Upload File

csv-w02 open security controller -security … id: #rsac tarun viswanathan open security controller...

  • Home
  • Documents
  • CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel
17
SESSION ID: SESSION ID: #RSAC Tarun Viswanathan Open Security Controller - Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel Manish Dave Platform Architect Intel

Upload: hadiep

Post on 23-Apr-2018

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

SESSIONID:SESSIONID:

#RSAC

TarunViswanathan

OpenSecurityController- SecurityOrchestrationforOpenStack

CSV-W02

PlatformSolutionArchitectIntel

ManishDavePlatformArchitectIntel

Page 2: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

NoticesandDisclaimers

Inteltechnologies’featuresandbenefitsdependonsystemconfigurationandmayrequireenabledhardware,softwareorserviceactivation.Learnmoreatintel.com,orfromtheOEMorretailer.

Nocomputersystemcanbeabsolutelysecure.

Testsdocumentperformanceofcomponentsonaparticulartest,inspecificsystems.Differencesinhardware,software,orconfigurationwillaffectactualperformance.Consultothersourcesofinformationtoevaluateperformanceasyouconsideryourpurchase. Formorecompleteinformationaboutperformanceandbenchmarkresults,visithttp://www.intel.com/performance.

Intel,theIntellogoandothersaretrademarksofIntelCorporationintheU.S.and/orothercountries.*Othernamesandbrandsmaybeclaimedasthepropertyofothers.

©2016IntelCorporation.

Page 3: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

SDI—TheApplicationDefinestheSystem

The evolution to software-defined infrastructure

Page 4: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

EnterpriseMultiCloudSecurityChallenges

HowcanIprovideconsistentsecurityacross amulticlouddatacenterenvironment.

OpenSecurityControlleraddressesthischallenge.

Page 5: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

OpenSecurityControllerKeyDesignGoals

Centralizedsecuritypolicymanagementforamulticloudenvironment.

Page 6: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

ConceptualArchitecture

Page 7: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

OpenStack* Micro-SegmentationUseCase

Page 8: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

OSCAPIInteractionModelPoliciesUserIntentCloudAppsApplications,UserIntent,andPolicies

Nuage VSP* Midokura*, Brocade*…NSX*SDNControllers

Virtualization Layer

PhysicalInfrastructure

ComputingHardware

Storage Layer

NetworkHardware

VirtualInfraOpenStack*

VirtualCompute

VirtualStorage

VirtualNetworkVirtualizedSecurityFunctions

CPA

DPA

SecurityFunction/ElementManagersIPSManagers

NGFWManagers

ADCManagers

OpenSecurityController

ManagerPlug-ins

VNFAgentPlug-ins

Business Logic Service Dispatcher Jobs

Engine

SDNPlug-ins

VirtualizationConnectors

SecurityFunctionsCatalog

H2Database

User Interface API

GUINBRestAPI1

RestAPIWebSockets

4 RestAPIIPC5RestAPISFCPolicy

3 RestAPIImages,deployment,notifications,authentication

2

• Policyinterface• Userintent• Applicationintent

• Lifecyclemanagement

• Deploymentspecs,auto-scalingandHA

• Authentication• Imageservices• Notificationfor

events• Rolebased

accesscontrol

• TrafficredirectionAPI• SFCpolicyAPI• Advancedvisibilityfunctionality

(example6tuplevisibility)• Dynamicpolicyupdatesandmapping

• Domain/subdomainupdatesandmapping

• Controlpathagent:provisioning,de-provisioning,heartbeats,etc.

• Datapathagent:instrumentationandrealtimestatistics

Page 9: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

CustomerPoC:HealthindustryITservicesprovider

• CustomerhastoadheretoHIPAAregulatoryrequirements

• ExistingsolutionwasbasedonDCedgedevices.• Customerwantedtogettoadynamicpolicy

basedsecuritysolutionforEast-Westtrafficinspection. Commercialx86Server

CommercialSDNcontroller

(ComputeNode)RHEL7.2

(ControlNode)CommercialOpenStackNewtonDistro

OpenSecurityController

VirtualIntrusionPreventionSystem

NextGenFirewall

VirtualAppDeliveryController

Page 10: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

CustomerDeploymentArchitecture

HighLatency

East-westTraffic

Future:DynamicPolicyBasedEast-WestSecurity

X86server

vIPS vADC App

TopofRackSwitch

SecuritybetweenTenantsandTiers

LatencyGoesDown

GranularControlandScalability

SDNControllerPhysicalAppliances

Current:TopologyBasedSecurityFirewall

IntrusionPreventionSystems/IntrusionDetectionSystems

ApplicationDeliveryController

TopofRackSwitch

App App App App

X86Server

East-westTraffic

SecurityFunctionManager

SecurityController

Page 11: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

CustomerPoC:Largefinancialservicesprovider

Commercialx86Server

CommercialSDNcontroller

(ComputeNode)RHEL7.2

(ControlNode)CommercialOpenStackDistro

OpenSecurityController

NextGenFirewallVendor1

NextGenFirewallvendor2

• CustomerhastoadheretoPCIregulatoryrequirements

• CustomerwantedtogettoaRiskBasedautomatedsecuritypolicymanagementcapabilityfortheirOpenstackenvironment

Page 12: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

CustomerdeploymentWorkflow

OneTimeSetup1. OpenstackConnector

2. CreateSecurityServicesa) PolicymanagerPlugins

forNGFW1,NGFW2

3. ConfigureSecurityServices

a) DistributedApplianceb) Deployment-

Specifications

ProtectionPolicy1. DefineGlobalRiskbased

Sec-Groups

2. AllPolicymanagersdynamicallyupdated

3. Automatedtrafficredirection viaSDNPlugin

AutomatedZero-TrustSecurityNetworkflowsautomaticallyupdatedtoredirecttraffictosecurityservicechain

SecurityAdmin

Spinsworkloadupor down

Dev-Ops

Page 13: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

DEMOAutomatedSecurityServicesOrchestrationforOpenstack

Page 14: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

DemoTopology

Page 15: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

Page 16: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

Apply:RiskBasedApproach

1. Identifyworkloadwhichneedsmicrosegmentation

2. Identifysecuritycontrolstomitigaterisks(vIPS,vNGFW,vADC)

3. AutomateSecurityControlsorchestration

Page 17: CSV-W02 Open Security Controller -Security … ID: #RSAC Tarun Viswanathan Open Security Controller -Security Orchestration for OpenStack CSV-W02 Platform Solution Architect Intel

#RSAC

CalltoAction

CurrentStatusPOCwithearlyadoptercustomers/SecurityVNF’sOpenSecurityControlleravailableasOpensource~Mid2017compatiblewithfewSecurityVNFandSDNvendors

CalltoActionContactustogetengagedinthecommunity:Email:[email protected] [email protected]:www.intel.com/osc


9702 w02 ms_all

W02 bill view 2

W02 Louis I. Kahn.the.Library.at.Phillips.exeter.academy

Eng 295 w02 project-gollum

LM w02 SC performance - ninova.itu.edu.tr

W02 - Overview of Work Order Creation

W02 l03 information-communication (1)

Sleeve Cross Reference by Manufacturerrsleafspring.com/\Resources firestone\Firestone_cross-references.pdf · 1102-0080 w02-358-9902 151 1102-0083 (kw) w02-358-7092 149 1102-0082

AbusehelperFIRST10 - FIRST - Improving Security …...CSV files in supported by Python 2.5.4 csv module in default settings. You may customize the bot to: a) Retrieve CSV attachments

Key Initiative CSV Theme1 CSV Theme2 CSV Theme3 …€¦ · Hitachi Construction Machinery’s initiatives to reduce energy usage CSV Theme1 CSV Theme2 Key Initiative ... Hydraulic

245 DMR Bushing Catalogue C0G W02

Sextant 2011-W02 Web

W02 D01 LAB Computational Methods

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO

That Point of Sale is a PoS - RSA Conference · PDF fileThat Point of Sale is a PoS. HTA-W02. Senior Security Associate. Bishop Fox. Vice President – Managed Security Testing. Trustwave

Comp and cont draft 1 w02

W02 Profinet benefits workshop - Andy Williams, Siemens

Avoiding the Pitfalls of Security Testing (Static Analysis ... ID: #RSAC Abraham Kang Avoiding the Pitfalls of Security Testing (Static Analysis) Tools ASD-W02 Senior Director Telecommunications

HMIS CSV FORMAT SPECIFICATIONS - … CSV FORMAT Specifications v6.11 - September 2017 HMIS CSV FORMAT SPECIFICATIONS September 2017 U.S. Department …

Hyundai Motor Company CSR/CSV Newsletter · Hyundai Motor Company CSR/CSV Newsletter l English ... CSV Strategy HMC CSR/CSV Cases in Korea HMC CSR/CSV Cases …

Cloud Application Security Assessment, Guerrilla Style · PDF fileCloud Application Security Assessment, Guerrilla Style . CSV-F03A . ... (content and presentation) ... Testing, like

PDF Compressor...7 CSV 7 -r NST-2 MNGOOIO csvttñ(C) 1566 1565 1535 1003 1542 1548 846 1037 1583 1559 1010 1003 1790 2352 2352 810 795 [CSV . CSV 774' [CSV CSV

02-039 - Nivel Parts...LED Headlight Bezel L/H 6AR: W02-504 R/H Tail Light Assembly, Complete: 6AL W02-503: L/H Tail Light Assembly, Complete 7R: W02-514 Tail Light Bezel R/H: 7L W02-515:

w02 Tapered Beam

Genetic Algorithms W02

CSV List Import - Genesys · CSV List Import Technical Reference ... 2. Navigate to the Additional Files\CSV Lists directory on the .iso file share directory. \CSV Lists directory

617 w02 lecture_2015

Business w02 Understanding Business Environment @1

W02 natrual.form.geomtrical.logic

CSV - 2016

CSV-W02 Open Security Controller - Security Orchestration ... · User Interface API GUI 1 NB Rest API Rest API Web Sockets 4 5 Rest API IPC Rest API SFC Policy 3 Rest API Images,

CMGT500 w02 Gailbraith Ch6 With Cover Page

W02 - Initiating a Project

Text-based CSV files...Text-based CSV files CiscoUnifiedCommunicationsManagerBulkAdministration(BAT)usesdatathatisenteredina comma-separatedvalues(CSV

Dueling Banjos - Cloud vs. Enterprise Security: Using ... ID: Rich Mogull Dueling Banjos - Cloud vs. Enterprise Security: Using Automation and (Sec)DevOps NOW CSV-W02 Hoff Analyst