Your SlideShare is downloading. ×
Ibm security virtual server protection
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ibm security virtual server protection

1,228
views

Published on


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,228
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IBM Security Systems Protecting Virtualized Environments with IBM Security Virtual Server Protection Chisinau Feb 15, 2013 Adrian Aldea EMEA Security Tiger Team© 2012 IBM Corporation1 © 2012 IBM Corporation
  • 2. IBM Security SystemsAgenda Protecting Virtual Servers in a Cloud Environment Virtualization Security Landscape IBM Security Virtual Server Protection Conclusion2© 2012 IBM Corporation2 © 2012 IBM Corporation © 2012 IBM Corporation
  • 3. IBM Security SystemsRoadmap Information Notice – Information subject to change until productsare announced. IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release and timing of any future features or functionality described for our products remains at our sole discretion. © 2012 IBM Corporation
  • 4. IBM Security SystemsVirtualization Security Landscape4 © 2012 IBM Corporation © 2012 IBM Corporation
  • 5. IBM Security SystemsSummary of Virtualization System Security ChallengesNew Vulnerabilities•259 new virtualization vulnerabilities over the last 5 years•New attack types (e.g. Hyperjacking, hypervisor escape, VM attacks)Larger Attack Surface•Virtual endpoints have same security challenges as their physical counterparts•Virtualization management systems provide new attack vector•Hypervisor itself is an attack vector Increased flexibility can increase security risk •Migration of VMs for load balancing can make them more difficult to secure •Ease of addition of VMs increases likelihood that insecure systems will go online •Malicious insiders can inflict massive damage very quickly © 2012 IBM Corporation
  • 6. IBM Security SystemsVirtualization Platform Vulnerabilities © 2012 IBM Corporation
  • 7. IBM Security SystemsThree reasons you need virtualization infrastructure protection Need How IBM Virtual Server Protection for VMware® helpsMitigate new risks and Provides dynamiccomplexities introduced protection for every layer ofby Virtualization the virtual infrastructureMaintain compliance Helps meet regulatory compliancestandards and by providing security and reportingregulations functionality customized for the virtual infrastructure Increases ROI of the virtualDrive operational infrastructure by maximizingefficiency capacity utilization (VM density) © 2012 IBM Corporation
  • 8. IBM Security SystemsIBM Security Virtual Server Protection8 © 2012 IBM Corporation © 2012 IBM Corporation
  • 9. IBM Security Systems IBM Security Virtual Server Protection for VMware Integrated threat protection for VMware vSphere Helps customers to be more secure, compliant and cost-effective by delivering integrated and optimized security for virtual data centers. VMsafe Integration Firewall and Intrusion Prevention Rootkit Detection/Prevention Inter-VM Traffic Analysis Automated Protection for Mobile VMs (VMotion) Virtual Network Segment Protection Virtual Network-Level Protection Virtual Infrastructure Auditing (Privileged User) Virtual Network Access Control © 2012 IBM Corporation
  • 10. IBM Security SystemsHost-based Protection vs. Hypervisor Integrated Protection Host-Based Agent Virtual Server Protection Firewall functions only in the Firewall enforces virtual Isolation context of the VM Isolation network-wide policy Attack Attack Secures all virtual machines Requires agent to be present Prevention Prevention automatically VM State Security is impacted by VM Security is not impacted by state change VM State VM state change Policy is enforced only within Policy is enforced outside of Security Policies Security Policies the VM and irrespective of the the VM VMs location © 2012 IBM Corporation
  • 11. IBM Security SystemsVirtualization Vulnerability Protection Optimal Security Controls Optimal Security Controls IBM Security ServerVirtualization has introduced new Virtualization has introduced new Protection (HIPS) Virtual Server Protectionattack vectors, risks, and components attack vectors, risks, and components BigFix (Patch, SCM)to the IT environment: the hypervisor to the IT environment: the hypervisorand its management system. and its management system. Vuln Vuln Admin vCenter clientsHypervisor escape, hyperjacking, and Hypervisor escape, hyperjacking, and Vuln Vuln vCenter Vuln VulnVM man-in-the-middle attacks require VM man-in-the-middle attacks require serversan attacker to first compromise the an attacker to first compromise the Vuln Vuln Service Unprotected VMsystem through aaGuest VM or the system through Guest VM or the Consolemanagement infrastructure. management infrastructure. Virtual Devices Vuln Vuln VSP can reduce the risk of this type of VSP can reduce the risk of this type of Privileged Privileged Access Accessbreach by helping to prevent aa breach by helping to preventsuccessful attack against the guest VMs successful attack against the guest VMsthrough integration at the hypervisor through integration at the hypervisor Vuln Vulnlevel. level.A multi-pronged solution that matches A multi-pronged solution that matchesthe right security product to the the right security product to thevulnerable component can help to vulnerable component can help toprevent aasuccessful attack on the prevent successful attack on thevirtualization system. virtualization system. Optimal Security Controls Proventia GX(NIPS) © 2012 IBM Corporation
  • 12. IBM Security SystemsProtecting a Dynamic, Distributed Environment SIEM SiteProtector Reporting Web ApplicationAutomated DatabaseResponse © 2012 IBM Corporation
  • 13. IBM Security Systems Lack of Visibility Into Activity Within the Virtual Network Unauthorized communication between is preventedAttacks throughauthorizedcommunicationchannels are stopped. © 2012 IBM Corporation
  • 14. IBM Security SystemsDynamic Environment Protection Maintain security posture Abstraction from underlying irrespective of the physical server physical servers provides on which the VM resides dynamic security optimized for SiteProtector mobility ESX Server ESX Server SVM VM VM VM VM VM SVM VMSafe VMSafe vSwitch vSwitch vSwitch vSwitch © 2012 IBM Corporation
  • 15. IBM Security SystemsVirtual Machine Rootkit Detection Rootkits are an integral tool in aa Rootkits are an integral tool in malicious attacker’s toolkit and can be malicious attacker’s toolkit and can be Physical Host dangerous in the wrong hands. For dangerous in the wrong hands. For example, rootkits were aakey component in example, rootkits were key component in VSP VM VM VM SVM the spread of the Stuxnet worm. the spread of the Stuxnet worm. Rootkits are notoriously difficult to Rootkits are notoriously difficult to detect because they can conceal their detect because they can conceal their presence from the guest OS. presence from the guest OS. VSP can protect against rootkits by VSP can protect against rootkits by scanning the guest VM memory tables for scanning the guest VM memory tables for rootkits from the hypervisor, as opposed to rootkits from the hypervisor, as opposed to the guest VM. the guest VM. © 2012 IBM Corporation
  • 16. IBM Security SystemsVirtual Machine Sprawl Mitigation Strategy: Automated VM Discovery and Virtual Network Access Control•VM Sprawl: Obsolete or rogue VMs proliferating in the virtualized environment Automatically quarantine•Control VM sprawl through from network auto-discovery of assets 1.Detect VMs•Detect new VMs as they automatically Apply relevant security come on-line 2.Assess security posture policy Known Known Known Unknow Rogue Rogue SVM Guest Guest SVM Guest n Guest VM VM VM VM VM VM Hypervisor Hypervisor •Assess security posture •Ensure only approved VMs gain network access © 2012 IBM Corporation
  • 17. IBM Security SystemsVirtual Patch Protection for VMs The IBM X-Force Research tracks and analyzes The IBM X-Force Research tracks and analyzes every critical software vulnerability each year. every critical software vulnerability each year. Vendors quickly patch aamajority of these Vendors quickly patch majority of these vulnerabilities. However, approximately 37% of vulnerabilities. However, approximately 37% of all disclosed vulnerabilities remain all disclosed vulnerabilities remain unpatched. unpatched. Physical Host VSP VM VM VM SVM VSP can protect against un-patched VSP can protect against un-patched vulnerabilities across all Guest VMs, using IBM vulnerabilities across all Guest VMs, using IBM Virtual Patch technology. Virtual Patch technology. IBM Virtual Patch can provide zero-day IBM Virtual Patch can provide zero-day protection and reduce the need for emergency protection and reduce the need for emergency software patching. software patching. © 2012 IBM Corporation
  • 18. IBM Security SystemsOptimal Security Footprint Redundant instances of traditional agent-based Redundant instances of traditional agent-basedsecurity solutions can consume significant security solutions can consume significantmachine resources. machine resources. Tradeoff between running aatraditional security agent Tradeoff between running traditional security agentin each VM and providing no security at all. Neither in each VM and providing no security at all. Neitherapproach is optimal. approach is optimal. VSP optimizes the security footprint by providing aa VSP optimizes the security footprint by providingsingle security VM that protects all guest VMs on that single security VM that protects all guest VMs on thatphysical host, providing agentless security. physical host, providing agentless security. VMware ESX/i Host The resources consumed by VSP can be carefully The resources consumed by VSP can be carefully VSP VM VM controlled. controlled. VM VM SVM VSP impact to network performance is VSP impact to network performance is minimal, as are memory and disk footprint. minimal, as are memory and disk footprint. VM VM VM VM VSP can protect all OS platforms supported by VSP can protect all OS platforms supported by VMware. VMware. © 2012 IBM Corporation
  • 19. IBM Security SystemsCentralized Management, Event Analysis by SiteProtector © 2012 IBM Corporation
  • 20. IBM Security SystemsConclusion20 © 2012 IBM Corporation © 2012 IBM Corporation
  • 21. IBM Security SystemsIBM Virtual Server Protection for VMware increases ROI of the virtualinfrastructure, while reducing risk Automated Protection as each Less management overhead eliminates redundant processing tasks VM comes online – One Security Virtual Machine (SVM) per physical • Automatic Discovery server • Automated vulnerability assessment – 1:many protection-to-VM ratio • IBM Virtual Patch® technology – CPU-intensive processing removed from the guest OS and consolidated in SVM Non-intrusive Centralized Management • No reconfiguration of the virtual network – IBM Proventia® Management • No presence in the guest OS SiteProtector™ system Improved stability More CPU/memory available for workloads Reduced attack surface Protection for any guest OS • Reduction in security agents for multiple OSs © 2012 IBM Corporation21
  • 22. IBM Security Systems THANK YOU22 © 2012 IBM Corporation © 2012 IBM Corporation