Cupertino, California, United States
Contact Info
1K followers
500+ connections
Activity
-
This week we celebrated our 5 Year Anvilersary! To each team member, customer, and all 7K of you here on LinkedIn - thank you for being on this…
This week we celebrated our 5 Year Anvilersary! To each team member, customer, and all 7K of you here on LinkedIn - thank you for being on this…
Liked by Deb Banerjee
-
We are thrilled to welcome Andrew VanVleet, author of one of my fave TDR blogs, to Detection Engineering Dispatch! 🔥🔥🔥🔥🔥🔥🔥 Joining us…
We are thrilled to welcome Andrew VanVleet, author of one of my fave TDR blogs, to Detection Engineering Dispatch! 🔥🔥🔥🔥🔥🔥🔥 Joining us…
Liked by Deb Banerjee
-
We are excited to announce a significant change in our leadership team at minds.ai. Effective July 1st 2024 Itzik Gilboa will assume the role of…
We are excited to announce a significant change in our leadership team at minds.ai. Effective July 1st 2024 Itzik Gilboa will assume the role of…
Liked by Deb Banerjee
Licenses & Certifications
Publications
-
Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain
RSA 2015
SDN’s offer powerful mechanisms including micro segmentation and service chaining. This presentation shows how a system that combines exploit detection and indicators of compromise drive the automation for improved response to APT’s by orchestrating these technologies.
Other authorsSee publication -
The Agile Data Center – DC Security
Symantec
Symantec’s Deb Banerjee gives a rundown of the role Data Center Security plays in Transforming the Agile Data Center.
-
Vulnerabilities Arising From Misconfiguration in AWS Network Security Architectures
Symantec Corporate Blog
Configuration checks on infrastructure assets are a common feature of on-premise security programs. Tools for implement these checks discover assets(servers, applications etc), and have pre-built checks against those asset types. The checks may roll up into various internal IT or regulatory compliance standards (e.g. PCI, HIPAA). Similar capabilities need to be developed against cloud infrastructures. This includes the ability to model rich object relationships such as those defined in the AWS…
Configuration checks on infrastructure assets are a common feature of on-premise security programs. Tools for implement these checks discover assets(servers, applications etc), and have pre-built checks against those asset types. The checks may roll up into various internal IT or regulatory compliance standards (e.g. PCI, HIPAA). Similar capabilities need to be developed against cloud infrastructures. This includes the ability to model rich object relationships such as those defined in the AWS network security objects, and be able to rapidly query those object models for configuration vulnerabilities. We are working on extending our control compliance products to implement network security checks against AWS configurations.
-
The Virtualization Security Journey: Beyond Endpoint Security
VMworld
VMware vShield provides the security layer basic to integration of partner technology, enabling “better than physical” security services for the VMware virtual data center. Endpoint security is a critical foundation for the virtual data center and remains important in malware protection and hardening both virtual workloads and physical management servers. As enterprises migrate business-critical workloads to the virtual data center, security concerns arise from sharing infrastructure and must…
VMware vShield provides the security layer basic to integration of partner technology, enabling “better than physical” security services for the VMware virtual data center. Endpoint security is a critical foundation for the virtual data center and remains important in malware protection and hardening both virtual workloads and physical management servers. As enterprises migrate business-critical workloads to the virtual data center, security concerns arise from sharing infrastructure and must be addressed beyond endpoints. Segmentation and isolation are central to the practice for securing sensitive workloads in physical infrastructure. Perimeter segments isolate sensitive workloads - blocking threats, preventing data loss and managing access controls to define and enforce compliance scope. Virtual data center architecture offers advantages for securing mixed trust workloads on shared infrastructure. Administrators can drive higher consolidation ratios and large clusters can be used for a common set of services for availability and performance. Virtual security solutions for DLP, ownership and content control automate the identification of workloads for segmentation and enforce segment boundary - regardless of operational changes to the virtual environment. Together, using VMware vShield and integrated security solutions from Symantec, the enterprise can securely segment workloads in the VMware Cloud Infrastructure. This presentation covers the use cases, and solution approaches for assuring segmentation on this shared infrastructure, enabling mixed trust workloads.
Patents
-
Systems and methods for workload security in virtual data centers
Issued US US9021546 B1
A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at…
A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at least in part on an attribute of an allocated resource within the common computing infrastructure provisioned to the workload, and (4) applying the security policy to the computing resource based at least in part on the sensitivity assessment for the workload. Various other methods, systems, and encoded computer-readable media are also disclosed.
-
Systems and methods for protecting platform-as-a-service platforms
Issued US US 8973090 B1
A computer-implemented method for protecting platform-as-a-service platforms may include 1) identifying a platform-as-a-service platform that is configured to allow installations of third-party application packages, 2) intercepting a third-party application package in transit to the platform-as-a-service platform for installation, 3) extracting metadata from the third-party application package, and 4) applying a compliance policy to the third-party application package to determine whether to…
A computer-implemented method for protecting platform-as-a-service platforms may include 1) identifying a platform-as-a-service platform that is configured to allow installations of third-party application packages, 2) intercepting a third-party application package in transit to the platform-as-a-service platform for installation, 3) extracting metadata from the third-party application package, and 4) applying a compliance policy to the third-party application package to determine whether to allow an installation of the third-party application package on the platform-as-a-service platform based on the metadata. Various other methods, systems, and computer-readable media are also disclosed.
-
Techniques for enforcing data sharing policies on a collaboration platform
Issued US US 8930462 B1
Techniques for enforcing data sharing policies on a collaboration platform are disclosed. In one particular embodiment, the techniques may be realized as a system for enforcing data sharing policies on a collaboration platform including a communication module configured to capture a subscription request from a first user to follow a second user in a collaboration platform. The system may also include an asset and profile module including at least one computer processor configured to determine…
Techniques for enforcing data sharing policies on a collaboration platform are disclosed. In one particular embodiment, the techniques may be realized as a system for enforcing data sharing policies on a collaboration platform including a communication module configured to capture a subscription request from a first user to follow a second user in a collaboration platform. The system may also include an asset and profile module including at least one computer processor configured to determine authorization classification associated the first user and the second user. The system may further include an enforcement module including at least one computer processor configured to determine whether to approve the subscription request based at least in part on the authorization classification associated with the first user and the second user.
-
Systems and methods for detecting cloud-based data leaks
Issued US US 8874528 B1
A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository…
A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository identifying the deceptive tuple as containing false contact information, (4) identifying a contact attempt performed by an attempted use of the known false contact information, and then, in response to identifying the contact attempt, and (5) determining, based on the data repository identifying the deceptive tuple as containing false contact information, that an originator of the contact attempt is implicated in a data leak. Various other methods, systems, and computer-readable media are also disclosed.
-
Method and apparatus for integrating security context in network routing decisions
Issued US WO 2014165642 A1
An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.
-
Enforcing policy-based compliance of virtual machine image configurations
Issued US US 20140282518 A1
Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The…
Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow.
-
Systems and methods for content-aware access control
Issued US US 8832848 B1
A computer-implemented method for content-aware access control is described. An access control action is obtained. The access control action identifying content and one or more users. A sensitivity classification is determined for the content. A sensitivity rating is determined for the one or more users. A determination is made as to whether the sensitivity classification and the sensitivity rating satisfy a policy. Upon determining that the policy is not satisfied, a policy restriction is…
A computer-implemented method for content-aware access control is described. An access control action is obtained. The access control action identifying content and one or more users. A sensitivity classification is determined for the content. A sensitivity rating is determined for the one or more users. A determination is made as to whether the sensitivity classification and the sensitivity rating satisfy a policy. Upon determining that the policy is not satisfied, a policy restriction is enforced.
-
Method and apparatus for secure storage segmentation based on security context in a virtual environment
Issued US WO 2014088914 A1
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not…
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
-
Methods and systems for secure storage segmentation based on security context in a virtual environment
Issued US US 20140157363 A1
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not…
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
-
Method and apparatus for elastic (re)allocation of enterprise workloads on clouds while minimizing compliance costs
Issued US US 8631458 B1
A method and apparatus for elastic (re)allocation of enterprise workloads on clouds identifies a set of requirements for a workload. The workload includes one or more application running on a set of virtual machines. The requirements are defined by a set of compliance standards. The method and apparatus compares the set of requirements with a set of controls installed for various virtual infrastructure elements in at least one cloud. The method and apparatus selects virtual infrastructure…
A method and apparatus for elastic (re)allocation of enterprise workloads on clouds identifies a set of requirements for a workload. The workload includes one or more application running on a set of virtual machines. The requirements are defined by a set of compliance standards. The method and apparatus compares the set of requirements with a set of controls installed for various virtual infrastructure elements in at least one cloud. The method and apparatus selects virtual infrastructure elements satisfying a minimum cost criterion for placement of the set of virtual machines for the workload. The virtual infrastructure elements can include one or more hosts, one or more network devices, and/or one or more storage devices. The method and apparatus deploy the set of virtual machines for the workload on the selected virtual infrastructure elements.
-
Enforcing consistent enterprise and cloud security profiles
Issued US US 8578442 B1
Consistent enterprise and cloud security profiles are enforced. A domain model describing cloud resource objects associated with an enterprise is defined. Further, a relationship map describing relationships between the objects of the domain model and roles of enterprise users described by local security profiles maintained by the enterprise is specified. The domain model and relationship map collectively form an access policy for the cloud resource objects. Network traffic is monitored to…
Consistent enterprise and cloud security profiles are enforced. A domain model describing cloud resource objects associated with an enterprise is defined. Further, a relationship map describing relationships between the objects of the domain model and roles of enterprise users described by local security profiles maintained by the enterprise is specified. The domain model and relationship map collectively form an access policy for the cloud resource objects. Network traffic is monitored to detect network traffic attempting to configure a cloud security profile describing permissions of an enterprise user with respect to cloud resource objects in a manner inconsistent with the access policy. Detected network traffic attempting to configure the cloud security profile in the manner inconsistent with access policy is remediated.
-
Method and system for ensuring compliance in public clouds using fine-grained data ownership based encryption
Issued US US 8566578 B1
A method and system for ensuring compliance in public clouds using fine-grained encryption based on data ownership that includes a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership that is implemented, at least in part, at a gateway computing system through which data passes from the enterprise, and/or one or more end users, prior to being sent to the public cloud. In one embodiment, the data is classified, the ownership of the data is…
A method and system for ensuring compliance in public clouds using fine-grained encryption based on data ownership that includes a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership that is implemented, at least in part, at a gateway computing system through which data passes from the enterprise, and/or one or more end users, prior to being sent to the public cloud. In one embodiment, the data is classified, the ownership of the data is determined, the associated encryption keys are obtained, and the data is encrypted, automatically at the gateway computing system before the data is transferred to the public cloud, and in a manner that is transparent to end-users
-
Integrated business process modeling environment and models created thereby
Issued US US 7120896 B2
An integrated modeling environment for creating integration models of computer architecture for executing business processes. The models include components having ports defining standard interfaces. The components can represent business process models for executing business processes. Connection information is stored in a repository so that binding of communication protocols can occur during deployment after creation of the model and can be looked up during runtime.
Organizations
-
ISC
-
- Present
More activity by Deb
-
What does it take to be Snowflake's Cybersecurity Partner of the Year? Making security teams successful with the Data Cloud. This week, I met CISOs…
What does it take to be Snowflake's Cybersecurity Partner of the Year? Making security teams successful with the Data Cloud. This week, I met CISOs…
Liked by Deb Banerjee
-
The data landscape has changed considerably in the last year. AI has become a real thing, with all enterprises realizing that AI techniques can add a…
The data landscape has changed considerably in the last year. AI has become a real thing, with all enterprises realizing that AI techniques can add a…
Liked by Deb Banerjee
-
🔥 This week's guest Chas Larios returns for a quick hit bonus! Here are her 7 tips for #cybersecurity marketing teams for to earn practitioners'…
🔥 This week's guest Chas Larios returns for a quick hit bonus! Here are her 7 tips for #cybersecurity marketing teams for to earn practitioners'…
Liked by Deb Banerjee
-
We are thrilled to announce that Snowflake has named Anvilogic as their 2024 Cybersecurity Partner of the Year at their annual user conference…
We are thrilled to announce that Snowflake has named Anvilogic as their 2024 Cybersecurity Partner of the Year at their annual user conference…
Liked by Deb Banerjee
-
If you're a #cybersecurity founder, CEO, seller, anyone struggling with GTM, listen to this episode with Chas Larios from Anvilogic! 🔥 (Link in the…
If you're a #cybersecurity founder, CEO, seller, anyone struggling with GTM, listen to this episode with Chas Larios from Anvilogic! 🔥 (Link in the…
Liked by Deb Banerjee
-
Cequence is thrilled to announce a strategic partnership with aramco digital, a technology subsidiary of Saudi Aramco, a leading innovator in the…
Cequence is thrilled to announce a strategic partnership with aramco digital, a technology subsidiary of Saudi Aramco, a leading innovator in the…
Liked by Deb Banerjee
-
Great conversation with the awesome entrepreneur Karthik Kannan , Founder & CEO of Anvilogic ! It was a treat to speak to Karthik and learn both…
Great conversation with the awesome entrepreneur Karthik Kannan , Founder & CEO of Anvilogic ! It was a treat to speak to Karthik and learn both…
Liked by Deb Banerjee
-
Quick plug for this coming Thursday's Cloud Security Alliance webinar (5/23 at 11am ET/2PM PT). Following the RSA conference discussions, I will make…
Quick plug for this coming Thursday's Cloud Security Alliance webinar (5/23 at 11am ET/2PM PT). Following the RSA conference discussions, I will make…
Liked by Deb Banerjee
-
Reflecting on an Incredible Experience at ASMC 2024! Our team had the distinct pleasure of presenting our collaborative work with Micron Technology…
Reflecting on an Incredible Experience at ASMC 2024! Our team had the distinct pleasure of presenting our collaborative work with Micron Technology…
Liked by Deb Banerjee
-
While I have worked in both public and private companies, my greatest pleasure has always come from helping build something new - and that’s what…
While I have worked in both public and private companies, my greatest pleasure has always come from helping build something new - and that’s what…
Liked by Deb Banerjee
-
.conf is in full swing, and the team is ready to meet you all! come stop by booth #400 🎉
.conf is in full swing, and the team is ready to meet you all! come stop by booth #400 🎉
Liked by Deb Banerjee
-
If you are a Detection Engineer attending Splunk .conf24 and eager to learn more about how the majority of your everyday challenges are sourced from…
If you are a Detection Engineer attending Splunk .conf24 and eager to learn more about how the majority of your everyday challenges are sourced from…
Liked by Deb Banerjee
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Deb Banerjee in United States
-
DEB BANERJEE
Postdoctoral Scholar at the University of Chicago
-
Deb Banerjee
UX Designer | Visual Designer & Brand Identity Expert
-
Deb Banerjee
IT | Cyber Governance, Risk & Compliance Director Balancing risk portfolios with cost-effective solutions and emerging technologies.
-
Deb Banerjee
Program Manager at MasterCard Digital Identity Services
17 others named Deb Banerjee in United States are on LinkedIn
See others named Deb Banerjee