Enterprise & Cloud Security

Similar documents
Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Copyright 2011 Trend Micro Inc.

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Enhanced Privacy ID (EPID), 156

McAfee Public Cloud Server Security Suite

Microsoft Security Management

The Road to a Secure, Compliant Cloud

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Securing the Modern Data Center with Trend Micro Deep Security

The Software Driven Datacenter

Qualys Cloud Platform

De kracht van IBM cloud: hoe je bestaande workloads verhuist naar de cloud

SIEM: Five Requirements that Solve the Bigger Business Issues

Securing the Next-Generation Data Center

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Building Hybrid Clouds

Why the cloud matters?

Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

Building a More Secure Cloud Architecture

SYMANTEC DATA CENTER SECURITY

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Accelerate Your Enterprise Private Cloud Initiative

VMware Hybrid Cloud Solution

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Securing Data in the Cloud: Point of View

CSP 2017 Network Virtualisation and Security Scott McKinnon

Best Practices in Securing a Multicloud World

Cisco Cloud Application Centric Infrastructure

Datacenter Security: Protection Beyond OS LifeCycle

Securing Your Cloud Introduction Presentation

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing

Secure & Unified Identity

Securing the Software-Defined Data Center

The Oracle Trust Fabric Securing the Cloud Journey

Securing Your Virtual World Harri Kaikkonen Channel Manager

McAfee Cloud Workload Security Product Guide

Cloud Essentials for Architects using OpenStack

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Securing the Cloud Today: How do we get there?

Automating Security Practices for the DevOps Revolution

Five Essential Capabilities for Airtight Cloud Security

Spotlight Report. Information Security. Presented by. Group Partner

RE-IMAGINING THE DATACENTER. Lynn Comp Director of Datacenter Solutions and Technologies

locuz.com SOC Services

The Evolution of Data Center Security, Risk and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Build a Software-Defined Network to Defend your Business

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Security Models for Cloud

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

2018 Cisco and/or its affiliates. All rights reserved.

Transforming IT: From Silos To Services

Infoblox as Part of the Ecosystem

Cloud Builders. Billy Cox. Director Cloud Strategy Software and Services Group

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

AKAMAI CLOUD SECURITY SOLUTIONS

Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Cloud Workload Discovery 4.5.1

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

align security instill confidence

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

The threat landscape is constantly

SoftLayer Security and Compliance:

Securing Your Amazon Web Services Virtual Networks

Clearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds

McAfee epolicy Orchestrator

Dynamic Datacenter Security Solidex, November 2009

Everything visible. Everything secure.

Virtualize More While Improving Your Risk Posture: The 4 Must Haves of VirtualizaJon Security

Transform to Your Cloud

5 Steps to Government IT Modernization

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Copyright 2011 EMC Corporation. All rights reserved.

CipherCloud CASB+ Connector for ServiceNow

Build your own Cloud on Christof Westhues

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

SECURITY SERVICES SECURITY

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Enterprise Cloud Computing. Eddie Toh Platform Marketing Manager, APAC Data Centre Group Cisco Summit 2010, Kuala Lumpur

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

McAfee Boot Attestation Service 3.5.0

Delivering Complex Enterprise Applications via Hybrid Clouds

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Transcription:

Enterprise & Cloud Security Greg Brown VP and CTO: Cloud and Internet of Things McAfee An Intel Company August 20, 2013

You Do NOT Want to Own the Data Intel: 15B 2015 Cisco: 50B 2020 2 August 21, 2013

Growth Drives Need to Adopt Cloud Computing By 2015 15 billion connected devices 2 >1500 exabytes of cloud data traffic 1 >3 billion connected users 1 1400 exabytes of data stored/processed via clouds 3 Why Cloud? An Intel IT example Agility: Provision new resources 90 days 15 minutes Efficiency: Asset utilization 10% >60% Cost Savings: $9M savings in last 2 years Private Cloud IT Survey Results Hybrid Cloud (Public + Private) Public Cloud Today: 14% 35% by 2015 5 Today: 7% 2014: 42% 2014: 23% >40% of IT operations 4 >40% of IT operations 4 1. Cisco Global Cloud Index Nov 2011 2. Intel ECG Worldwide Device Estimates Year 2020 - Intel One Smart Network Work forecast 3. IDC Extracting Value from Chaos June 2011 http://www.emc.com/digital_universe. 4. ODCA global member survey, Oct 2011, N=63 5. Gartner, Dec 2010, N=55 The Road Map From Virtualization to Cloud Computing (G00210845) 3

Security is Top Barrier to Cloud Adoption IT Pro survey of key concerns: 61% Lack of visibility inhibiting private cloud adoption 1 55% Lack of control over data key concern for public cloud adoption 1 57% Avoid putting workloads with compliance mandates in cloud 1 Traditional Data Center Networks Email, web traffic at risk Potential data loss Private/Public Cloud Mfg HR Behind firewall Highly controlled Mature security tools User & Intelligent Devices Multi-tenant, shared Virtualized Auditing difficult Ensure right people access right data Protect against new types of malware 1. source: McCann what s holding the cloud back? cloud security global IT survey, sponsored by Intel, May 2012 4

The Cloud Drives New Security Needs Traditional Data Center Virtualized and Private Cloud Data Center Public Cloud Data Center Mfg Mf. HR Mfg VMM HR Sales Company B Company A Company C IT Security Policy Challenges Reduced physical control, visibility Increased multi-tenancy Reduced effectiveness/efficiency of existing security toolbox Increased attack surface 5

New Security for a Virtual Cloud World Virtualized & Private Cloud Data Center Public Cloud Data Center Company A MFG VMM HR Sales Company B Company C COMPANY B COMPANY C COMPANY A Learn more about how Intel TXT and McAfee epo security solutions work together. 6

Foundation of Client to Cloud Security Cloud Security Mission: Worry-Free Cloud Computing In next 4 years, make cloud security equal to or better than traditional best in class enterprise security Public/Private Clouds (Servers, Network, Storage) User & Intelligent Devices Private Public Secure the Connections Apps, data, traffic 3 Secure Cloud Data Centers Infrastructure & data protection, audit/compliance 1 2 Secure the Devices Identity, device integrity & data protection 4 Common Security Standards & Broad Industry Collaboration Hardware-enhanced security + software & services key to achieve mission 7

Understanding Cloud Integrity Internet Private Cloud Public Cloud TRADITIONAL EVOLVING Digital Certificates Validate web server authenticity External Assessment & Reputation Validate web server authenticity Host Integrity Ensure server is known good Location & Asset Control Control workload location VM Integrity Ensure all VMs are known good Security Stack Integrity Security systems operational Real-time Integrity Continuous monitoring Endpoint Aware Integrity Client/cloud mutual trust McAfee SiteAdvisor Enterprise McAfee Cloud Secure Intel Trusted Execution Technology (TXT) Intel Virtualization Technology (VT) McAfee MOVE AV McAfee Application Control & Change Control Will deliver on-going advancements to hardware & software security for greater controls & auditability 1 McCann 2012 State of Cloud Security Global Survey, Feb 2012 8

Optimized Client Security for Cloud Users Key Challenges Complex identity management New forms of malware below OS* Growing range of online attacks Private Cloud Public Cloud McAfee Cloud Identity Manager Intel Identity Protection Technology McAfee Deep Defender Identity Federation Salesforce.com Google.com Strengthen and Simplify Authentication Protect against Man in the Middle Attacks Protect against Zero-Day Attacks Applications McAfee Deep Defender Operating System McAfee DeepSAFE Authentication Data Protection Client Devices 9 *OS=operating system

Secure the Connections: Traffic from Device to Clouds USERS & DEVICES CLOUD INFRASTRUCTURE (Servers, Network, Storage) Application Consumers Network Security Policy, Audit, Reporting, Governance & Risk Web Security Email Security Private Cloud Intelligent Devices Administrators Integrity Assessment Identity Management Data Loss Prevention Public Cloud TODAY FUTURE Policy Enforcement Driven by Integrity Assessment at enterprise perimeter or cloud edge 10

Accelerating Cloud Security Standards Accelerate cloud adoption via consensus on security best practices Reduce manual audit cycles via common framework for regulatory standards Streamline security implementations via standards for controls and APIs across cloud environments Enable IT to easily compare cloud provider security levels Example: Aligning hardware and software controls to ODCA requirements ODCA Security Provider Assurance Usage Model 1.0 Solution should be able to support the following functional requirements by assurance levels, where applicable: * Bronze (basic): Identity management, security incident & event monitoring Silver (enterprise): Network intrusion prevention, event logging, administrative changes tracking Gold (financial): Penetration testing, asset segmentation, encrypted communication, Geo limits, storage encryption Platinum (military): Strong encryption for data *Several of the requirements are supported by Intel / McAfee 11

Enabling Open, Interoperable Cloud & Security Solutions Intel Cloud Builders Infrastructure as a Service / Cloud Resource Management Cloud Security Cloud Efficiency Cloud Storage/Networking Client Aware www.intel.com/cloudbuilders 12

Enabling Open, Interoperable Security Solutions SIA Associate Partner SIA Technology Partner (McAfee Compatible) www.mcafee.com/us/partners/security-innovation-alliance

McAfee Strategy Customer Value Proposition Elastic and Efficient Security across the Infrastructure (compute, storage and network) Protect Sensitive Data where-ever it goes (Physical, Virtual and Cloud, SaaS or IaaS) Centralized and Simplified Security Management in dynamic datacenter environments Create Trust by attesting to the security posture of the workload in the cloud 14

McAfee Strategy Customer Value Proposition Elastic and Efficient Security across the Infrastructure (compute, storage and network) Know what and where all the workloads are Discover all your workloads and provide complete security visibility in epo 15

Discover Complete visibility into your Private Cloud You cannot secure what you cannot see Automatically discover your entire physical and virtual infrastructure (hypervisors, virtual machines, virtual appliances) through the vsphere Data Center Connector Dynamically discover new instances and discard old ones Auto-populate or manually enter the VM/Host location in epo tags Show ESXi Server to vcenter relationship Display imported virtual machines in epo system tree including the Virtual Machine to Host relationship

Discover epolicy Orchestrator Data Center Dashboard Single pane security management Know the protection status of every workload, on-premise and offpremise in a single epo dashboard Monitor key metrics and trends of all Data Center components such as Security and power status Applications categorized into Known Good, Known Bad, Grey List Historical security data Customizable dashboards such as executive overviews

McAfee Strategy Customer Value Proposition Elastic and Efficient Security across the Infrastructure (compute, storage and network) Know what and where all the workloads are Protect workloads and ensure compliance Discover all your workloads and provide complete security visibility Secure each workload with the desired policies on-premise and off-premise 18

Protect The Appropriate Security for a Workload S e r v e r s 19

Protect Boot Attestation in the epo Tree Intel Trusted Execution Technology (TXT) provides Boot Attestation 20 Boot your hypervisor from a trusted image Determine trust worthiness of the hypervisor boot using Intel TXT by validating the Firmware/BIOS and the VMM image that booted Display the boot trust status in epolicy Orchestrator Create policies based on this status e.g. create a secure VM policy that alerts the epo administrator if a critical VM is running on an untrusted hypervisor

Protect Boot Attestation through Intel TXT PCI PCI PCI MOVE Virtualization Infrastructure Trusted Trusted Trusted How it works Consider a McAfee-secured federated datacenter (epo, MOVE) where trusted boot status is an attribute in the epo system tree Security policy mandates that PCI workloads must run only on trusted hosts If the TXT string on the host does not match the expected value, the host is marked as Untrusted. On receipt of the status change, epo recommends that the PCI VMs on that host be moved to a different trusted hypervisor Partners like HyTrust, Trapezoid have epo integrations that leverage this capability. 21 August 21, 2013

McAfee Strategy Customer Value Proposition Elastic and Efficient Security across the Infrastructure (compute, storage and network) Know what and where all the workloads are Protect workloads and ensure compliance Extend workloads securely into the cloud Discover all your workloads and provide complete security visibility Secure each workload with the desired policies on-premise and off-premise Grow your infrastructure into the cloud with automatic provisioning of security policies 22

Grow AWS Data Center Connector 1. Choose the Cloud Provider to connect with 2. Name your connection and enter cloud credentials 3. Monitor/manage security of your cloud workloads from epo Grow with confidence Discover and secure cloud machines automatically through the AWS Data Center Connector Dynamically update new instances as you scale up and discard old ones as you scale down Auto-populate or manually enter the cloud machine location/provider in epo tags Ensure an identical security posture between your on-premise and cloudbased workloads 23 August 21, 2013

Intel and McAfee Better Security Together Unique Differentiated Comprehensive Innovative, integrated hardware/software solutions that are unparalleled in the industry Deep Defender on Xeon Elastic Network Security for SDN Trust Attestation in the Datacenter Solutions with superior functionality, performance, and efficiency McAfee is optimized for superior performance on Intel Architecture Technologies and ecosystem leadership that help eliminate security gaps and complexity Customized GTM for specific customer segments like Health Care, Public Cloud Providers 24 August 21, 2013

Summary of McAfee Security Solutions Layer Security Services McAfee Solutions Endpoints Management Identity Data Applications Network Anti-virus Runtime protection (Application Whitelisting, File Integrity) Vulnerability management (patches, configurations) Centralized policy administration Incident management and event correlation Centralized compliance monitoring User authentication Federation of identities Device authentication Encryption for data at rest and data in motion Content monitoring/filtering (DLP) Content monitoring/filtering for file shares DB activity and vulnerability monitoring Monitoring/filtering for web and email Network access control Network behavior analysis Network intrusion detection / prevention Network firewall Datacenter Security Suite Vulnerability Manager (MVM) epolicy Orchestrator (epo) Global Threat Intelligence (GTI) Compliance Suite ESM (SIEM product) Cloud Identity Manager Endpoint Encryption DLP Cloud Security Platform Network Security Platform 25 August 21, 2013

Greg Brown VP and CTO Cloud and Internet of Things McAfee, An Intel Company greg_brown@mcafee.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback