Sunteți pe pagina 1din 25

Pengamanan

Sistem Informasi
& Datacenter

Alestra @ 2017
Jl Pejompongan Dalam 31 Jakarta
eMail : info@alestra.co.id
www.alestra.co.id
ALESTRA Overview
ALESTRA adalah kelompok usaha,
didalamnya antara lain PT Aldy
Berkah Sejahtera & PT Inovasi
Sistem Teknologi (INSIST),
perusahaan ini bergerak di bidang
layanan Solusi Sistem Informasi,
fokus : Infrastruktur, IT Security &
Data Center

Costumer Existing :
 Government : Kemenperin, BPPT, LPDB, BKN, BPS, PLN, Perpusnas RI, Kemenristek
 Military : Mabes TNI, TNI-AL, UnHan, KemenHan, Polri, Polhukam
 Law & Enforcement : KPK, Ombudsman, PPATK … etc
Agenda

-1. Infrastruktur Data Center


- Hyper Converged Infrastructure (HCI)

-2. Security Controls


- Previlaged Access Management (PAM)

-3. Security Operation Center (SOC)


- Network Forensics - for Packets
- Vulnerability Management (VM)
- End to End Security - TDL
Network, Security
& Data Center
Why HCI ?
Hyper Converged Infrastructure (Sangfor - HCI)
Traditional IT Transformation Challenges
Small Enterprise Customers

 Still running physical  With only server virtualization

o Low resource utilization o Complicated network provision

o Insufficient data protection o Insufficient east-west protection

o Complex management o Complex IT management

o Huge power & space consumption o Professional skills required

o … o …

VM Provisioning VLAN Configuration on VLAN Configuration Security Configuration on


Physical Switch on vSwitch Connection Test Repeat
Physical Firewall
Solusi : Sangfor HCI

Firewall
 Simple
WAN-Opti

Switch/Router
 Agile
ADC

Servers IP Switch
 Flexible

HCI
 Secure
Storage Network

 Cost-saving

Storages
Sangfor HCI is the Best Practice of
“Software-Defined IT”

3rd Phase of HCI

2nd Phase of HCI

1st Phase of HCI

Compute Storage Network Security


1 Server = 1 Micro DC

Security

Storage Network

Server
Unified UI Controller
Security Controls
Previlaged Access Management (CA - PAM)
What can you do to address the threat ?
Prevent breaches by protecting administrative
credentials, controlling privileged user access, and
monitoring and recording privileged user activity across
the hybrid enterprise.

Break the Attack Kill Chain with Privileged Access Management (PAM)

Prevent Limit Privileged Monitor, Record &


Unauthorized Escalation Audit Activity
Access
• Strong authentication • Command & socket filtering • Session recording & monitoring
• Login restriction • Zero trust – deny all, permit by • Activity logging & auditing
• Automated behavior analytics and exception • SIEM integration
threat detection • Proactive policy enforcement
CA Privileged Access Manager
Privileged Account Management for the Hybrid Enterprise

HYBRID ENTERPRISE
Traditional Data Center Software Defined Data Center Public Cloud - IaaS SaaS Applications

Mainframe, Windows, Linux, Unix, Networking

Enterprise Admin Tools SDDC Console and APIs Cloud Console and APIs SaaS Consoles and APIs

A New Security Layer - Control and Audit All Privileged Access


 Vault Credentials for Users and Apps  Role-Based Access Control
 Centralized Authentication  Monitor and Enforce Policy
 Federated Identity  Record Sessions and Metadata
 Privileged Single Sign-on  Full Attribution

Unified Policy Management

CA Privileged Access Manager


Identity Integration Enterprise-Class Core

Hardware Appliance OVA Virtual AWS AMI


Appliance
Vault & Manage
Credentials

Positively
Authenticate Users

Restrict Access to
Authorized Systems

Federate Identity and


Attributes (SSO)

Monitor and Enforce


Policy

Record Sessions
and Metadata

Attribute Identity for


HYBRID CLOUD ENVIRONMENT

Shared Accounts
Integrated Controls and Unified Policy Management
Public Cloud

Private Cloud

Traditional Data Center


CA Privileged Access Manager in action
SOC
Security Operation Center : RSA , Qualys, McAfee
Komponen SOC
Networking - Perimeter Defense – DC :
FW, IPS/IDS, EndPoint, Router, Switch, Server,
Storage, Sandboxing, DLP, etc

Jaringan
LOG Forensik

SIEM VM

SOC
Dashboard &
Management
People – Process – Technology
Network Forensic (for Packets)
 Metode menangkap,
menganalisa & identifikasi
penggunaan jaringan untuk
menemukan sumber
pelanggaran / masalah
keamanan sistem informasi,
sehingga dapat dibuat
mekanisme deteksi dan
pencegahan untuk
meminimalisir kerugian.
 Memiliki kemampuan
rekontruksi kejadian semua
aktifitas lalu lintas data pada
jaringan, sehingga investigasi
dapat dilakukan dengan
melihat kembali serta
menganalisa kejadian yg telah
terjadi di masa lalu.
Netwitness RSA
• Komponen Utama Netwitness RSA for Packets :
– SA-Head (Interactive threat analysis, locally capture live traffic and
process packet traffic) : Melakukan analisis terhadap session secara
interaktif, mulai layer 2 sampai 7, packet traffic yang ditangkap tsb akan
ditampilkan dalam bentuk yang mudah dimengerti user (rekonstruksi),
seperti : web, email, file, chat, suara, dsb.
– Concentrator (Aggregates and indexes metadata in real-time) : Didesign
menghasilkan metadata dari packet traffic yang ditangkap Decoder, selain
itu Concentrator juga mengumpukan (aggregation) dari beberapa Decoder
untuk menghasilkan visibilitas yang menyeluruh didalam suatu organisasi.
– Decoder (Network Capture, Processing and Data Storage) : Komponen
yang akan menerima seluruh packet traffic dalam jaringan, selanjutnya
Decoder akan secara real time melakukan re-assembly packet traffic tsb,
sehingga terbentuklah informasi yang asli dan mudah dibaca oleh user.
Vulnerability Management
The BAD guys are IN already

PROTECTION is not good enough anymore. The Industry


needs to focus on DETECTION and CORRECTION
Complete Protection From Endpoint to Network
Adapt and Immunize—From Encounter to Containment in Milliseconds

Gateways block access based on endpoint convictions

SIA Partners McAfee McAfee SIA Partners /


/ 3rd Parties NSP Web Gateway 3rd Parties
McAfee
Global Threat
Intelligence
McAfee McAfee
TIE Server ATD

3rd Party Proactively and


Feeds efficiently protect
your organization as
soon as a threat is
revealed

Data Exchange Layer


Security
components
operate as one
to immediately
share relevant
data between
McAfee McAfee endpoint, McAfee McAfee
ePO ESM gateway, and VSE Threat VSE Threat
other security Intelligence Module – Intelligence Module –
products Servers, Virtual, DLP EndPoint Sec.
TDL : Threat Defense Lifecycle
Terimakasih