• No results found

Cloud and VM Based Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cloud and VM Based Security"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Cloud and VM Based

Security

(2)

Agenda

2

Private Cloud Security

3

Public Cloud Security

4

Summary

(3)

On-Premise

Legacy Datacenter

Off-Premise

Web Hosting

Virtualization

Private Cloud

SaaS

Hybrid Cloud

Public Cloud

E

ff

ici

e

n

cy

(4)

Agenda

1

Market Landscape

3

Public Cloud Security

4

Summary

2

Private Cloud Security

• VLAN Sprawl problem

• Secure Dynamic Cloud

(5)

Private Cloud

Cost Reduction

Shrinking 1,000 servers that use 100K watts into 100 servers that uses 10K watts

IT as a Service

(6)

Moving to Private Cloud

Legacy Datacenter

Corpnet

DMZ

Extranet

1:10

Security Zone

(VLANs) per Server

(7)

Moving to Private Cloud

Application Virtualization

Corpnet

DMZ

Extranet

1:1

Security Zone

(VLANs) per Server

(8)

Moving to Private Cloud

Networks Virtualization

Corpnet

DMZ

Extranet

5:1

Security Zone

(VLANs) per Server

(9)

Moving to Private Cloud

Datacenter Consolidation

Corpnet

DMZ

Extranet

20:1

Security Zone

(VLANs) per Server

(10)

The VLANs Sprawl Problem

Cheap and

easy to add

applications

Everyone wants

more VMs

VMs Sprawl

How to secure?

More VLANs to

segment VMs

(11)

Private Cloud - Security Needs

Inspect traffic between

Virtual Machines (VMs)

Secure new Virtual Machines

automatically

(12)

Inspect traffic between

Virtual Machines (VMs)

Secure new Virtual Machines

automatically

Protection from external threats

Hypervisor

VM

VM

VM

(13)

Private Cloud - Security Needs

Inspect traffic between

Virtual Machines (VMs)

Secure new Virtual Machines

automatically

Protection from external threats

(14)

Check Point Virtual Edition R75.20

Unified Management for

Physical and Virtual

Best Virtual Security Gateway

Securing the Virtual Machines

Check Point Secures the Private Cloud

Check Point

Security Gateway

(15)

Secure the Virtual Infrastructure

Protects Virtual Machines

Hypervisor security

Certified by VMWare

Audit virtualization system

VM

VM

VE

(16)

Virtual Edition Features

Hypervisor

All Software Blades

Flexible Security

Best Security

All Software Blades

Flexible Security

Best Security

VM

VM

VE

Hypervisor Connector

Check Point Software Blades

Firewall

Anti-Virus

IPS

URL

(17)

Virtual Edition Features

Inspecting Inter-VM Traffic

VMs Protection

VMs Protection

Securing New VMs

Automatically

Secure Dynamic

Environment

All Software Blades

Flexible Security

Best Security

(18)

Virtual Edition Features

Hypervisor

VM

VM

VE

Hypervisor Connector

All Software Blades

Flexible security

Best Security

All Software Blades

Flexible security

Best Security

VMs Protection

VMs Protection

Securing New VMs

Automatically

Secure Dynamic

(19)

Virtual Edition Features

Virtualize the Management

Same management for

Physical and Virtual

Virtualize the Management

Unified Management

Unified Management

All Software Blades

Flexible security

Best Security

All Software Blades

Flexible security

Best Security

VMs Protection

VMs Protection

Securing New VMs

Automatically

Secure Dynamic

(20)

Virtual Edition Features

Hypervisor

VM

Hypervisor Connector

VM

Virtualize the Management

Same management for

Physical and Virtual

Virtualize the Management

Unified Management

Unified Management

All Software Blades

Flexible security

Best Security

All Software Blades

Flexible security

Best Security

VMs Protection

VMs Protection

Securing New VMs

Automatically

Secure Dynamic

(21)



Define a secure policy using Machines and Users identity

Secure Dynamic Virtualized Environment

Using Identity Based Policy



Update identity-based policy from the Active Directory

From

To

Service

Action

192.134.12.12

176.12.34.23

SQL

Allow

From

To

Service

Action

Database

Admins Group

Virtual SQL

Servers Group

SQL

Allow

(22)

Agenda

1

Market Landscape

2

Private Cloud Security

4

Summary

3

Public Cloud Security

(23)
(24)

Public Cloud in 2011

Few Global Clouds

(25)

Secure

connection to the

Cloud

Security of the

Cloud

Cloud Providers – Security Needs

Multi-tenancy: Servicing Multiple Customers

From the Same Environment

(26)

Agenda

1

Market Landscape

2

Private Cloud Security

3

Public Cloud Security

4

Summary

(27)

Virtualized Security Scenarios

Securing the Virtual Environment

Use the new

Virtualization Software Blade

to apply

granular Firewall and IPC policy on traffic between

virtual machines.

Hypervisor

Hypervisor Connector

VE

Office in a Box

Use the

Security Gateway VE

with FW, IPS, VPN

and any other software blade to secure your office

networks and assets

VE

Hypervisor

Enterprise Security Gateways

(28)

Cloud Security – Best Practices

Use Firewall to segment between Virtual Machines

Use IPS to secure VMs from External and Internal threats

Let the same security Admin manage both physical and

virtual policy from a single console

Log and audit all Virtualization events and VM traffic

Ensure full security with zero downtown-time during

(29)

Summary

Check Point Pioneers the Cloud Security

Virtual Security Gateway For Multi-Tenant

Cloud Environments

References

Download now ( PDF - 29 Page - 4.27 MB )

Related documents

SOFTWARE-DEFINED STORAGE IN ACTION. What s new in SANsymphony-V v10

Beispiel: 2-Node Virtual SAN VM Cache Disk Flash SANsymphony-V OS/ Hypervisor VM VM Cache Disk Flash SANsymphony-V OS/ Hypervisor VM Mirror  DataCore präsentiert

Literature. I can read, understand, and discuss the fiction stories I read.

RI.7.4 □ I can figure out the meanings of words and phrases in a piece of informational text by thinking about how they are used.. RI.7.4 □ I can analyze the author’s word choice

Service and Filling Instructions for ABC Stored Pressure Type Fire Extinguishers

Service and Filling Instructions for ABC Stored Pressure Type Fire Extinguishers1. Figure 1: Dismantled 6kg Powder Cartridge Operated

Compensation of carbon sequestration in forests : theory and practical applications

The well-established univariate optimal rotation model (Faustmann 1894, Samuelson 1976) with a net carbon subsidy (van Kooten et al. 1995) is used to evaluate the

Crisis and protection in the automotive industry : a global value chain perspective

When fuel prices spiked in the summer of 2007, the reduction in resale value for low-mileage vehicles was immediate.. In the United States, this industry structure was even

Michael Kagan.

“Cloud” services VM VM VM VM VM VM Hypervisor – disaggregation Physical Server VM Hypervisor – aggregation Ser ver Ser ver Ser ver Ser ver Ser ver Virtual Server.. EDC Verticals

OUR MISSION IS TO PROTECT EVERYONE FROM CYBERCRIME

KASPERSKY SECURITY FOR VIRTUALIZATION- AGENTLESS * FILE PROTECTION vCenter Server vShield Manager Kaspersky Security Center VM VM VM VM Tools with vShield API VM Tools with

Tutorial on Managing z/vm through the xcat-ui. Thang Pham Version 0.2 July 1, 2013

You can use this dialog to add a z/VM hypervisor or z/VM virtual machine into xCAT. Note that if you.. decide to add a z/VM hypervisor, you need to first add the zHCP that will