Securing the Software-Defined Data Center

Similar documents
McAfee Virtual Network Security Platform

Securing Your Amazon Web Services Virtual Networks

Securing Your Microsoft Azure Virtual Networks

McAfee Advanced Threat Defense

The McAfee MOVE Platform and Virtual Desktop Infrastructure

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

McAfee Public Cloud Server Security Suite

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

McAfee epolicy Orchestrator

SYMANTEC DATA CENTER SECURITY

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Defend Against the Unknown

McAfee Endpoint Threat Defense and Response Family

The threat landscape is constantly

Expand Virtualization. Maintain Security.

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

AWS Reference Design Document

The Evolution of Data Center Security, Risk and Compliance

McAfee Endpoint Security

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Building Resilience in a Digital Enterprise

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

McAfee Embedded Control

McAfee Cloud Workload Security Product Guide

MODERNIZE INFRASTRUCTURE

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

CLOUD WORKLOAD SECURITY

Petroleum Refiner Overhauls Security Infrastructure

McAfee Total Protection for Data Loss Prevention

SIEM: Five Requirements that Solve the Bigger Business Issues

Securing the Modern Data Center with Trend Micro Deep Security

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SIEM Solutions from McAfee

Services solutions for Managed Service Providers (MSPs)

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Datacenter Security: Protection Beyond OS LifeCycle

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Simplify Hybrid Cloud

Network Virtualization Business Case

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

WHITE PAPER OCTOBER VMWARE NSX WITH CHECK POINT vsec. Enhancing Micro-Segmentation Security

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Sustainable Security Operations

1V0-642.exam.30q.

Software-Defined Secure Networks in Action

Enabling Efficient and Scalable Zero-Trust Security

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Traditional Security Solutions Have Reached Their Limit

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Kaspersky Security for Virtualization Frequently Asked Questions

VMware Hybrid Cloud Solution

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

VM-SERIES FOR VMWARE VM VM

Intelligent, Collaborative Endpoint Security

McAfee Network Security Platform 9.1

McAfee Skyhigh Security Cloud for Amazon Web Services

Qualys Cloud Platform

McAfee Network Security Platform

SIEMLESS THREAT DETECTION FOR AWS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Clearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds

Digital Workspace SHOWDOWN

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Best Practices in Securing a Multicloud World

McAfee Skyhigh Security Cloud for Citrix ShareFile

Operationalizing NSX Micro segmentation in the Software Defined Data Center

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Solution Overview Gigamon Visibility Platform for AWS

Open Security Controller Project Use Cases

SMASHING THE TOP 7 VIRTUALIZATION SECURITY MYTHS

That Set the Foundation for the Private Cloud

ForeScout ControlFabric TM Architecture

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Comprehensive Database Security

Cisco Firepower NGFW. Anticipate, block, and respond to threats

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

VMWARE NSX DATA CENTER: HELPING IT MOVE AT THE SPEED OF BUSINESS

Symantec Client Security. Integrated protection for network and remote clients.

Cloud Workload Discovery 4.5.1

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Enterprise & Cloud Security

Cisco Cloud Application Centric Infrastructure

Cisco Firepower NGFW. Anticipate, block, and respond to threats

McAfee Embedded Control for Retail

McAfee MVISION Cloud. Data Security for the Cloud Era

Security by Default: Enabling Transformation Through Cyber Resilience

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Pulse Secure Application Delivery

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Easily Managing Hybrid IT with Transformation Technology

Transcription:

Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined infrastructure Secures private, public, and hybrid clouds with single-pane-of-glass management of advanced threats Provides micro-segmentation and deep inspection of east-west traffic in the SDDC Integrates with leading private and public cloud platforms for seamless security orchestration Simplified licensing with throughput sharing across multiple clouds and platforms 1 Securing the Software-Defined Data Center

With the advent of proven solutions for network virtualization and their integration into comprehensive cloud management stacks, the software-defined data center (SDDC) has become a realistic infrastructure model for both private and public clouds. SDDCs offer compelling advantages for enterprise IT departments and the organizations they serve including: Better support for business innovation through an IT infrastructure that is more flexible, available, scalable, and reliable Greater business agility through faster delivery of new services Lower capital and operating costs through more efficient resource utilization Streamlined auditing and compliance through policy-based automation and reporting Simpler integration of new technologies and legacy resources A data center infrastructure that intrinsically supports the development of hybrid private and public cloud environments The Sinkhole in the SDDC Roadmap: Network The virtualization of network infrastructure the routers, switches, servers, load balancers, and other functionalities that enable modern digital communications has progressed rapidly in recent years. Virtual network function (VNF) equivalents for most traditional network components are now available from established vendors, making it easy for organizations to realize the benefits of a more flexible and scalable IT infrastructure, especially within the data center. Network security virtualization, however, has not kept pace, making it difficult to implement best practice protection for software-defined infrastructure. Intrusion prevention systems (IPS) and other essential security controls have been stranded at the SDDC perimeter, blind to the internal east-west flows that make up more than three quarters of today s SDDC traffic. Without fully functional security VNFs to segment networks and isolate virtualized workloads, attacks that successfully bypass perimeter security are free to propagate undetected. To fully protect private cloud SDDCs, security VNFs must not only replicate all of the capabilities of their physical instances, they must also provide seamless integration with cloud management stacks, especially 2 Securing the Software-Defined Data Center

their provisioning and orchestration controllers. Until recently, few third-party security solutions were integrated with software-defined networking (SDN) controllers, and almost none were able to operate across heterogeneous, hybrid clouds. So as virtual networks became easier to orchestrate, automate, and manage, virtual security management remained manual, labor-intensive, and error-prone. Most public cloud service providers take responsibility for securing basic underlying infrastructure, but they place responsibility for securing everything else, including operating systems, applications, and data, on the customer. Public cloud service providers typically offer catalogs of basic homegrown security controls, along with some third-party security solutions, such as segmentation firewalls. While useful, these firewalls offer little visibility into traffic payloads and practically no ability to detect and block advanced threats and malware. The maturity gap between virtual infrastructure and available virtual security solutions has forced IT organizations to choose between implementing an SDDC with perimeter-only security or to rely on basic built-in security functions offered with some SDN controllers and public cloud providers. Further complicating security, many enterprises are moving to a hybrid cloud model, which means they have little choice but to deploy separate security solutions with separate management consoles for their private and public clouds. Thus, the SDDC has remained, for some organizations, a risky proposition. What s Still Needed: Software-Defined as Agile and Automated as the SDDC Itself To adequately secure the SDDC, IT departments need software-defined security controls that can: Deploy inside virtualized environments to inspect eastwest traffic flows between virtual machines Find, block, and remediate advanced threats capable of evading access controls and firewalls Be managed seamlessly across physical, virtual, and cloud-based environments, including private, public, and hybrid clouds Be provisioned as policy-defined workload attributes that deploy, scale, migrate, and decommission automatically, in tandem with the workloads they protect and throughout their lifecycles Integrate and orchestrate seamlessly with major cloud platforms The SDDC Solution: McAfee Virtual Network Platform The virtual version of the award-winning IPS, McAfee Virtual Network Platform, fulfills all of these requirements with a solution stack that redefines how organizations block advanced threats in private and public cloud environments. Unlike traditional IPS solutions, it extends beyond signature matching, providing layered, signature-less technologies that defend against never-before-seen threats. Intelligent workflows save time by isolating threat patterns, enabling security administrators to provide fast and accurate responses to network threats and breaches. 3 Securing the Software-Defined Data Center

McAfee IPS solutions unify threat defense across both physical data centers and SDDCs and into private, public, and hybrid clouds all with orchestrated security provisioning, single-pane-of-glass visibility, correlated threat intelligence, and integrated attack response. Solutions include: McAfee Virtual Network Platform: A software-only sensor that deploys on major public and private cloud platforms as a native security VNF to inspect traffic at the SDDC perimeter, between VMs, or across hybrid cloud environments McAfee Network Platform appliances: Hardware-based sensors with throughput capacities to 40 Gbps that are ideal for large data center perimeter applications McAfee Network Manager: A management console application providing centralized administration, logging, correlation, analytics, and remediation workflows for both virtual and physical sensors Future-Proof Virtual for Private, Public, and Hybrid Clouds McAfee provides your organization with peace of mind. You know that your IT department can seamlessly deploy the same strong security enjoyed in physical data centers today across your private and public cloud environments tomorrow. Even if you start small, McAfee Virtual Network Platform scales effortlessly with your business to support your most ambitious growth plans. Advanced features include: Amazon Web Services (AWS) support: Available as a lightweight AWS machine image that delivers true visibility across the AWS gateway and east-west traffic within an Amazon virtual private cloud (VPC) environment. With an innovative approach to network inspection, McAfee Virtual Network Platform can deliver complete visibility to east-west traffic between AWS workloads, as well as at the gateway. VMware NSX integration: Certified with native support to provide automated micro-segmentation and deep inspection of east-west traffic between virtualized workloads and VMs, managed from within the familiar NSX console. OpenStack deployments: Support for orchestration of OpenStack-based SDN environments enables automated micro-segmentation and inspection of traffic between private cloud workloads. Open Controller: Introduces a new way to enable software-defined security within a virtual infrastructure. It uses bi-directional, notificationbased application programming interfaces (APIs) and provides a continuous brokering service between security VNFs and virtual networking SDN controllers. Flexible licensing: Cloud sharing allows you to cost effectively share throughput from a single license across any number of McAfee Network Platform virtual sensor instances deployed in public and private clouds. Cloud sharing also improves security by enabling administrators to rapidly deliver east-west traffic protection and micro-segmentation to virtual workloads wherever they are, without having to wade through the time-consuming procurement process. 4 Securing the Software-Defined Data Center

Cloud sandboxing: Integration with McAfee Cloud Threat Defense enables McAfee Virtual Network Platform to submit file content to cloud-based analysis and sandboxing and take action when a file is convicted as malicious. Additional copies of the file are blocked with no need for further analysis. A Fully Integrated Solution McAfee Virtual Network Platform also extends its functionality and your threat visibility through seamless integration with other McAfee solutions. This enables a complete picture of activity across both traditional and virtualized network environments, including the SDDC. Integrations include: McAfee Advanced Threat Defense: This malware sandbox detects today s stealthiest zero-day attacks with an innovative, layered approach. It combines lowtouch antivirus signatures, reputation intelligence, and real-time emulation defenses with in-depth static code and dynamic analysis of actual behavior. When McAfee Advanced Threat Defense convicts a file as malicious, McAfee Virtual Network Platform can immediately quarantine the infected host and block other copies of the file, halting the spread of malicious activity in the network. McAfee MOVE AntiVirus: McAfee Management for Optimized Environments AntiVirus (McAfee MOVE AntiVirus) brings optimized, advanced malware protection to virtualized desktops and servers. It offloads malware scanning to free up hypervisor resources and to eliminate bottlenecks, delays, and antivirus storms. Implement it across multiple hypervisors, or choose an agentless, tuned option for VMware NSX or VMware CNS. Either way, you get top-rated security for swift threat detection and containment with minimal impact on virtual machine performance. McAfee Threat Intelligence Exchange: This collaborative system closes the gap between malware encounter and containment from days, weeks, and months down to milliseconds. It leverages the McAfee Data Exchange Layer to combine and instantly operationalize multiple threat information sources, sharing data with all connected security solutions, including third-party solutions. Software-Defined in the SDDC: Three Use Cases To better appreciate how McAfee Virtual Network Platform strengthens SDDC security while simplifying security management, let s review three typical use cases. Unified cloud visibility Network Virtualization Easily scale inspection to new and migrating workloads in the SDDC. Future Private Cloud Platforms VMware/NSX Private and Public Cloud Support VMWare/NSX OpenStack Amazon Web Services (AWS) Cloud Sharing One license allows deployment and throughput sharing across all clouds. Open Controller Private Clouds Openstack (KVM) AWS Public Clouds True AWS Visibility Innovative approach delivers true east-west AWS inspection. Future Public Cloud Platforms Cloud Platform Virtual Networking Controller Figure 1. Extending threat visibility across AWS and private clouds with a new streamlined orchestration model. 5 Securing the Software-Defined Data Center

The illustration on the previous page shows workloads being provisioned into both private cloud and public cloud environments. With cloud sharing, McAfee Virtual Network Platform gives you an easy way to deliver threat visibility across their cloud architectures. With one license, administrators can share throughput across any combination of supported public and private clouds. McAfee Virtual Network Platform provides full inspection of both north-south and eastwest traffic flows, even within the AWS environment, which can be a challenge for other vendors. With the ability to easily deliver a unified policy across an organization s complete cloud footprint, McAfee Network Manager provides administrators with complete, integrated security management. Dual-layer workload security: microsegmentation plus automated IPS provisioning Functions Catalog McAfee Network Manager Open Controller Management Advanced Threat Protection for East-West Traffic Flows Perimeter firewall Inside firewall Finance Group HR Group Production Group DMZ APP DB Services Figure 2. Workload micro-segmentation and deep threat inspection in the SDDC with McAfee Virtual Network Platform. Figure 2 shows an SDDC in which McAfee Virtual Network Platform instances are automatically provisioned as policy-defined security attributes of newly instantiated workloads. Open Controller from Intel provides security policy management, a virtual sensor system image, and brokering services to integrate security infrastructure orchestration with the SDN controller. The result? Every workload in the SDDC is automatically instantiated with network isolation (or microsegmentation) and IPS protection pre-configured for the unique security requirements of its application, data, and user roles. In this example, unique security policies have been defined for finance, human resource, and production workloads. Traffic to each workload is allowed only from approved sources, and all permitted traffic is inspected and analyzed for indicators of compromise (IoCs), which trigger policy-defined blocking and remediation activities. Ensuring separation of duties for security and systems administrators Administrator Manages security policies McAfee Network Manager Manages security appliances Alerts and analysis Functions Catalog Injects security services based on workflow policy Automated Functionality Software-Defined Data Center Deploys and deletes services Manages security groups services Infrastructure Administrator Infrastructure Service Manage on Your Terms McAfee Endpoint keeps management simple and flexible. McAfee epolicy Orchestrator (McAfee epo ) software, on premises (5.1 and higher): It s easy to deploy one product that includes all of the recommended baseline protection technologies. Unmanaged/standalone: Those who don t use a McAfee management system will find it easy to install the new endpoint security client using the integrated installer. This can also be used for deploying the product using thirdparty deployment tools. Cross-platform support: Protection for desktops and servers across Microsoft Windows, Macs, and Linux. Windows and Mac systems can be managed with common policies, with the data gathered by endpoints of either operating system that shares insights with McAfee epo software. Figure 3. Figure 3. McAfee Virtual Network Platform segments administrative duties in a virtual environment. 6 Securing the Software-Defined Data Center

With a software-defined security infrastructure based on McAfee Virtual Network Platform and Open Controller, IT organizations can also enforce strict separation of duties between security and infrastructure administrators. team members set security policy, monitor alerts, and analyze events in McAfee Network Manager, eliminating the need for direct access to production systems. Infrastructure administrators can focus on managing the virtual infrastructure through the cloud platform s provisioning and orchestrating controller without worrying about security. Open Controller ensures continuous synchronization between visualized infrastructure and security policy changes in the SDDC by brokering between security and cloud management stacks. A Complete Software-Defined Solution for the SDDC McAfee Virtual Network Platform provides a unique combination of deep visibility into SDDC traffic flows with automated security management. Tight integration with both private and public cloud management platforms ensures that your security infrastructure is dynamic and as easy to manage as the rest of your virtualized infrastructure. Finally, the SDDC is as appealing to data center operations teams risk managers as it is to business planners. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, and McAfee epo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 1821_0417 APRIL 2017 7 Securing the Software-Defined Data Center

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback