dynamic and continuous auditing controlling and
play

Dynamic and Continuous Auditing, Controlling, and Monitoring of all - PowerPoint PPT Presentation

Sep 01, 2023 •512 likes •758 views

Dynamic and Continuous Auditing, Controlling, and Monitoring of all Tenant Network Flows in Openstack at Scale Jason Rouault Sr. Director, Cloud Engineering and Operations May 10, 2017 Jason Rouault Sr. Director, Cloud Engineering and

  1. Dynamic and Continuous Auditing, Controlling, and Monitoring of all Tenant Network Flows in Openstack at Scale Jason Rouault Sr. Director, Cloud Engineering and Operations May 10, 2017

  2. Jason Rouault Sr. Director, Cloud Engineering and Operations Richard Eisenberg VP, Client Development Nathan Randall, Sr. DevSecOps Engineer 2

  3. Agenda TWC Introduction Business/Security Problems Defined Solution Requirements Cloudvisory and OpenStack Integration Cloudvisory Overview Demo 3

  4. Time Warner Cable 2 nd largest cable provider in US Provides Video, Broadband, Phone, and Business Services 15 Million Subscribers Los Angeles/New York Markets 4 National Data Centers 20+ Market Data Centers Was acquired by Charter Communications in 2016 4

  5. Time Warner Cable Cloud Time Warner Cable Cloud OpenStack providing IaaS services • Up and running in 2 national datacenters (regions) – Capacity for 15000 VMs • 3 PB usable object and block storage • Full SDN with Neutron ML2 and VXLAN Overlay • CI/CD automation for software deployments. 0-6 weeks behind trunk Why OpenStack? Flexible and adaptable infrastructure Self-service Increased speed to market Reduced Costs No Vendor lock-in 5

  6. Time Warner Cable Cloud Time Warner Cable Cloud OpenStack providing IaaS services • Up and running in 2 national datacenters (regions) – Capacity for 15000 VMs • 3 PB usable object and block storage • Full SDN with Neutron ML2 and VXLAN Overlay • CI/CD automation for software deployments. 0-6 weeks behind trunk Why OpenStack? • Flexible and adaptable infrastructure • Self-service • Increased speed to market • Reduced Costs • No Vendor lock-in 6

  7. Problem Overview OpenStack brings strong features for multi- tenancy and infrastructure abstraction Allow us to deploy workloads with speed and reliability in a structured and repeatable method The architecture introduces risks that traditional perimeter security models are unable to detect and control. Dichotomy of traditional security with the DevOps teams cloud users OpenStack: Agile, Reliable, Available and Secure 7 7

  8. Business Problems Business Problems Visibility • DevOps teams have limited visibility and lack of understanding to troubleshoot application connectivity issues. • Lack of visibility is magnified for applications spanning regions and cloud providers • Security teams have no easy way to monitor and validate actual application flows Control Managing cloud native security controls can be error prone Managing controls does not scale well in large deployments, or across environments Security controls are not dynamic like the cloud applications they are protecting There is no ability to define security trust boundaries across environments Reporting Demonstrating compliance is problematic Detecting and responding to bad actors/systems is often too little too late 8

  9. Business Problems Business Problems Visibility • DevOps teams have limited visibility and lack of understanding to troubleshoot application connectivity issues. • Lack of visibility is magnified for applications spanning regions and cloud providers • Security teams have no easy way to monitor and validate actual application flows Control • Managing cloud native security controls can be error prone • Managing controls does not scale well in large deployments, or across environments • Security controls are not dynamic like the cloud applications they are protecting • There is no ability to define security trust boundaries across environments Reporting Demonstrating compliance is problematic Detecting and responding to bad actors/systems is often too little too late 9

  10. Business Problems Business Problems Visibility • DevOps teams have limited visibility and lack of understanding to troubleshoot application connectivity issues. • Lack of visibility is magnified for applications spanning regions and cloud providers • Security teams have no easy way to monitor and validate actual application flows Control • Managing cloud native security controls can be error prone • Managing controls does not scale well in large deployments, or across environments • Security controls are not dynamic like the cloud applications they are protecting • There is no ability to define security trust boundaries across environments Compliance • Demonstrating compliance is problematic • Detecting and responding to bad actors/systems is often too little too late 10

  11. Solution Requirements Solution Requirements Should leverage cloud native security controls Must not negate self service afforded to cloud users Must have minimal to no impact on workload performance Will scale with our cloud Must be highly available 11

  12. Solution Requirements Solution Requirements Installation and Upgrades can be automated with CI/CD tooling (e.g. Ansible, Puppet, etc.) Solution should not hinder ability to upgrade Hypervisor or OpenStack Role based access control (RBAC) for separation of duties Should provide an API for integration with existing systems 12

  13. Narrowing Down the Choices Narrowing Down the Choices Most vendors: • Want to take over your SDN or • Want to install a VM on each hypervisor or • Want to install a kernel module or • Want to install an agent on each VM 13

  14. Narrowing Down the Choices Narrowing Down the Choices Most vendors: • Want to take over your SDN or • Want to install a VM on each hypervisor or • Want to install a kernel module or • Want to install an agent on each VM Ultimately, we did not like any of these implementation options 14

  15. Cloudvisory and OpenStack Cloudvisory and OpenStack Cloudvisory Cloudvisory serves as the management plane for (Security Management Plane) network security policies. Neutron API provides the Neutron API control plane , which controls (Control Plane) an agent on each Compute node that implements the data plane for OSI Layer-2/3 Open vSwitch Open vSwitch Open vSwitch network segmentation. (Data Plane) (Data Plane) (Data Plane) 15

  16. Cloud Security Policy Control Plane The Cloudvisory Management Framework Data Plane P P Project A Policy Project B Policy P WEB TIER DB TIER WEB Policy DB Policy PCI Policy 16

  17. Cloud Security Policy Control Plane The Cloudvisory Management Framework Data Plane Security Management Plane P P Project A Policy Project B Policy P WEB TIER DB TIER WEB Policy DB Policy PCI Policy 17

  18. Cloudvisory is: Intelligence Cloud-Native Security Platform for Hybrid, Multi-Cloud Continuous Discovery & Visualization of: 1. Cloud infrastructure as it changes 2. Policy changes/updates 3. Detection and alerts of non-compliant policies and data flows 18

  19. Cloudvisory is: Consistency and Compliance Cloud-Native Security Platform for Hybrid, Multi-Cloud Hybrid/Multi-Cloud Security Policy P P 1. Automated security policy provisioning Project A Policy Project B Policy 2. Granular Policy Micro-Segmentation 3. Real-time policy & flow monitoring for compliance 4. Enforcement and Automated remediation of violations P Project C Policy WEB TIER DB TIER APP TIER WEB Policy APP Policy DB Policy PCI Policy 19

  20. Cloudvisory Security Platform Value Reduce human middleware/lower costs Rapid change management/speed up operations Harden security Thwart nation state hackers 20

  21. Cloudvisory Security Platform Demo Hybrid & Multi-Cloud Security Intelligence • Control • Compliance 21

  22. Better Cloud Security through Automation Cloudvisory Security Platform 1. Simplifies : Singular Interface for Cloud-Native Policy Automation across providers 2. Discovers and Visualizes: multi-cloud infrastructures, Context, data flows and critical security violations 3. Automates : Provisioning & rapid change management of policy and micro-segmentation of workloads 4. Compliance: Real-Time monitoring of flows and policies for Compliance & Enforcement 5. Cross Discipline : Manages multi-tenant environment. Role-based solution for use by Dev/Ops, Security and Business 22

  23. Functional/Architectural Requirements Realized Cloudvisory Security Platform Should leverage cloud native security controls Must not negate self service afforded to cloud users Must have minimal to no impact on workload performance Will scale with our cloud Must be highly available Installation and Upgrades can be automated with CI/CD tooling (e.g. Ansible, Puppet, etc.) Solution should not hinder ability to upgrade Hypervisor or OpenStack Role based access control (RBAC) for separation of duties Should provide an API for integration with existing systems 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Controlling Overestimation Bias with Truncated Mixture of Continuous Distributional Quantile

Controlling Overestimation Bias with Truncated Mixture of Continuous Distributional Quantile

Controlling Overestimation Bias with Truncated Mixture of Continuous Distributional Quantile Critics Arsenii Kuznetsov 1 Pavel Shvechikov 1,2 Alexander Grishin 1,3 Dmitry Vetrov 1,3 1 Samsung AI center, Moscow 2 Higher School of Economics,

559 views • 53 slides
Controlling Fairness and Bias in Dynamic Learning-to-Rank ACM SIGIR 2020 Marco Morik * ,

Controlling Fairness and Bias in Dynamic Learning-to-Rank ACM SIGIR 2020 Marco Morik * ,

Controlling Fairness and Bias in Dynamic Learning-to-Rank ACM SIGIR 2020 Marco Morik * , Ashudeep Singh * , Jessica Hong , Thorsten Joachims TU Berlin, Cornell University Dynamic Learning-to-Rank +1 +1 +1 +1 +1 1 2

224 views • 20 slides
Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst

Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst

Remarks on Auditing, Regulatory Auditing and Regulatory Auditing Strategy Prof. Dr. Horst Frankenberger University of Applied Sciences Lbeck SG 4: Auditing - Lbeck 16.09.2002 1 Remarks on Auditing, Regulatory Auditing and Regulatory

305 views • 16 slides
#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for Fast, Reliable Results Rick Smith, Senior Product Manager Jimmy Rabon, Senior Product Manager #MicroFocusCyberSummit Automation Static Analysis

583 views • 22 slides
in Italy: Can XBRL Give a Good Help? Andrea Fradeani Michela Soverchia Associate Professor of

in Italy: Can XBRL Give a Good Help? Andrea Fradeani Michela Soverchia Associate Professor of

41 st World Continuous Auditing and Reporting Symposium Artificial Intelligence in Accounting and Auditing: Now for Real Universidad de Huelva, Spain November 9-10, 2017 Improving Public Financial Management in Italy: Can XBRL Give a Good Help?

273 views • 15 slides
Toward Continuous SAGE How to Interrupt and Migrate Dynamic Test Generation Mehdi

Toward Continuous SAGE How to Interrupt and Migrate Dynamic Test Generation Mehdi

Toward Continuous SAGE How to Interrupt and Migrate Dynamic Test Generation Mehdi Bouazizs End -of-Internship talk Joint work with Ella Bounimova (mentor), Patrice Godefroid (MSR), David Molnar (MSR) and Eric Jarvi (Office) Security is

428 views • 20 slides
Dynamic Programming Algorithms for Planning and Robotics in Continuous Domains and the

Dynamic Programming Algorithms for Planning and Robotics in Continuous Domains and the

Dynamic Programming Algorithms for Planning and Robotics in Continuous Domains and the Hamilton-Jacobi Equation Ian Mitchell Department of Computer Science University of British Columbia research supported by the Natural Science and

943 views • 72 slides
Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1

Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1

Auditing Chapter 25 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 25-1 Outline Overview What is auditing? What does an audit system look like? How do you design an auditing system? Auditing mechanisms

1.4k views • 88 slides
S P H E R A Controlling networks while maintaining resilience Baruch Barzel 1 Challenges 5.5

S P H E R A Controlling networks while maintaining resilience Baruch Barzel 1 Challenges 5.5

S P H E R A Controlling networks while maintaining resilience Baruch Barzel 1 Challenges 5.5 10 7 People affected 10 2 Fatalities 6 10 9 USD in damages 2 Structure vs. dynamics Structural perturbation (component failure) Dynamic

375 views • 20 slides
THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with

THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with

16/11/2012 THE AUDITING OF SOCIAL ACCOUNTS SOME GENERAL CONSIDERATIONS INDEPENDENT AUDITING (with certification) OF SOCIAL ACCOUNTS A DEBATE (CONSIDERING IN THIS CASE ONLY ITALY): A) ONLY VOLUNTARY B) COMPULSORY BY LAW 1

322 views • 7 slides
IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting

IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting

IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting the and controlling the based on the Outline: 1. Overview 2. Controlling the ALU 3. Controlling multiplexors and register writes 2

482 views • 15 slides
Auditing in the Public Interest Auditing in the Public Interest Victorian Government

Auditing in the Public Interest Auditing in the Public Interest Victorian Government

Victorian Auditor-Generals Office Auditing in the Public Interest Auditing in the Public Interest Victorian Government Solicitors Office Seminar 30 May 2007 Des Pearson - Auditor-General 1 Auditing in the Public Interest Personal

352 views • 20 slides
INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing

INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing

INNOVATIVE SOLUTIONS MEETING EXPECTATIONS Locations & Projects Auditing Auditing and assurance plays a crucial part of ensuring the safety and integrity of any diving system as well as ensuring safe and efficient diving

185 views • 14 slides
Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2

Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2

1 Dynamic Neural Turing Machine with Continuous and Discrete Addressing Schemes arXiv:1607.00036v2 [cs.LG] 17 Mar 2017 Caglar Gulcehre 1 , Sarath Chandar 1 , Kyunghyun Cho 2 , Yoshua Bengio 1 1 University of Montreal, name.lastname@umontreal.ca

497 views • 24 slides
Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives

Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives

Why Data Auditing is Important Arizona State Public Health Laboratory April 2019 Objectives Define data auditing Explain the importance of data auditing Data Auditing What does data mean to you? What is data auditing? When

648 views • 33 slides
Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of

Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of

Auditing : the good, the bad and the ugly A. Feinberg 14 Sep 2017 1 I must pay a debt of gratitude to DeWitt Beeler, who in an article published in the 1999 May Issue of Quality Progress provided me with a fresh look at auditing and

557 views • 41 slides
Ontology Domain (world) = a network of states S4 S3 S6 S2 S1 S 7

Ontology Domain (world) = a network of states S4 S3 S6 S2 S1 S 7

Control In Data In Data Out Functional Core Meta data Out Meta data In Control Out Contextor: a Computational Model for Contextual Information Jolle Coutaz, Gatan Rey CLIPS-IMAG, Universit Joseph Fourier, Grenoble, France James L.

508 views • 17 slides
April, 2011 1 Cautionary Statement Certain statements herein may contain forward-looking

April, 2011 1 Cautionary Statement Certain statements herein may contain forward-looking

April, 2011 1 Cautionary Statement Certain statements herein may contain forward-looking information within the meaning of applicable securities laws. Forward-looking information appears in a number of places and can be identified by the use of

624 views • 24 slides
Ramgopal Subramani VP Engineering Perfios Software Lets Manage Money Better 1 On On-dem

Ramgopal Subramani VP Engineering Perfios Software Lets Manage Money Better 1 On On-dem

Ramgopal Subramani VP Engineering Perfios Software Lets Manage Money Better 1 On On-dem demand and self lf-se servic rvice e Ub Ubiq iquit uitous ous network rk access ss Locatio ion n in indepen penden dent t resource

552 views • 26 slides
For personal use only Corporate Presentation 2013 Annual General Meeting 21 November 2013 Two

For personal use only Corporate Presentation 2013 Annual General Meeting 21 November 2013 Two

For personal use only Corporate Presentation 2013 Annual General Meeting 21 November 2013 Two High Impact Opportunities Enterprise is currently exploring gold and base metal projects in WA, targeting VMS and For personal use only

670 views • 24 slides
Investor Presentation CIMB ASEAN Corporate Day 2017 Bangkok, Thailand 18 January 2017 Mermaid

Investor Presentation CIMB ASEAN Corporate Day 2017 Bangkok, Thailand 18 January 2017 Mermaid

Investor Presentation CIMB ASEAN Corporate Day 2017 Bangkok, Thailand 18 January 2017 Mermaid Maritime Plc Delivering a World Class Service to the Region from within the Region Disclaimer This presentation has been prepared by Mermaid

477 views • 44 slides
TUCSON AMA OVERVIEW OF APW-IGA MULTI-DAY TEACHER ENGINEERING ACADEMY EXPANSION OF

TUCSON AMA OVERVIEW OF APW-IGA MULTI-DAY TEACHER ENGINEERING ACADEMY EXPANSION OF

ARIZONA PROJECT WET TUCSON AMA OVERVIEW OF APW-IGA MULTI-DAY TEACHER ENGINEERING ACADEMY EXPANSION OF EXISTING STUDENT OUTREACH PROGRAMS EQUIPMENT LOAN PROGRAM UNDERWATER ROBOTICS & ENGINEERING DESIGN ACADEMY DURING THE

512 views • 11 slides
Building Solutions for the Energy Industry Alain Marion, SVP Innovation & Technology Laurent

Building Solutions for the Energy Industry Alain Marion, SVP Innovation & Technology Laurent

Building Solutions for the Energy Industry Alain Marion, SVP Innovation & Technology Laurent Decoret, VP Technology Development Investors Group Meeting, Rueil-Malmaison, France, October 4, 2013 Emergency exits 2 Safe Harbor T his

834 views • 39 slides
5G V2X The automotive use-case for 5G Dino Flore 5GAA Director General WWW.5GAA.ORG WHY

5G V2X The automotive use-case for 5G Dino Flore 5GAA Director General WWW.5GAA.ORG WHY

5G V2X The automotive use-case for 5G Dino Flore 5GAA Director General WWW.5GAA.ORG WHY According to WHO, there were about 1.25 million road traffic fatalities worldwide in 2013, with another 20 50 million injured or disabled through

645 views • 15 slides

More recommend