Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security

Post on 21-Jan-2018

1,175 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

Chris Van den AbbeeleKelly McBrair

SAI3313BUS

#VMworld #SAI3313BUS

Automated Security for the Real-Time Enterprise with VMware NSX and Trend Micro Deep Security

Copyright2017TrendMicroInc.2

Welcometo:AUTOMATEDSECURITYFORTHEREAL-TIMEENTERPRISEWITHVMWARENSXANDTRENDMICRODEEPSECURITY[SAI3313BUS]Presenter:ChrisVandenAbbeele,GlobalSolutionsArchitect,TrendMicroPresenter:KellyMcBrair,ITInfrastructureArchitect,PlexusCorp

JoinusWednesdayat11amfor:SKIPTHESECURITYSLOWLANEWITHVMWAREONAWS[SAI3316BUS]Presenter:BryanWebster,PrincipalArchitect,TrendMicroPresenter:Dharmesh Chovatia,LeadArchitect,GlobalCTOOffice,CapgeminiUS

VisittheVMwareSolutionExchangefora30DayTrialofTrendMicro™DeepSecurityhttps://www.trendmicro.com/product_trials/download/index/us/123

Visittrendmicro.com/vmware

Followus@trendmicro

AutomatedSecurityfortheReal-timeEnterprisewithVMwareNSXandTrendMicroDeepSecurity

KellyMcBrair,ITInfrastructureArchitect,PlexusCorp.ChrisVanDenAbbeele,GlobalSolutionArchitect,TrendMicro

Copyright2017TrendMicroInc.4

CustomerPerspective

PlexusMarketSectorsExclusivelyfocusedinmarketsectorsthatrequiremid-to-lowvolumehighercomplexityvaluestreamsolutions

Communications Healthcare/LifeSciences

Industrial/Commercial

Defense/Security/Aerospace

Copyright2017TrendMicroInc.6

TrendMicro

§ 28yearsfocusedonsecuritysoftware§ HeadquarteredinJapan,TokyoExchangeNikkeiIndex (4704)§ Annualsalesover$1BUS§ Customersinclude45oftop50globalcorporations§ 5500+employees inover50countries

500kcommercialcustomers&155M endpointsprotected

SmallBusiness

MidsizeBusiness

Enterprise

Consumer

Consumers

Copyright2017TrendMicroInc.7

Agenda

• Introductions

• Automatedsecurity:From“boltedon”to“partofthefabric”

• TheBusinessCaseforAutomatedVirtualPatching

• Solvenewproblems

• IntegrationwithvRealizeOperations

• Deploymentlessonslearned

Copyright2017TrendMicroInc.8

Integratedsecurity:From“boltedon”to“partofthefabric”

Copyright2017TrendMicroInc.9

Visibility

Riskassessment Protect MoneyMaintainContextVisibility

Copyright2017TrendMicroInc.10

What’stheproblemwith“boltedon”security?• Withtheintroductionofvirtualization,wemadeaquantumleapinOperations.

ThesameishappeningwithNWvirtualization.Butinmanycases,Security,remainedstuckintheDarkAges.Securityisstillsomethingthatisappliedafterwards.

• Weneedto“shiftleft”securityandintegrateitintheautomation• Intoday’sreal-timeenterprise,theOperationsteamhastodomorewithless,

everyday.Theycreatemorenewworkloadsthaneverbefore.• Manuallyaddingthesecuritycontrols,takesalotoftimeanditisoften

postponed(and/orfinally...“forgotten”)• ManySecurityDashboardsonlyshowworkloadswhichhadbeenbrought

underthecontroloftheSecuritySolution(andhaveasecurityagentinstalledonthem).

• ShadowITcanremaincompletelyundertheRADAR

Copyright2017TrendMicroInc.11

Copyright2017TrendMicroInc.12

Contextofnewsystems

12

Riskassessment Protect MoneyMaintainVisibility Context

Copyright2017TrendMicroInc.13

Event-basedtaskstoprofilenewsystems

Copyright2017TrendMicroInc.14

EstimatetheRisk

Protect MoneyMaintainContextVisibility Riskassessment

Copyright2017TrendMicroInc.15

SomeHighRiskVulnerabilities

Copyright2017TrendMicroInc.16

16

Copyright2017TrendMicroInc.17

Copyright2017TrendMicroInc.18

Riskassessment

Protectingnewsystems

18

MoneyMaintainContextVisibility Protect

Copyright2017TrendMicroInc.19

TheSameExploits...nowProtectedbyDeepSecurity

Copyright2017TrendMicroInc.20

Copyright2017TrendMicroInc.21

8layersofsecurity:- Anti-Malware- WebReputation- Firewall- IntrusionPrevention- IntegrityMonitoring- LogInspection- ApplicationControl- ProtectionforSAP

systems(NW-VSI)

Full,multi-layeredsecurity

Copyright2017TrendMicroInc.22

ProtectRiskassessment

Maintainconsistency

22

MoneyContextVisibility Maintain

Copyright2017TrendMicroInc.23

IntegrityMonitoringMonitorsensitivefilesandsensitiveregistrykeysforchanges

ApplicationControl:“Freezes”theserverandblocksnewexecutablesandscriptsfromrunning

Protectagainstdrift:

Copyright2017TrendMicroInc.24

Protectagainstthelatestvulnerabilities:Scheduled“Vulnerability”Scans

Copyright2017TrendMicroInc.25

Reducedeploymentcomplexity

RichAPIsettointegratewithvirtuallyanyorchestrationandautomationtools

PowerShell

Copyright2017TrendMicroInc.26

TheBusinessCaseForAutomatedVirtualPatching

Copyright2017TrendMicroInc.27

Typicalpatchcyclewithoutvirtualpatching

TypicalpatchcyclewithoutVirtualPatching

MonthlySecurityPatching Half-yearlyFullPatching

12xpatching/year

Copyright2017TrendMicroInc.28

High-impactzerodaysrequireimmediateattention

28

– Arewevulnerable?(risk?)– Who canprovideapatch?– Whencanwehavethepatch?– Whencanwetestit?– Whocantestit(team?)– Wherecanwetestit?(testenvironment)

– WhencanwehaveamaintenancewindowtoPatchandRebootourservers?

Copyright2017TrendMicroInc.29

Typicalpatchcyclewithvirtualpatching

Typicalpatchcyclewith VirtualPatching

Half-yearlyFullPatching

2xpatching/year

AutomatedOngoingSecurityPatching

Copyright2017TrendMicroInc.30

Win-Win:increasessecurity+reducescost

Copyright2017TrendMicroInc.31

5daysafterShellShock:766attacksblocked(Customerexample)

766attacksblockedbyDeepSecurityAutomatedVirtualPatchingonSept30th,atacustomermanaging100+instancesIfEmergency(physical)Patchingtakes5days...

Copyright2017TrendMicroInc.32

SolveNewProblems

WhyVMwarewithNSXandTrendMicroDeepSecurity?

TableStakes• Performance• Security• Cost

NextPlay• IntegrationandChoice• FlexibilityandInnovation

NISTCybersecurity Framework

Identify Protect Detect Respond Recover

• AssetManagement• Business

Environment• Governance• RiskAssessment• RiskManagement

Strategy

• AccessControl• Awarenessand

Training• DataSecurity• Information

ProtectionProcessesandProcedures

• Maintenance• Protective

Technology

• AnomaliesandEvents

• SecurityContinuousMonitoring

• DetectionProcesses

• ResponsePlanning• Communications• Analysis• Mitigation• Improvements

• RecoveryPlanning• Improvements• Communications

SecurityDashboard

Firewall

Antivirus

IPS

VulnerabilityScanning

IDS SIEM

Monitoring

DataRecovery

DisasterRecovery

DisconnectionManagement

SecurityIncidentResponse

• LeverageSyslog,SNMP,Emailand/orvRealize SuiteforBetterIntegrationwithExistingMonitoring/AlertingTools

• IsolateVMTaggedbyDeepSecuritywithNativeNSXFirewalling• Behavior-basedfirewalling,blockinternetphonehome,preventRGE

• TakeActiononVMTaggedbyDeepSecuritywithVMwareOrchestrator• Snapshotsandclones,preparerestores,performadditionalscanning

ExamplevideoofautomatedVMsnapshotandWireshark tap(withcode):http://www.storagegumbo.com/2014/09/automation-multi-action-security.html

• SeetheTrendThreatEncyclopediaforexamplesofHigh,MediumandLowthreats:http://trendmicro.com/vinfo

• FindsamplecodeatTrend’sDSGithub repo:https://github.com/deep-security

AutomatedResponsetoImproveProtection

Copyright2017TrendMicroInc.36

IntegrationwithvRealizeOperations

Copyright2017TrendMicroInc.37

Usercall- VMslowtorespond…

or…Administratorreceivesasecurityalert

LogTicket

LogTicket

AdminlogsintovRealizeOperations

AdminlogsintoDeepSecurityManager

• AttempttovMotion

• ReboottheVM• RecycletheVM

• Changerulestoblockspecificports

• Quarantineandscan

RootCauseAnalysis

RootCauseAnalysis

CloseTicket

CloseTicket

VirtualInfrastructureAdministrator

SecurityAdministrator

Isolatedworlds...

Copyright2017TrendMicroInc.38

SinglepaneofglassForTrendMicroeventsandVMwareevents

Copyright2017TrendMicroInc.39

CorrelatevRopsEventswithSecurityEvents

Copyright2017TrendMicroInc.40

DeploymentLessonsLearned

ReadTrend’sBestPracticesGuide(Notesizing,testing,recommendations):https://help.deepsecurity.trendmicro.com/best-practice-guide.html

ConsiderAdditionalDistributionPointsand/orManagersoverWANTroubleshootDeepSecurityVirtualAppliancesasCattlePlanYourRules:Firewall,Affinity,Restart,etc.

Agentsarestillneeded(today)for:• Server2016and*nixVMs• Someadvancedfeatures• (recommendation)Windows-basedVMwareComponentsandSupporting

SystemsthatmaystartupbeforeTrendDeepSecurityManager(i.e.itsDB)

TipsandThingsYouShouldKnow

GuestIntrospectionDriversandTroubleshooting:https://kb.vmware.com/kb/2094261

VMwareToolsVersionsandUpgradeshttps://packages.vmware.com/tools/index.html (Bewareofv10.0.0-10.0.7)https://kb.vmware.com/kb/1014508 (CorrelateversionsfiletoESXi Build)

AutomatetheUpgradewith:/v“/qn ADDLOCAL=ALLREMOVE=Hgfs,NetworkIntrospection”Note:NetworkIntrospection removaloptionalAddREBOOT=ReallySuppress topreventanyreboots

GettoKnowVMwareTools

Copyright2017TrendMicroInc.43

Summary

HopefullythispresentationhasprovidedafewinsightsandpracticalexamplesonhowtobringyourHybridCloudSecurityintothe21st century.

Byautomatingandintegratingsecurityintheoperationsstack,youcangreatlyimproveyoursecuritypostureandreduceoperationalcosts

DothesamesetupanddemoyourselfintheVMworld HandsonLabsLABHOL-1841

Summary

Copyright2017TrendMicroInc.45

JoinusWednesdayat11amfor:SKIPTHESECURITYSLOWLANEWITHVMWAREONAWS[SAI3316BUS]Presenter:BryanWebster,PrincipalArchitect,TrendMicroPresenter:Dharmesh Chovatia,LeadArchitect,GlobalCTOOffice,CapgeminiUS

VisittheVMwareSolutionExchangefora30DayTrialofTrendMicro™DeepSecurityhttps://www.trendmicro.com/product_trials/download/index/us/123

Visittrendmicro.com/vmware

Followus@trendmicro

Top related

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, and Monitoring for VMware NSX Service Composer
Technology
VMware NSX - All In The Loop Operations –Summary of ... Arkin Confidential 31 VIRTUAL: VMware vSphere, VMware NSX (Edge, ... VMware NSX is The Platform for Network Virtualization
Documents
VMware NSX Network Virtualization Design Guide - … NSX Network Virtualization Design Guide - VMware – Official Site
Documents
NSX Press Kit - VMware · NSX Press Kit VMworld2017. Enabling digital transformation in a software-defined world VMware NSX network virtualization and security platform helps our
Documents
Operationalizing VMware NSX€¦ · Operationalizing VMware NSX Foreword by Bruce Davie Kevin Lees Devyani Pisolkar
Documents
VMware NSX® Automation Fundamentals · III VMware NSX® Automation Fundamentals Foreword by Martin Casado Caio Oliveira, VMware Thiago Koga, VMware
Documents
VM-SERIES FOR NSX IMPLEMENTATION AND TRAFFIC STEERING GUIDELINES - VMware€¦ · Panorama™ network security management and VMware NSX. This paper provides some design considerations
Documents
VMworld 2013: NSX: Introducing the World to VMware NSX
Technology
VMWorld 2013 - VMware NSX Extensibility Network and Security Services From 3rd-Party Vendors
Documents
PROGRAM VMware vCloud Air Network Program Product Usage … · VMware NSX-MH. There is currently no VMware migration path. 3. VMware NSX-V. The migration path is to VMware NSX –
Documents
VMware NSX overview
Documents
Next Generation Security with VMware NSX and Palo Alto Networks ...
Documents
—BE MORE— SECURE - VMWare NSX · 2017-09-01 · NETWORK VIRTUALIZATION MAKES MICRO-SEGMENTATION POSSIBLE VMWARE NSX: THE NETWORK VIRTUALIZATION PLATFORM THAT BUILDS SECURITY INTO
Documents
Improving Network Security with Arraya and VMware NSX€¦ · Improving Network Security with Arraya and VMware NSX Your network is the backbone of your IT infrastructure. The connectivity
Documents
VM-SERIES FOR VMWARE NSX€¦ · Palo Alto Networks | VM-Series for VMware NSX | Datasheet 1 ... Address security and compliance mandates with protection against known and unknown
Documents
VMWARE TUNNEL AND VMWARE NSX MICRO-SEGMENTATION ... · Introduction. Extend the VMware NSX® network virtualization and security platform from the data center to mobile application
Documents
Network Virtualization and Security with VMware NSX White Paper
Documents
trend Micro Deep Security and VMware nSX...solution brief Page 1 of 2 • solution brief • Deep Security anD VMware nSX Securing the Software-DefineD Data center the Software-Defined
Documents
VMware NSX @ VMUG.IT 20150529
Technology
CATÁLOGO DE CURSOS - VMware Blogs · 2019-01-08 · CATÁLOGO DE CURSOS | 5. VMWARE NSX VMware NSX NUEVO: VMware NSX-T: instalación, configuración y administración [V2.2] Este
Documents

Copyright © 2018 DOCUMENTS