24
How secure are you?
Does your IT security address the risks associated with virtualization and private cloud before they are implemented?
24%Yes, always.
11%We move
ahead without
43%Sometimes,
but there
22%No, security is brought in
Source: Live EMC Forum poll conducted in five cities across North America, 10/09
ahead without security.are gaps.
is brought in after the fact.
How secure are you?
76%of businesses are
restricting the potential value of virtualization
and increasing potential risk
Source: Live EMC Forum poll conducted in five cities across North America, 10/09
and increasing potential risk
Agenda
• Event Analysis and Log Management
for Virtualized Environments
44
• Cloud Security and Compliance Solutions
• VMware View Solutions
RSA enVision SIEM Platform
Event Analysis and Log Managementfor Virtualized Environments
RSA enVision SIEM PlatformEvent Analysis and Log Management
Consolidated Event Log Management
Real-time Monitoring
Correlated Alerting
Incident Management
Reporting and Historical Analysis
RSA enVision SIEM PlatformEvent Analysis and Log Management
Consolidated event log management, analysis, and reporting supporting 230+ systems (servers, OS, network, security, applications, storage, ...)
• Allows for cross-environment correlation
Collects logs from the VMware stack
VMware Collector for RSA enVision leverages VMware API’s
RSA enVision
VMware vShield VMware vCenter VMware ESX/ESXi
VMware View Manager VMware vCloud Director
• Over 380 unique messages• 19 normalized event categories
Can pull logs from multiple vCenters
RSA enVision SIEM PlatformAuto Discover Managed ESX Servers via vCenter
RSA enVision SIEM PlatformPurpose-prebuilt Virtualization Reports
RSA enVision SIEM Platform
Easily Build Customized Virtualization Reports
RSA enVision SIEM Platform
Deep visibility into Virtual and Physical Datacenters
RSA enVision
Comprehensive visibility
Validated with Vblock
Networking
Virtual Machines
Applications
Comprehensive visibility into security events
Security incident management,
compliance reporting
vSphere
Storage
UCS
Networking
RSA enVision SIEM Platform Use Case: Monitoring events in the virtual datacenter
RSA Arecher eGRC
RSA Solution for Cloud Security and Compliance
Enabling the Cycle of Security Compliance
Discover VMware infrastructure
Define security policy
Remediation of non-compliant controls
RSA Archer eGRC
Manage security incidents that affect
compliance
Manual and automated
configuration assessment
How we do it: Solution Components
RSA Archer eGRC Platform
– 130+ control procedures mapped to VMware best practices
– Automated deployment workflow, configuration measurement, incident notification and reporting
– Maps technical security controls to Authoritative Sources (Regulations like PCI)(Regulations like PCI)
– Single business view of compliance for both physical and virtual
RSA enVision (SIEM)
– Correlate security and compliance events across virtual and physical environments, fed into Archer
• E.g. VMware vShield, VMware vCloud Director, HyTrust Appliance, EMC Ionix, etc
• RSA Data Loss Prevention (DLP) Suite
RSA SecurBook
RSA Archer eGRC: Mapping VMware security controls to regulations and standards
CxO
Authoritative SourcesPCI, HIPAA, SOX, CSA,
VMware Hardening Guide, etc.“10.10.04 Administrator and Operator Logs”
Control StandardGeneralized security controls
“CS-179 Activity Logs – system start/stop/config
VI Admin
“CS-179 Activity Logs – system start/stop/config
changes etc.”
Control ProcedureTechnology-specific control
“CP-108324 Persistent logging on ESXi Server”
Example Work Queue Sent to VI Admin
VI Configuration Measurement
Automated Assessment via PowerCLI
VI Component Discovery and PopulationAutomated Measurement
Agent
VMware-specific
Controls
RSA Archer eGRC
RSA Archer eGRC
RSA enVision
alerts
RSA Data Loss PrevetionRSA SecurID
RSA Solutions for VMware View
vShield protected network
No Sensitive Data on EndpointsStrong Two-factor Authentication
RSA SecurID™
No USB or only secure USB allowed via RSA DLP
Network access controlled via VMware vShield
The process is fully logged by RSA enVision
Endpoint with NOsensitive data
Virtual Desktop with access to sensitive data
Application with sensitive data
The endpoint is changing
Mac
iPhone/iPad
Android phones and tablets
BYOC
RSA Data Loss Prevention Suite (DLP)
Discover MonitorDiscover
DLP Enterprise Manager
DLP Datacenter DLP Network DLP Endpoint
Unified Policy Mgmt & Enforcement
Incident Workflow
Dashboard & Reporting
User & System Administration
Enforce
Allow, Notify, Block, Encrypt
Enforce
Allow, Justify, Block on Copy, Save As, Print, USB, Burn, etc.
Remediate
Delete, Move, Quarantine
Discover
Local drives, PST files, Office files, 300+ file types
Monitor
Email, webmail, IM/Chat, FTP, HTTP/S, TCP/IP
Discover
File shares, SharePoint sites, Databases, SAN/NAS
eDRMeDRM EncryptionEncryption Access ControlsAccess Controls
VMware Infrastructure
Active Directory
RSA Solution for VMware View
RSA SecurIDfor remote
RSA DLP for
protection of data
in use
RSA Archer Compliance
Dashboard
Clients
VMwareView Manager
VMwarevCenter
for remote
authentication
RSA SecurIDfor ESX Service
Console and vMA
RSA enVision log management for
• VMware vCenter & ESX(i)
• VMware View
• RSA SecurID
• RSA DLP
• Active Directory
• 230+ other 3rd party systems
More Information
www.rsa.com/rsavirtualization
RSA SecurBooks – Technical guides for deploying and operating RSA Solutions
Thank you!
rsa.com/rsavirtualization
