saam1146bes best practices for securing hybrid … greenberg | head of cloud security bu saam1146bes...
TRANSCRIPT
Itai Greenberg | Head of Cloud Security BU
SAAM1146BES
#VMworld #SAAM1146BES
Best Practices for Securing Hybrid Clouds with VMware, AWS and Check Point
VMworld 2017 Content: Not fo
r publication or distri
bution
2©2017 Check Point Software Technologies Ltd.
WELCOME TO THE CLOUD
VMworld 2017 Content: Not fo
r publication or distri
bution
3©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
FROM DATA CENTER TO CLOUD
DATA CENTER
WHAT USED TO TAKE WEEKS TAKES MINUTES WITH CLOUD
CLOUD
VMworld 2017 Content: Not fo
r publication or distri
bution
4©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
CLOUD FUNDAMENTALS
Cloud is a shared environment
Cloud is a connected environment
Cloud is a dynamic environment
Therefore, cloud is vulnerable and exposed…
VMworld 2017 Content: Not fo
r publication or distri
bution
5©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
CLOUD SECURITY MUST BE ADAPTIVE
Legacy Security Cloud Security
Adding new applicationAdd rule is a SHOWSTOPPER
Adaptive policy is an ENABLER
Security inside the cloudNetwork change is COMPLEX
SDN integration isAUTOMATIC
Application growthReplacing appliances is EXPENSIVE
Auto-Scale isEFFORTLESSVMworld 2017 Content: N
ot for publicatio
n or distribution
6©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
4 STEPS TO SECURE YOUR CLOUD
BUCKLE UP
VMworld 2017 Content: Not fo
r publication or distri
bution
7©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
STEP #1: CONTROL THE CLOUD PERIMETER
•Use advanced threat prevention at the cloud perimeter
•Securely connect your cloud with your on-premise environment
CLOUD
ON-PREMISE
VMworld 2017 Content: Not fo
r publication or distri
bution
8©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
STEP #2: SECURE THE CLOUD FROM THE INSIDE
•Micro-segment your cloud to control inside communication
•Prevent lateral threats movement between applications
App App
App App
VMworld 2017 Content: Not fo
r publication or distri
bution
9©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS
• Deploy unified security management for your hybrid cloud (On-Premise and Cloud)
• Ensure policy consistency
• Reduce operation cost
CLOUD
ON-PREMISE
VMworld 2017 Content: Not fo
r publication or distri
bution
10©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
STEP #4: AUTOMATE YOUR SECURITY
Security should be as elastic and dynamic as your cloud
• Auto-provisioned
• Auto-scaled
• Adaptive to changes VMworld 2017 Content: Not fo
r publication or distri
bution
11©2017 Check Point Software Technologies Ltd.
TRAVEL TO THE CLOUD IN FIRST CLASS
[Protected] Non-confidential content 11©2017 Check Point Software Technologies Ltd.
VMworld 2017 Content: Not fo
r publication or distri
bution
12©2017 Check Point Software Technologies Ltd.
CHECK POINT CLOUD SECURITY PRINCIPLES
Utmost protection
Adaptive Security
Hybrid Infrastracture
VMworld 2017 Content: Not fo
r publication or distri
bution
13©2017 Check Point Software Technologies Ltd.
THE vSEC FAMILY
[Protected] Non-confidential content
ACI
Consistent security policy and control across ALLPrivate and Public Clouds
VMworld 2017 Content: Not fo
r publication or distri
bution
14©2017 Check Point Software Technologies Ltd.
vSEC ADVANCED PROTECTION
Access Rule
vSEC PROTECTS YOUR DATA AND APPLICATIONS WITH THE INDUSTRY’S BEST THREATS CATCH-RATE
Next Generation Firewall
Application and Data Security
Advanced Threat Prevention
Forensic Analysis
SDN or CloudVendor
VMworld 2017 Content: Not fo
r publication or distri
bution
15©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
ADAPTIVE SECURITY
vSEC Adaptive Security instantly protects new applications and keeps them secure as they evolve.
•Security that learns about application changes
•Auto-scaled virtual security
•Pay-as-you-grow for private and public cloud
Telefonica: “vSEC adaptive security is a game changer.”
VMworld 2017 Content: Not fo
r publication or distri
bution
16©2017 Check Point Software Technologies Ltd.
TRAVEL TO THE CLOUD IN FIRST CLASS
[Protected] Non-confidential content 16©2017 Check Point Software Technologies Ltd.
Utmost Protection, Adaptive Security , Hybrid Infrastructure
+
VMworld 2017 Content: Not fo
r publication or distri
bution
17©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
SECURITY INSIDE YOUR CLOUD
Securing the datacenter from the inside is simple with NSX
Micro segment the datacenter with advanced protection between applications
App App
App App
VMworld 2017 Content: Not fo
r publication or distri
bution
18©2017 Check Point Software Technologies Ltd.
VIRTUL PATCHING
Prevent malware like “WannaCry” from propagating inside your network
VMworld 2017 Content: Not fo
r publication or distri
bution
19©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
SECURITY SERVICE CHAINING
NSX Manager Policy
From To Send To
VM “A” VM “B” Check Point vSEC
VM “C” VM “B” Check Point vSEC
VMworld 2017 Content: Not fo
r publication or distri
bution
20©2017 Check Point Software Technologies Ltd.
SECURITY INSIDE THE DATACENTER
VS.Legacy Datacenter
VLANs-based security
vSEC with NSX
Micro-Segmentation security
Complex network topology changes Simple & agile network topology
Threat can spread within the VLAN Secure each application individually
Security appliance is a choking point Auto-scale virtual security
VMworld 2017 Content: Not fo
r publication or distri
bution
21©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
SECURITY FOR VMWare Cloud on AWS (VMC)
Ultimate protection for VMware on AWS
Single pane of glass for managing
security on VMware hybrid cloud
Seamless integration with vCenterVMworld 2017 Content: N
ot for publicatio
n or distribution
22©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content 22©2017 Check Point Software Technologies Ltd.
HYBRID CLOUD SECURITY
BEST PRACTICES
VMworld 2017 Content: Not fo
r publication or distri
bution
23©2017 Check Point Software Technologies Ltd.
HYBRID CLOUD SECURITY
SDDC AWS
ESX / NSX
VPC
vSEC GWVM
VM VM
VMworld 2017 Content: Not fo
r publication or distri
bution
24©2017 Check Point Software Technologies Ltd.
UNIFIED & ADAPTIVE POLICY
Check Point Access Policy
Rule From To Application Action
3 Web_VM DB_Group MSSQL Allow
4 ERP_Group CRM_VPC CRM Allow
Eliminate tickets
Security is no longer a showstopper
VMworld 2017 Content: Not fo
r publication or distri
bution
25©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
STEP #4: DEMO
VMworld 2017 Content: Not fo
r publication or distri
bution
26©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
SUCCESSMore than 4,000 customers purchased vSEC
26©2017 Check Point Software Technologies Ltd.
VMworld 2017 Content: Not fo
r publication or distri
bution
27©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content©2017 Check Point Software Technologies Ltd.
Allegiant makes leisure travel affordable
vSEC secures theirHybrid cloud
with NSX & AWS
Helvetia, a European Insurance Company
Growing their vSEC NSX deployment
Using vSEC & NSX to automate application
deployments
27
Different Car manufactures VMworld 2017 Content: N
ot for publicatio
n or distribution
28©2017 Check Point Software Technologies Ltd.
TRAVEL TO THE CLOUD IN FIRST CLASS
[Protected] Non-confidential content 28©2017 Check Point Software Technologies Ltd.
Utmost Protection, Adaptive Security , Hybrid Infrastructure VMworld 2017 Content: Not fo
r publication or distri
bution
29©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content
MORE of CHECK POINT in VMWORLD
Check Point BoothMeet the Check Point experts and see real demos
Track Session Cloud Security Automation in the speed of DevOps Wednesday: Wednesday, 2:00-3:00 p.m. | Hall 8.0, Room 32
Hands-On-Lab (HOL)VMware NSX and Checkpoint vSEC
• Tuesday 10:30 - 18:30• Wednesday 10:30 - 18:00• Thursday 9:00 - 16:00
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
31©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.
THANK YOU
[Internal Use] for Check Point employees
Itai Greenberg | Head of Cloud Security BU
VMworld 2017 Content: Not fo
r publication or distri
bution