@NTXISSA #NTXISSACSC3

Critical Criteria For (Cloud)

Workload Security

Steve Armendariz

Enterprise Sales Director

CloudPassage

October 3, 2015

@NTXISSA #NTXISSACSC3

Does anyone remember when server security was EASY?

NTX ISSA Cyber Security Conference – October 2-3, 2015 2

@NTXISSA #NTXISSACSC3

Ti es ha e ha ged…!

NTX ISSA Cyber Security Conference – October 2-3, 2015 3

@NTXISSA #NTXISSACSC3NTX ISSA Cyber Security Conference – October 2-3, 2015 4

Classic Data Center Architecture

@NTXISSA #NTXISSACSC3

Act 1 - Tenants of Traditional Server Security

NTX ISSA Cyber Security Conference – October 2-3, 2015 5

• Servers in a trusted network

• Segmentation for added protection

• Anti-malware (virus) for all servers,

added security capability for critical

servers

• Security had time to plan, test &

deploy for each new application

• Provisioned with plentiful overhead

“er ers ie ed as i est e ts

@NTXISSA #NTXISSACSC3

Act 2 - Server Virtualization – A New Dawn

• Economic benefit to adoption

• Combatting data center sprawl

• Physical servers more powerful

• Pressure applied on Security to be:

• Faster

• More efficient

• More accurate

• Traditional tools proved adequate

NTX ISSA Cyber Security Conference – October 2-3, 2015 6

@NTXISSA #NTXISSACSC3

Virtualization Impacts Traditional Security

• Servers in a trusted network

• Segmentation for added protection (shared hardware = segmentation challenges)

• Anti-malware (virus) for all servers, added security products for critical servers (difficult given VM density, overhead impact and licensing)

• Security had time to test & deploy for each new application (policies and images became more powerful)

• Provision with plentiful overhead (at odds with VM density)

NTX ISSA Cyber Security Conference – October 2-3, 2015 7

@NTXISSA #NTXISSACSC3

Act 3 - Server Workloads - The Next Wave

• Utility Computing• Cloud servers or Cloud server workloads in the data center, public cloud,

private cloud or any combination

• These server workloads are:• On-demand, Elastic and Agile

• Cloned, Orchestrated and Automated

• Often short-lived

• Ca e o tai ers (i.e. Do ker)

• Possibly never patched

• Part of an overall movement of deploying and updating faster (DevOps)

NTX ISSA Cyber Security Conference – October 2-3, 2015 8

@NTXISSA #NTXISSACSC3

Critical Server Instances

Data Center Architecture Changes

NTX ISSA Cyber Security Conference – October 2-3, 2015 9

Non-Critical Server Instances

- Anti-Malware

Semi-critical

Server Instances

On-server security:

- Anti-Malware

- Vulnerability Scan

Critical

Server Instances

On-server security:

- Anti-Malware

- Vulnerability Scan

- Config. Monitor

- HIPS/HIDS

- FIM

Internet

Data CenterPublic Cloud

Some Semi-critical

Server Instances

On-server security:

- Anti-Malware

- Vulnerability Scan

@NTXISSA #NTXISSACSC3

Server Workloads Break Security

• Servers in a trusted network (Cloud viewed as non-trusted)

• Segmentation for added protection (shared hardware = segmentation challenges)

• Anti-malware (virus) for all servers, added security products for critical servers (difficult given VM density, overhead impact and licensing)

• Security had time to test & deploy for each new application (Security must move faster often with little lead time)

• Provision with plentiful overhead (at odds with VM density)

NTX ISSA Cyber Security Conference – October 2-3, 2015 10

Servers viewed as

appli atio uildi g lo ks

@NTXISSA #NTXISSACSC3

• Pu li Cloud ser ers o ly a essi le fro i side the data e ter’s trusted network

• Positioned by many cloud providers to resolve Te a t #1• “er ers i a trusted et ork…

• Issues

• Can be cost prohibitive

• May impact performance

• Does not mitigate security issues

NTX ISSA Cyber Security Conference – October 2-3, 2015 11

Cloud VPC = Bringing The Trusted Network Back?

@NTXISSA #NTXISSACSC3

Are Data Center Networks Really

Secure?

NTX ISSA Cyber Security Conference – October 2-3, 2015 12

@NTXISSA #NTXISSACSC3

Workload Security – The New Tenants

• Embrace the “Workload as an Application Building Block” philosophy

• Take advantage of automation and orchestration

• Small footprints matter

• Minimize staff overhead

• Total visibility

• Limit server communication

• Integrate versus manage stand-alone

NTX ISSA Cyber Security Conference – October 2-3, 2015 13

@NTXISSA #NTXISSACSC3

The Basics Still Apply

• Use server (host) firewalls

• Reduce attack surface

• Manage East-West traffic

• Require multi-factor authentication

for server logins

• Monitor configurations for drift• Discover & address vulnerabilities

• Monitor system file integrity

• Monitor security logs

Dump anti-malware (if you can)

NTX ISSA Cyber Security Conference – October 2-3, 2015 14

Radical Thought!!!!

@NTXISSA #NTXISSACSC3

Approaches to Workload Security

• Do it manually with multiple security tools

• Too time consuming

• Many consoles, difficult integration

• Use orchestration tools with multiple security tools

• Many consoles, difficult integration

• Set of security tools can consume more resources than what

they’re prote ti g• Use CloudPassage® Halo®

NTX ISSA Cyber Security Conference – October 2-3, 2015 15

@NTXISSA #NTXISSACSC3

CloudPassage Halo: Instant Layered Security

for Every Server Workload

• One tool providing 8 layers of

visibility & enforcement

• Using less compute resources

than a single-layer point

product

• Highly auto ated; set and

forget se urity• Add to gold images, protects

servers at instantiation

NTX ISSA Cyber Security Conference – October 2-3, 2015 16

@NTXISSA #NTXISSACSC3

CloudPassage Halo

• A Security Orchestration Framework• Integrated and layered security

• Automated into your workflow

• Visibility• See vulnerabilities, configuration

errors, file integrity, access – no matter where the workload is

• Apply controls – even quarantine workloads

• Compliance• Drive automation to audits

• Continuous vs. point-in-time

NTX ISSA Cyber Security Conference – October 2-3, 2015 17

@NTXISSA #NTXISSACSC3

CloudPassage Halo Architecture

NTX ISSA Cyber Security Conference – October 2-3, 2015 18

@NTXISSA #NTXISSACSC3

Questions

NTX ISSA Cyber Security Conference – October 2-3, 2015 19

@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3

The Collin College Engineering Department

Collin College Student Chapter of the North Texas ISSA

North Texas ISSA (Information Systems Security Association)

NTX ISSA Cyber Security Conference – October 2-3, 2015 20

Thank you