SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Similar documents

How To Protect A Data Center From A Hacker Attack

Netzwerkvirtualisierung? Aber mit Sicherheit!

Cloud Services Prevent Zero-day and Targeted Attacks

Software Defined Network (SDN)

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Check Point: Sandblast Zero-Day protection

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Proactively Secure Your Cloud Computing Platform

VMware NSX A Perspective for Service Providers part 2

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Palo Alto Networks. Security Models in the Software Defined Data Center

How To Build A Software Defined Data Center

Business Values of Network and Security Virtualization

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Security Intelligenece: tracking obfuscated and unrecognized attacks Check Point Software Technologies Ltd.

How Network Virtualization can improve your Data Center Security

Securing the Virtualized Data Center With Next-Generation Firewalls

Trend Micro Sicherheit in den Tiefen des Hypervisors. Richard Javet und Gabriel Kälin Trend Micro (Schweiz)

1518 Best Practices in Virtualization & Cloud Security with Symantec

74% 96 Action Items. Compliance

Uncover security risks on your enterprise network

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Cloud and VM Based Security

Management for the Mobile-Cloud Era

Veranderende bedreigingen Security in het virtuele datacenter

Securing the private cloud

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

Data Center Connector for vsphere 3.0.0

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

On and off premises technologies Which is best for you?

Deployment Guide for Citrix XenDesktop

Secure Cloud-Ready Data Centers Juniper Networks

McAfee Network Security Platform

5 Best Practices to Protect Your Virtual Environment

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Software Defined Environments

Simplifying IT with SDN & Virtual Application Networks

Software defined networking. Your path to an agile hybrid cloud network

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Softverski definirani data centri - 2. dio

Software Defined Networking (SDN) Software Defined Security

Web Application Firewall

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Networking for Caribbean Development

Workshop. Avril 2015 Benoit Buonassera

End to End Security do Endpoint ao Datacenter

SDN Security for VMware Data Center Environments

Unified Threat Management, Managed Security, and the Cloud Services Model

How Attackers are Targeting Your Mobile Devices. Wade Williamson

雲端發展與安全趨勢. 陳建宏 Jovi Chen 技術顧問 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Database Security, Virtualization and Cloud Computing

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Limiting the Spread of Threats: A Data Center for Every User

AGENDA. 資訊網路發展趨勢 Juniper Cloud Solution Cloud Security 解決方案共同供應契約採購建議為何選擇 Juniper

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Virtualization, SDN and NFV

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

SSL Inspection Step-by-Step Guide. June 6, 2016

SUSE OpenStack Cloud 4 Private Cloud Platform based on OpenStack. Gábor Nyers Sales gnyers@suse.com

How OpenFlow-based SDN can increase network security

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

Securing Virtualization with Check Point and Consolidation with Virtualized Security

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Protecting the Infrastructure: Symantec Web Gateway

Do DevOps on VMware vcloud Air Your Way, Without the Rework! Ashok Aletty, vcloud Air Solution Architect

Protecting the Irreplacable. November 2013 Athens Ian Whiteside, F-Secure

Virtualization Journey Stages

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey

locuz.com A comprehensive orchestration tool for setting up private and hybrid clouds

Meeting the Challenges of Virtualization Security

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Ubuntu OpenStack on VMware vsphere: A reference architecture for deploying OpenStack while limiting changes to existing infrastructure

Modular Network Security. Tyler Carter, McAfee Network Security

VXLAN: Scaling Data Center Capacity. White Paper

Hillstone Intelligent Next Generation Firewall

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Transcription:

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1

Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security Challenges Questions/Answers [Restricted] ONLY for designated groups and 2015 Check Point Software Technologies Ltd. 2 individuals

Datacenter is The Backbone of any Enterprise Business CRM ERP Web Server File System Billing Mail Server 3

But when it breaks down? $0.5M Cost of outage per hour Study on Data Center Outages Ponemon Institute 33% Caused by cyber attacks 4

Physical Datacenter Virtual Datacenter Private Cloud Hybrid Cloud Public Private The Evolution of the Data Center 5

The new era of Private Cloud Delivery of applications at the fraction of cost and time! 6

2015 Check Point Software Technologies Ltd. 7

8

SDN (Software Defined Network) Central management of traffic in the Data Center SDN controller 9

10

11

12

13

14

15

16

17

The modern Data Center A MAJOR SECURITY PARADIGM SHIFT 18

Current Data Centers Perimeter Security INTERNET LAN 19

Establishes attackers want to move inside the datacenter 20

Hard to secure dynamic environment With many applications that move around 21

? Applications Catalog How to define security policy for application Before it gets provisioned 22

So What Is Needed? Best Security Perimeter & lateral traffic Adaptive Security Management Integrated with cloud management, SDN and orchestration 23

Cloud Based Data Centers Perimeter Security NORTH North - South 20% of traffic SOUTH 24

Cloud Based Data Centers Lateral Traffic Security WEST EAST East West 80% of traffic 25

Cloud Based Data Centers Perimeter & Lateral Security NORTH WEST EAST SOUTH 2015 Check Point Software Technologies Ltd. 26 [Restricted] ONLY for designated groups and individuals

Adaptive Security Management Security Management i Cloud Management & SDN Controller Data-Center aware and adaptive security policy 27

Check Point Security Leader for the Modern Data Center 28

Datacenter Security Key Objectives Secure datacenter application with context-aware protection Automatically program the network to Secure 100% of datacenter traffic Datacenter security compliance & threat visibility 29

Check Point s Solution: The Complete Data Center Protection SDN Controller Security Management Cloud Management Perimeter VE 30

Integration With Partners SDN Controller Security Management Cloud Management Perimeter Virtualized Server 31

Vmware/NSX integration Check Point Software Technologies Magnus Sköld Security Engineer 32

+ = 1 2 3 Best in Class Security for -to- traffic With Check Point VE Use NSX objects for already deployed Check Point gateways Gold standard single management for physical and virtual gateways 2015 Check Point Software Technologies Ltd. 33

Multi-Layer Best-in-Class Security Firewall Blocks L4-L7 attacks IPS Stops exploits of known vulnerabilities Anti Virus Blocks download of known malware files vm vm VE Anti Bot Prevents bot damage from infected devices Hypervisor Hardware Threat Emulation Stops unknown zero-day malware in files APP Control Blocks usage of web2.0 applications 2015 Check Point Software Technologies Ltd. 34

Most complete NSX ecosystem integration Tags Security Groups NSX 1 Consume 2 Enforce 3 Contribute Use NSX security groups in Check Point policy rules Enforce policy rules by Check Point physical & virtual GWs Tag bot infected s triggered by Check Point bot detection 2015 Check Point Software Technologies Ltd. 35 [Confidential] For designated groups and individuals 35

Automatic VE Provisioning Check Point VE for -to- protection Check Point Appliances for external threats NSX Check Point management installs policy and updates malware signatures NSX manager automatically deploys Check Point virtual GWs (VE) on all ESX servers DATA CENTER 2015 Check Point Software Technologies Ltd. 36 [Confidential] For designated groups and individuals 36

Transparent Security Insertion NSX Service Composer From To Action Web Servers SG Any Security Group NSX NSX transparently Web forwards traffic to Check Point App virtual GW (VE) DB Check Point VE DATA CENTER 2015 Check Point Software Technologies Ltd. 37 [Confidential] For designated groups and individuals 37

Use Security Groups in Check Point Policy Check Point Smart Dashboard From To Service Action Installed on Finance Users Web Servers SG HTTPS IPS & AntiBot DC Perimeter Web Servers SG App Servers SG RabbitMQ FW & IPS VE Virtual GW Web Servers SG Any Any Block VE Virtual GW Security Group NSX security group Web App DB Enforcement by Check Point physical GWs & virtual GWs (VE) DATA CENTER 2015 Check Point Software Technologies Ltd. 38 38 [Confidential] For designated groups and individuals

Automatic Tagging of Infected s Tag NSX Web Instant tagging of the infected virtual machine App DB A bot is detected by Check Point gateway DATA CENTER 2015 Check Point Software Technologies Ltd. 39 [Confidential] For designated groups and individuals 39

Automatically Protect vcac Blueprints New vcac blueprint instances are automatically secured by Check Point policy Web Web NSX & vcac App App DB DB DATA CENTER 2015 Check Point Software Technologies Ltd. 40 [Confidential] For designated groups and individuals 40

DEMO Check Point Software Technologies Magnus Sköld Security Engineer 41

vsphere + NSX + Check Point Setup CP MGMT vcenter Eth0 VE Management Eth0 VE Management Eth2 (disconnected) VE Inspection port Eth2 (disconnected) VE Inspection port dvfilter dvfilter dvfilter dvfilter Distributed vswitch 42

vsphere Setup vcenter Distributed vswitch 43

vsphere + NSX Setup vcenter dvfilter dvfilter dvfilter dvfilter Distributed vswitch 44

vsphere + NSX + Check Point Setup CP MGMT vcenter Eth0 VE Management Eth0 VE Management Eth2 (disconnected) VE Inspection port Eth2 (disconnected) VE Inspection port dvfilter dvfilter dvfilter dvfilter Distributed vswitch 45

Questions? 46

Check Point THE BEST FIT 1 2 Our Value Proposition: Physical and Virtual Security gateway for all datacenter traffic R80 - Cloud Aware Security management 3 Security service insertion with key SDN players 47

THANKS! 2015 2014 Check Point Software Technologies Ltd. 48 [Restricted] ONLY for designated groups and individuals