Datacenter Security: Protection Beyond OS LifeCycle

Similar documents
SYMANTEC DATA CENTER SECURITY

The Evolution of Data Center Security, Risk and Compliance

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Securing the Modern Data Center with Trend Micro Deep Security

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Symantec Data Center Security: Server, Monitoring Edition, and Server Advanced 6.7 MP3 Overview Guide

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Securing the Software-Defined Data Center

Expand Virtualization. Maintain Security.

McAfee Cloud Workload Security Product Guide

Qualys Cloud Platform

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

Stopping Advanced Persistent Threats In Cloud and DataCenters

Copyright 2011 Trend Micro Inc.

Symantec Endpoint Protection Family Feature Comparison

Table of Contents HOL-PRT-1464

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Deploy Symantec Cloud Workload Protection for Storage

Dynamic Datacenter Security Solidex, November 2009

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Symantec Reference Architecture for Business Critical Virtualization

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Securing the Data Center against

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

100% Endpoint Protection dank Machine Learning, EDR & Deception?

Symantec and VMWare why 1+1 makes 3

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

McAfee Public Cloud Server Security Suite

Transforming Security Part 2: From the Device to the Data Center

Proactive Approach to Cyber Security

Disclaimer CONFIDENTIAL 2

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

VMware Hybrid Cloud Solution

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

CS 356 Operating System Security. Fall 2013

Infoblox as Part of the Ecosystem

DOCUMENT* PRESENTED BY

Kaspersky Security for Virtualization Frequently Asked Questions

Enterprise & Cloud Security

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

IS B10 - Securing Your Virtual Data Centers: The Future of Endpoint and Server Security

Reinvent Your 2013 Security Management Strategy

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Datacenter Management and The Private Cloud. Troy Sharpe Core Infrastructure Specialist Microsoft Corp, Education

CyberArk Privileged Threat Analytics

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Cloud Workload Discovery 4.5.1

Everything visible. Everything secure.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Inside the 6 principal layers of the cloud security ARMOR.COM PAGE PAGE 1 1

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

SIEM: Five Requirements that Solve the Bigger Business Issues

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

AS Stallion. Security for Virtual Server Environments. Urmas Püss

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

AT&T Endpoint Security

Symantec Endpoint Protection

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

SIMPLIFY, AUTOMATE & TRANSFORM YOUR BUSINESS

Changing face of endpoint security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

LIGHT AGENT OR AGENTLESS

AWS Reference Design Document

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

IBM Internet Security Systems Proventia Management SiteProtector

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Securing Your Virtual World Harri Kaikkonen Channel Manager

Qualys Cloud Platform

CLOUD WORKLOAD SECURITY

Cloud Under Control. HyTrust Two-Man Rule Solution Brief

CIS Controls Measures and Metrics for Version 7

Intrusion Prevention Signature Failures Symantec Endpoint Protection

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Cisco Firepower NGFW. Anticipate, block, and respond to threats

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Security in Cloud Environments

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Agile Security Solutions

McAfee Virtual Network Security Platform

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Symantec Client Security. Integrated protection for network and remote clients.

McAfee Embedded Control

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Container Deployment and Security Best Practices

Transcription:

Section Datacenter Security: Protection Beyond OS LifeCycle 1

Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000 3,000 4,958 4,066 3,986 MILLION 4 3 4.6m 3.2m 2,000 2 2.0m 1,000 1 0 2014 2015 2016 Mimikatz PsExec WCE 1. A new 0-day discovered every week 2. Legitimate administrative and pen tools used against target 2

Attack surface - When Patches matter MS16-087 A 20-year old Vulnerability sitting in Plain sight Enterprise OS Oracle s Colossal Patch 276 Vulnerabilities, 159 remotely exploitable without authentication, 28 with CVSS > 9.0 Enterprise Software The much maligned player 52 Vulns with 33 remotely exploitable End-user Browser Spread laterally within the network with Watering Holes Compromise Mission Critical Systems! Large Attack Surface for a Foot in the door 3

Exploit Kits trend 2015-2016 Rank Exploit Kit 2015 (%) 2016 (%) 1 Custom Kits 38.9 37.9 2 Angler 13.3 22.2 3 Spartan 7.3 11.9 4 RIG 2.0 7.9 5 Magnitude 1.1 5.8 6 Neutrino 1.3 5.8 7 VIP 24.8 3.2 8 Nuclear 4.0 1.6 9 Fiesta 2.5 1.0 10 G01 Pack 2.2 0.8 4

Hands On! Application Services Guest OS Front End Back End DataStore Hypervisor HW 5

What s The Story? Never Touching the running Machine Services uptime Service Deployment in different Stages: Test environment Pre-production environment Production environment Compliance Check Patch Deployment Time Increase exposition Exposition increase attack surface Legacy OS Legacy Applications Custom Applications 6

Data Center Security Technical Overview Section 7

SECURE DATACENTER INFRASTRUCTURE WITH DCS: SERVER ADVANCED VIRTUALIZATION PLATFORMS CLOUD PROVIDERS / PLATFORMS CONTAINERS FILE INTEGRITY MEMORY PROTECTION NETWORK CONTROLS DEVICE CONTROLS APPLICATION CONTROL SIMPLICITY Consistently manage security across physical, virtual, public, and private clouds VISIBILITY Centralized security, monitoring, and hardening across platforms and applications AGILITY Align security and IT Ops with automated and orchestrated security down to the application layer OPENSTACK KEYSTONE 8

WHAT MAKES A STRONG, AGILE SECURITY STRATEGY FOR THE SDDC? ANTIMALWARE & THREAT PROTECTION DYNAMIC WORKLOADS PERIMETER & NETWORK SECURITY COMPLIANCE & HARDENING Designed for performance & resource optimization, not just an endpoint protection client Support the migration and co-mingling of workloads with varied trust levels Visibility and control of internal VM to VM traffic Automated asset discovery, configuration and validation Support & Simplify Security Across Traditional and Next Gen IT with: Security embedded into the Platform protecting hosts and guests Application-level security controls and policies for workloads anywhere Security integrated with DevOps Automation Tools & Processes provides faster provisioning, reduces Rogue IT instances and ensures timely protection. 9

DATA CENTER SECURITY STRATEGY IS A LIFECYCLE ASSESS Conduct Asset Auto Discovery Assess Server Configuration Report Against Mandates and Standards Aggregate Risk Scores Prioritize Remediation ORCHESTRATE Aggregate, Automate and Orchestrate Security Policy Across Products Enable application-level security Automate Security Provisioning and Response Across Platforms PROTECT Monitor and Harden Physical, Virtual, and Cloud Protect Current and Next-gen Data centers Secure Virtual Desktops Protect Application and File Stores 10

Introduction to Symantec Data Center Security for Virtual Environment o Symantec DataCenter Security provides: o Agentless antimalware and network intrusion protection o Reputation-based services for files and URLs o In-guest file quarantine o Seamless integration with VMware NSX and vcenter o Single-instance security service per host o Automated and simplified security provisioning workflow o Out-of-box integration with multiple security products Data 11

Symantec Datacenter Security architecture for Virtual Environment Guest Virtual Machines Security Virtual Appliance (SVA) SVA Provides Agentless Anti-Malware and Intrusion Detection/Prevention SVA is deployed to each ESXi host as the Datacenter Protection Service SVA supports up to 200 guest VMs on a single ESXi host 12

Symantec Datacenter Security architecture for Virtual Environment Operations Director SDCSS/SA SDCSS Server LiveUpdate Security Response Insight Reputation Orchestration Support Unified Management Console (UMC) 13

Overall Summary and Takeaways Symantec Data Center Security Server Provides: o Advanced security controls for virtual environments o Infrastructure performance enhancements o Automation of security policy provisioning Making security of virtual environments possible via.. o Agentless antimalware and Network Intrusion protection o Integration with VMware NSX and vcenter and other security solutions 14

USE CASES Section 15

AGENTLESS HOST AND GUEST THREAT PROTECTION FOR VIRTUAL ASSETS WITH DATA CENTER SECURITY Fully integrated with VMware (NSX/vCNS/vShield) Lower OPEX Manage complexity Reduce boot storms Auto deployment of Hypervisorbased security virtual appliance (SVA) Always-on security for hosts and virtual guests Data Center Security service for VMware NSX/vCNS/vShield Security Orchestration and integration with DCS: Server Advanced and third-party security tools Agile security provisioning and threat response for hosts & virtual guests 16

SYMANTEC DATA CENTER SECURITY DELIVERS AGILE, AGENTLESS THREAT PROTECTION Use Case : New business application deployment Problem Response Action Result IT asset provisioning takes minutes but security provisioning takes days Security is the bottleneck for scaling out the new services IT service request Capture security and compliance attributes during IT service requests Security requests for new IT assets sent to security admin Viruses are detected, blocked, and logged Rapid 7 Nexpose (via Operations Director integration) runs vulnerability scans & risk assessment Security is deployed quicker; mitigating rogue and unsecure IT assets Increased business responsiveness Server is protected throughout its lifecycle Operations Director automatically creates task for security admin Operations Director recommends antimalware, NIPs, firewall (via Palo Alto integration), and hardening Symantec Advantage: Automated Always On Agent-less 17 17

CRITICAL CUSTOMER PORTAL AUTOMATICALLY PROTECTED AGAINST ZERO-DAY EXPLOIT Use Case : Mission critical web server must be secure and highly available Problem Response Action Result Multiple applications and subcomponents, each with their own vulnerabilities Each component must be secure and compliant without downtime Symantec Data Center Security: Server Advanced has Out-of-the-box sandboxes to secure each tier of the infrastructure Attacker attempts to install malicious file through an IIS zero-day exploit Attack is blocked as IIS is not allow to install software or modify the OS Customer portal maintains security and availability despite zero day vulnerability on whitelisted application Symantec Advantage: Application Whitelisting Out-of-the-box Hardening 18 18

PROTECT CUSTOMER FILES Use Case : Mission critical web server must secure web pages files Problem Response Action Result Unauthorized users could be able to change, add, remove files Malicious Users could be able to access to files Symantec Data Center Security: Server Advanced has Host Integrity and Audit Trail Capabilities Attacker attempts to install malicious file through unauthorized access Attack is blocked because DCSSA agent is monitoring Server File System avoiding unauthorized users Customer portal maintains integrity and original contets Symantec Advantage: Host Integrity Files Integrity and Audit Trail 19 19

PROTECT LEGACY MICROSOFT OS SERVER Use Case : Protect legacy Microsoft Windows 2003 server Problem Response Action Result Microsoft Windows Server 2003 is not more supported by Microsoft Lack of security Patches Symantec Data Center Security: Server Advanced still support Microsoft Windows server 2003 Once Installed DCSSA agent, is possible to enable Application Control, Mitigation Exploits control and Host Integrity modules It will be possible to keep legacy server protected Symantec Advantage: Support Legacy OS 20

DOMAIN CONTROLLER LOCKDOWN Use Case : Protect Domain Controller server Problem Response Action Result Microsoft Domain Controller breach Lack of security Symantec Data Center Security: Create restrictive white list policy Integrated DCS:SA events with third party SIEM solution for alerting/analysis Once Installed DCSSA agent, is possible to enable Application Control, Mitigation Exploits control and Host Integrity modules It will be possible to keep AD servers protected Symantec Advantage: Support Windows Services such as AD, MSSQL 21

Thanks Presenter Alessandro Ghezzi Date 7/6/2017 Alessandro_ghezzi@symantec.com Sunil Venanzini Sunil_venanzini@symantec.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback