Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | erin-banks |
View: | 1,431 times |
Download: | 2 times |
1© Copyright 2011 EMC Corporation. All rights reserved.
Solutions for Cloud Security
Erin K. Banks, vSpecialist, CISSP, CISAwww.commondenial.com @banksek
2© Copyright 2011 EMC Corporation. All rights reserved.
PrivateCloud
CloudComputing
Virtualized Data
Center
Virtualization
Information
Federation
Internal cloud External cloud
enabling convenient, on-demand access to a shared pool of configurable computing resources
that can be rapidly provisioned and released with minimal management effort or service provider interaction
3© Copyright 2011 EMC Corporation. All rights reserved.
Our Customers Are Asking Themselves
How do I centrally manage compliance across mixed VMware and physical IT environments?
Can I secure access and information in my VMware View environment?
Can I respond more quickly to security events in my virtual environment?
Can I ensure my virtualized business critical applications are running in a secure and compliant environment?
4© Copyright 2011 EMC Corporation. All rights reserved.
Implications of Challenges
CISOs need to manage security and compliance across virtual
and physical IT
Security and compliance
concerns stall the adoption of
virtualization
Missing opportunity for
“better than physical” security
5© Copyright 2011 EMC Corporation. All rights reserved.
Virtualization Creates an Opportunity for More Effective Security • Push Security Enforcement Further Down the
StackvApp and VM layer
• Today most security is enforced by the OS and application stack. This is:
• Ineffective
• Inconsistent
• Complex
APP
OS
APP
OS
APP
OS
APP
OS
Physical Infrastructure
Pushing information security enforcement to the infrastructure layer ensures:
•Consistency
•Simplified security management
•Ability to surpass the levels of security possible in today’s physical infrastructures
Virtual and CloudInfrastructure
6© Copyright 2011 EMC Corporation. All rights reserved.
TRUST
7© Copyright 2011 EMC Corporation. All rights reserved.
Trust
Visibility
Policies
8© Copyright 2011 EMC Corporation. All rights reserved.
Security Tools
• SIEM (security information and event management)
• Compliance (Hardening guidelines)• Encryption• Data Loss Prevention• vShield Zones • Access Control• Network Control • VLANS• Secure Code• …
9© Copyright 2011 EMC Corporation. All rights reserved.
VMware’s Integration Framework
Scalability
Storage QoS
Virtual Provisioning
Virtual Storage
Cisco VN-Link and Nexus Family supported by EMC Ionix and EMC RSA
RSA enVision
RSA DLP
RSA eGRC
RSA Securid
Security
Avamar
Replication Manager
Networker
Data Protection Advisor
Availability
vNetwork
Only Vendor Integrated into all 3 vStorage APIs
PowerPath for VMware
vStorage
Cisco UCS
Ultrascale
V-Max
Ultraflex
EFD
vCompute
VMware vSpherevCenter
Infrastructure APIs
Application APIs
EMC Storage Viewer Plug-in
EMC SRM Failback Plug-in
EMC VDI Plug-in
IonixControl Center
ESM/ADM
IT Compliance Analyzer
Server Config Manager
10© Copyright 2011 EMC Corporation. All rights reserved.
RSA EnvisionRSA DLPRSA eGRCRSA SecurId
11© Copyright 2011 EMC Corporation. All rights reserved.
SIEM
• Security information and event management tool
• Captures event data• Audit logs• Storage • Groups• Virtual network infrastructure• User and Administrative activities
12© Copyright 2011 EMC Corporation. All rights reserved.
VMware Collector for RSA enVision• VMware Collector uses VMware native API’s to retrieve the logs from vCenter and all ESX/ESXi servers
• It can also connect to multiple vCenters!
RSA enVision
13© Copyright 2011 EMC Corporation. All rights reserved.
VMware Messages
• enVision collects messages and parses from– VMware View, VMware vShield, VMware vCloud Director
• Over 800 very well described Message ID’s– vMotion and Storage vMotion– Snapshots– User Login/Logoff– Virtual Machine Operations e.g. Power On/Off/Reset
• 7 taxonomy categories– Authentication, config, policies, system
14© Copyright 2011 EMC Corporation. All rights reserved.
Purpose-built Virtualization Reports
15© Copyright 2011 EMC Corporation. All rights reserved.
enVision and Vblock – Visibility into the Stack
RSA enVision
Comprehensive visibility into security eventsSecurity incident management, compliance reporting
Security and compliance officer
vSphere
Storage
UCS
Validated with Vblock
Networking
Virtual Machines
Applications
16© Copyright 2011 EMC Corporation. All rights reserved.
Clients
VMware Infrastructure
VMwareView Manager
VMwarevCenter
Active Directory
RSA Solution for VMware View
VMware VCM for security config and patch management
RSA SecurID for remote authentication
RSA DLP for protection of data in use
RSA enVision log collection• VMware vCenter & ESX(i)• VMware View• RSA SecurID• RSA DLP• Active Directory• VMware VCM
Validated with Vblock
17© Copyright 2011 EMC Corporation. All rights reserved.
18© Copyright 2011 EMC Corporation. All rights reserved.
GRC• Governance
– Setting the rules
• Risk– Ensuring the correct rules are in place and
functioning
• Compliance– Measuring the effectiveness of the rule
• Understanding the process used to define the rule• Understanding how well people adhere to the rule
19© Copyright 2011 EMC Corporation. All rights reserved.
Overall Compliance Dashboard and Reporting: Physical
and Virtual
20© Copyright 2011 EMC Corporation. All rights reserved.
RSA Archer eGRC Solutions
Compliance ManagementDocument your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues.
Policy ManagementCentrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance.
Threat ManagementTrack threats through a centralized early warning system to help prevent attacks before they affect your enterprise.
Enterprise ManagementManage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives.
Risk ManagementIdentify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance.
Incident ManagementReport incidents and ethics violations, manage their escalation, track investigations and analyze resolutions.
Business Continuity ManagementAutomate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution.
Audit ManagementCentrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency.
Vendor ManagementCentralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls.
21© Copyright 2011 EMC Corporation. All rights reserved.
RSA Solution for Cloud Security and Compliance v1.0
Discover VMware infrastructure
Define security policy
Remediation of non-compliant controls
RSA Archer eGRC
Manage security incidents that
affect compliance
Manual and automated
configuration assessment
What’s NewOver 100 VMware-specific controls added to Archer library, mapped to regulations/standards
What’s NewNew solution component automatically assesses VMware configuration and updates Archer
What’s NewRSA enVision collects,
analyzes and feeds security incidents from
RSA, VMware and ecosystem products to
inform Archer dashboards (e.g. DLP,
VMware vShield and vCD, HyTrust, Ionix, etc.)
What’s New RSA Securbook
22© Copyright 2011 EMC Corporation. All rights reserved.
RSA Archer: Mapping VMware security controls to regulations and standards
CxO
VI Admin
Authoritative SourceRegulations (PCI-DSS, etc.)“10.10.04 Administrator and Operator Logs”
Control StandardGeneralized security controls “CS-179 Activity Logs – system start/stop/config changes etc.”
Control ProcedureTechnology-specific control“CP-108324 Persistent logging on ESXi Server”
23© Copyright 2011 EMC Corporation. All rights reserved.
Discover VMware infrastructure and define policy/controls to manage
24© Copyright 2011 EMC Corporation. All rights reserved.
Distribution and Tracking Control Procedures
Project Manager
Security Admin
ServerAdmin
NetworkAdmin
VIAdmin
25© Copyright 2011 EMC Corporation. All rights reserved.
Initial Deployment Questionnaire
26© Copyright 2011 EMC Corporation. All rights reserved.
Automated Assessment via PowerCLI
RSA Archer eGRC
Automatically discover and assess VMware infrastructure via
PowerCLI
VMware objects (ESX, vSwitches, etc…) are
automatically populated into Archer
They are then mapped to control procedures.
Over 40% are automatically assessed via PowerCLI and the results fed into Archer
for reporting and remediation.
27© Copyright 2011 EMC Corporation. All rights reserved.
Control Procedure – List, Status and Measurement Method
28© Copyright 2011 EMC Corporation. All rights reserved.
Overall Virtual Infrastructure Compliance Dashboard
29© Copyright 2011 EMC Corporation. All rights reserved.
RSA Solution for Cloud Security and Compliance: Architecture
Regulations, standards
Generalized security controls
VMware-specific security controls
VMware cloudinfrastructure
(vSphere, vShield, VCD)
Ecosystem(HyTrust, Ionix,)
RSAenVision
Automatedassessment
ConfigurationState
Security Events
30© Copyright 2011 EMC Corporation. All rights reserved.
Example: VMware vShield Network Security Events Fed to Archer
31© Copyright 2011 EMC Corporation. All rights reserved.
Example: HyTrust - Access Policy Events Fed to Archer
32© Copyright 2011 EMC Corporation. All rights reserved.
Making Archer the Best GRC Solution for Hybrid Clouds
RSA Solution for Cloud Securityand Compliance aligns with CSAConsensus Assessment Questionsby automating 195 questions thatcustomers can issue to assess
cloudservice providers.
Cloud Architecture
Governance and Enterprise Risk Management
Legal and Electronic Discovery
Compliance and Audit
Information Lifecycle Management
Portability and Interoperability
Security, Bus. Cont,, and Disaster Recovery
Data Center Operations
Incident Response, Notification, Remediation
Application Security
Encryption and Key Management
Identity and Access Management
Virtualization
Cloud Security Alliance’s 13 domains of focus for cloud computing
Assessing Service Provider Compliance
33© Copyright 2011 EMC Corporation. All rights reserved.
RSA SecurBook
A technical guide for deploying and operating RSA Solution for Cloud Infrastructure
– Model: RSA SecurBook for VMware View / MS SharePoint– Solution architecture – Solution deployment and configuration guides– Operational guidance for effective using the solution– Troubleshooting guidance
34© Copyright 2011 EMC Corporation. All rights reserved.
More Information
• www.rsa.com/rsavirtualization• RSA SecurBooks – Technical guides for
deploying and operating RSA Solutions
35© Copyright 2011 EMC Corporation. All rights reserved.
VMware Approach to Security
Virtualization Security• Secure hypervisor
architecture• Platform
hardening features
• Secure Development Lifecycle
Audit and Compliance• Prescriptive
guidance for deployment and configuration
• Enterprise controls for security and compliance
Security in the Private Cloud• Virtualization-
aware security• Products taking
Unique Advantage of virtualization
36© Copyright 2011 EMC Corporation. All rights reserved.
vShield Products
VMware vSphere VMware vSphere
DMZ Application 1 Application 2
Securing the Private Cloud End to End: from the Edge to the Endpoint
Edge
vShield Edge
Secure the edge of the virtual datacenter
Security Zone
vShield App and Zones
Create segmentation between enclaves or silos of workloads
Endpoint = VM
vShield Endpoint
Offload anti-virus processing
Endpoint = VM vShield Manager
Centralized Management
37© Copyright 2011 EMC Corporation. All rights reserved.
THANK YOUTHANK YOU
38© Copyright 2011 EMC Corporation. All rights reserved.
Q&A