 Good. All right. Hey, good morning. I'm really glad that I have an opportunity to chat at you. Hopefully you'll be able to chat back at some point later in presentation this morning. My name is Rich Eisenberg. I'm here with Nathan Randall and we're from a company called Cloud Visory. We're focused on hybrid, multi-cloud security, automation, and compliance enforcement. That is a mouthful that we're going to get into a demo today so that you can see exactly what we're talking about. While we focus on hybrid, multi-cloud, today we are going to be skewing towards OpenStack and you'll see how we can control, manage, and monitor and enforce security in OpenStack. I do want to call your attention to the fact that as much as I'm doing this demo here today, at 2.40 today in MR311, Jason Rualt, who has deployed this solution at Time Warner Cable, will be speaking about why he moved towards Cloud Visory and what the value is that he's getting out of the Cloud Visory platform. I hope you'll have a chance to attend that session as well. It'll be very informative to hear somebody speak about the business issues that they were facing that I won't have time to get to today. The way we look at the world is there's really two things. There is what we refer to as the data plane. Some people call this the infrastructure plane. What we've done is we've created a security management plane. You have this abstraction that is loosely coupled from the infrastructure to give you a way to manage, monitor, and control security very quickly in an automated fashion. What we do in total are the following, and I'm going to show you this in today's demo. Number one, we discover and visualize multi-cloud infrastructure. Their data flows, so their network data flows that are happening between the workloads here, you see this in the picture, and we also uncover any critical security violations. So we'll get into these red and green lines that you see here. You see the idea of an OpenStack project there at the top, or OpenStack environment, an account with projects, and we'll dig into that in more detail here. We do policy automation for these environments. So after we discover and visualize the environment, we actually automate the governance, provisioning, and rapid change management of that security policy. As you know in OpenStack, if I don't explicitly say what ingress and egress a workload can have, there's no communication happening to it. So this is a way to automate all of those controls and then monitor those controls. The next thing we do is granular policy micro-segmentation. This is a huge issue that remains just like it was in traditional data center. It remains in a public and private cloud. We have this issue of the east-west threat. A piece of malware gets into a workload, and then what does it want to do? It wants to travel east-west. We're able to detect, monitor, and shut those threats down, and one of the ways we do it is through this granular policy micro-segmentation. Next is this idea of compliance, and what we mean is we mean compliance enforcement. This is not just about audit. This is really about watching the environment with real-time monitoring, and if anything goes against the compliance state, we're going to alert and then actually enforce, meaning roll it back to the compliance state. So we stop the threat, and it deaden its tracks. And last, this is about cross-discipline use. It's about the ability to share a solution across business units and across IT teams so that we can visualize, secure, and control the environment. The value here is that you're going to see how we really reduce the human middleware side of this and lower costs. We take out a lot of manual effort. We take out a lot of scripting and coding that's required, and we deliver rapid change management and speed-up operations. So when I show you what we're doing, you'll see how this really has the ability to cut time and cost out of your environment, as well as ultimately harden security and thwart nation-state hackers. So what I'm going to do is just jump right into my desktop here, and I'm going to start off by talking about multi-tenancy. I'm going to show you how we can do what we do. Let me just get it started here. So I'm going to log in as a security administrator here. You're right away seeing the environment. If you look on the left side of the screen there, you'll notice that it is a hybrid environment, and this is the panel where we can actually control and visualize what's happening in the environment. So as a security administrator, I'm going to visualize this environment, and right away you see it's a hybrid environment. So it's got AWS resources, Azure resources, traditional data center. It's even got Kubernetes containers, and then, of course, an OpenStack environment. So as a security administrator, I can see the whole environment. I can see the projects that are sitting inside of this OpenStack deployment, even the workloads. And this gives me the ability to actually look at the policies, the actual flows that are happening for any particular workload. I'm viewing the connection details here for a workload. So this gives me a view into my environment. And I'm really just showing you this so I can give you the sense of multi-tenancy. I'm going to switch to a different user here, and you're going to see that the different user even has different controls. So you see where the cursor was swirling there. Now I'm going to log in as a different user here, and you'll see that they don't have the same controls. So this is built for multi-tenancy and RBAC controls so I can only see and do what I'm allowed to see. This user can only see AWS and Azure resources. So I've just exploded out that visualization. And then I can switch to yet another user here, and you'll see that with this user, I'm limited once again to only OpenStack and Kubernetes. And I think you get the point here. And lastly what I'm going to do is, you know what, I'm going to flip out of this. Stop that. And I'm going to now go to, I'm going to show you a workload discovery. So here the idea is I'm going to open up an OpenStack environment. I'm showing you that I am visualizing the projects. And inside of one of those projects, I've just uncovered that there's only one workload. So in that HRM project, there's only one workload right now. I'm going to run an orchestration script. Stop that. I'm going to run an orchestration script here. And I'm going to spin up a couple of new workloads. So I'm showing you an OpenStack as well. Everything that I do, I'm reading live from OpenStack. So now I'm just running a script that's going to spin up two more workloads. And then I'm going to go back to Cloud Visory and you're going to see how we immediately visualize those workloads. So in OpenStack, I'll refresh. And you'll see that there are two more workloads there in OpenStack. I'm going to go back and refresh the visualization in Cloud Visory. And now you'll see in that project two more workloads popped up. So this is how fast we can read the environment so we can visualize the most current deployment that you have. All right. And now I'm going to show you what is this all about? Once I've discovered the environment, what is this all about? When we go and deploy things, typically what's happening today is DevOps teams are using scripts to deploy the security controls. And oftentimes they make mistakes. And I'm going to show you what happens when there's a mistake. So here is a view of the environment. I'm just going to select. I'm going to multi-select a couple of objects here and show you how I can distill down the view. So I'm going to just view this environment. And here you see a project that has basically two tiers in it. You've got a web tier and a database tier. And I'm actually going to go run the application. You're going to see what happens when I actually run this little mini application. I go to access the database, access the order database, and it doesn't load. Well, what's wrong? Is it an application problem or is it a network flow problem? Well, in Cloud Visory we'll show you. Look, it's a network flow problem. Ah, stop that. OK. So here you see that there are no outbound rules that are going from the order app, the web tier to the database tier. There's no outbound security rules. So I can't talk to the database tier. Right, we've uncovered that, which is what that red line is showing you there. And what I'm going to do is I'm just going to turn this into policy. So I'm going to merely click on that dashed red line. I'm going to click to add policy. I'm going to do all the calculations that are required for both the web tier and the database tier. And I'm going to go and deploy those two open stack. These are open stack native security controls that I'm deploying. Right, that's it. I just did it. I'm going to go back out to the application now. I'm going to try to reload that page and access the database. And bam, it works. That's how critical controlling these security controls are. When I go back into Cloud Visor, you'll now see that data communication is a green line. So this is how critical these security controls are. Now you see there are the outbound rules. We provisioned those two open stack and now the application works. We also did this at both tiers. So we did the calculations that required for egress out of the web tier and ingress onto the database tier. Let me now show you this idea of policy violation and rollback. So here, we deploy security controls and now you'll see the application running. What happens if somebody mucks with the security controls? Let me show you what happens. I'm going to go into, so right now everything's running. Everything's green and good. The rules are there. You'll notice some port 80s on the left side of your screen there. And I'm going to go off into open stack as an administrator and I'm going to open up those security controls and I'm going to make a mistake or maybe I'm going to do it maliciously, either way. But I'm going to go in here and I'm actually going to drill into the rule set and I'm going to delete a series of available ports for these workloads and I'm just going to delete them. I don't know what I'm doing to the application. I don't get alerted that I'm hurting the application in any way. Now I'm going to go back to the little demo app and you're going to see once again that when I reload it, it won't load. Of course it can because there's no port 80s for the internet to get to the web page. I'll go back into Cloud Visory and you'll see that we've uncovered this as what we call an enforcement violation. And I'll drill into that enforcement violation. You'll see those port 80s that I removed. We've discovered that we've removed them. We rolled it back immediately and now what you'll see is that those port 80 security controls are right back in OpenStack. So we uncovered them in real time and now we go back to the app and bam, the app works again. So this is a very common problem, right? Administrator goes in, mucks with the security controls, now the application doesn't work. If you don't have a way of monitoring the environment and uncovering that this is what happened, your environment is just going to be broken until you triage it. But we uncovered it in real time and fixed it. Let me do the same idea with identifying a workload that's been attacked by malware. This is not, again, not an uncommon use case, just like in traditional data centers, this happens in OpenStack. So I'm just opening up the environment again, a series of projects and workloads. And what I'm going to do is run a script that attacks one of those workloads with a bunch of malware. And what you're going to see is we're going to uncover this as a series of dashed red lines. So the minute that malware starts scanning ports, there it is, right? So the malware just tried to scan those ports and we detect that as illegal action. It goes against a loud security policy. So deployed security groups in OpenStack say this is not allowed. We uncover it right away. And we're going to take an immediate action to protect the environment. So what we're going to do is quarantine that workload that's been attacked. And we're going to shut it down. You see all those outbound rules? There were seven outbound rules there. I'm going to click it into a quarantine state. Should I quarantine it? Yes. And what that does is it immediately wipes out all the outbound security rules in OpenStack so that that workload can't communicate outbound. That malware cannot now get out. The outbound rules are gone. So here we are, once again, protecting the environment so that if there is some kind of compromise to the compliance state, you're not at risk. And lastly, I'm going to show you how we do automated policy provisioning. So this is about actually managing the environment. I've just opened up a screen, a policy screen. You can set policy here in Cloud Visory. And again, while we're focused on OpenStack today, understand that when I create a policy here that policy can be deployed to AWS, Azure, OpenStack, Google Compute, anything that is part of your public and private Cloud, we can ultimately manage in this singular environment. So I'm going to create a PCI policy. This is used to dictate when a workload is allowed to speak to my underlying PCI environment. This is exactly the use case that Time Warner Cable will talk about later today. They wanted to control what workloads can touch the PCI-controlled environment. And so there are a series of inbound and outbound policies that are part of this policy definition. You'll notice right now there are no workloads here that are associated with that policy. So I'm just creating a policy that stands by itself. And what I'm going to do is deploy that policy. So you see series of inbound and outbound rules, no workloads. I'm going to go and show you two projects, a SAS project, no objects in it, an SAP project, no objects in it. I'm going to go out right now and run some orchestration scripts. And I'm going to spin up workloads that have a tag in them. And that tag says compliance equals PCI. It's just a key value pair. And as I spin up those workloads, Cloud Visory is scanning, discovering just like I showed you before, and he changes the environment. It not only uncovers the workloads, but it uncovers that it has this tag that dictates it should get the PCI policy. So now you see it's not empty. There are three workloads that are part of the SAP project. And look, it's immediately been provisioned the proper PCI controls. And you'll also see the tag. So now I'm in the SAP project. There's the tag that says PCI and the rules were automatically deployed. This is about policy automation to rapidly control and manage security in your environment so you don't get it wrong. Consistency of policy is one of the biggest reasons why attacks happen and why applications go down. Now what I'm going to show you here is how I alter the policy. Whoops. I want to just stop this for a second so you can see what I'm talking about here. So I'm adding a policy to this environment. So this PCI definition, I'm going to add a new policy definition for TCP and port 636. That's at the policy definition. I'm going to add that rule. And if you remember now, there were now six workloads that are part of that definition. They're immediately going to be updated in real time. I don't have to worry about consistency. I don't have to worry about going to a UI. I'm deploying all these into open stack security groups. I'm just now going to re-visualize the environment so that I can pull it back up. So here I'm just looking at the SAP and SAS projects. I'm going to pick on one of the workloads, and now when I open the rules, you'll see new 636 port that wasn't there before. Rapid change. I'm showing you three workloads. This could have been 10,000. We have environments with hundreds of thousands of workloads in them that need to be managed in this way. There's the 636 port there as well. So let me just summarize again what just happened there. You were looking at an environment where we made a policy definition. We had no workloads. We deployed a bunch of workloads. They had a tag that said compliance equals PCI. Cloud advisory read that the new workloads were there and discovered them. You saw that. And at the same time, it deployed the underlying security controls. We then changed that policy definition and all the underlying workloads were immediately updated. Incredibly powerful management and control. So let me just pop back here to the slide. And we have just a couple of minutes left. I want to see if you have any questions about what we just showed you. Between myself and Nathan up here, we'll hopefully be able to answer. Any questions or thoughts? So let me just summarize again. This is a singular interface that we offer up for a cloud native policy automation. So this is again across AWS, Azure, Kubernetes, Google Compute, VMware, OpenStack. So in one interface, we can control the security for these cross environments. We discover and visualize those whole environments. So all of the projects, the workloads, the data flows between those workloads, we discover and visualize it here so that we can uncover problems as they're happening in real time. We automate the provisioning of those native security controls. You saw us do rapid policy management, change control there, right? We changed in one place and deployed it out to six workloads that could have been 10,000 workloads and could have been workloads across environments. So you can have a PCI policy definition that is there for Azure and OpenStack and you change it in one place and we deploy it to any workloads that require that. And lastly, we're doing real-time compliance. So we're monitoring anything that we deploy from a security control perspective. We're monitoring it in real-time. And if anything changes, whether that's accidental or malicious, we're going to uncover that and we're going to roll it back to the compliance state. Okay? Just a few seconds left. Any thoughts or questions? The question was, what's our model? How do we charge? We're a subscription-based solution like cloud and we base it on workload. For us, workload would be virtual instance or container. Any other questions? All right, really thank you for your time. Hope you'll join Jason Rualt this afternoon at 2.40. He's from Time Warner Cable. He'll be talking about how and why he deployed the solution. And as well, we have a great event tonight at 5.30. Nita at the back there is handing out invitations. If you can join us, the whole technical team will be available to answer questions and talk about your environment then as well. Cheers, thank you.