#RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products VMware @therealtomcorn
Increase in Security Losses Forecasted Growth in Overall IT Spend Growth in Security Spend 26% (since 2014) 4.5% 10.2% (since 2017) $3.7 Trillion in 2018 Gartner Press Release, Gartner Says Global IT Spending to Reach $3.7 Trillion in 2018, January 16, 2018 $91.4 Billion in 2018 Source: IDC, Worldwide Semiannual Security Spending Guide, #US42570018, March 2018 $600 Billion in 2017 Source: Center for Strategic and Int l Studies, Economic Impact of Cybercrime, February, 2018 2
Security Controls 3
Threat Landscape Nation States Organized Crime Hacktivists Agile Apps Center / Cloud Infrastructure End User Infrastructure Compute Network Storage Users Devices Access Modernization 4
Dynamics of an Attack Attacker Infiltration Propagation Extraction Exfiltration Defender 5
Dynamics of an Attack Attacker Infiltration Propagation Extraction Exfiltration Defender 6
Home-court advantage noun the advantage that you have over an opponent when a sports contest takes place at your own sports field or court. Macmillan Dictionary 7
Home-court advantage 8
Home-Court Advantage Bedroom Kitchen Living Room Playroom Courtyard Outdoor Kitchen Bathroom Master Bedroom Study Garage 9
Home-Court Advantage Comes From Understanding how your family uses your home, and using that context to shrink your security posture Family Bedroom Kitchen Living Room Playroom Courtyard Outdoor Kitchen Bathroom Master Bedroom Study Garage 10
If You Want Home-Court Advantage Take advantage of what you know better than an attacker Detect Threats Family Shrink the Attack Surface 11
Why don t we get homecourt advantage in cyber security? 12
We Keep All the Lights On, and All the Rooms Open Bedroom Room Kitchen Room Living Room Room Playroom Room Courtyard Outdoor Room Kitchen Bathroom Room Master Room Bedroom Room Study Garage Room 13
14
We See Through an Infrastructure Lens Monitor Perimeter For Threats Monitor Network For Threats Monitor Endpoint For Threats 15
If We Compartmentalize at All, it s Aligned to an Infrastructure Lens Bedrooms Bathrooms Kitchens Living Rooms 16
17
18
Threat Posture 19
We Should Focus More on Core Protection Strategies Gartner Market Guide for Cloud Workload Protection Framework Figure 1. Cloud Workload Protection Controls Hierarchy, 2018 Gartner, Inc. AV Less Critical Deception HIPS with Vulnerability Shielding Server Workload EDR Behavioral Monitoring IaaS at Rest Encryption Important, but often provided outside of CWPP Optional Server Protection Strategies Exploit Prevention / Memory Protection Application Control / Whitelisting System Integrity Monitoring / Management Core Server Protection Strategies Network Firewalling, Segmentation and Visibility Hardening, Configuration and Vulnerability Management Foundational No arbitrary code No email, web client Admin Privilege Management Change Management Log Management Operations Hygiene Restricted Physical and Logical Perimeter Access Source: Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, March 26th 2018. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 20
And We Should Focus on Applications and And how they use the infrastructure versus focusing just on the infrastructure Family Bedroom Room Kitchen Room Living Room Room Playroom Room Courtyard Outdoor Room Kitchen Bathroom Room Master Room Bedroom Room Study Garage Room 21
Cyber Threats Residual Risk Apps Cyber Hygiene Attack Surface Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching 22
Apps Apps 23
Threat Landscape Nation States Organized Crime Hacktivists Agile Apps Center / Cloud Infrastructure End User Infrastructure Compute Network Storage Users Devices Access Modernization 24
Compute Network Storage Users Devices Access Cloud & Mobile Infrastructure Can the unique properties of cloud and mobile be the solution versus the problem? 25
Virtualization Mobility Apps 26
Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Context Control SDDC Apps User Access Layer Virtualization Mobility Compute Network Users Devices Access Secure Infrastructure 27
Cyber Threats Residual Risk Apps Cyber Hygiene Attack Surface Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching 28
Apps Secure Infrastructure Compute Network Users Devices Access 29
Changing the Application Security Model From chasing bad to ensuring good 10010101010011001010010101010101101001 01010100110010100101010101011010010101 01001100101001010101010110100101010100 11001010010101010101101001010101001100 10100101010101011010010101010011001010 01010101010110100101010100110010100101 01010101101001010101001100101001010101 01011010010101010011001010010101010101 Chasing Bad 10100101010100110010100101010101011010 01010101001100101001010101010110100101 01010011001010010010101011010010101010 01100101001010101010110100101010100110 01010010101010101101001010101001100101 OS 75,000,000 75 00101010101011010010101010011001010010 10101010101001010101001100101001010101 0101101 Processes Processes Processes Ensuring Good Compute Network Users Devices Access 30
Processes Processes Processes App Web Processes Processes Processes OS OS Apps Processes Processes Processes Storage DB Processes Processes Processes OS OS Compute Network Users Devices Access 31
Protecting Applications in Virtualized and Cloud Environments Learn Protect Capture & Analyze Detect Respond Manifest Manifest Compute Network Users Devices Access 32
Uniquely Leverage the Hypervisor Application Isolation Automation What was Provisioned What is Running Compute Network Users Devices Access 33
Capture & Analyze Capture the purpose and intended state of applications and VMs Learn Protect Capture & Analyze Detect Respond Off-the-shelf apps OTS Software base Machine Learning Custom apps CI/CD pipeline [Provisioning systems] [Automation frameworks] Intended State Engine App Scope Manifest Manifest Manifest vcenter ESX Compute Network Users Devices Access 34
Detect Runtime application attestation and secure manifest store Learn Protect Capture & Analyze Detect Respond Processes Processes Processes Processes Processes Processes Processes Processes Processes OS OS OS AppDefense Monitor AppDefense Monitor AppDefense Monitor Manifest Manifest Manifest Protected zone Compute Network Users Devices Access 35
Respond Orchestrated incident response routines for the SOC Learn Protect Capture & Analyze Detect Respond Secure infrastructure Integrated Ecosystem Snapshot Quarantine Block/Alarm Network Blocking Compute Network Users Devices Access 36
Review and Readiness Collaboration between security teams and application teams Learn Protect Review Detect Continuous Learning Continuous Protection Readiness Respond Compute Network Users Devices Access 37
Review and Readiness Collaboration Between Security Teams and Application Teams Figure 2: DevSecOps: Secure Development as a Continuous Improvement Process 2017 Gartner, Inc. Dev Sec Ops Create Plan Continuous Improvement Prevent Continuous Configuration Detect Continuous Integration Monitoring and Analytics Adapt Release Monitoring and Analytics Continuous Monitoring Verify Continuous Deployment Continuous Learning Respond Preprod Predict Continuous Delivery Source: Gartner,10 Things to Get Right for Successful DevSecOps, Neil MacDonald, October 03 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 38
Demo
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 40
Enabling Richer Security Controls Security Controls MSSP SIEM GRC EDR Containers Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape 2017 41
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 42
App Web Apps Storage DB Compute Network Users Devices Access 43
App Web Apps Storage DB Compute Network Users Devices Access 44
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 45
Enabling Richer Security Controls Security Controls Arch/Eng SOC GRC EndPoint Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape 2017 46
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 47
App Web Application Apps Storage DB Compute Network Users Devices Access 48
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 49
App Web Apps Storage DB Compute Network Users Devices Access 50
Validate and Verify Right user + right device + right app Private Cloud Apps SaaS Insertion Point Insertion Point Public Cloud Compute Network Users Devices Access 51
Security Controls Apps Secure Infrastructure Compute Network Users Devices Access 52
Enabling Richer Security Controls Security Controls Arch/Eng SOC GRC Compute Network Identity Device CASB Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape 2017 53
If You Want Home-Court Advantage Take advantage of what you know better than an attacker Detect Threats Family Shrink the Attack Surface 54
Cyber Threats Residual Risk Apps Micro- Segmentation Least Privilege Encryption Multi-Factor Authentication Patching Cyber Hygiene Attack Surface 55
Transforming CYBERSecurity Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape 2017 56
Compute Network Users Devices Access Secure Infrastructure Go beyond: Securing Cloud & Mobility To using: Cloud & Mobility to Secure 57
#RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products VMware @therealtomcorn
Transforming CYBERSecurity Security Controls Arch/Eng SOC GRC Compute Network User Device SaaS Control Context Apps SDDC User Access Layer Compute Network Secure Infrastructure Users Devices Access Source: Momentum Partners Cyberscape 2017 59