1518 Best Practices in Virtualization & Cloud Security with Symantec

Similar documents
Protect Root Abuse privilege on Hypervisor (Cloud Security)

End to End Security do Endpoint ao Datacenter

Securing OS Legacy Systems Alexander Rau

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

Netzwerkvirtualisierung? Aber mit Sicherheit!

Best Practices in Virtualization & Cloud Security with Symantec DCS

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

#ITtrends #ITTRENDS SYMANTEC VISION

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Symantec Control Compliance Suite Standards Manager

Cloud and Data Center Security

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Security in the Software Defined Data Center

Total Protection for Compliance: Unified IT Policy Auditing

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

How To Build A Software Defined Data Center

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Safeguarding the cloud with IBM Dynamic Cloud Security

Unified Security, ATP and more

Data Center Connector for vsphere 3.0.0

How Network Virtualization can improve your Data Center Security

How To Protect A Data Center From A Hacker Attack

Meeting the Challenges of Virtualization Security

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

McAfee Server Security

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

IT Security & Compliance. On Time. On Budget. On Demand.

Copyright 11/1/2010 BMC Software, Inc 1

VMware NSX A Perspective for Service Providers part 2

Secure Cloud-Ready Data Centers Juniper Networks

How To Protect Your Cloud From Attack

Secure Cloud Computing

McAfee MOVE AntiVirus (Agentless) 3.6.0

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

PCI DSS 3.0 Compliance

VMware's Cloud Management Platform Simplifies and Automates Operations of Heterogeneous Environments and Hybrid Clouds

Software Defined Environments

PICO Compliance Audit - A Quick Guide to Virtualization

How To Monitor Your Entire It Environment

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

IBM QRadar Security Intelligence April 2013

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Atos Managed Services The Digital Data Center

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

SDN Security for VMware Data Center Environments

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

To Catch A Thief: Preventing the Next Fortune 500 Data Breach

Payment Card Industry Data Security Standard

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

Virtualization, SDN and NFV

Managing Remote and Mobile Workers Adam Licata, Enterprise Mobility SE, TSO Brian Sheedy, Sr. Principal TEC, Endpoint Management

VDI Security for Better Protection and Performance

Catbird 6.0: Private Cloud Security

VMware Integrated Partner Solutions for Networking and Security

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

Find the needle in the security haystack

VIRTUALIZATION SECURITY IN THE REAL WORLD

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Securing and protecting the organization s most sensitive data

8 Key Requirements of an IT Governance, Risk and Compliance Solution

How To Buy Nitro Security

HAVE YOUR AGILITY AND EFFICENCY TOO

Symantec Control Compliance Suite. Overview

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Best Practices for PCI DSS V3.0 Network Security Compliance

About the VM-Series Firewall

Manage Dell Hardware in a Virtual Environment Using OpenManage Integration for VMware vcenter

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Building Private Cloud Architectures

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Transcription:

1518 Best Practices in Virtualization & Cloud Security with Symantec Tues May 6, 11:00 Kevin Stultz Symantec Product Management Chip Epps Symantec Product Marketing 1

Agenda 1 2 Trends in Virtualization and Cloud Best Practices for Virtual Data Centers Assessing the Infrastructure Protecting the Control Plane Protecting the Workloads 3 Best Practices for Cloud Lifecycle Vendor Risk Management 3

IT Pressures a Constant Over the Decades Are you getting the maximum efficiency out of your infrastructure? How quickly can IT respond to LOB requests? Legislative Compliance Risk Reduction SLAs & Business Continuity Security Corp Assets & IP 4

60% OF ORGANIZATIONS HAVE >25 INCIDENTS EACH MONTH 1 77% HAVE ROGUE CLOUD DEPLOYMENTS 2 6X INCREASE IN MOBILE MALWARE LAST YEAR 3 243 AVERAGE # OF DAYS TO DISCOVER A BREACH4 1. Ponenom Institute, 2013 State of the Endpoint 2. Symantec, Internet Security Threat Report 2013 3. Juniper Networks, Malware targeting mobile phones grew by 614% between 2012 and 2013. 4. Mandiant, M-Trends 2013: Attack the Security Gap 5

Little v - Virtualization Consolidation Driver: Reduce Hardware and Power Costs Hypervisor Security Concerns: New Threat Surfaces Virtual/Cloud Admin Management Plane Hypervisor Network Security Zones remain unchanged 6

Big V - Virtualization Full Abstraction from Hardware App A App B App A App A App B Driver: Agility, Speed, and Utilization SDDC Security Concerns: Motioning Security stays with workload Demonstrate Compliance Server A Server B Server C Server D Network Security Zones Static Network Zones can impede value Can no longer just rely on physical controls With the click of a button rack(s) of servers can be removed from the data center Location of server is no longer fixed which adds new compliance challenges Attackers are already attacking the virtualization infrastructure 7

W-32 Crisis: Threats Target Virtual Infrastructures Researchers demonstrate guest-hopping threats W-32 Crisis significant in the wild Targeting master images 8

Cloud - Your Data and/or Infrastructure is Elsewhere SaaS is here to stay Salesforce Workday Concur IaaS is in use whether IT embraces it or not. To improve business agility amount of information flowing to your vendors is increasing. 9

While Security Requirements are Increasing PCI 3.0 Focus on maintaining controls across their business. Inventory - all hardware (virtual or physical hosts and network devices), as well as software components (custom or commercial, off-the-shelf applications, whether internal or external) within the cardholder data environment. AV is not enough must lock down Unix systems New Requirement 12.9 Additional requirement for service providers on data security merchants must explicitly agree to and document the segregation of duties with their vendors and service providers. 10

Virtual Data Center Practices 11

Software-Defined Data Center Data Center Security Automation and Management our view The SDDC The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC. Applications and Policies Software Defined Services Network Virtualization Compute and Storage Virtualization On-Prem/Private/Public Cloud Resources Drivers Cost Speed Flexibility Inhibitors Security Tax Complexity Compliance 12

Transitioning Our Security Controls and Architectures VM VM VM VM Maximum Guest Security Maximum Guest Security Advanced Security Advanced Security SVA Baseline Security Host Security Host Security Hardened Virtual Infrastructure Traditional Security Security controls specific to underlying infrastructure Security deployed at perimeter to reduce cost/effort of deployment at each workload Scales up to meet additional workload demand SDDC Security Delivered as a service by the virtualization infrastructure Security deployed on virtualization host (closer to workload) through an SVA, i.e. Agentless Scales out to meet additional workload demand (more SVAs) 13

Assessing the Infrastructure 14

Assessing the Infrastructure Discovery and Inventory Reconciliation Vulnerability/Patch assessment Configuration Standards Industry best practice Customized standards for your environment Exception process 15

CCS Discovery and Inventory Reconciliation New Network Discovery New Asset Discovery Reconcile with CMDB Adds Meta Data Automatically Tag/Group assets 16

CCS Vulnerability Manager: Advanced Vulnerability Assessment & Scanning Proactively prevents threats Covers web applications, databases servers and network devices 60k+ checks across 15k+ vulnerabilities Integrated scanners identify hidden risks Unique risk-scoring algorithm Web Service Database OS Your Data Unique Chaining Mechanism 17

Ongoing Assessment of IT Infrastructure & Security Configuration: Control Compliance Suite Automate assessment of security configurations Evaluate (agent and/or agent-less) Identify configuration drift 1. Define Standards 2. Managed/Unmanaged Assets Manage exceptions efficiently Support for agent-based and agentless data gathering Leverage best-in-class pre-packaged content 3. Analyze and Fix 18

Protecting the Control Plane 19

New attack surface - Protecting the Control Plane Hardening VMware vsphere Email Server Domain Controller Server Web Server VM Database Server VM V Center Outside VCenter DCS monitors and prevents changes across the network Infrastructure DCS monitors and prevents access changes on ESX Server VMWare ESX Server Inside VCenter VSM monitors and prevents access changes Internet VSM monitors and controls VMotion functions 20

Protecting the Workloads 21

Protecting Workloads Securing the Guest VMs On Premise In the Cloud Key Capabilities VM1 APP NON- WINDOWS OS VM2 APP WINDOWS OS ESX/ESXi SVA OS/ APP Guest Hypervisor Management Server vcenter Physical, virtual, or hybrid APP OS Agentless Threat Protections Event Monitoring File Integrity Monitoring Intrusion Detection Host Firewall File and Configuration Lock Down Admin Access Control Malware and Exploit Prevention Device Control Application Control & Whitelisting Application Sandboxing Physical Virtual Cloud 22

Transitioning Our Thinking - Introducing Data Center Security Server & Server Advanced v6 Making Server Security Simpler Critical System Protection Protected Application White Listing Agentless Malware Protection via VMware NSX Data Center Security: Server Advanced Data Center Security: Server 23

New Symantec Data Center Security Offering Leveraging VMware NSX Data Center Security: Server Frictionless AV Protection Hypervisor-based security virtual appliance Low OPEX Fully integrated with VMware NSX Always On Anywhere Protection Utilizing Symantec Best in Class AV and Insight Reputation What s Next: Guest Network Threat Protection Security Response Insight Reputation Virtual Data Center Data Center Security: Server Advanced Integrated with CSP Scale up to Full Lock Down Wizard Driven Simplified Hardening Protected Application Whitelisting and Control What s Next: Application Centric Protection Data Center Security Service for VMWare NSX 24

integration VMware NSX & Service Composer Services VMware ESXi with Endpoint Services VMware NSX Service Composer unifies and integrates service insertion & consumption across NSX native and 3rd party services 25

orchestration Symantec and VMware 1 1 2 Symantec Manager 3 VMware NSX Networking & Security 6 4 5 SYMC SVA 1. Import OVA and register AV Security Service 2. Publish new Symantec AV Security Policy Profile 3. Deploy AV Security Service to Cluster 4. Create new Security Policy (w/ AV) 5. Apply Security Policy to Security Group 6. Tag Networking & Security upon AV detection VM Endpoint Service VM Security Group 26

automation Workflow Orchestration Symantec Agentless DCS Registration Events/Actions User of GVM X tries to execute Malware VMware Infrastructure Security Group- Normal 0 i = Security Policy- AV Detect Only 3 rd Party Security System *Symantec Agentless AV (SVA) security service on Host detects Malware on GVM X via AV Detect Only policy, and denies access *Symantec Manager sets Security Tag for AV Detect *Symantec AV SVA responds to policy change associated with Quarantine group, and applies AV Clean policy to GVM X, deletes Malware on execute, and clears AV Detect Security Tag *VMware reassigns GVM X to group Quarantine *VMware restores GVM X to group Normal GVM X assigned to Normal group with AV Detect Only policy 27

DCS Server Advanced - Technologies Intrusion Detection AUDITING AND ALERTING SYSTEM CONTROLS NETWORK PROTECTION EXPLOIT PREVENTION Intrusion Prevention Monitor file integrity in realtime for compliance. Alert /notify for early response. Lock down configuration settings. Enforce security policies. Restrict device access. Enforce back doors. Limit connectivity by app. Restrict traffic flow. Prevent zero-day attacks. Application Whitelisting & De-escalate privileges. (i.e. Sandbox) Restrict behaviors. Buffer overflow protection. 28

1 2 3 4 5 Advanced Security Strategy Inspect System & Rate Applications Select Protection Strategy Manage Change Specify Application Controls Review Protection 1. Identify applications via system inspection and determine application reputation Provides visibility into applications running on servers Identifies known good applications via Trusted Publishers, application checksums, and/or reputation service 2. Specify a Protection Strategy 3. Specify how to manage change via Trusted Updaters Incorporates internal change processes into security policy 4. Select Whitelisted and Blacklisted Applications Provides a Default Deny security posture for generic servers Override via Trusted User/Group and Trusted Directories Admins can select sandboxing controls for the OS and workload (web servers, database servers, domain controllers) 5. View Security Summary and Impact of Selected Controls Identifies gaps based on the controls selected and server profile 29

What s Next? What additional security controls do you Need? Data Center Security: Server Advanced Data Center Security: Server Encryption? Data Loss Prevention? Additional Controls for Specific Applications? VDI Databases 30

Cloud Practices Vendor Risk Management 31

32

Assessment & Reporting of Third Party Vendor s IT Security Posture Cost-effectively scale vendor risk management program Leverage Shared Assessments content Auto-calculate risk scores based on multiple evidence sources Tier vendors based on data risk and business criticality Centralized Web-based repository Authorize or remediate vendor Continuous vendor risk monitoring Assign vendor tier Vendor Risk Manager Route and review submitted evidence Collect vendor evidence Initiate vendor assessment schedule 33

Other Sessions/Labs where you can see DCS Monday May 5 Session 1403- Case Studies: Safeguarding Critical Business Data and Maintaining Compliance in the Modern Data Center Lab 1366- Optimize Security and Compliance Assessments with CCS Tues May 6 Session 1518- Best Practices in Virtualization & Cloud Security with Symantec Session 1640- Roadmap: The Evolution of Data Center Security, Risk and Compliance Lab 1800- Dissecting a Cyber Attack Using a Simulation Lab 1380- Enhancing Data Center Security with VMware NSX Lab 1283: How to Use CCS to Proactively Manage Risk Wed May 7 Lab 1381- Enhance Asset Discovery and SCAP 1.2 Compliance for Continuous Monitoring with CCS Standards Manager Thur May 8 Lab 1396- Implementing Data Center Security: Server and Server Advanced Lab 1800- Dissecting a Cyber Attack Using a Simulation Session 1641- Customer Deep Dive: Securing the Modern Data Center 34

Thank you! Kevin_stultz@symantec.com Chip_epps@symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 35

Thank you! YOUR FEEDBACK IS VALUABLE TO US! Please take a few minutes to fill out the short session survey available on the mobile app the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference. To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the itunes or Android stores. 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information