Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
#SymVisionEmea
The Evolution of Data Center Security, Risk and Compliance
Taha Karim / Patrice Payen
SYMANTEC VISION SYMPOSIUM 2014
The Adoption Curve Virtualization is being stalled due to concerns around Security and Compliance
The Evolution of Data Center Security, Risk and Compliance 5
security is here
adoption is here
this is a problem
SYMANTEC VISION SYMPOSIUM 2014
The Vision
6
Drivers
Cost
Speed
Flexibility
Inhibitors
Security Cost
Compliance
Complexity
The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC.
Dat
a C
ente
r Se
curi
ty
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources So
ftw
are-
Def
ined
Dat
a C
ente
r Applications and Policies
Au
tom
atio
n a
nd
Man
agem
ent
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
Dat
a C
ente
r Se
curi
ty
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are-
Def
ined
Dat
a C
ente
r Applications and Policies
Au
tom
atio
n a
nd
Man
agem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
Compute and Storage Virtualization…
7
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs dynamic, application-centric security.
1. Drive down hardware and power costs
2. Abstract workload from
hardware
3. Provision and monitor services
Hypervisor
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
Little “v”- Virtualization
Consolidation of Identical Apps
The Evolution of Data Center Security, Risk and Compliance 8
Driver: Reduce Hardware and Power Costs Security Concerns: New Threat Surfaces
• Cloud Admin • Hypervisor • Management Plane
Network Security Zones remain unchanged
Hypervisor
SYMANTEC VISION SYMPOSIUM 2014
Big “V”- Virtualization
Full Abstraction of Application from Hardware
The Evolution of Data Center Security, Risk and Compliance 9
Driver: Agility, Speed , and Utilization Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede
value
App A App A App A App B App B
Server A Server B Server C Server D
SYMANTEC VISION SYMPOSIUM 2014
Dat
a C
ente
r Se
curi
ty
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are-
Def
ined
Dat
a C
ente
r Applications and Policies
Au
tom
atio
n a
nd
Man
agem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
Network Virtualization
10
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs dynamic, application-centric security.
1. Agility and Speed
2. Abstract workload from
hardware
3. Drive down hardware costs
SDN
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
Small “sdn”- Software Defined Networking
Mimic hardware security zones with software
The Evolution of Data Center Security, Risk and Compliance 11
DMZ PCI HIPAA
Driver: Agility, Speed Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede
value
SYMANTEC VISION SYMPOSIUM 2014
Big “SDN”- Software Defined Networking
Micro Segmentation by Application
The Evolution of Data Center Security, Risk and Compliance 12
Software Defined Networks
Sharepoint Order Processing HR Onboarding
Driver: Agility, Speed Security Impacts: Motioning • Firewall rules follows application Network Security Zones • Large number of security zones • No need to group apps by zones
SYMANTEC VISION SYMPOSIUM 2014
#SymVisionEmea
The Growing Security Challenge
The Evolution of Data Center Security, Risk and Compliance 13
SYMANTEC VISION SYMPOSIUM 2014
Dat
a C
ente
r Se
curi
ty
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are-
Def
ined
Dat
a C
ente
r Applications and Policies
Au
tom
atio
n a
nd
Man
agem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
Benefits of Virtualization
14
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs dynamic, application-centric security.
VM
1. Centrally apply and attach policies to workloads
2. Automate workflows across
services
3. Provision and monitor services
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014 15
What customers are still concerned about…
VM
1. Centrally apply and attach policies to workloads
2. Automate workflows across
services
3. Provision and monitor services
✓ • Threats– how do I continuously combine updated threat and vulnerability intelligence with workload context to optimize security response?
• Security Consistency – how do I ensure consistent security across my virtual and physical infrastructure so I can move workloads from to physical to virtual.
• Compliance – how do I make sure adequate controls are in place at all times to ensure and demonstrate regulatory compliance?
• Policy – how do I make sure I have the right menu of policies available for orchestration and how do I continuously adapt these across multiple products in response to the changing threat environment?
• Segregation of Duties – how do I ensure the integrity of my data center security in the face of converging admin roles?
• Security Tax – how do I optimize security to minimize the performance and operational cost to my data center?
?
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
#SymVisionEmea
Symantec Data Center Security
The Evolution of Data Center Security, Risk and Compliance 16
SYMANTEC VISION SYMPOSIUM 2014
Symantec SDDC vision
17
Embed Security into the platform 1
Integrate across point technologies 2 Automate and
orchestrate security 3
Security Orchestration Platform
Serv
er S
ecu
rity
Un
ifie
d
Ass
essm
ent
Dat
e St
ore
Se
curi
ty
VD
I Sec
uri
ty
The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
Embed security into the platform
18
• Integration with SDN/SDDC Platform
• Security via the Hypervisor
• Frictionless agents to deploy higher controls
Integrate across point technologies
• Bring together multiple controls into a single offering
• Integrate across policy and deployment
• Easily allow security to “scale up” based on the policy of the workload
VSM PGP
DLP
Threat Protection
Hypervisor Hardening/SOD
Encryption
Data Protection
Data Store Security
DSS
UA PAN
CSP/ SEP
CSP
Server Hardening
The Evolution of Data Center Security, Risk and Compliance
1 2
SYMANTEC VISION SYMPOSIUM 2014
Automate and Orchestrate Security
• Automate key processes to ensure workloads stay secure - Deployment and
Provisioning - Updating security baselines
to respond to external threats
- Implementing new security profiles as workloads change
- Remediating workloads through their lifecycle
• Ongoing validation and continuous monitoring
SDN/SDDC Platform
Software Defined Security Service
Server Security
Data Store Security
Firewall
The Evolution of Data Center Security, Risk and Compliance 19
3
SYMANTEC VISION SYMPOSIUM 2014
SDDC Security Workflow Orchestration Sample
The Evolution of Data Center Security, Risk and Compliance 20
SYMANTEC VISION SYMPOSIUM 2014
How Does Symantec and Vmware NSX Work
The Evolution of Data Center Security, Risk and Compliance 21
SYMANTEC VISION SYMPOSIUM 2014
Symantec Data Center Security (DCS): Server/Server Advanced
DCS: Server Advanced offers security and compliance capabilities in a single agent, as well as “agentless” AV for VMware infrastructures
Security
• Definition-less host-based security solution, i.e. policy-based
• Network protection capabilities
• Administrator/root de-escalation
• Registry lock-down
• Application sandboxing
• NEW Agentless anti-malware capability for VMWare NSX enabled systems
Compliance
• File integrity monitoring
• Registry monitoring
• Event log monitoring
• Failed/successful login monitoring
• Privilege escalation monitoring
22 The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
#SymVisionEmea
Demo and Case Studies
The Evolution of Data Center Security, Risk and Compliance 23
SYMANTEC VISION SYMPOSIUM 2014
Symantec Data Center Security
The Evolution of Data Center Security, Risk and Compliance 24
SYMANTEC VISION SYMPOSIUM 2014
Case Study #1 – Domain Controller Lockdown Vertical – Financial Industry
The Evolution of Data Center Security, Risk and Compliance 25
• A breach of the company’s domain controllers caused them to rebuild their entire AD environment (750+ DCs).
• To prevent their new environment from being re-compromised, DCS:SA was to be utilized in a full lockdown scenario.
Compelling Event/Challenge
• Cut-over to rebuilt environment occurred on schedule with no complications.
• All known indicators of compromise were successfully blocked by the policy.
Results
• Deployed agent to all domain controllers in less than 2 weeks.
• Created VERY restrictive white-list policy over the course of 2 months.
• Integrated DCS:SA events with third party SIEM solution for alerting/analysis.
Actions
SYMANTEC VISION SYMPOSIUM 2014
Case Study #2 – Active Breach Response Vertical – Government/Manufacturing
The Evolution of Data Center Security, Risk and Compliance 26
• Organization notified that traffic originating from them was terminating in China.
• Company was already in the process of deploying DCS:SA for monitoring capabilities.
• Company needed a way to immediately terminate the malicious activity without jeopardizing functional aspect of the compromised systems.
Compelling Event/Challenge
• Company was able to affirmatively block all malicious activity.
• Company now looking to proactively lock down DCs and other critical applications to prevent further breaches.
Results
• Completed deployment of agent to in-scope systems.
• Developed targeted prevention policy to block only malicious activity.
Actions
SYMANTEC VISION SYMPOSIUM 2014
Case Study #3 – Legacy OS Lockdown Vertical – Retail - SCADA
The Evolution of Data Center Security, Risk and Compliance 27
• A company received a audit notification due to failure to patch operating systems.
• Operating system had been “end-of-life’d” by manufacturer, but application was not supported on newer versions of OS.
Compelling Event/Challenge
• Auditors accepted DCSS as configured as a valid compensating control for audit item.
• Organization was able to continue running application on protected OS.
Results
• Deployed agent to legacy OS systems.
• Created strict white-list policy to fully lock down OS on in-scope systems.
• Configured detection policy for FIM, failed login, and successful login monitoring.
• Integrated with 3rd party SIEM for correlation and alerting.
Actions
SYMANTEC VISION SYMPOSIUM 2014
#SymVisionEmea
Product Strategy and Roadmap
The Evolution of Data Center Security, Risk and Compliance 28
SYMANTEC VISION SYMPOSIUM 2014
“Any information regarding pre-release Symantec
offerings, future updates or other planned
modifications is subject to ongoing evaluation by
Symantec and therefore subject to change. This
information is provided without warranty of any kind,
express or implied. Customers who purchase Symantec
offerings should make their purchase decision based
upon features that are currently available.”
29 The Evolution of Data Center Security, Risk and Compliance
SYMANTEC VISION SYMPOSIUM 2014
Protecting the DC at each layer …
30 The Evolution of Data Center Security, Risk and Compliance
Infrastructure Protection • Backplane Hardening • SDN Integration
3 Information Protection Focus Designed for key applications in the data center
Application/Data Plane
Data Store Security
2 Workload
Threat Protection Focus Workload Server Centric
Server Security
VDI Security
Security Orchestration Platform •Operations Director •Security Service •Assessment / Discovery
1 Infrastructure
VM Backplane vCenter (Management) AWS Infrastructure Software Defined Networks
SVA SVA
SYMANTEC VISION SYMPOSIUM 2014
Data Center Security : Server The first of the ‘new offerings’ to ship from Symantec!
The Evolution of Data Center Security, Risk and Compliance 31
Symantec™ Data Center Security: Server
• Hypervisor-based security virtual appliance
• Low OPEX – Fully integrated with VMware NSX
• Always On – Anywhere Protection
• Utilizing Symantec Best in Class AV and Insight Reputation
• What’s Next: Guest Network Threat Protection
Frictionless AV Protection
• Scale up to Full Lock Down
• Wizard Driven Simplified Hardening
• Protected Application Whitelisting and Control
• What’s Next: Application Centric Protection
Integrated with “CSP”
Data Center Security Service for VMWare NSX
Security Response Insight Reputation
Virtual Data Center
SYMANTEC VISION SYMPOSIUM 2014
Data Center Security : Data Store
32
Symantec™ Data Center Security: DataStore
• Threat Protection -Content Filtering
• DLP Integration
• Data Insight – Encryption
• Unified Policy and Administration
Unified Protection
• Messaging (Exchange)
• NAS – Filers
• NetApp
• SharePoint
• Cloud Apps
Across Critical Applications & Data
DSS Deployed across Virtual & Cloud
Security Response Insight Reputation
The Evolution of Data Center Security, Risk and Compliance
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
#SymVisionEmea
The Evolution of Data Center Security, Risk and Compliance 33