• No results found

1518 Best Practices in Virtualization & Cloud Security with Symantec

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "1518 Best Practices in Virtualization & Cloud Security with Symantec"

Copied!
35
0
0

Loading.... (view fulltext now)

Download now ( 35 Page )

Full text

(1)

1

1518 – Best Practices in Virtualization &

Cloud Security with Symantec

Tues May 6, 11:00

Kevin Stultz – Symantec Product Management

Chip Epps – Symantec Product Marketing

(2)

Agenda

Trends in Virtualization and Cloud

1

Best Practices for Virtual Data Centers

Assessing the Infrastructure

Protecting the “Control Plane”

Protecting the “Workloads”

2

Best Practices for Cloud

Lifecycle

Vendor Risk Management

(3)

SYMANTEC VISION 2014

IT Pressures – a Constant Over the Decades

“Are you getting the

maximum efficiency

out of your

infrastructure?”

“How quickly can IT

respond to LOB

requests?”

Legislative Compliance

Risk Reduction – SLAs & Business Continuity

Security – Corp Assets & IP

(4)

OF ORGANIZATIONS HAVE >25 INCIDENTS

EACH MONTH

1

HAVE ROGUE CLOUD DEPLOYMENTS

2

INCREASE IN MOBILE MALWARE LAST YEAR

3

60%

77%

6X

AVERAGE # OF DAYS TO DISCOVER A BREACH

4

243

1. Ponenom Institute, 2013 State of the Endpoint 2. Symantec, Internet Security Threat Report 2013

(5)

SYMANTEC VISION 2014

6

Driver:

Reduce Hardware and Power Costs

Security Concerns:

New Threat Surfaces

• Virtual/Cloud Admin

• Management Plane

• Hypervisor

Network Security Zones remain unchanged

Hypervisor

Little “v”- Virtualization

Consolidation

(6)

Big “V”- Virtualization

Full Abstraction from Hardware

Driver:

Agility, Speed , and Utilization

“SDDC”

Security Concerns:

Motioning

• Security stays with workload

• Demonstrate Compliance

Network Security Zones

• Static Network Zones can impede

value

App A

App B

App A

App A

App B

Server A Server B Server C Server D

• Can no longer just rely on physical controls

• With the click of a button rack(s) of servers can be removed from the data

center

• Location of server is no longer fixed which adds new compliance challenges

• Attackers are already attacking the virtualization infrastructure

(7)

SYMANTEC VISION 2014

W-32 Crisis: Threats Target Virtual Infrastructures

• Researchers demonstrate

guest-hopping threats

• W-32 Crisis significant in the

wild

• Targeting master images

(8)

Cloud - Your Data and/or Infrastructure is Elsewhere

• SaaS is here to stay

Salesforce

Workday

Concur

• IaaS is in use whether IT embraces it or not.

• To improve business agility amount of information flowing to

your vendors is increasing.

(9)

SYMANTEC VISION 2014

While Security Requirements are

Increasing

• PCI 3.0

Focus on maintaining controls across their business.

Inventory - all hardware (virtual or physical hosts and network devices), as

well as software components (custom or commercial, off-the-shelf

applications, whether internal or external) within the cardholder data

environment.

AV is not enough – must lock down Unix systems

New Requirement

• 12.9 – Additional requirement for service providers on data

security

merchants must explicitly agree to and document the segregation of

duties with their vendors and service providers.

10

(10)
(11)

SYMANTEC VISION 2014

our view

The SDDC

12

Drivers

Cost

Speed

Flexibility

Inhibitors

Security Tax

Complexity

Compliance

The data center of the future is software-defined. It is dynamic and application-centric.

Our mission is to support our customers as they evolve to the SDDC.

Da

ta

Ce

nter

Sec

urity

Compute and Storage Virtualization

Network Virtualization

Software Defined Services

On-Prem/Private/Public Cloud Resources

Sof

twar

e

-De

fined

Da

ta

Ce

nter

Applications and Policies

Au

toma

tion

an

d

Man

ag

eme

nt

(12)

Host Security

Host Security

Hardened Virtual Infrastructure

Transitioning Our Security Controls and Architectures

VM

Maximum

Guest

Security

VM

Maximum

Guest

Security

VM

Advanced

Security

Security controls specific to

underlying infrastructure

Security deployed at perimeter to

reduce cost/effort of deployment at

each workload

Scales up to meet additional workload

demand

Delivered as a service by the

virtualization infrastructure

Security deployed on virtualization

host (closer to workload) through an

SVA, i.e. “Agentless”

Scales out to meet additional

workload demand (more SVAs)

SVA

Baseline

Security

Traditional Security

SDDC Security

VM

Advanced

Security

(13)

SYMANTEC VISION 2014

Assessing the Infrastructure

(14)

Assessing the Infrastructure

• Discovery and Inventory Reconciliation

• Vulnerability/Patch assessment

• Configuration Standards

Industry best practice

Customized standards for your environment

• Exception process

(15)

SYMANTEC VISION 2014

CCS Discovery and Inventory Reconciliation

• New – Network Discovery

• New – Asset Discovery

• Reconcile with CMDB

Adds Meta Data

Automatically Tag/Group

assets

(16)

CCS Vulnerability Manager: Advanced Vulnerability

Assessment & Scanning

Proactively prevents threats

Covers web applications, databases

servers and network devices

60k+ checks across 15k+ vulnerabilities

Integrated scanners identify hidden

risks

Unique risk-scoring algorithm

Web

Service

Database

OS

Your Data

(17)

SYMANTEC VISION 2014

Ongoing Assessment of IT Infrastructure & Security

Configuration: Control Compliance Suite

1. Define Standards

3. Analyze and Fix

2. Managed/Unmanaged Assets

Evaluate (agent and/or agent-less)

Automate assessment of security

configurations

Identify configuration drift

Manage exceptions efficiently

Support for based and

agent-less data gathering

Leverage best-in-class pre-packaged

content

18

(18)
(19)

SYMANTEC VISION 2014

New attack surface -

Protecting the “Control Plane”

Hardening VMware vSphere

Outside VCenter

DCS monitors and prevents

changes across the network

Infrastructure

DCS monitors and prevents

access changes on ESX Server

Inside VCenter

VSM monitors and prevents

access changes

VSM monitors and controls

VMotion functions

20

Internet

Web

Server

Email

Server

VMWare

ESX Server

Database

Server

Domain

Controller

Server

V Center

VM VM

(20)
(21)

SYMANTEC VISION 2014

Protecting “Workloads”

Securing the Guest VMs

22

On Premise

In the Cloud

VM1 VM2

SVA

APP

NON-WINDOWS

OS

APP

WINDOWS

OS

APP

OS/

ESX/ESXi

vCenter

Key Capabilities

Virtual

Cloud

Agentless Threat Protections

Event Monitoring

File Integrity Monitoring

Intrusion Detection

Host Firewall

File and Configuration Lock Down

Admin Access Control

Malware and Exploit Prevention

Device Control

Application Control & Whitelisting

Application Sandboxing

Guest

Hypervisor

Management

Server

APP

OS

Physical, virtual, or

hybrid

Physical

(22)

Data Center

Security: Server

Advanced

Transitioning Our Thinking - Introducing Data Center Security

Server & Server Advanced v6

Making Server Security Simpler

Critical System

Protection

Data Center

Security: Server

Protected

Application

White Listing

Agentless

Malware

Protection via

(23)

SYMANTEC VISION 2014

New

Symantec™ Data Center Security Offering

24

Leveraging VMware NSX™

Data Center Security: Server

Data Center Security: Server Advanced

• Hypervisor-based security virtual appliance

• Low OPEX – Fully integrated with VMware NSX

• Always On – Anywhere Protection

• Utilizing Symantec Best in Class AV and Insight Reputation

• What’s Next:

Guest Network Threat Protection

Frictionless AV Protection

• Scale up to Full Lock Down

• Wizard Driven Simplified Hardening

• Protected Application Whitelisting and Control

What’s Next:

Application Centric Protection

Integrated with “CSP”

Data Center Security Service for VMWare NSX

Security Response

Insight Reputation

Virtual Data Center

(24)

integration

VMware NSX & Service Composer

Services

VMware NSX Service Composer unifies and integrates service

insertion & consumption across NSX native and 3rd party services

(25)

SYMANTEC VISION 2014

orchestration

Symantec and VMware

Symantec

Manager

VMware

NSX

Networking

& Security

VM

VM

Endpoint Service

1. Import OVA and register AV Security Service

1

1

2. Publish new Symantec AV Security Policy Profile

2

3. Deploy AV Security Service to Cluster

SYMC SVA

3

4. Create new Security Policy (w/ AV)

4

5. Apply Security Policy to Security Group

5

6. Tag Networking & Security upon AV detection

6

Security Group

26

(26)

automation

Workflow Orchestration

VMware

Infrastructure

3

rd

Party

Security

System

Symantec

Agentless

“DCS”

Registration

Events/Actions

*VMware reassigns GVM X to group

Quarantine

*VMware restores GVM X to group

Normal

*Symantec Agentless AV (SVA) security service on

Host

detects

Malware on GVM X via

AV Detect Only

policy, and denies access

*Symantec Manager

sets

Security Tag for AV Detect

*Symantec AV SVA responds to policy change

associated with Quarantine group, and applies

AV Clean

policy to GVM X, deletes Malware on

execute, and

clears

AV Detect Security Tag

User of GVM X tries to execute Malware

GVM X assigned to Normal group with

AV Detect Only policy

Security Group-

Normal

Security Policy-

AV Detect Only

(27)

SYMANTEC VISION 2014

DCS

Server Advanced - Technologies

28

AUDITING

AND

ALERTING

Monitor file

integrity in

real-time for

compliance.

Alert

/notify

for

early response.

Lock down

configuration

settings.

Enforce

security policies.

Restrict

device access.

Enforce

back doors.

Limit

connectivity by

app.

Restrict

traffic flow.

Prevent

zero-day

attacks.

Application

Whitelisting &

De-escalate

privileges.

(i.e. Sandbox)

Restrict

behaviors.

Buffer

overflow

protection.

Intrusion Detection

Intrusion Prevention

SYSTEM

CONTROLS

NETWORK

PROTECTION

EXPLOIT

PREVENTION

(28)

Advanced Security Strategy

Inspect

System & Rate

Applications

Select

Protection

Strategy

Manage

Change

1.

Identify applications via system inspection and determine

application reputation

Provides visibility into applications running on servers

Identifies

known good

applications via Trusted Publishers,

application checksums, and/or reputation service

3.

Specify how to manage change via Trusted Updaters

Incorporates internal change processes into security policy

1

2

3

Specify

Application

Controls

4

Review

Protection

5

4.

Select Whitelisted and Blacklisted Applications

Provides a Default Deny security posture for generic servers

Override via Trusted

User/Group

and

Trusted Directories

Admins can select sandboxing controls for the OS and workload

(web servers, database servers, domain controllers)

5.

View Security Summary and Impact of Selected Controls

Identifies gaps based on the controls selected and server profile

2.

Specify a Protection Strategy

(29)

SYMANTEC VISION 2014

Data Center

Security: Server

Advanced

What’s Next? What additional security controls do you Need?

30

Data Center

Security: Server

Encryption?

Data Loss Prevention?

Additional Controls for Specific Applications?

VDI

Databases

(30)

Cloud Practices

(31)

SYMANTEC VISION 2014

(32)

Assessment & Reporting of Third Party Vendor’s IT

Security Posture

Cost-effectively scale vendor risk

management program

Leverage Shared Assessments content

Auto-calculate risk scores based on

multiple evidence sources

Tier vendors based on data risk and

business criticality

Centralized Web-based repository

Assign

vendor

tier

Initiate vendor

assessment

schedule

Collect

vendor

evidence

Route and

review

submitted

evidence

Authorize or

remediate

vendor

Continuous

vendor risk

monitoring

(33)

SYMANTEC VISION 2014

Other Sessions/Labs where you can see “DCS”

Monday May 5

Session 1403- Case Studies: Safeguarding Critical Business Data and Maintaining

Compliance in the Modern Data Center

Lab 1366- Optimize Security and Compliance Assessments with CCS

Tues May 6

Session 1518- Best Practices in Virtualization & Cloud Security with Symantec

• Session 1640- Roadmap: The Evolution of Data Center Security, Risk and Compliance

• Lab 1800- Dissecting a Cyber Attack Using a Simulation

• Lab 1380- Enhancing Data Center Security with VMware NSX

• Lab 1283: How to Use CCS to Proactively Manage Risk

Wed May 7

• Lab 1381- Enhance Asset Discovery and SCAP 1.2 Compliance for Continuous Monitoring

with CCS Standards Manager

Thur May 8

• Lab 1396- Implementing Data Center Security: Server and Server Advanced

• Lab 1800- Dissecting a Cyber Attack Using a Simulation

• Session 1641- Customer Deep Dive: Securing the Modern Data Center

34

(34)

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

[email protected]

[email protected]

(35)

Thank you!

36

YOUR FEEDBACK IS VALUABLE TO US

!

Please take a few minutes to fill out the short session survey available on

the mobile app—the survey will be available shortly after the session

ends. Watch for and complete the more extensive post-event survey that

will arrive via email a few days after the conference.

To download the app, go to

https://vision2014.quickmobile.com

or search

for Vision 2014 in the iTunes or Android stores.

References

Download now ( PDF - 35 Page - 2.58 MB )

Related documents

SaaS Security Best Practices: Minimizing Risk in the Cloud

Our SaaS security reference architecture comprises building blocks in the categories of application and data security, identity and access management, compliance and governance,

CLOUD COMPUTING, SECURITY IMPLICATIONS AND BEST PRACTICES

Since cloud computing uses distributed resources in open environment, thus it is important to provide the security and trust to share the data for developing cloud

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

When virtualizing a DMZ or any part of your infrastructure, it is important to audit the configurations of all of the components — including VirtualCenter, virtual switches,

The Streets, de Marlene Nourbese Philip: denuncia y redención de la Historia

La ratio decidendi, por último, será la siguiente: “How and why the sentence of silence was imposed” 75, es decir, que el artículo se propone elucidar de qué manera y por qué

The inter-annual variability of heat-related mortality in nine European cities (1990-2010).

The aim is to estimate inter-annual variations in the effect of heat for a fixed temperature range, on mortality in 9 European cities included in the PHASE (Public Health

Diseño y evaluación de la producción de alcohol carburante a partir de materias primas lignocelulósicas = Design and evaluation of fuel alcohol production from lignocellulosic raw materials

Sugar concentration was not a feasible operation reflecting a high production cost, but including energy cogeneration the panorama changed and the lower ethanol productions cost

Tax Digests on Remedies

credit certificate and, if it is, then what is the amount to which it is entitled. HELD: YES but it is limited to the substantiated claim. Once a corporation exercises the option

CLEAN Your HandS. A Safe and Useful Guide to Proper Hand Cleaning Techniques

Cleaning your hands, when done correctly and routinely, is one of the most effective ways to reduce the spread of infectious diseases.. It removes disease-causing germs from our