SafeMedia HaloNS Network and Application Layer Security for Cloud

SafeMedia

Hybrid/Public Cloud Security

Cloud Service revenue is presently at $127B annually and rapidly growing Medium, large corporations, and governmental agencies still dominate the Cloud scene Cloud Computing is still considered a No-Mans land Security concerns are mentioned at every Cloud and Virtualization conference Cloud Security has yet to be assessed, standards are lax, and best practices have yet to be established Application communication has dominated Cloud traffic Malicious threats are focusing on attacking applications and not infrastructure in the Cloud There aren't any Cloud Security providers, and those who are trying only cover physical or virtual interfaces, ignoring application communication SafeMedia fills this gap, and offers Systems Wide infrastructure and application security coverage in Virtual Private, Hybrid and Public Clouds

SafeMedia HaloNS Cloud Security

IDPS monitoring system within Private/Hybrid/Public Cloud offerings
Passive IDS monitoring Active in-line/in-band IPS choke points

Granular controls that provide application layer security with Down to the Bit forensic drilldown capabilities Protects Cloud deployments against the traditional and the new generations of threats and vulnerabilities Enables high-value, high-risk Cloud application deployments Mitigating risk associated with applications in Private/Hybrid or in the Public Cloud Attack recognition beyond simple signature matching Dropping of malicious sessions as opposed to simple resetting of connections Deployment of dedicated hardware that can operate at "wire speeds".

How? SafeMedia Private/Hybrid/Public Cloud Security

Multi engine multi vector detection engines with 11 specialized preprocessors dedicated to targeted applications servers Over 45,000 Rules and counter measures in 87 different application groups Cloud aware, encapsulating cloud infrastructure and applications as an extension to internal networks Flexible engine configuration supporting multi-mode operations: alert mode or block mode User selectable rules activation with ability to alert or block Rules counter measures updated every 3 hours. Cloud and security in a box need the cloud stack Single Pane of Glass monitoring and management GUI

HaloNS Network and Application Layer Security

Network and Application Layer Security Coverage
IDPS Solution covering all communication through seven Layers of the OSI Model Instances in Private/Hybrid/Public Clouds are covered before going LIVE

Dedicated environment for Cloud Deployments Secure Private/Hybrid/Community/Public Cloud Environments Ironclad security protocols in Private and Public Cloud Deployments Single Pane of Glass Element Management and Security Procedures Autonomous protection of all Cloud scenarios

HaloNS Network & Application Layer Security Coverage

Application Layer (7) Presentation Layer (6) Session Layer (5)

Network and Application Layer Security

Transport Layer (4)

Network Layer (3)

Data-Link Layer (2) Physical Layer (1) Network Layer Security Competitive Protection

SafeMedias HaloNS Integration Hooks into the Key Orchestration

Injects hooks into orchestration flows

Hooks into the Automation tool-sets

Coverage to virtual devices, before they go live

Hooks into the Application Stack

Capture the virtualized identifiers of virtual applications

Hooks into the CMDB repository

Capture or recycle identifiers from instantiated or de-instantiated virtual/physical inventory

SafeMedias HaloNS Application Layer Security Host Orchestration and Automations Stacks integrated with SafeMedia HaloNS Application Dedicated environment Cloud Deployments Secure Private/Hybrid/Community/Public Environments Ironclad security protocols in Private and Public Cloud Deployments Single Pane of Glass Element Management and Security Procedures Autonomous protection of all Cloud scenarios

Network and Application Layer Security

SafeMedias HaloNS Architecture

Security

SafeMedia Cloud Security Methodology Interrogates incoming and outgoing traffic through virtual infrastructure and enterprise application or offerings Interrogates, not just physical/virtual instance packets, but also application communication Monitors outgoing network traffic to detect and prevent unauthorized transfer of data Records threats, and intrusions by storing Forensic Packet data, for use later in prosecuting offenders

Security Through Encapsulating The Instance

Cloud Stack HaloNS Detailed Architecture

Private/Hybrid Cloud Security Architecture

Operating Models Class of Services

Enterprise Architecture & IT Governance

Build

Portfolio Management

Governance Frameworks Security Governance HALSNS Strategy & Balance Scorecards

EA Core Diagrams

Consullt

IT Services Data Center Service Orchestration

Operate

Improve

Dynamic Scheduling

Autonomous Computing Workload Management

Security Authentication and Auditing

Dynamic Provisioning Autonomous HALSNS

Design

Management Interface (Security Integration HALSNS)

HaloNS Application Layer Security (HALSNS)

Operations Console (Security View HALSNS)

Discovery Automated Provisioning Performance Management Self Service Portal App TCO Model

System Level Automation

Public Service Provider Integration & Service Transfer Capacity Management Security Protocols HALSNS Billing Subscription Partitioning Clustering

Tooling
Deployment Testing

Metering

Utility Computing
Scheduling

Unit Cost of IT
File Virtualization Block/Device Virtualiztion Application Delivery Application Security HALSNS Block Storage File Storage

On Demand Routing

Virtualization Layer

Network Virtualization Network Security HALSNS Message Fabric End Point Devices

Server Systems

HALSNS

DBMS App Server

Network

Technology Resources

HaloNS Use Case

Theory: To be able to instantiate virtual instances in the Public Cloud (Amazon EC2) To capture identifier of containers To capture identifier of the virtual instances Capture any changes in virtual instance identifiers HaloNS recognizes devices as internal infrastructure without a direct L2 VPN established Instantiates coverage of that inventory

HaloNS Proof of Concept Cloud Security

We created 2 virtual instances in the Public Cloud (Amazon EC2), and a Beanstalk instance of Tomcat Captured identifier of containers and internal addresses Captured identifier of the virtual devices HaloNS recognized devices as internal infrastructure without a direct L2 VPN established We started seeing packet flow through HaloNS Instantiated DOS attacks, installed torrents, injected Trojans, and opened up all ports in firewall rules Rule Apply to TCP Default: 0.0.0.0/0 open all ports Captured all attacks, internal and external to the instances, even attacks that weren't launched by us, for reference material contact Jonathan Spindel @ jonathan.spindel@safemedia.com (954) 562-9601

SafeMedia HaloNS SPECS Targeted based processors DNS servers SMTP servers HTTP_SERVERS sql servers telnet servers ssh servers Intelligent Behavior Library Non-Collision Hash Tables

SafeMedia HaloNS SPECS Targeted Based ports Targeted Based ports for HTTP Targeted ports you want to look for SHELLCODE Targeted ports you might see oracle Targeted ports you want to look for SSH

SafeMedia HaloNS SPECS Target Rule and counter-measures Groups: Kernel engine: 7,320 rules and counter- measures Protocol behavior libraries Non-collision hash tables

SafeMedia HaloNS SPECS User Engine Total + 45,000 Rules and counter measures
activex attack-responses backdoor bad-traffic icmp-info blacklist icmp_info botcc map botcc-BLOCK inappropriate botnet-cnc info chat malware Cia/A rmy misc smtp compromised mobile_malware snmp compromised-BLOCK multimedia specific-threats content-replace Priority: Enable Disable: mysql spyware-put current_events netbios sql ddos nntp telnet dns oracle tftp dos other-ids tor drop p2p tor-BLOCK drop-BLOCK phishing-spam trojan dshield policy user_agents dshield-BLOCK pop2 virus experimental pop3 voip exploit rbn web-activex file-identify rbn-BLOCK web-attacks finger rbn-malvertisers web-cgi ftp rbn-malvertisers-BLOCK web-client games rpc web-coldfusion icmp rservices web-frontpage scada web-iis scada_special web-misc scan web-php shellcode web_client web_server web_specific_apps worm x11

For Proof of Concept Documentation

Please Contact Jonathan Spindel SafeMedia Executive Vice President of Engineering jonathan.spindel@safemedia.com Main: (888) 235-7260 Direct: (561) 288-1142 http://www.SafeMedia.com