Protect Your Modern Data Center

0:05 but i'm good at talking that's what

0:07 you'll find out

0:09 whether or not anything i say is true

0:11 okay

0:12 but just to start out with you know

0:14 what's happening in the world today like

0:15 why is anybody here why does security

0:17 matter and if you look at how the world

0:20 is starting to change you think about

0:22 you know how are things changing we know

0:24 that there's you know 35 percent year

0:26 over year in creation adoption of cloud

0:28 services what does that actually mean

0:30 though means that your application

0:31 architectures are changing right to take

0:34 advantage of all of the new

0:37 kind of things and innovations that are

0:38 happening so you have elastically

0:40 scalable services elastic there we go

0:43 thank you

0:44 elastically scalable services that are

0:46 resilient that are scalable right

0:49 they're repeatable so you want to use

0:50 code you know you can reuse code 80 of

0:53 the time you just change that little 20

0:55 you want things that are repeatable

0:56 reliable but what about security

0:59 security has to really be part of that

1:01 and if you look at the complexity of

1:02 networks

1:04 complexity of say your cloud

1:05 infrastructure complexity of security

1:08 all of those gaps in visibility cause

1:10 risk to the business in general because

1:13 there's so many things how do you

1:15 actually start to pull it all together

1:17 and while convergence sounds like a

1:18 great idea convergence often means that

1:21 there is more complexity being built in

1:23 so you really need to start to have end

1:25 in visibility and then we can talk about

1:27 right cyber attacks you can name a

1:29 million stats everybody getting here is

1:32 hopefully fairly aware well aware

1:35 of kind of the threat landscape the

1:36 different types of attacks out there if

1:38 you look at the latest say verizon data

1:41 breach report

1:42 the number one reap

1:44 breach vector there we go this last year

1:46 was web applications

1:48 because a web application is open to the

1:50 internet so number one is web

1:52 applications number two email again

1:54 because it's directly open to the

1:56 internet you need that traffic coming in

1:58 to be able to get mail to be able to get

2:00 users to connect to your applications so

2:03 you can close it off to the world right

2:05 you need everybody to be able to get in

2:07 and so if you look at other statistics

2:08 you have you know 80 of the assets that

2:10 were breached they were servers

2:12 of that 15

2:15 from last year right up to 55

2:17 of those specifically were application

2:19 servers so how do you really deal with

2:21 all of these changes deal with changes

2:23 in the threat landscape as your

2:24 application architecture really start to

2:26 change

2:27 well if you think about a data center

2:29 right that's the whole point of this

2:30 talk is to talk about security in the

2:32 data center what is a data center a data

2:35 center is there to host applications to

2:37 host services and to host your data but

2:39 if you look at how things are changing

2:41 right

2:43 applications and well more

2:45 the services right services you would

2:47 host in your own data center say for

2:48 your end users exchange anybody running

2:51 an exchange server ever

2:53 sharepoint i was a sharepoint admin

2:56 reformed

2:57 they were a huge pain and so a lot of

3:00 the services you could run yourself and

3:02 you should sit in your data center they

3:04 have been satisfied right microsoft now

3:06 offers it as a service and it's much

3:08 easier to buy it from them let them run

3:10 it because they are the masters right

3:12 and and the best experts in that

3:14 application itself so they run that

3:16 service

3:18 same thing with security services you

3:20 have things like sassy right you can now

3:23 run firewall as a service instead of

3:24 backhauling all of your traffic to your

3:26 own data center to then have a security

3:28 stack you let somebody else do that for

3:31 you right you can let juniper do it with

3:32 their sassy cloud right secure web

3:35 gateways with casby with dlp so you have

3:37 all of these services that you no longer

3:39 have to host in your own data center so

3:42 what does that leave in the data center

3:43 of tomorrow

3:44 applications that you are creating right

3:47 for your own end users

3:49 and data that the applications need to

3:51 access

3:52 but

3:53 one of the other big things if you think

3:55 about what does an application need it

3:56 needs processing power

3:58 it needs connectivity like at the core

4:00 you need those two things right for an

4:01 application to run

4:03 5g

4:05 makes hyper connectivity a lot more

4:06 possible so now we want to get

4:07 everything as close to the edge as

4:09 possible if you're my user i want that

4:11 data right and i want to process that as

4:13 close to you as possible and i'm going

4:15 to come over here and if you're my user

4:17 i'm going to process that data as close

4:19 to you as possible

4:20 5g right connectivity that really helps

4:23 make that possible what it does

4:25 is it spreads your data all over the

4:27 place and so from a security perspective

4:30 how do you deal with that right

4:33 you get my clicker here and so we think

4:35 about applications right again

4:37 applications and data are what we're

4:38 trying to secure here so if you think

4:40 about how application development has

4:42 changed over the years we go from 30

4:44 years ago where if you wanted to create

4:45 a new product you needed a lot of

4:47 specialty right you needed sometimes

4:50 months if not years to create a new

4:52 software product

4:54 and bring it to market nowadays you can

4:56 do that sometimes in weeks to days you

4:58 have an idea for an application you want

4:59 to make a mobile game sure go ahead

5:01 right you can do it pretty quickly if

5:03 you're smart enough

5:04 and you can get to market really easy

5:06 because guess what you can go get

5:07 compute power on aws or azure or gcp

5:10 right whoever gives you the best deal

5:12 whatever makes sense for the type of

5:13 application you're developing you can

5:15 get there faster so if you look at why

5:18 is anybody prioritizing

5:20 right modernizing their whole

5:22 application development program well one

5:24 of it goes down to different trends

5:25 right say the rise of remote working

5:28 everybody's working from home it's

5:30 important that it's nice that we're all

5:31 here in person right today but for the

5:33 last number of years we haven't been

5:35 able to be

5:36 so creating products that allow people

5:38 to connect to one another has become

5:39 hugely important which has drive

5:42 consumer demand right zoom

5:44 became huge in the very beginning of the

5:46 pandemic and so you see a rise in

5:49 competition of all of these different

5:50 kind of connectivity applications that

5:53 help the remote workforce because at the

5:55 end of the day being able to serve

5:57 things quickly to your users at a

6:00 reduced cost helps rate your business

6:02 so that's really the end goal for

6:04 anybody

6:06 in the business you want to be able to

6:08 provide growth with digital efficiencies

6:10 that help accelerate your kind of

6:12 digital transformation and on the

6:13 technical side that means you need to

6:15 deliver software at scale and velocity

6:19 so how do you do that

6:21 well you're going to start to change

6:22 your processes and you go from right

6:24 waterfall types of development methods

6:26 to agile to having more debt set ups

6:29 where you have combined teams that are

6:30 really trying to bank security to the

6:33 entire

6:34 right set up same thing with the upside

6:36 everything's kind of moving into the

6:38 development side you go from application

6:40 architectures that are monolithic pieces

6:43 of code running on a single physical

6:45 server to

6:47 virtualized services and now micro

6:50 micro services running on containers or

6:52 even serverless processes that start to

6:54 enable again the application so you can

6:57 get the reusability that you're looking

6:59 for

7:00 your infrastructure and hosting goes

7:02 from again single servers to a data

7:04 center to now the cloud that could be a

7:06 private cloud that could be a public

7:08 cloud and now even to multi-cloud where

7:10 a lot of companies are starting to go

7:12 and then lastly what does this have to

7:14 do with security well

7:16 how has our cyber security posture

7:18 changed over the years when you have

7:19 everything living on a single you know

7:22 bare metal server it's a lot easier just

7:24 to stick a firewall in front of it and

7:25 you're good to go

7:27 but as everything starts to spread out

7:29 you have more

7:31 distribution you start to add in tools

7:34 right that pull all of the data flows

7:35 together that give you visibility across

7:37 multiple points of connection and

7:39 multiple security tools and so you have

7:42 right sin and sore tools

7:44 that have been introduced and then

7:46 lastly we kind of get to today with zero

7:48 trust what does zero trust really mean

7:50 right

7:52 so if you think about what zero trust is

7:55 it's really about

7:57 not trusting anything right

7:59 i need to know what those assets are

8:04 and then create kind of micro perimeters

8:06 around each one that details out how are

8:08 workloads communicating with one another

8:11 how is the data being processed and

8:13 connecting to those workloads

8:15 who's connecting in is it that user

8:17 internally is it the developers that's

8:18 making changes or an operations person

8:20 who's maybe putting a new version of an

8:23 os on the server or is it right a device

8:26 and an end user that has no kind of

8:28 authentication coming in so you need to

8:30 know all of these kind of main assets

8:33 figure out what they are who they are

8:35 and then you create policies but that

8:37 becomes really again difficult at scale

8:39 with the amount of distribution so you

8:41 really need a lot of automation and

8:43 orchestration to help leverage right all

8:46 of the visibility and data you have

8:47 coming in from a million sources it's

8:49 not possible for one human being to kind

8:51 of understand all of that so being able

8:53 to pull all of that and have those

8:57 resources kind of give you interesting

8:59 insights that help you figure out how to

9:02 best secure all of your different assets

9:05 and so then of course how do you do that

9:09 well you can look at it from a couple

9:10 different key points right so the first

9:12 is kind of looking at your on-prem data

9:14 center your private cloud where you have

9:16 different devices running whether

9:18 they're physical servers virtual servers

9:20 devices right within their even work

9:22 logs

9:24 all of those are connecting into great

9:26 outside entities users coming in to

9:29 actually see the

9:31 applications

9:32 or also data now transiting right from

9:36 your private cloud to a public cloud and

9:38 from one public cloud to even another

9:40 public cloud so including all of that

9:41 together with visibility with analytics

9:44 with automation tools so that you know

9:46 always where are those data transactions

9:48 and where do your workloads sit to the

9:50 core

9:51 those are the two most important things

9:53 in your data center

9:56 so to be able to

9:58 sit down and start securing this looking

10:00 at what juniper can kind of do is we

10:02 kind of look at it from five main use

10:04 cases the first being your dc wan

10:06 gateway this is your tried and true

10:09 right firewalls who and what connect

10:11 into those resources that are being

10:12 hosted in your data center

10:15 right north south traffic control we got

10:17 it

10:19 then going into looking at how your

10:21 applications connect to connecting to

10:22 one another how is data being exchanged

10:25 between say your on-prem data center and

10:27 your cloud right

10:29 looking at then you know maybe you have

10:32 um some applications that are running in

10:34 your physical data center

10:36 connecting into a colo in equinix and

10:38 then gives you your cloud connect right

10:40 into aws and gcp so knowing that you

10:45 can not only get the visibility into

10:46 those data flows but you can actually

10:48 inspect them because you can no longer

10:49 trust them just because their internal

10:51 data flows between your kind of centers

10:53 of data doesn't mean you can

10:55 automatically trust them anymore trust

10:57 but verify what's in there right so

10:59 doing inspection there then going into

11:02 your intradc and public cloud really

11:04 you're looking at that east-west traffic

11:07 right that's flowing in between all of

11:09 these workloads how are you actually

11:11 getting visibility into it and looking

11:13 for attacks because again

11:15 there will be times where an attack gets

11:17 through obviously but how do you limit

11:19 that blast radius right creating again

11:21 those micro perimeters around the

11:23 smallest assets

11:25 possible in each one of your kind of

11:27 data centers

11:28 and how you do that in kind of your own

11:30 say private data center versus a public

11:32 cloud infrastructure same concepts but

11:36 how you do that because the constructs

11:38 start to change are you looking at say

11:40 creating you know virtual firewall

11:44 instances everywhere that have ips right

11:46 attached to them are you looking at how

11:48 do we do this with tags right in the aws

11:50 we have security tags or gcp or you can

11:53 use those but it's the same at the end

11:55 of the day it's the same kind of

11:57 idea but a little bit different how you

11:59 get there and then the very last piece

12:01 is workload protection how are you able

12:04 to actually find zero days within the

12:06 application workload itself looking at

12:09 how the code is executing in real time

12:11 and stopping just the malicious piece

12:14 from actually executing so that you know

12:16 that you can protect those internet

12:17 facing applications which are your most

12:19 vulnerable asset

12:20 [Music]

12:22 so if you look at how all of these kind

12:24 of come together you can see that you

12:26 have your key points of protection the

12:29 dc firewall within your gateway between

12:32 all of your kind of centers of data with

12:34 the dc internet connect and cloud

12:35 connect up into the public cloud a lot

12:38 of this is your north north south right

12:40 traffic inspection using tried and true

12:42 kind of methods with ipsec for secure

12:45 connectivity using appsec or idp right

12:48 to look for known vulnerabilities within

12:51 those traffic flows threat intelligence

12:53 being shared out everywhere and we do

12:55 that really well right things like idp

12:57 juniper has actually been doing it for

12:58 20 years collectively if you didn't know

13:01 and we do it really well if you look at

13:03 all of our third-party tests we come out

13:06 as the most effective vendor

13:09 for doing that like on a firewall but

13:11 beyond that

13:13 that'll get you part of the way there

13:14 but as you start to move into say the

13:16 public cloud

13:17 you can still use a vsrx a csrx sitting

13:20 again as that kind of north-south

13:22 gateway but how do you really start to

13:24 get again visibility where you're going

13:26 to lose it because the network doesn't

13:28 have everything

13:29 right

13:30 so what about between those workloads if

13:32 it's not transiting the network where a

13:34 firewall can see it you lose visibility

13:37 but now you have things like juniper

13:38 cloud workload protection that will give

13:40 you that last mile of visibility and

13:43 stop those threats as well

13:45 and then at the very top universe you

13:47 have things like after and security

13:49 director to pull it all together because

13:52 at the end of the day you have all of

13:53 these kind of perimeters you're creating

13:55 and you need something to help

13:56 orchestrate all of that together and

13:58 make sure that traffic not only flows

14:00 from one place to the other but is

14:02 inspected right for traffic

14:05 so we are able to give you kind of

14:07 segmentation across the network from the

14:09 network level to the workload level and

14:11 then even into the cloud using the right

14:13 kind of constructs that make the most

14:15 sense and give you the best visibility

14:17 with all of the elements of zero trust

14:19 built in from

14:21 edge all the way to the application

14:25 and the last thing i'll just stop on

14:27 here is if you think about how the world

14:28 is evolving right there are a lot of

14:31 different groups with different

14:32 directives you have security analysts

14:35 you have network operators and you have

14:37 developers that all have to work

14:39 together to make this infrastructure

14:41 work right your applications are hosted

14:43 on the network and secured by the

14:45 security team but if that model worked

14:49 and we have the best tech in the world

14:51 to say solve all these problems

14:54 we probably would have already done it

14:55 by now but it really takes people

14:57 working together and so

14:59 finding technologies that not only help

15:02 do the security help do the networking

15:04 help your developers

15:06 that's important but finding something

15:08 that actually helps them all work

15:09 together better

15:10 so

15:11 security is built into the network so

15:13 security is built into your development

15:15 life cycle is really one of the most

15:17 important things and changing the way

15:19 that we're doing it because

15:21 what we're doing today doesn't work all

15:23 that well when it comes to application

15:24 security you hear day after day how many

15:26 breaches there are how much money it

15:28 costs and there's a million statistics

15:30 you could bring up but

15:32 if there was a technology that fixed it

15:34 i think everybody would probably be at

15:36 that booth

15:38 so it's really about finding

15:39 technologies that give you kind of the

15:41 end-to-end visibility and help your

15:43 teams work together better to solve that

15:45 security issue

15:48 all right

15:49 and that's it any questions

15:58 [Applause]

16:02 thank you guys