Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Alestra Maipark 2017 Old

    Încărcat de

    endahnuftapia
    40 vizualizări25 pagini

    Titlu original

    Alestra-Maipark-2017-old.ppt

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    40 vizualizări25 pagini

    Alestra Maipark 2017 Old

    Încărcat de

    endahnuftapia

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 25

    Pengamanan

    Sistem Informasi
    & Datacenter

    Alestra @ 2017
    Jl Pejompongan Dalam 31 Jakarta
    eMail : info@alestra.co.id
    www.alestra.co.id
    ALESTRA Overview
    ALESTRA adalah kelompok usaha,
    didalamnya antara lain PT Aldy
    Berkah Sejahtera & PT Inovasi
    Sistem Teknologi (INSIST),
    perusahaan ini bergerak di bidang
    layanan Solusi Sistem Informasi,
    fokus : Infrastruktur, IT Security &
    Data Center

    Costumer Existing :
     Government : Kemenperin, BPPT, LPDB, BKN, BPS, PLN, Perpusnas RI, Kemenristek
     Military : Mabes TNI, TNI-AL, UnHan, KemenHan, Polri, Polhukam
     Law & Enforcement : KPK, Ombudsman, PPATK … etc
    Agenda

    -1. Infrastruktur Data Center


    - Hyper Converged Infrastructure (HCI)

    -2. Security Controls


    - Previlaged Access Management (PAM)

    -3. Security Operation Center (SOC)


    - Network Forensics - for Packets
    - Vulnerability Management (VM)
    - End to End Security - TDL
    Network, Security
    & Data Center
    Why HCI ?
    Hyper Converged Infrastructure (Sangfor - HCI)
    Traditional IT Transformation Challenges
    Small Enterprise Customers

     Still running physical  With only server virtualization

    o Low resource utilization o Complicated network provision

    o Insufficient data protection o Insufficient east-west protection

    o Complex management o Complex IT management

    o Huge power & space consumption o Professional skills required

    o … o …

    VM Provisioning VLAN Configuration on VLAN Configuration Security Configuration on


    Physical Switch on vSwitch Connection Test Repeat
    Physical Firewall
    Solusi : Sangfor HCI

    Firewall
     Simple
    WAN-Opti

    Switch/Router
     Agile
    ADC

    Servers IP Switch
     Flexible

    HCI
     Secure
    Storage Network

     Cost-saving

    Storages
    Sangfor HCI is the Best Practice of
    “Software-Defined IT”

    3rd Phase of HCI

    2nd Phase of HCI

    1st Phase of HCI

    Compute Storage Network Security


    1 Server = 1 Micro DC

    Security

    Storage Network

    Server
    Unified UI Controller
    Security Controls
    Previlaged Access Management (CA - PAM)
    What can you do to address the threat ?
    Prevent breaches by protecting administrative
    credentials, controlling privileged user access, and
    monitoring and recording privileged user activity across
    the hybrid enterprise.

    Break the Attack Kill Chain with Privileged Access Management (PAM)

    Prevent Limit Privileged Monitor, Record &


    Unauthorized Escalation Audit Activity
    Access
    • Strong authentication • Command & socket filtering • Session recording & monitoring
    • Login restriction • Zero trust – deny all, permit by • Activity logging & auditing
    • Automated behavior analytics and exception • SIEM integration
    threat detection • Proactive policy enforcement
    CA Privileged Access Manager
    Privileged Account Management for the Hybrid Enterprise

    HYBRID ENTERPRISE
    Traditional Data Center Software Defined Data Center Public Cloud - IaaS SaaS Applications

    Mainframe, Windows, Linux, Unix, Networking

    Enterprise Admin Tools SDDC Console and APIs Cloud Console and APIs SaaS Consoles and APIs

    A New Security Layer - Control and Audit All Privileged Access


     Vault Credentials for Users and Apps  Role-Based Access Control
     Centralized Authentication  Monitor and Enforce Policy
     Federated Identity  Record Sessions and Metadata
     Privileged Single Sign-on  Full Attribution

    Unified Policy Management

    CA Privileged Access Manager


    Identity Integration Enterprise-Class Core

    Hardware Appliance OVA Virtual AWS AMI


    Appliance
    Vault & Manage
    Credentials

    Positively
    Authenticate Users

    Restrict Access to
    Authorized Systems

    Federate Identity and


    Attributes (SSO)

    Monitor and Enforce


    Policy

    Record Sessions
    and Metadata

    Attribute Identity for


    HYBRID CLOUD ENVIRONMENT

    Shared Accounts
    Integrated Controls and Unified Policy Management
    Public Cloud

    Private Cloud

    Traditional Data Center


    CA Privileged Access Manager in action
    SOC
    Security Operation Center : RSA , Qualys, McAfee
    Komponen SOC
    Networking - Perimeter Defense – DC :
    FW, IPS/IDS, EndPoint, Router, Switch, Server,
    Storage, Sandboxing, DLP, etc

    Jaringan
    LOG Forensik

    SIEM VM

    SOC
    Dashboard &
    Management
    People – Process – Technology
    Network Forensic (for Packets)
     Metode menangkap,
    menganalisa & identifikasi
    penggunaan jaringan untuk
    menemukan sumber
    pelanggaran / masalah
    keamanan sistem informasi,
    sehingga dapat dibuat
    mekanisme deteksi dan
    pencegahan untuk
    meminimalisir kerugian.
     Memiliki kemampuan
    rekontruksi kejadian semua
    aktifitas lalu lintas data pada
    jaringan, sehingga investigasi
    dapat dilakukan dengan
    melihat kembali serta
    menganalisa kejadian yg telah
    terjadi di masa lalu.
    Netwitness RSA
    • Komponen Utama Netwitness RSA for Packets :
    – SA-Head (Interactive threat analysis, locally capture live traffic and
    process packet traffic) : Melakukan analisis terhadap session secara
    interaktif, mulai layer 2 sampai 7, packet traffic yang ditangkap tsb akan
    ditampilkan dalam bentuk yang mudah dimengerti user (rekonstruksi),
    seperti : web, email, file, chat, suara, dsb.
    – Concentrator (Aggregates and indexes metadata in real-time) : Didesign
    menghasilkan metadata dari packet traffic yang ditangkap Decoder, selain
    itu Concentrator juga mengumpukan (aggregation) dari beberapa Decoder
    untuk menghasilkan visibilitas yang menyeluruh didalam suatu organisasi.
    – Decoder (Network Capture, Processing and Data Storage) : Komponen
    yang akan menerima seluruh packet traffic dalam jaringan, selanjutnya
    Decoder akan secara real time melakukan re-assembly packet traffic tsb,
    sehingga terbentuklah informasi yang asli dan mudah dibaca oleh user.
    Vulnerability Management
    The BAD guys are IN already

    PROTECTION is not good enough anymore. The Industry


    needs to focus on DETECTION and CORRECTION
    Complete Protection From Endpoint to Network
    Adapt and Immunize—From Encounter to Containment in Milliseconds

    Gateways block access based on endpoint convictions

    SIA Partners McAfee McAfee SIA Partners /


    / 3rd Parties NSP Web Gateway 3rd Parties
    McAfee
    Global Threat
    Intelligence
    McAfee McAfee
    TIE Server ATD

    3rd Party Proactively and


    Feeds efficiently protect
    your organization as
    soon as a threat is
    revealed

    Data Exchange Layer


    Security
    components
    operate as one
    to immediately
    share relevant
    data between
    McAfee McAfee endpoint, McAfee McAfee
    ePO ESM gateway, and VSE Threat VSE Threat
    other security Intelligence Module – Intelligence Module –
    products Servers, Virtual, DLP EndPoint Sec.
    TDL : Threat Defense Lifecycle
    Terimakasih

    S-ar putea să vă placă și