Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright Fortinet Inc. All rights reserved.
Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright Fortinet Inc. All rights reserved.
Increasing Performance Requirements Veranderingen in het bedreigingslandschap Stopping Today s Advanced Threats Today s sophisticated threats are causing more damage than ever, and a growing set of security technologies is needed to stop them. Most security vendors outsource or lack critical pieces of the puzzle Customers try to piece together a solution on their own THREAT TIMELINE 2000 2003 2005 2007 2011 Today Increasing Damage Hackers Intrusions Worms Viruses Spyware Botnets Spam Malicious URLs Malicious Apps Advanced Persistent Threats FIREWALL VPN IPS Anti Malware Anti- Spam Web Filter App Control Advanced Threat Protection Layer 1-2 Content & Application (Layer 3-7) 3
Grote hoeveelheid bedreigingen FortiGuard Labs Threat Research Per Minute 25,000 Spam emails intercepted 390,000 Network Intrusion Attempts resisted 83,000 Malware programs neutralized 160,000 Malicious Website accesses blocked 59,000 Botnet C&C attempts thwarted 39 million Website categorization requests Based on Q1 2015 data Image: threatmap.fortiguard.com Per Week 47 million New & updated spam rules 100 Intrusion prevention rules 2 million New & updated AV definitions 1.3 million New URL ratings 8,000 Hours of threat research globally Total Database 170 Terabytes of threat samples 17,500 Intrusion Prevention rules 5,800 Application Control rules 250 million Rated websites in 78 categories 173 Zero-day threats discovered 4
Wist u dat 79,790 Number of incidents investigated by Verizon in 2015 229 Average number of days attackers were on a network before detection 70-90% Percent of time unique malware was found Gartner: All organizations should assume they are in a state of continuous compromise 5
Sandbox FortiSandbox Breaking the Kill Chain of Advanced Attacks Spam Spam Antispam Malicio us Email Malicious Link Malicious Link Web Filtering Exploit Intrusion Prevention Exploit Malicio us Web Site Malware Antivirus Malware Bot Commands & Stolen Data App Control IP Reputation Bot Commands & Stolen Data C2 Server Access Confirmed 6
FortiSandbox Malware? Goodware? Idon tknowware? The Continuum Code Continuum Known Good Probably Good Might be Good Completely Somewhat Very Known Unknown Suspicious Suspicious Bad Security Technologies WhitelistsReputation: File, IP, App, Email App Signatures Digitally signed files Sandboxing HeuristicsBlacklists Reputation: Signatures File, IP, App, Email Generic Signatures 7
FortiSandbox Malware? Goodware? Idon tknowware? The Continuum FortiGate (and/or FortiMail, FortiClient, FortiWeb, etc.) Solutions FortiSandbox Code Continuum Known Good Probably Good Might be Good Completely Somewhat Very Known Unknown Suspicious Suspicious Bad Security Technologies WhitelistsReputation: File, IP, App, Email App Signatures Digitally signed files Sandboxing HeuristicsBlacklists Reputation: Signatures File, IP, App, Email Generic Signatures 8
FortiSandbox 5 Steps to Better Performance Call Back Detection Identify the ultimate aim, call back & exfiltration Mitigate w/fortiguard updates Full Virtual Sandbox Examine real-time, full lifecycle activity to get the threat to expose itself Code Emulation Quickly simulate intended activity OS independent and immune to evasion/obfuscation Cloud File Query Check community intelligence & file reputation AV Prefilter Apply top-rated anti-malware engine 9
Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright Fortinet Inc. All rights reserved.
Ontwikkelingen in het virtuele datacenter Wens voor zero-trust model» Noodzaak voor micro segmentatie Diepgaandere integratie met het virtualisatie platform» Automatisering en orchestratie 11
VMware and Software Defined Data Center (SDDC) VMware provides two solutions as network virtualization and security platform for the software-defined data center vcloud Networking and Security (vshield Manager) provides basic networking and security functionality for virtualized environments virtual firewall, VPN, load balancing, NAT, DHCP and VXLAN NSX is the latest VMware network virtualization and security platform for the software-defined data center brings together the best of Nicira NVP and VMware vcloud Network and Security (vcns) into one unified platform. 12
Uitdagingen in het virtuele datacenter Challenges High Availability Live Migration Securing flows within the same vswitch Manual or scripted automation and orchestration No auto-import of object HyperVisor East-West HyperVisor 13
Traditionele aanpak (FortiGate-VM) FortiGate-VM to control east-west traffic Web Servers Application Servers Database Servers Traffic is required to flow through the FortiGate-VM (L2 or L3) to secure traffic vswitch WEB vswitch APP vswitch DB Intra-VM security requires L2 VDOMs and inter-vdom link configuration Physical FortiGate to control north-south traffic vswitch External Hypervisor Internet 14
Traditional Approach (FortiGate-VM) Deploy security solution as a virtual appliance Support for multiple virtualization platforms» VMware vsphere 4.0/4.1/5.0/5.1/5.5» Citrix XenServer 5.6sp2/6.0 or later» Open Source Xen» Microsoft Hyper-V 2008 R2 / 2012 / 2012 R2» KVM» AWS (Amazon Web Services) BYOL (Bring You Own License) Pay-as-you-go License Licensed by CPUs presented to FortiGate-VM virtual appliance Allows for deployment of multiple virtual appliances per host if required 15
6. Kernel agent creation and default re-direction rules for each host in cluster 3. Auto-deploy FortiGate-VMX to all hosts in security cluster 4. FortiGate-VMX connects with FortiGate-VMX Service Manager 8. Push policy synchronization to all FortiGate-VMX deployed in cluster FortiGate-VMX vcenter Server vcloud Networking & Security Manager 1. Initiate communication with vcenter Server 7. Real-time updates of object database 2. Register Fortinet as security service with vcns Manager FortiGate-VMX Service Manager 5. License verification and configuration synchronization with FortiGate-VMX FGT-VMX dvswitch FGT-VMX 16
FGT-VMX Service Manager 17
FGT-VMX Added Values Challenges Solutions High Availability Live Migration Only VMware vds and multiple FGT-VMX Securing flows within the same vswitch Manual or scripted automation and orchestration No auto-import of object Allows implementation Micro-segmentation FGT-VMX automatically deployed FGT-VMX Service Manager imports VMware Objects 18