Dynamic Datacenter Security Solidex, November 2009

Similar documents
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Securing Your Virtual World Harri Kaikkonen Channel Manager

Trend Micro Deep Security

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

AS Stallion. Security for Virtual Server Environments. Urmas Püss

Trend Micro deep security 9.6

Why the cloud matters?

Total Security Management PCI DSS Compliance Guide

Stopping Advanced Persistent Threats In Cloud and DataCenters

PCI DSS Compliance. White Paper Parallels Remote Application Server

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Securing the Modern Data Center with Trend Micro Deep Security

CimTrak Product Brief. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

SYMANTEC DATA CENTER SECURITY

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Securing the Data Center against

Copyright 2011 Trend Micro Inc.

WHITE PAPER. PCI and PA DSS Compliance with LogRhythm

Carbon Black PCI Compliance Mapping Checklist

ISO27001 Preparing your business with Snare

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Seqrite Endpoint Security

Symantec and VMWare why 1+1 makes 3

vshield Administration Guide

PCI DSS v3.2 Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD PCI DSS

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Simple and Powerful Security for PCI DSS

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Kaspersky Security for Virtualization Frequently Asked Questions

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Network Security Protection Alternatives for the Cloud

LOGmanager and PCI Data Security Standard v3.2 compliance

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Datacenter Security: Protection Beyond OS LifeCycle

Symantec Reference Architecture for Business Critical Virtualization

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

SECURITY PRACTICES OVERVIEW

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Automating the Top 20 CIS Critical Security Controls

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

Catbird V-Security : You Can t Protect What You Can t Detect

CS 356 Operating System Security. Fall 2013

Security in a Virtualized Environment with TrendMicro

Annexure E Technical Bid Format

Check Point DDoS Protector Introduction

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

Gladiator Incident Alert

Symantec Endpoint Protection Family Feature Comparison

Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Qualys Cloud Platform

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Locking down a Hitachi ID Suite server

CIS Controls Measures and Metrics for Version 7

Google Cloud Platform: Customer Responsibility Matrix. April 2017

The vsphere 6.0 Advantages Over Hyper- V

The Evolution of Data Center Security, Risk and Compliance

IJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Future-ready security for small and mid-size enterprises

Security Assessment Checklist

Daxko s PCI DSS Responsibilities


Reinvent Your 2013 Security Management Strategy

Cloud Services. Introduction

Best practices with Snare Enterprise Agents

CIS Controls Measures and Metrics for Version 7

ForeScout Extended Module for Carbon Black

The threat landscape is constantly

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

McAfee Network Security Platform 8.3

Securing VMware NSX MAY 2014

IDS: Signature Detection

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

Compare Security Analytics Solutions

Network Security: Firewall, VPN, IDS/IPS, SIEM

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

PCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:

Symantec Network Security 7100 Series

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

McAfee Cloud Workload Security Product Guide

McAfee Public Cloud Server Security Suite

CoreMax Consulting s Cyber Security Roadmap

VMware vcloud Networking and Security Overview

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Unlocking the Power of the Cloud

Security Information & Event Management (SIEM)

Getting Started with AWS Security

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Transcription:

Dynamic Datacenter Security Solidex, November 2009

Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2

Dynamic virtual machines Dynamic: Reverted Paused Restarted Cloned Moved Security challenges Achieve and maintain consistent security Propagation of vulnerabilities and configuration errors Maintaining an auditable record of the security state 3 Third Briga

Virtual Machines Need Specialized Protection 1. Same threats in virtualized servers as physical: OS & Application vulnerabilities and Configuration errors allow Malware to attack & infect 2. Plus Dynamics of virtualization causes some new challenges: Dormant VMs Resource contention VM Sprawl Inter-VM traffic vmotion 4

Virtualization Challenge: Securing dormant VMs Dormant VM Dormant VM Active VM Active VM Active VM AV App AV App AV App AV App AV App ESX Server Dormant VMs are unprotected These include VM templates and VM backups Dormant VMs cannot run scan agents yet still can get infected Dormant VMs have problem of stale AV signatures 7/7/2009 5

Virtualization Challenge: Full System Scans Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM AV App AV App AV App AV App AV App AV App Typical AV Console ESX Server Resource Contention with Full System Scans Existing AV solutions are not VM aware Simultaneous full AV scans on same host causes severe performance degradation No isolation between malware and anti-malware 7/7/2009 6

Virtualization Challenge: VM sprawl Dormant VM Dormant VM Active VM Active VM Active VM Newly deployed VMs Sec App Sec App Sec App Sec App Sec App Sec App AV App AV App Sec App ESX Server Infrastructure Managing VM Sprawl New VMs are just a click away, security weaknesses replicate quickly Security provisioning creates bottlenecks in VM deployment or VMs emerge without adequate security Lack of visibility into or integration with virtualization console increases management complexity 7/7/2009 7

Virtualization Challenge: Inter-VM traffic AV App AV App AV App AV App Inter-VM traffic Network IDS/IPS vswitch ESX Server vswitch ESX Server Inter-VM traffic Network IDS/IPS solutions cannot see VM to VM traffic within an ESX server First-generation security VMs require intrusive vswitch changes 7/7/2009 8

Virtualization Challenge: VM Mobility AV App AV App vmotion AV App AV App Network IDS/IPS vswitch ESX Server vswitch ESX Server Mobility of VMs (vmotion & vcloud) Existing solutions need reconfiguration and are cumbersome to manage Can result in VMs of different sensitivities landing on same server Deployment of VMs in cloud (IaaS) environments are unprotected 7/7/2009 9

Perimeter is cracking De-Militarized Zone (DMZ) Encrypted attacks NIPS Firewall NIPS Cloud computing Mission Critical Servers Business Servers / Endpoints Insiders Virtualization WLAN Third Brigade, Inc. 10

Deep Security Server & Application Protection for the Dynamic Data Center

What is Deep Security? Server & application protection for: PHYSICAL VIRTUAL CLOUD IDS / IPS Deep Packet Inspection Web App. Protection Application Control Firewall Integrity Monitoring Log Inspection 12

Retreat To The Server (VM)! De-Militarized Zone (DMZ) IDS/IPS Firewall IDS/IPS Gateway (Malware) Firewall & IDS/IPS File Integrity Monitoring & Log Inspection Anti-Malware Mission Critical Servers Business Servers / Endpoints 5/28/2009 13 13

Deep Security Modules Firewall Centralized management of server firewall policy Pre-defined templates for common enterprise server types Fine-grained filtering: IP & MAC addresses, Ports Coverage of all IP-based protocols: TCP, UDP, ICMP, IGMP Deep Packet Inspection Enables IDS / IPS, Web App Protection, Application Control Examines incoming & outgoing traffic for: Protocol deviations Content that signals an attack Policy violations. Integrity Monitoring Monitors critical files, systems and registry for changes Critical OS and application files (files, directories, registry keys and values) Flexible, practical monitoring through includes/excludes Auditable reports Log Inspection Collects & analyzes operating system and application logs for security events. Rules optimize the identification of important security events buried in multiple log entries. 11/9/09 14

Now, Practically Speaking Firewall Enables: Comprehensive control over inbound and outbound traffic Incident containment Location awareness of resources in virtualized environments Deep Packet Inspection Enables: Vulnerability specific protection (i.e. Microsoft Tuesday) Application-layer control Prevents: Zero-day attacks on known and unknown vulnerability Web application attacks including SQL Injection and Cross Site Scripting (XSS) Attacks hidden in encrypted data Integrity Monitoring Enables: Near real-time detection* of potentially malicious changes Extensive file property checking, including attributes (PCI 10.5.5) Alerting on errors signaling attack Golden host to compare changes against a predefined baseline and manage acceptable change * Log Inspection Enables: Optimized collection of security events across the datacenter, multiple server types Based on the OSSEC rule syntax, widely deployed HIDS Saves bandwidth in log collection from servers 11/9/09 15

Architecture PHYSICAL VIRTUAL CLOUD Deep Security Agent Security Profiles Deep Security Manager Alerts IT Infrastructure Integration vcenter SIEM Active Directory Log correlation Web services Security Center Reports Security Updates 16

Deep Security Manager Centralized, web-based management system Manage security profiles Multiple & delegated admin Detailed reporting Recommendation scan Customizable dashboard Automation through scheduled tasks Web services API Software and security updates Integration (VMware vcenter, SIEM, Active Directory) Scalable infrastructure (multiple nodes) 11/9/09 17

Firewall Decreases the attack surface of physical and virtual servers Centralized management of server firewall policy Pre-defined templates for common enterprise server types Virtual machine isolation Fine-grained filtering IP & MAC addresses, Ports Coverage of all IP-based protocols TCP, UDP, ICMP, Coverage of all frame types (IP, ARP, ) Prevents Denial of Service (DoS) attacks Design policies per network interface Detection of reconnaissance scans 11/9/09 18

Deep Packet Inspection IDS/IPS Vulnerability rules: shield known vulnerabilities from unknown attacks Exploit rules: stop known attacks Smart rules: Zero-day protection from unknown exploits against an unknown vulnerability Microsoft Tuesday protection is delivered in synch with public vulnerability announcements. On the host/server (HIPS) Web Application Protection Enables compliance with PCI DSS 6.6 Shield vulnerabilities in custom web applications, until code fixes can be completed Shield legacy applications that cannot be fixed Prevent SQL injection, cross-site scripting (XSS) Application Control Detect suspicious inbound/outbound traffic such as allowed protocols over non-standard ports Restrict which applications are allowed network access Detect and block malicious software from network access 11/9/ 09 19

Integrity Monitoring Monitors files, systems and registry for changes Critical OS and application files (files, directories, registry keys and values, etc.) On-demand or scheduled detection Extensive file property checking, including attributes (PCI 10.5.5) Monitor specific directories Flexible, practical monitoring through includes/excludes Auditable reports Useful for: Meeting PCI compliance Alerting on errors that could signal an attack Alerting on critical system changes 11/9/09 20

Log Inspection Getting visibility into important security events buried in log files Collects & analyzes operating system and application logs for security events. Rules optimize the identification of important security events buried in multiple log entries. Events are forwarded to a SIEM or centralized logging server for correlation, reporting and archiving. Useful for: Suspicious behavior detection Collection of security-related administrative actions Optimized collection of security events across your datacenter Advanced rule creation using OSSEC rule syntax 11/9/09 21

Security Center: Dedicated Team of Security Experts Track global vulnerabilities 100+ sources of information (public, private, govt): SANS, CERT, Bugtraq, VulnWatch, PacketStorm, and Securiteam Member of Microsoft Active Protections Program Respond to new vulnerabilities and threats Advisories & Security updates Six-step, rapid response process supported by automated tools On-going research to improve overall protection mechanisms 11/9/09 22

Virtualization & cloud computing create new security challenges Inter-VM attacks PCI Mobility Cloud Computing Hypervisor 11/9/09 23

Coordinated approach Virtual Appliance Firewall IDS/IPS/AV PCI 11/9/09 24

Deep Security Virtual Appliance Coordinated Security Approach Agent Agent Disappears (removed / reverted / to previous to snapshot) Virtual Appliance auto-protects VM Deep Security Virtual Appliance VMware vcenter VMware vsphere 4 25

Deep Security: Platforms protected Windows 2000 Windows XP, 2003 (32 & 64 bit) Vista (32 & 64 bit) Windows Server 2008 (32 & 64 bit) 8, 9, 10 on SPARC 10 on x86 (64 bit) Red Hat 3 Red Hat 4, 5 (32 & 64 bit) SuSE 9, 10 VMware ESX/ESXi Server (guest OS) VMware Server (host & guest OS) Integrity Monitoring & Log Inspection modules 11/9/09 HP-UX 11i v2 AIX 5.3 26 26

Certifications Common Criteria Evaluation Assurance Level 3 Augmented (EAL 3+) Achieved certification across more platforms (Windows, Solaris, Linux) than any other host-based intrusion prevention product. Higher certification than any other HIPS vendor Validated against US National Security Agency defined profile for IDS NSS Labs Third Brigade Deep Security is the first product to pass NSS Labs PCI Suitability testing for Host Intrusion Prevention Systems (HIPS). Across Windows, Solaris and Linux 27

Addresses PCI Requirements Key Deep Security features & capabilities Network segmentation Firewall Virtual patching Web application firewall File integrity monitoring IDS / IPS 28

Deep Security: Key benefits Shield vulnerabilities in web apps, enterprise apps OSs Detect & block suspicious activity Internal policies PCI & other requirements Detailed reports document prevented attacks & compliance status Prioritize secure coding efforts Manage unscheduled patching 29 Provides security necessary to realize virtualization savings Increased value from SIEM investments

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 1.0 Req. 1.2 - Reduce audit scope with network segmentation - Install & Maintain a firewall configuration Req. 1.3.9 - Install personal firewall software on any mobile and employee owned computers w/ direct connectivity to the Internet Req. 2.2 - Develop configuration standards for addressing known security vulnerabilities

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 6.1 - Ensure that all system components and software have the latest vendor supplied security patches installed. Install relevant security patches within one month of release.

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 6.6 - Ensure that all web-facing applications are protected against known attacks by applying either of the following methods: a) Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security b) Installing an application layer firewall in front of web-facing applications

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 7.1 - Limit access to computing resources and cardholder information only to those individuals whose job requires such access.

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 10.5 - Secure audit trails so they cannot be altered Req. 10.5.5 Use File Integrity Monitoring and change detection software on logs to ensure existing log data cannot be changed without generating alerts Req. 10.6 Review logs for all system components at least daily Req. 10.7 Retain audit trail history for at least one year, w/ a minimum of three months online availability

Addressing PCI DSS Req 1-2 Req 3-4 Req 5-6 Req 7-9 Req 10-11 Req 12 Build & maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Mgmt Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Req. 11.4 - Use network intrusion detection systems, HIPS to monitor all network traffic and alert personnel to suspected compromises. Req. 11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modifications of critical system or content files

Endpoints Datacenters Every network-connected host must be able to defend itself from attacks. Data Enterprise Protection To be the primary security agent on servers. 11/9/09 36

Questions? Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback