Transforming Security Part 2: From the Device to the Data Center

Similar documents
Network Virtualization Business Case

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

SYMANTEC DATA CENTER SECURITY

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

CipherCloud CASB+ Connector for ServiceNow

CSP 2017 Network Virtualisation and Security Scott McKinnon

Securing the SMB Cloud Generation

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

ForeScout Extended Module for Splunk

Securing Your Cloud Introduction Presentation

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Cyber Resilience. Think18. Felicity March IBM Corporation

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Datacenter Security: Protection Beyond OS LifeCycle

Securing Your Most Sensitive Data

Nebraska CERT Conference

Copyright 2011 Trend Micro Inc.

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Service Description VMware Workspace ONE

Monthly Cyber Threat Briefing

The Evolution of Data Center Security, Risk and Compliance

External Supplier Control Obligations. Cyber Security

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

The threat landscape is constantly

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

VMware Hybrid Cloud Solution

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

locuz.com SOC Services

DIGITAL TRUST Making digital work by making digital secure

the SWIFT Customer Security

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Watson Developer Cloud Security Overview

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

10 FOCUS AREAS FOR BREACH PREVENTION

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Changing face of endpoint security

AT&T Endpoint Security

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Qualys Cloud Platform

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

MaaS360 Secure Productivity Suite

The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.

Automating the Top 20 CIS Critical Security Controls

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Best Practices in Securing a Multicloud World

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Cybersecurity Roadmap: Global Healthcare Security Architecture

SAS and F5 integration at F5 Networks. Updates for Version 11.6

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

To the Designer Where We Need Your Help

CloudSOC and Security.cloud for Microsoft Office 365

Securing Data in the Cloud: Point of View

Cloud-Enable Your District s Network For Digital Learning

Evolved Backup and Recovery for the Enterprise

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Secure & Unified Identity

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]

Run the business. Not the risks.

MITIGATE CYBER ATTACK RISK

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

Building a Resilient Security Posture for Effective Breach Prevention

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Enterprise & Cloud Security

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Secure Access & SWIFT Customer Security Controls Framework

Virtual Machine Encryption Security & Compliance in the Cloud

Spotlight Report. Information Security. Presented by. Group Partner

Kaspersky Security. The Power to Protect Your Organization

8 Must Have. Features for Risk-Based Vulnerability Management and More

Features. HDX WAN optimization. QoS

Proactive Approach to Cyber Security

ForeScout ControlFabric TM Architecture

How to manage evolving threats on evolving ICT assets across Enterprise

THE ACCENTURE CYBER DEFENSE SOLUTION

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe

The Common Controls Framework BY ADOBE

Infoblox as Part of the Ecosystem

Digital Workspace SHOWDOWN

Transcription:

SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice

The datacenter as a hospital

3

4

5

Digital transformation impacts IT and security 6

We believe that data is the phenomenon of our time. It is the world s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true even inevitable then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world. - Ginni Rometty, IBM Chairman, CEO and President

Increased Productivity Greater Business Efficiency Improved User Satisfaction Greater Engagement 60 % of employees would prefer to use a personal device for work and play

>50% 70% of employees have received no instruction in the risks of using their own devices at work of organizations rely on their users to protect personally owned devices.

How do we secure the interaction between users, applications, and data Device Network App Network We have a large and growing surface area that needs to be secured

Who is my teenager? Identity Management

Shadow IT Unknown applications Unknown data locations Unknown security 65% of consumers download businessspecific apps for more convenient access to information.

How do we secure the interaction between users, applications, and data Device User Device Network App Network App Data Network We have a large and growing surface area that needs to be secured

Who is my User? User Employee Customer Contractor Privileged R&D Sales Marketing

What tools does my User carry? Device ios Win10 Android Unmanaged BYOD Managed Corp Issued

What Applications does my User use? APP Web Mobile Virtual Low Security External High Security Internal

How is my User connecting? Network In Network Low Beacon Out Network 3G/4G Geo

What is my User doing? Data Copy/Paste Passcode Open-In Watermark Encryption Expire

The User Policy Framework User Device App Data Network User Device APP Network Data Employee Contractor ios Win10 Android Web Mobile Virtual In Network Out Network Copy/Paste Watermark Customer Privileged Unmanaged Managed Low Security High Security Low Beacon 3G/4G Passcode Encryption R&D Sales Marketing BYOD Corp Issued External Internal Geo Open-In Expire

How do we solve the problem? Conditional Access More Restrictive Authentication Policy Framework Constrained Actions User Device Limited Access App Data Network Adaptive Management

What have they done? 21

Security is an Endpoint Problem 2 2

What does the data say about security issues? 80-90% of security issues could be mitigated with implementation of best known methods (Configurations, Patching) 10% of security issues are advanced and require enhance intelligence and approaches

The simplest questions are sometimes the hardest How many assets do I have on the corporate network? Government agency couldn't transition 1,300 of its workstations from Microsoft Windows XP to Windows 7 because the agency couldn't find them all

If you don t know how many, how do you answer... How many of the assets on my corporate network are impacted by the vulnerability that was just announced?

Devices 50% of employers will require employees to use their own devices for work

The Uncomfortable Reality An Example 30,633 number of known, managed endpoints 8,998 number of discovered unmanaged assets 6,335 number of SCCM clients not communicating 77% percent missing six or more critical updates 91% percent of endpoints with a vulnerable version of adobe flash Source: Findings during Tanium security hygiene assessment

Key Challenges Data Accuracy, Timeliness, and Completeness Security Hygiene Barriers between Security and IT Ops Reaction Time Complex Architecture Infrastructure and Agents 28 CONFIDENTIAL

Next Generation Threat Detection and Remediation Ask Know Act a question in plain English? What are the computer names of the machines with critical patches missing? Google for IT Data what is happening on your endpoints at all times In 15 Seconds by changing all of the impacted endpoints as needed x Deploy a Patch Kill a Process Uninstall an Application

Unparalleled IT Asset Visibility Live software asset inventory and utilization data Detailed and up-to-date resource utilization data from all environments Unmanaged asset discovery without network impact Enrich your existing systems with TrustPoint for complete enterprisewide visibility

Unmatched Efficiency and Accuracy for IT Operations Faster, easier, more reliable patching across cross-platform environments Incident/problem scoping and remediation with live and recorded endpoint data to fix outages Distribute software and endpoint configurations at scale across multiple platforms

Solving a real world problem 32

Why is Enterprise a Target Ransom has been paid Any mission critical asset can be held ransom Revenue stream for criminals Large amounts of data Vulnerable Applications

How can the enterprise prevent ransomware User Education Comprehensive Backup System Host Based Security Limit Lateral Movement Content Scanning Patching

How to solve this complex problem Patch and secure the end user device Zero Trust with Micro-segmentation Containing Lateral Movement with Automation Virtualizing the End User Computing Environment

Virtual Desktop Ransomware Challenges A converged infrastructure means virtual desktops run on the same infrastructure as servers VDI to VDI Desktop-to-desktop hacking inside the DC Finance HR Engineering VDI to VM Desktop-to-server hacking inside the DC Bringing desktops into the data center opens up new risks for attack. And a matrix of policies is needed on centralized, choke-point firewalls for the correct security posture.

Micro-segmentation simplifies network security Finance HR Engineering Perimeter firewall DMZ Inside firewall App Each VM can now be its own perimeter Policies align with logical groups Prevents threats from spreading DB Services AD NTP DHCP DNS CERT

Simplify VDI and creates a Zero Trust environment Perimeter firewall Inside firewall Finance HR Engineering DMZ App DB Firewall and filter traffic based on logical groupings Simplified, programmable, automated application of network/security policy to desktop users/pools Service-chaining with AV and NGFW partners to deliver automated, policy-integrated AV / malware protection, NGFW, IPS, etc.

Contain Lateral Movement with Behavior Detection Recon Lateral Movement Initial Infection Source: http://www.lanl.gov/discover/publications/1663/2013-nov/_assets/docs/cyber.pdf

Recomposable Virtual Desktops and Segmentation Hypervisor Enforced Security 40

Where were you last night?

Privacy Concerns Affect Adoption?????? End User Privacy Concerns Lack of Adoption Inability to Abide by Regulations

Privacy is a Regulatory Issue for Organizations Depending on where data is collected, organizations may be subject to data residency laws Handling of data by third-party analytics groups may violate regulations depending on method of data transfer

Takeaways Privacy is a growing concern for end users Privacy concerns often affect end user adoption Have clear communication to mitigate the effects of negative media via our Transparency to End Users approach Educate end users about the AirWatch tools such as the user and Privacy app Privacy is a regulatory issue for organizations Privacy Controls for Organizations enable compliance with privacy laws and regulations Occasionally revisiting your privacy configuration page ensures accurate data collection practices

Comprehensive Endpoint Security with VMware Policies and Management IOC Detect Harden OS Predict Threats Prevent Impact Client Health Attestation Data Loss Prevention Deploy Patches Kill Processes Uninstall Apps Respond Quickly Detect Incidents 15-sec Visibility & Control Process-level Accuracy Re-image Devices Visibility at Scale Visibility and Compliance 45

Top 5 Reasons VMware End User Computing (EUC) is Better Multi-cloud Desktops and Applications Delivered Unified Endpoint Management Leading Virtual Apps & Desktops Identity-Defined Workspace Comprehensive Cloud Service Security OS/App Lifecycle Management Asset Analytics Tracking, Inventory App Delivery User Environment Management One Touch SSO & MFA Conditional Access Cloud Hybrid Microsegmentation Data Loss Prevention IT Automated Workflows Over the Air Configuration Monitoring & Analytics Unified App Catalog Productivity Apps Hosted & Remote Services Offline Endpoint Security Identity Integration 47

Consumer Simple Enterprise Secure 49

SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback