Cupertino, California, United States
Contact Info
1K followers
500+ connections
Activity
-
Round up of recent detection engineering openings ⬇️ All openings are remote, have a posted salary range (yay for pay transparency), and threw in…
Round up of recent detection engineering openings ⬇️ All openings are remote, have a posted salary range (yay for pay transparency), and threw in…
Liked by Deb Banerjee
-
Books are my go-to distraction when submerged in ice baths for a testicle-punishing 10 to 15 minutes. One night, the flavor du jour was The Inner…
Books are my go-to distraction when submerged in ice baths for a testicle-punishing 10 to 15 minutes. One night, the flavor du jour was The Inner…
Liked by Deb Banerjee
-
This is succinct and on dot. Well done. Cole Grolmus -------Few more from my persp ----- 1. Data fabric ! = SIEM Don't make it a siem replica. We…
This is succinct and on dot. Well done. Cole Grolmus -------Few more from my persp ----- 1. Data fabric ! = SIEM Don't make it a siem replica. We…
Liked by Deb Banerjee
Licenses & Certifications
Publications
-
Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain
RSA 2015
SDN’s offer powerful mechanisms including micro segmentation and service chaining. This presentation shows how a system that combines exploit detection and indicators of compromise drive the automation for improved response to APT’s by orchestrating these technologies.
Other authorsSee publication -
The Agile Data Center – DC Security
Symantec
Symantec’s Deb Banerjee gives a rundown of the role Data Center Security plays in Transforming the Agile Data Center.
-
Vulnerabilities Arising From Misconfiguration in AWS Network Security Architectures
Symantec Corporate Blog
Configuration checks on infrastructure assets are a common feature of on-premise security programs. Tools for implement these checks discover assets(servers, applications etc), and have pre-built checks against those asset types. The checks may roll up into various internal IT or regulatory compliance standards (e.g. PCI, HIPAA). Similar capabilities need to be developed against cloud infrastructures. This includes the ability to model rich object relationships such as those defined in the AWS…
Configuration checks on infrastructure assets are a common feature of on-premise security programs. Tools for implement these checks discover assets(servers, applications etc), and have pre-built checks against those asset types. The checks may roll up into various internal IT or regulatory compliance standards (e.g. PCI, HIPAA). Similar capabilities need to be developed against cloud infrastructures. This includes the ability to model rich object relationships such as those defined in the AWS network security objects, and be able to rapidly query those object models for configuration vulnerabilities. We are working on extending our control compliance products to implement network security checks against AWS configurations.
-
The Virtualization Security Journey: Beyond Endpoint Security
VMworld
VMware vShield provides the security layer basic to integration of partner technology, enabling “better than physical” security services for the VMware virtual data center. Endpoint security is a critical foundation for the virtual data center and remains important in malware protection and hardening both virtual workloads and physical management servers. As enterprises migrate business-critical workloads to the virtual data center, security concerns arise from sharing infrastructure and must…
VMware vShield provides the security layer basic to integration of partner technology, enabling “better than physical” security services for the VMware virtual data center. Endpoint security is a critical foundation for the virtual data center and remains important in malware protection and hardening both virtual workloads and physical management servers. As enterprises migrate business-critical workloads to the virtual data center, security concerns arise from sharing infrastructure and must be addressed beyond endpoints. Segmentation and isolation are central to the practice for securing sensitive workloads in physical infrastructure. Perimeter segments isolate sensitive workloads - blocking threats, preventing data loss and managing access controls to define and enforce compliance scope. Virtual data center architecture offers advantages for securing mixed trust workloads on shared infrastructure. Administrators can drive higher consolidation ratios and large clusters can be used for a common set of services for availability and performance. Virtual security solutions for DLP, ownership and content control automate the identification of workloads for segmentation and enforce segment boundary - regardless of operational changes to the virtual environment. Together, using VMware vShield and integrated security solutions from Symantec, the enterprise can securely segment workloads in the VMware Cloud Infrastructure. This presentation covers the use cases, and solution approaches for assuring segmentation on this shared infrastructure, enabling mixed trust workloads.
Patents
-
Systems and methods for workload security in virtual data centers
Issued US US9021546 B1
A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at…
A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at least in part on an attribute of an allocated resource within the common computing infrastructure provisioned to the workload, and (4) applying the security policy to the computing resource based at least in part on the sensitivity assessment for the workload. Various other methods, systems, and encoded computer-readable media are also disclosed.
-
Systems and methods for protecting platform-as-a-service platforms
Issued US US 8973090 B1
A computer-implemented method for protecting platform-as-a-service platforms may include 1) identifying a platform-as-a-service platform that is configured to allow installations of third-party application packages, 2) intercepting a third-party application package in transit to the platform-as-a-service platform for installation, 3) extracting metadata from the third-party application package, and 4) applying a compliance policy to the third-party application package to determine whether to…
A computer-implemented method for protecting platform-as-a-service platforms may include 1) identifying a platform-as-a-service platform that is configured to allow installations of third-party application packages, 2) intercepting a third-party application package in transit to the platform-as-a-service platform for installation, 3) extracting metadata from the third-party application package, and 4) applying a compliance policy to the third-party application package to determine whether to allow an installation of the third-party application package on the platform-as-a-service platform based on the metadata. Various other methods, systems, and computer-readable media are also disclosed.
-
Techniques for enforcing data sharing policies on a collaboration platform
Issued US US 8930462 B1
Techniques for enforcing data sharing policies on a collaboration platform are disclosed. In one particular embodiment, the techniques may be realized as a system for enforcing data sharing policies on a collaboration platform including a communication module configured to capture a subscription request from a first user to follow a second user in a collaboration platform. The system may also include an asset and profile module including at least one computer processor configured to determine…
Techniques for enforcing data sharing policies on a collaboration platform are disclosed. In one particular embodiment, the techniques may be realized as a system for enforcing data sharing policies on a collaboration platform including a communication module configured to capture a subscription request from a first user to follow a second user in a collaboration platform. The system may also include an asset and profile module including at least one computer processor configured to determine authorization classification associated the first user and the second user. The system may further include an enforcement module including at least one computer processor configured to determine whether to approve the subscription request based at least in part on the authorization classification associated with the first user and the second user.
-
Systems and methods for detecting cloud-based data leaks
Issued US US 8874528 B1
A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository…
A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository identifying the deceptive tuple as containing false contact information, (4) identifying a contact attempt performed by an attempted use of the known false contact information, and then, in response to identifying the contact attempt, and (5) determining, based on the data repository identifying the deceptive tuple as containing false contact information, that an originator of the contact attempt is implicated in a data leak. Various other methods, systems, and computer-readable media are also disclosed.
-
Method and apparatus for integrating security context in network routing decisions
Issued US WO 2014165642 A1
An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.
-
Enforcing policy-based compliance of virtual machine image configurations
Issued US US 20140282518 A1
Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The…
Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow.
-
Systems and methods for content-aware access control
Issued US US 8832848 B1
A computer-implemented method for content-aware access control is described. An access control action is obtained. The access control action identifying content and one or more users. A sensitivity classification is determined for the content. A sensitivity rating is determined for the one or more users. A determination is made as to whether the sensitivity classification and the sensitivity rating satisfy a policy. Upon determining that the policy is not satisfied, a policy restriction is…
A computer-implemented method for content-aware access control is described. An access control action is obtained. The access control action identifying content and one or more users. A sensitivity classification is determined for the content. A sensitivity rating is determined for the one or more users. A determination is made as to whether the sensitivity classification and the sensitivity rating satisfy a policy. Upon determining that the policy is not satisfied, a policy restriction is enforced.
-
Method and apparatus for secure storage segmentation based on security context in a virtual environment
Issued US WO 2014088914 A1
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not…
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
-
Methods and systems for secure storage segmentation based on security context in a virtual environment
Issued US US 20140157363 A1
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not…
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
-
Method and apparatus for elastic (re)allocation of enterprise workloads on clouds while minimizing compliance costs
Issued US US 8631458 B1
A method and apparatus for elastic (re)allocation of enterprise workloads on clouds identifies a set of requirements for a workload. The workload includes one or more application running on a set of virtual machines. The requirements are defined by a set of compliance standards. The method and apparatus compares the set of requirements with a set of controls installed for various virtual infrastructure elements in at least one cloud. The method and apparatus selects virtual infrastructure…
A method and apparatus for elastic (re)allocation of enterprise workloads on clouds identifies a set of requirements for a workload. The workload includes one or more application running on a set of virtual machines. The requirements are defined by a set of compliance standards. The method and apparatus compares the set of requirements with a set of controls installed for various virtual infrastructure elements in at least one cloud. The method and apparatus selects virtual infrastructure elements satisfying a minimum cost criterion for placement of the set of virtual machines for the workload. The virtual infrastructure elements can include one or more hosts, one or more network devices, and/or one or more storage devices. The method and apparatus deploy the set of virtual machines for the workload on the selected virtual infrastructure elements.
-
Enforcing consistent enterprise and cloud security profiles
Issued US US 8578442 B1
Consistent enterprise and cloud security profiles are enforced. A domain model describing cloud resource objects associated with an enterprise is defined. Further, a relationship map describing relationships between the objects of the domain model and roles of enterprise users described by local security profiles maintained by the enterprise is specified. The domain model and relationship map collectively form an access policy for the cloud resource objects. Network traffic is monitored to…
Consistent enterprise and cloud security profiles are enforced. A domain model describing cloud resource objects associated with an enterprise is defined. Further, a relationship map describing relationships between the objects of the domain model and roles of enterprise users described by local security profiles maintained by the enterprise is specified. The domain model and relationship map collectively form an access policy for the cloud resource objects. Network traffic is monitored to detect network traffic attempting to configure a cloud security profile describing permissions of an enterprise user with respect to cloud resource objects in a manner inconsistent with the access policy. Detected network traffic attempting to configure the cloud security profile in the manner inconsistent with access policy is remediated.
-
Method and system for ensuring compliance in public clouds using fine-grained data ownership based encryption
Issued US US 8566578 B1
A method and system for ensuring compliance in public clouds using fine-grained encryption based on data ownership that includes a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership that is implemented, at least in part, at a gateway computing system through which data passes from the enterprise, and/or one or more end users, prior to being sent to the public cloud. In one embodiment, the data is classified, the ownership of the data is…
A method and system for ensuring compliance in public clouds using fine-grained encryption based on data ownership that includes a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership that is implemented, at least in part, at a gateway computing system through which data passes from the enterprise, and/or one or more end users, prior to being sent to the public cloud. In one embodiment, the data is classified, the ownership of the data is determined, the associated encryption keys are obtained, and the data is encrypted, automatically at the gateway computing system before the data is transferred to the public cloud, and in a manner that is transparent to end-users
-
Integrated business process modeling environment and models created thereby
Issued US US 7120896 B2
An integrated modeling environment for creating integration models of computer architecture for executing business processes. The models include components having ports defining standard interfaces. The components can represent business process models for executing business processes. Connection information is stored in a repository so that binding of communication protocols can occur during deployment after creation of the model and can be looked up during runtime.
Organizations
-
ISC
-
- Present
More activity by Deb
-
Next Thursday 👀 Join us for a recap on the top attack techniques that have surfaced in the first half of 2024. What's working? What's not? What's…
Next Thursday 👀 Join us for a recap on the top attack techniques that have surfaced in the first half of 2024. What's working? What's not? What's…
Liked by Deb Banerjee
-
What I’ve heard speaking with 27 enterprises over 60 days. Here’s some of the main reasons why companies are collaborating with…
What I’ve heard speaking with 27 enterprises over 60 days. Here’s some of the main reasons why companies are collaborating with…
Liked by Deb Banerjee
-
After nearly 8 years, 16 major platform releases, numerous new product launches, and AI innovation at a remarkable clip, I am saying goodbye to…
After nearly 8 years, 16 major platform releases, numerous new product launches, and AI innovation at a remarkable clip, I am saying goodbye to…
Liked by Deb Banerjee
-
International Math Olympiad (IMO) is the hardest math test for high schoolers. —USA beat the favorite China with a mostly Chinese-American…
International Math Olympiad (IMO) is the hardest math test for high schoolers. —USA beat the favorite China with a mostly Chinese-American…
Liked by Deb Banerjee
-
USA Earns First Place at 65th International Mathematical Olympiad. Go 🇺🇸!
USA Earns First Place at 65th International Mathematical Olympiad. Go 🇺🇸!
Liked by Deb Banerjee
-
"Are we trying to replace something we don't understand well like the brain with something else we don't understand well like AI?" Join us and Surya…
"Are we trying to replace something we don't understand well like the brain with something else we don't understand well like AI?" Join us and Surya…
Liked by Deb Banerjee
-
Who was on Nasdaq today? Super humbled to report that Cequence Security's fearless leader Ameya Talwalkar and our visionary investor Titanium…
Who was on Nasdaq today? Super humbled to report that Cequence Security's fearless leader Ameya Talwalkar and our visionary investor Titanium…
Liked by Deb Banerjee
-
Hey folks! If you are at Blackhat, please swing by. I'll be at the Wiz booth #1140. See you there!
Hey folks! If you are at Blackhat, please swing by. I'll be at the Wiz booth #1140. See you there!
Liked by Deb Banerjee
-
I’m excited to be a part of the PayPal Ventures advisory network. PayPal Ventures is an investor in more than 65 startups across fintech, commerce…
I’m excited to be a part of the PayPal Ventures advisory network. PayPal Ventures is an investor in more than 65 startups across fintech, commerce…
Liked by Deb Banerjee
-
Deeply honored and humbled to be selected for the Distinguished Alumni Award of Indian Institute of Technology, Delhi for 2024. IIT Delhi has played…
Deeply honored and humbled to be selected for the Distinguished Alumni Award of Indian Institute of Technology, Delhi for 2024. IIT Delhi has played…
Liked by Deb Banerjee
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Deb Banerjee in United States
-
Deb Banerjee
UX Designer | Visual Designer & Brand Identity Expert
-
Deb Banerjee
IT | Cyber Governance, Risk & Compliance Director Balancing risk portfolios with cost-effective solutions and emerging technologies.
-
DEB BANERJEE
Postdoctoral Scholar at the University of Chicago
-
Deb Banerjee
Program Manager at MasterCard Digital Identity Services
17 others named Deb Banerjee in United States are on LinkedIn
See others named Deb Banerjee