 4. 2020 © Netskope. All rights reserved.
Source:NetskopeCloudReport,August2019;Security2025
of enterprise
web traffic
consists of
cloud
85%
of enterprise
devices are
mobile and off
the network
half the time
90%
Numbers Don’t Lie – Your Perimeter is Dissolving
- 5. 2020 © Netskope. All rights reserved.
IaaSSaaSWeb
Data
Center
Apps
FW
SWG
VPN
Endpoint
IPS
Designed for controlled access
RA:RA
- 6. 2020 © Netskope. All rights reserved.
Inappropriate Content Filtering
Bandwidth Control
Threat Protection
APT & Malware
Phishing Protection
Cloud Delivered
SSL @ Scale
Mobile User Protection
Branch Office Protection
Activity Visibility
Granular App Controls
App Risk Insight
Data Protection
Cloud-Enabled Threat Defenses
Websense ForcePoint
Blue Coat / Symantec
Cisco
McAfee
Zscaler Netskope
Web Filtering On-Prem SWG Cloud Delivered SWG Next Gen SWG
YEARS
VERSION
DESCRIPTION
VENDORS
BUSINESS
DRIVER
0%
10%
30%
85%
0% of enterprise
traffic that is
cloud
1 9 9 9 - 2 0 0 8
1.0
10% of
enterprise traffic
that is cloud
2 0 0 8 - 2 0 1 3
2.0 30% of
enterprise traffic
that is cloud
2 0 1 3 - 2 0 1 7
3.0
85% of
enterprise traffic
that is cloud
2 0 1 8 - 2 0 2 5
4.0
Static Web
(HTML)
App Based
Web (SaaS)
Evolution of Secure Web Gateways
RA:JR
- 7. 2020 © Netskope. All rights reserved.
7
Top three cloud service workloads
Leading cloud security concerns
Leading cloud security priority
52%apps 48%storage 46%security
52%data privacy 51%data loss and leakage
32%malware protection
Your data is in the cloud, is your security?
Cloud migration and concerns
JR:JR
- 8. 2020 © Netskope. All rights reserved.
• For the first time, phishing attacks on
SaaS (36%) have surpassed phishing
attacks on payment systems (27%) and
financial institutions (16%).
• Phishing attempts increase 400% 1H19,
many malicious URLs found on trusted
domains.
• So far in 2019, nearly 1 in 4 malicious
URLs (24%) were found on trusted
domains.
• It’s more difficult for security measures to
block URLs on these trusted domains.
WebrootAPWG Phishing Activity Trends Report, May 2019
Evidence
JR:JR
- 9. 2020 © Netskope. All rights reserved.
9
Profile Cloud Services
Misconfigurations
Open to Public
Rogue Instances
Cloud Hosting & C2
Landing Pages
Phishing SaaS/Cloud (#1)
Cloud Script / File Share
Valid Domain & Certificate
Fake Access Logins
Compromise Credentials
Cloud Payloads / Malware
White Listed Domains/IPs
Facebook, YouTube, Twitter
Slack, GitHub (SLUB)
Cloud Data Exfiltration
Cloud Lateral Movement
Resource Consumption
Cloud-enabled Kill Chain
JR:JR
- 11. 2020 © Netskope. All rights reserved.
Device
Managed
Personal
User, Group, OU
Accounting
Pat Smith Cloud
Storage
App
Managed
Unmanaged
App
Personal
Instance
Company
File
Sharing
100+
Categories
URL Category
Upload
File
(up,
down,
share,
view)
Activity
AV/ML
IOCs
Scripts
Macros
Sandbox
Threat
DLP
Profiles
And
Rules
Content Policy Action
Allow
Block
Coach
Encrypt
Legal Hold
Quarantine
etc.
Risk
Security
Privacy
Legal/Audit
GDPR
50+
Risk
Rating
36K Apps
97
Context is key
Instance Awareness – determine company, personal, and rogue instances
Activity-level Policy – determine 20+ activities for cloud services and apps
Data Protection – determine login credentials (PII) in phishing forms
Threat Protection – prevent known and detect unknown cloud-enabled threats
JR:JR
- 12. 2020 © Netskope. All rights reserved.
Complexity of trying to implement security at the perimeter
- 15. 2020 © Netskope. All rights reserved.
HQ + Data center
Firewall
VPN
Sandbox
IPS / IDS
UEBA
Web Sec
DLP
BYOD
Branch
Remote Device
Web and Cloud
RA:RA
- 16. 2020 © Netskope. All rights reserved.
HQ + Data center
Firewall
BYOD
Branch
Remote Device
Security will no longer be “entombed” in a box in the data center
SASE will be as disruptive to network and network security
architectures as IaaS was to the data center.
Digital business transformation will require SASE
SASE – Secure Access Service Edge
Web and Cloud
RA:RA
VPN
Sandbox
IPS / IDS
UEBA
Web Sec
DLP
- 17. 2020 © Netskope. All rights reserved.
HQ + Data center
5G Mobile
WiFi APs
Commodity
hardware
SDN fabric
Legacy Apps
IOT Devices
BYOD
Branch
Remote Device
Future operating model
SASE – Secure Access Service Edge
Web and Cloud
RA:RA
- 18. 2020 © Netskope. All rights reserved.
Future Security Stack is in the Cloud The Future Stack includes:
• SASE
• Identity authentication
• Endpoint Security Management
• Security Operations
• User Behavior Analysis
Endpoint machines
Threat Intel
Exchange
Response Actions
UEBA /
SOAR
SECURE ACCESS
SERVICE EDGE
ENDPOINT
Web SaaS IaaS/PaaS
User Data
Entity Data
IDENTITY
Authentication
and SSO
Response Actions
Private
Access
RA:RA
- 19. 2020 © Netskope. All rights reserved.
Visit us:
Netskope booth #5981 (Moscone North)
Thank you.
QUESTIONS?
Netskope cloud
security report:
www.netskope.com
RA:RA