net3389bus integrating threat defense lifecycle or ... · integrating threat defense lifecycle...
TRANSCRIPT
Amit Chakrabarty Jeremiah Cornelius
NET3389BUS
#VMworld #NET3389BUS
Integrating Threat Defense Lifecycle Security Services with VMware NSX
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
3
1 NSX at the heart of VMware cloud vision
2 Threat Defense Terrain
3 McAfee Cloud Security
#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Intel ConfidentialMcAfee Confidential
The information contained in this document is for informational purposes only and should not be deemed an offer by Intel Security or create an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.
Disclaimer
VMworld 2017 Content: Not fo
r publication or distri
bution
Forecast ahead: Growing clouds on the horizon
This can feel like an
incredible opportunity.
To get there, partner
technologies need to
be ready.
Analysts predict increasing
cloud adoption
Speed is the new currency
Public cloud market by
2020, up from $146B in
2017 – Forrester *1
Projected growth for
IaaS market in 2017,
the highest for cloud
services – Gartner *2
of organizations
committed to hybrid
architectures by 2018
– IDC *3
$236B 37% 80%
1. “The Public Cloud Services Market Will Grow Rapidly To $236 Billion in 2020”. Forrester. September 1, 2016.
2. “http://www.gartner.com/newsroom/id/3616417
3. “Enterprise Adoption Driving Strong Growth of Public Cloud Infrastructure as a Service, According to IDC.” Press release. IDC. July 14, 2016. #NET3389BUS CONFIDENTIAL 5
VMworld 2017 Content: Not fo
r publication or distri
bution
PUBLICCLOUD WORLD
BENEFITS
PRIVATECLOUD WORLD
BENEFITS
Your teams, tools & skills investments
Fine-tuned to run your applications
Governed by you
Consumption economics
Unique services
Scale and reach
NOT ALWAYS, AND
NOT EASILY.
Operational Consistency
Existing Skillsets & Tools
Control,Manage, Secure
Enterprise-class App SLA
Compatibilitywith Apps
CAN REQUIREMENTS BE MET ACROSS BOTH WORLDS?
#NET3389BUS CONFIDENTIAL 6
VMworld 2017 Content: Not fo
r publication or distri
bution
Providing Operational Consistency, while Leveraging Existing Skill-Sets and Tools Across Their IT Environment
#NET3389BUS CONFIDENTIAL 7
Operational Consistency
Existing Skillsets & Tools
Control,Manage, Secure
Enterprise-class App SLA
Compatibilitywith Apps
VMworld 2017 Content: Not fo
r publication or distri
bution
We are Bringing our Leading Capabilities Together to Deliver a Truly Compelling and Differentiated Solution
#NET3389BUS CONFIDENTIAL 8
Chasm
• Leading compute, storage and network
virtualization capabilities
• Support for broad range of workloads
• De-facto standard for the enterprise DC
• Flexible consumption economics
• Broadest set of cloud services
• Global scale and reach
Jointly engineered solution delivers the best of VMware and AWS for customers
+
VMworld 2017 Content: Not fo
r publication or distri
bution
Making the Hybrid Cloud Real
#NET3389BUS CONFIDENTIAL 9
Extend Cloud Foundation into the public cloud and consume as a service
vSphere NSXvSAN
9
Delivered as a service
VMware Cloud
Foundation
YOUR INFRASTRUCTURE:
OwnedOTHERS’ INFRASTRUCTURE:
Operated
Private cloud Public cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
…Enabling Powerful Hybrid Use-Cases
#NET3389BUS CONFIDENTIAL 10
Scenario 1:
Maintain and Expand
ExpandMaintain
Regional
Capacity
Disaster
Recovery
Scenario 2:
Consolidate and Migrate
MigrateConsolidate
Data Center
Consolidation
Application
Migration
Scenario 3:
Workload Flexibility
Dev/Test
Burst
Capacity
Flex as needed
Customer Can Decide Strategically across On-Prem DC and Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
Unmatched Flexibility & Choice for “Business First”
#NET3389BUS CONFIDENTIAL 11
Cloud infrastructure
Sales and Operations
Location VMware Data
CentersAWS Global Regions IBM Data Centers
VMware Cloud Foundation
VMware Operated VMware Operated IBM Operated
vCloud Air Cloud on AWS
Introducing
vCAN Partner Data
Centers
vCAN Partner
Operated
VMware SDDC
Access to hybrid IT services like Hybrid Cloud
Manager, Advanced Networking and DR
Services
Access to AWS Services like S3, Redshift,
CloudFront
Access to IBM Managed Services, 30 data center
locations
Access to over 4,000 service provider partners in 100+ countries to meet data sovereignty needs
Cloud Management
vRealize Suite
VMworld 2017 Content: Not fo
r publication or distri
bution
APP
The goals haven’t changed…
Focus on the app
Security of applications and data
Speed of delivery
Application availability
…but everything else has
Changes in threats landscapeAttack Sophistication | Persistent Threats | Weaponization of Cyberspace
Changes in application architecturesContainerization | Microservices | PaaS
Changes to infrastructureConvergence | Private Cloud | Public Cloud
#NET3389BUS CONFIDENTIAL 12
VMworld 2017 Content: Not fo
r publication or distri
bution
What’s the Big Deal in the Datacenter?
#NET3389BUS CONFIDENTIAL 13
VMworld 2017 Content: Not fo
r publication or distri
bution
What’s the Big Deal in the Datacenter?
14#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
What Do We Need?
Visibility ExtensibilityControl
Common Policy
Lifecycle Management and Automation
#NET3389BUS CONFIDENTIAL 15
VMworld 2017 Content: Not fo
r publication or distri
bution
APP APPAPP APPSERVICES
Step 1. Gain Visibility
#NET3389BUS CONFIDENTIAL 16
APP APPAPP APP
APP APPAPP APP
OTHERSERVICESSHARED
SERVICES
APP APPAPP APP
APP APPAPP APP OTHER
VMworld 2017 Content: Not fo
r publication or distri
bution
APP APPAPP APPSERVICES
Step 2. Deploy Granular Controls
#NET3389BUS CONFIDENTIAL 17
APP APPAPP APP
APP APPAPP APP
OTHERSERVICESSHARED
SERVICES
APP APPAPP APP
APP APPAPP APP OTHER
VMworld 2017 Content: Not fo
r publication or distri
bution
Step 3. Insert Best-of-breed Services
#NET3389BUS CONFIDENTIAL 18
OTHER
APP APPAPP APP OTHER
AV IPS NGFW
AV IPS NGFW
AV IPS NGFW
AV IPS NGFW
SERVICESSERVICESSHARED
SERVICES
AV IPS NGFW
VMworld 2017 Content: Not fo
r publication or distri
bution
What Is a Software-Defined Data Center (SDDC)?
19
Hardware
Software
Data center virtualization layer
Pooled compute, network, and storage capacity
Vendor independent, best price/performance/service
Simplified configuration and management
Intelligence in software
Operational model of VM for data center
Automated provisioning and configuration
#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Provides
#NET3389BUS CONFIDENTIAL 20
A faithful reproduction of network and security services in software
Management APIs, UI
Switching Routing
Firewalling
Loadbalancing
VPN
Connectivity to physical networks
Policies, groups, tags
Data security Activity monitoring
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX
NSX Security Platform
#NET3389BUS CONFIDENTIAL 21
Visibility
Datacenter, application
and host
Extensibility
Enhanced capabilities
through integration with
best-of-breed partners
Control
Context-driven policy
definition and
enforcement
Common Policy
Lifecycle Management and Automation
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Value Proposition
Network virtualization is at the core of the software-defined data center approach
Network, storage, compute
Virtualization layer
#NET3389BUS CONFIDENTIAL 10
VMworld 2017 Content: Not fo
r publication or distri
bution
Network and security services now in the hypervisor
Switching
Routing Firewalling/ACLs
Load balancing
High throughput rates
East-west firewalling
Native platform capability
The Next-generation Networking Model
11#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Value Proposition
Network, storage, compute
Virtualization layer
“Network platform”
Virtual networks
12#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX
NSX Security Platform
Visibility
Datacenter, application
and host
Extensibility
Enhanced capabilities
through integration with
best-of-breed partners
Control
Context-driven policy
definition and
enforcement
Common Policy
Lifecycle Management and AutomationBack to extensibility and service insertion
#NET3389BUS CONFIDENTIAL 25
VMworld 2017 Content: Not fo
r publication or distri
bution
Network Introspection: Packet Flow
Hypervisor
Virtual Switch
• NSX Firewall installs a dvFilter on Guest
VM vNIC
• Packet emerging from Guest VM is
redirected to Service VM
• Service VM inspects packet and applies
Security Policy
• Packet is forwarded to the virtual switch
• Rules to re-direct traffic Service VM are
configured in NSX
• Partner Service VM is deployed and
connected to NSX Firewall
NSX Distributed FirewallFilter
Re-direct
#NET3389BUS CONFIDENTIAL 26
VMworld 2017 Content: Not fo
r publication or distri
bution
Advanced Security for High Risk Applications
• Advanced security based on
risk/compliance requirements
• Grouping based on network
constructs/vCenter/NSX
objects
• Automated policy application
based for new workloads
• Granular redirection policy
based on multiple parameters
• Redirect “Confidential” and
Web Server traffic
Tier 2:
Internal
Tier 1:
ConfidentialTier 3:
Public
Tier 4:
Non-Prod.
Web Server
App Server
DB Server
SRC DST Servic
e
Action
ANY TIER
1
ANY Redirect
TIER1 ANY ANY Redirect
SRC DST Servic
e
Action
ANY WEB-
Server
ANY Redirect
Web-
Server
ANY ANY Redirect
#NET3389BUS CONFIDENTIAL 27
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Guest Introspection Strikes Balance between Context and Isolation
28
UbiquityIsolation Context
Ecosystem of
Distributed Services
Core Services Built Into
Hypervisor Kernel
better security
through
insight
fine-grained
containment
Switching Routing Firewalling
#NET3389BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Intel ConfidentialMcAfee Confidential
Legacy Data Center to Virtual + Cloud
Connected World
29
VMworld 2017 Content: Not fo
r publication or distri
bution
Intel ConfidentialMcAfee Confidential
Threat Landscape – Crime & War
FBI reports that “hackers linked to Anonymous accessed and stole
sensitive US government information”
Anthem Health hacked for ~80 million names, birthdays, social
security numbers, street addresses, …
30
Hacking and Influence in the U.S. Election
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
McAfee Confidential
Data Center and Cloud Defense
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Current Threat Landscape Realities
Time to Recover
Months -Weeks
Time to Discover
Years - Months
$$$ Catastrophic
Impact $$$
Overwhelmed
Security Teams
Minimal
Adversarial Effort
Time to Compromise
Minutes
32
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Business and Security Outcomes
Time to Recover
Minutes
Time to Discover
Hours
$ Minimized
Impact $
Optimized
Security Teams
Significant
Adversarial Effort
Time to Compromise
Months
33
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Top 3 Concerns for Securing Hybrid Infrastructures
How do I detect breaches including advanced targeted
attacks?
How do I gain visibility into all workloads
including off-premises?
How can I solve the overall complexity and
efficiency issue?
Security is now a boardroom discussion
CIOs and CISOs are getting more scrutiny from the C-suite
34
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
McAfee Confidential
Visibilty
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL 36
Challenge
Visibility into all workloads, on-premises & off-premises
Desired Outcome
Security visibility across
physical & virtual
infrastructure, on-premises
& off-premises
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Comprehensive Visibility
37
Source: Verizon 2015 Data Breach Investigations Report
McAfee provides VISIBILITY of security posture for hybrid cloud infrastructures
Across private and public clouds
Across local and global threat intelligence
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Reality of Shadow IT
38
Source: Cloud Adoption Practices & Priorities Survey, January 2015
>82%Of companies don’t know scope of shadow IT at their organization1
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Automatically discover your virtual & physical machines
Show location of virtual machines
▪ Cloud Workload Discovery for Amazon Web Services (AWS), Microsoft Azure, Vmware vSphere, and OpenStack
Simplify management with scan reports
Find unprotected endpoints
Determine security compliance
View OS memory protection
Instant Discovery and Control
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Innovations in server security
40
McAfee Server Security Suite Advanced
Cloud Workload Discovery
▪ Discovery for networks and storage – not only virtual machines
▪ Workload discovery across multi-cloud environments, with central management console
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Visibility
How do I get visibility on
workloads running across
multi-cloud environment?
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
Cloud Workload Discovery for Hybrid Clouds
43
Deep visibility, detailed security posture assessment, and fast remediation
Discovercloud infrastructure
Monitorand assess for risk and threats
Compute Storage Network
Benefits
▪ Assess end-to-end security posture (workloads and platforms)
▪ Protect workloads across all private and public clouds
▪ Maintain regulatory compliance
McAfee ePolicy Orchestrator or DevOps Tools
VMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
McAfee Database Security
44
Feature Benefit
Discover
Assess
▪ Discover database instance workloads across the environment
▪ Discover sensitive and classified data
▪ Discover high-privileged accounts
▪ Assess databases security posture with over 5,000 database-specific checks
▪ Evaluate risk across all known threat vectorsVMworld 2017 Content: Not fo
r publication or distri
bution
MCAFEE CONFIDENTIAL
McAfee Confidential
McAfee vNSP + NSX
Integration
VMworld 2017 Content: Not fo
r publication or distri
bution
46April 2017, NSBUMcAfee Restricted
Bulk, dynamic provisioning and policy updates
Security management
Quarantine VM(Security Response API)Alerts
Attacks detected & blocked
Workflow of Software Defined Security
46
VMM
VSF
VMM
VSF
VMM
VSF
McAfee NetworkSecurity Manager
Virtualization Management
Security orchestration
Securityadministrator
Infrastructureadministrator
Quarantine
Quarantine action
SDN Controller
Intel® SecurityController
Native Integration with VMware NSX 6.3/vSphere 6.5
VMworld 2017 Content: Not fo
r publication or distri
bution
47April 2017, NSBUMcAfee Restricted
Deployment ArchitectureProtecting workloads on VMware NSX
ESX ESX1 ESX2 ESX3
ISC NSM vIPS
Tools Tools Tools
Tools Tools Tools
vIPS vIPS vIPS
Management Infrastructure Virtual Workloads
VMware NSX
Deployment ArchitectureProtecting workloads on VMware NSX
VMworld 2017 Content: Not fo
r publication or distri
bution
48April 2017, NSBUMcAfee Restricted 4
8
Available on VMware Solution Exchange
NSX – 6.3xVMworld 2017 Content: N
ot for publicatio
n or distribution
Date, specific business group MCAFEE CONFIDENTIALITY LANGUAGE
McAfee MOVE AntiVirus for Private CloudsWindows and Linux virtual machines
McAfee ePO
Unified Policy Management
VMware vSphere
VM
VMtools
VM
VMtools
VMware NSX or vCNS Endpoint
MOVE
SVMVM
MOVE
VM
MOVE
Virtual Infrastructure
MOVE
SVM
VM
MOVE
VM
MOVE
VM
MOVE
Virtual Infrastructure
VM
MOVE
Virtual Infrastructure
MOVE
SVM
MOVESVM
Manager
NSX/vCNSManager
VMware vSphere
VM
VMtools
VM
VMtools
VMware NSX or vCNS Endpoint
MOVE
SVM
Agentless (VMware)Multiplatform (any hypervisor)
VMworld 2017 Content: Not fo
r publication or distri
bution
50April 2017, NSBUMcAfee Restricted
Availability Zone #1
security group
McAfee
Virtual Network
Sensor
Cloud Workload Security
Controller
Network Security Platform
VPC
peering
Internet
gateway
Internet
Elastic Load
Balancing
VPC Flow-logs
Cloudtrail
AWS Inspector
Availability Zone #2
security group
McAfee
Virtual Network
Sensor
Use Case
North/South
NetworkSecurityManager
Admin
NetworkSecurityManager
McAfee
Virtual Network
Sensor
NS Series SensozrsOn-Premisescustomer
gateway
VPN
1
VMworld 2017 Content: Not fo
r publication or distri
bution
51April 2017, NSBUMcAfee Restricted
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution