eBooks/eGuides

CHAPTER 2 Security Challenges in Hybrid Clouds 21 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Many cloud security offerings are merely virtualized versions of port- and protocol-based security appliances, delivering the same inadequacies as their physical counterparts. Major business requirements for cloud security include: » Preventing threats » Scalability and automation » Keeping pace with the business Preventing threats has become more difficult in the past several years. Basic attacks on infrastructure have given way to multi- vector, application-borne, sophisticated attacks that are stealthy, profit-driven, unwittingly aided by enterprise users, and in many cases, polymorphic. The level of organization associated with the development of these threats is also unprecedented. Regulatory and compliance requirements — such as the Pay- ment Card Industry's (PCI) Data Security Standards (DSS), U.S. healthcare mandates like the Health Insurance Portability and Accountability Act (HIPAA), and privacy regulations like the European Union (EU) General Data Protection Regulation (GDPR), Australian Privacy Principles, and the California Consumer Pri- vacy Act (CCPA) — are pushing network segmentation deeper into organizations generally, and into data centers and cloud environ- ments specifically. Finally, needless complexity can introduce integration issues, outages, and latency. Keeping the data center and hybrid cloud design and architecture as consistent as possible is essential to improving performance, availability, manageability, and security. The Dynamic Nature of Modern Threats The modern threat landscape is constantly evolving, and many sophisticated new threats have emerged in recent years. Email and web browsers are still the main attack vectors today, with malicious content either attached or downloaded as an execut- able or macro-based file. The malicious use of remote access applications is another significant attack vector. Threats that directly target applications can pass right through the major- ity of enterprise defenses, which have historically been built to

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA