• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
No Compromises: Virtualisation Security
 

No Compromises: Virtualisation Security

on

  • 733 views

This seminar session will cover what planning strategies and technology solutions can assist IT professionals tasked with moving their business IT systems over to a virtual platform:

This seminar session will cover what planning strategies and technology solutions can assist IT professionals tasked with moving their business IT systems over to a virtual platform:

Statistics

Views

Total Views
733
Views on SlideShare
720
Embed Views
13

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 13

http://online.ipexpo.co.uk 7
http://iponline.imago.emcuk.com 6

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    No Compromises: Virtualisation Security No Compromises: Virtualisation Security Presentation Transcript

    • No Compromises:Virtualization Security Dave Barnett Security Strategy Director Symantec
    • BlackHat - Aug 2006 http://en.wikipedia.org/wiki/Blue_Pill_(malware)
    • The Virtualization Security Reality• Threat landscape constantly evolving– and more toxic than ever• Security solutions can’t compromise run-time performance• High density increases operational complexity
    • 10 12 0 2 4 6 82007-01-09 18:17:28Z2007-04-06 02:07:55Z2007-07-30 21:14:04Z2007-09-20 18:14:29Z2007-11-19 16:30:02Z2008-03-18 15:24:23Z2008-06-03 17:40:58Z2008-06-05 17:37:28Z2008-08-27 21:53:20Z2008-09-01 19:19:57Z2008-09-05 18:08:46Z2008-11-10 18:33:08Z2009-01-23 18:37:06Z2009-05-29 14:11:53Z2009-09-01 16:30:55Z2009-10-02 19:48:30Z2009-12-05 01:44:19Z2010-04-01 09:06:22Z2010-04-01 20:38:01Z2010-04-12 22:30:49Z2010-04-13 15:27:39Z2010-04-15 13:33:57Z2010-06-11 20:31:40Z CVSS2 Base Score2010-10-07 21:24:28Z2010-12-03 18:14:32Z2010-12-28 22:08:44Z2011-03-30 21:13:20Z2011-04-29 16:27:43Z2011-05-06 20:57:36Z2011-06-03 20:24:29Z Vulnerabilities targeting VMWare resource CVSS2 Base Score Linear (CVSS2 Base Score)
    • Changing face of Cyber attackCybercrime - Volume Cyber attack - targeted166 mil new threats 75% infects of malwareQ2 2011 less than 50 machines (57%) Hackers & (51%) targeted attacks > perceived top security threat A micro distribution model.• Ave. 21 per sec  Hacked web site builds a trojan for each visiter  The average Harakit variant is distributed to 1.6 users!
    • http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
    • Symantec 2011 Security Survey -Technology driving security 4. 3. 2. 1. 3,300 global organizations – SMB to Enterprise, Cross Industry
    • What does all this mean to business?•79% saw frequency of attacks increase•Costs going up – IP, PII, brand damage
    • Understand the security transformation
    • Evolution of Risk
    • Connected Information Centric Security Device Data Risk & Policy management/Enforcement (CCS, SPC) Intelligence (GIN, DeepSight, Insight, .cloud, MSS)
    • What does good information centricsecurity look like??
    • 1. Visibility of RiskWhat is the potential problem? Calgary, Alberta Dublin, Ireland Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Culver City, CA Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid DetectionAttack Activity Malware Intelligence Vulnerabilities Spam/Phishing• 240,000 sensors • 133M client, server, • 40,000+ vulnerabilities • 5M decoy accounts• 200+ countries gateways monitored • 14,000 vendors • 8B+ email messages/day • Global coverage • 105,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions
    • 2. Visibility of environment System Discovery • Across both virtual and physical • Identify VMs that are: • Rogue • Vulnerable • Non-compliant • Centralized visibility of risks Virtual PhysicalSymantec Solutions Control Compliance Suite IT Management Suite
    • Define & manage risk policies • Across both virtual and physical • For appropriate functions: • Malware protection • Data • Change process • Access rights • Backup • Across logical groupings: Virtual • Regulations • Asset profiles Physical • Geographies • Business unitsSymantec Solutions Symantec Endpoint Protection Critical System Protection Control Compliance Suite Backup Exec
    • 3. Security built for purpose Deploy and Configure Appropriate Controls • Across both virtual and physical • For appropriate functions: • Malware scanning • System hardening • Access • Change monitoring/prevention • Guest isolation • Across logical groupings: Virtual • In scope of regulatory audits (PCI) • Protection profiles (CIA values) Physical • Business criticality (HR/Finance/etc…)Symantec Solutions Symantec Endpoint Protection Critical System Protection
    • SEP 12.1 Delivers What Matters Symantec is working closely with our key virtualization partners to take us even further• Full Security• Higher Density• Avoid “AV-Storms”• Easier Management• Optimized for virtual environments
    • What’s Needed to Defend the Virtual Endpoint Signature and Heuristic File Scanning Advanced Reputation Security Network and Host IPS Browser Protection Real Time Behavioral Protection Application and Device Control
    • Results Virtual Desktop Malware Defense 100% 12% 90% 100% 4% 80% 40% 70% 84%% of samples 60% Compromised 50% Neutralized 40% Defended 30% 60% 20% 10% 0% Symantec Trend McAfee Endpoint Protection (SEP) 12.1 OfficeScan 8.5 MOVE (Beta) + HIPS + SiteAdvisor 22
    • Proactive protection against new, mutating threatsFile context using community based security rating Check the DB 2 Rate nearly 4 during scans 2.5 billion every file on the files internet1 175 million PCs Is it new? Bad reputation? Prevalence Age Provide 3 Look for Source 5 associations Behavior actionable data Associations
    • Insight Faster, Smarter, Fewer Scans On a typical system, 70% of active applications can be skipped! Traditional Scanning Insight - Optimized Scanning Has to scan every file Skips any file we are sure is good, leading to much faster scan times
    • Offline Image Scan Tool The Symantec Offline Image Scanner – Scans offline VMware images – Command-line options for silent and automated operation – Detailed logging/reporting capabilities – Runs as a portable application and doesn’t require a traditional install
    • 4. Harden against Risk • Shield critical ESX Host and Guest systems • Files • Applications • Registries • Configurations • Network Communications • Apply Isolation Trust Zones via Virtual Policy Groupings Physical • Restrict administrative access to privileged networksSymantec Solutions Critical System Protection
    • Symantec Critical System ProtectionMulti-layer protection for physical and virtual critical systems • Restrict apps & O/S • Close back doors (block behaviors ports) • Protect systems from • Limit network connectivity Network Exploit buffer overflow by application Protection Prevention • Intrusion prevention for• Restrict traffic flow inbound (Host IPS) (Host IPS) day-zero attacks and outbound • Application control Symantec Critical System Protection• Lock down configuration & • Monitor logs and security settings events • Enforce security policy System Auditing & • Consolidate & forward • De-escalate user Controls Alerting logs for archives and privileges (Host IPS) (Host IDS) reporting• Prevent removable media • Smart event response use for quick action
    • 5. Integrated data controlsData Ripples Define usage ➫ Classification of data (owner/content) ➫Data Usage policy definition (defining the boundaries) ➫Context data used ➫ Who & where ➫ User authentication ➫ Insight of data usage ➫ New content – Vector Mach. Learning ➫ Data cleanup & de-dupe How to cross the boundary (Encryption) ➫ What happens to the data outside the boundary (IRM?) ➫How do I apply Data governance? ➫How do I link incidents to data controls?
    • CCS Compliance Technical Inventory/Asset Info Controls Policy Procedural User Education Dynamic Encryption Storage/Email PGP Map content Data Insight DLPEncryption Analyze Real Usage Risk Classification Encrypted content Dynamic Learning Security Risk (e.g. Insight finds new malware file) Verisign User SEP12 Authentication
    • Information Protection Control Identity Content Role Information Vector Machine Learning Data Protection Data Insight v2.0 Suite Application File Access Control
    • Control Compliance Suite Symantec Global Data Loss PreventionIntelligence Network Suite & Encryption Symantec™ Protection Center3rd Party Technology VeriSign Identity & Partners Authentication State Incident Symantec MSS & IT Management Symantec.cloud Suite Symantec Protection Suites
    • Automation and Visibility–Across Physical/Virtual You’re automating server provisioning and application management processes. Now automate storage, availability, and security processes too. Storage Management Data Protection Security and Compliance • Automated classification • Auto-detect new VMs and • Real-time threat reporting • Dynamic tiering apply backup policies • Auto-detect new VMs • Real-time usage reporting • Coordinated restore from • Policy-driven access controls tape, disk, or cloud • On-demand encryption HA/DR Endpoint Management • Real-time app status monitoring • Automated provisioning • Policy-driven restart • Software license management • Visibility & control from vCenter • Auto-detect for VMs • Coordinated physical/virtual failover 33
    • Perpetual Subscription SaaS On Premise On Premise/SaaS Vendor SaaS Distributor Fulfilment Partner Fulfilment Partner Reseller Service Provider Rental License Owner Reseller/ ExSP Service Provider End Users Technical Support Owner Perpetual License Owner Express, Rewards, Eflex Technical Support Owner End Users End UsersOther Vendor equivalents 34
    • Symantec Solutions mentioned:  Symantec Endpoint Protection  Critical System Protection  Control Compliance Suite  Backup ExecThank You  DLPDave Barnett @davedoesecurity
    • YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
    • THE WHOLETECHNOLOGY STACKfrom start to finish
    • COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
    • VIDEOYour source of live information – all the presentations from our live events
    • TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
    • EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
    • DirectoryA comprehensive A-Z listing providing in-depth company overviews
    • ALL FREE TO ACCESS 24/7
    • online.ipexpo.co.uk