No Compromises:Virtualization Security                 Dave Barnett           Security Strategy Director                  ...
BlackHat - Aug 2006    http://en.wikipedia.org/wiki/Blue_Pill_(malware)
The Virtualization Security Reality• Threat landscape constantly evolving– and more toxic than ever• Security solutions ca...
10                                                                                           12                       0   ...
Changing face of Cyber attackCybercrime - Volume                Cyber attack - targeted166         mil new threats        ...
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_st...
Symantec 2011 Security Survey -Technology driving security                4.                3.                2.          ...
What does all this mean to business?•79% saw frequency of attacks increase•Costs going up – IP, PII, brand damage
Understand the security transformation
Evolution of Risk
Connected Information Centric Security           Device                              Data      Risk & Policy management/En...
What does good information centricsecurity look like??
1. Visibility of RiskWhat is the potential problem?                  Calgary, Alberta                               Dublin...
2. Visibility of environment   System Discovery • Across both virtual and physical • Identify VMs that are:   • Rogue   • ...
Define & manage risk policies • Across both virtual and physical • For appropriate functions:   • Malware protection   • D...
3. Security built for purpose   Deploy and Configure Appropriate Controls • Across both virtual and physical • For appropr...
SEP 12.1 Delivers What Matters        Symantec is working closely with our key      virtualization partners to take us eve...
What’s Needed to Defend the Virtual Endpoint   Signature and Heuristic File Scanning   Advanced Reputation Security   Netw...
Results        Virtual Desktop Malware Defense               100%                                                         ...
Proactive protection against new, mutating threatsFile context using community based security rating                      ...
Insight Faster, Smarter, Fewer Scans                               On a typical system, 70% of active                     ...
Offline Image Scan Tool                          The Symantec Offline Image                           Scanner             ...
4. Harden against Risk • Shield critical ESX Host and   Guest systems      •   Files      •   Applications      •   Regist...
Symantec Critical System ProtectionMulti-layer protection for physical and virtual critical systems                       ...
5. Integrated data controlsData Ripples                              Define usage                              ➫ Classific...
CCS                                                                                      Compliance                       ...
Information Protection Control                                                      Identity                              ...
Control Compliance                              Suite  Symantec Global                            Data Loss PreventionInte...
Automation and Visibility–Across Physical/Virtual   You’re automating server provisioning and application management proce...
Perpetual                 Subscription                  SaaS                     On Premise              On Premise/SaaS  ...
Symantec Solutions mentioned:                    Symantec Endpoint Protection                    Critical System Protect...
YOUR YEAR-ROUND  IT RESOURCE – access to everything  you’ll need to know
THE WHOLETECHNOLOGY   STACKfrom start to finish
COMMENT &  ANALYSISInsights, interviews and the latest thinking on technology solutions
VIDEOYour source of live information – all the presentations from         our live events
TECHNOLOGY     LIBRARY   Over 3,000 whitepapers,case studies, product overviews and press releases from all the       lead...
EVENTS, WEBINARS &    PRESENTATIONS           Missed the event?   Download the presentations thatinterest you. Catch up wi...
DirectoryA comprehensive A-Z listing     providing in-depth    company overviews
ALL FREE TO ACCESS    24/7
online.ipexpo.co.uk
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
No Compromises: Virtualisation Security
Upcoming SlideShare
Loading in...5
×

No Compromises: Virtualisation Security

589

Published on

This seminar session will cover what planning strategies and technology solutions can assist IT professionals tasked with moving their business IT systems over to a virtual platform:

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
589
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

No Compromises: Virtualisation Security

  1. 1. No Compromises:Virtualization Security Dave Barnett Security Strategy Director Symantec
  2. 2. BlackHat - Aug 2006 http://en.wikipedia.org/wiki/Blue_Pill_(malware)
  3. 3. The Virtualization Security Reality• Threat landscape constantly evolving– and more toxic than ever• Security solutions can’t compromise run-time performance• High density increases operational complexity
  4. 4. 10 12 0 2 4 6 82007-01-09 18:17:28Z2007-04-06 02:07:55Z2007-07-30 21:14:04Z2007-09-20 18:14:29Z2007-11-19 16:30:02Z2008-03-18 15:24:23Z2008-06-03 17:40:58Z2008-06-05 17:37:28Z2008-08-27 21:53:20Z2008-09-01 19:19:57Z2008-09-05 18:08:46Z2008-11-10 18:33:08Z2009-01-23 18:37:06Z2009-05-29 14:11:53Z2009-09-01 16:30:55Z2009-10-02 19:48:30Z2009-12-05 01:44:19Z2010-04-01 09:06:22Z2010-04-01 20:38:01Z2010-04-12 22:30:49Z2010-04-13 15:27:39Z2010-04-15 13:33:57Z2010-06-11 20:31:40Z CVSS2 Base Score2010-10-07 21:24:28Z2010-12-03 18:14:32Z2010-12-28 22:08:44Z2011-03-30 21:13:20Z2011-04-29 16:27:43Z2011-05-06 20:57:36Z2011-06-03 20:24:29Z Vulnerabilities targeting VMWare resource CVSS2 Base Score Linear (CVSS2 Base Score)
  5. 5. Changing face of Cyber attackCybercrime - Volume Cyber attack - targeted166 mil new threats 75% infects of malwareQ2 2011 less than 50 machines (57%) Hackers & (51%) targeted attacks > perceived top security threat A micro distribution model.• Ave. 21 per sec  Hacked web site builds a trojan for each visiter  The average Harakit variant is distributed to 1.6 users!
  6. 6. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
  7. 7. Symantec 2011 Security Survey -Technology driving security 4. 3. 2. 1. 3,300 global organizations – SMB to Enterprise, Cross Industry
  8. 8. What does all this mean to business?•79% saw frequency of attacks increase•Costs going up – IP, PII, brand damage
  9. 9. Understand the security transformation
  10. 10. Evolution of Risk
  11. 11. Connected Information Centric Security Device Data Risk & Policy management/Enforcement (CCS, SPC) Intelligence (GIN, DeepSight, Insight, .cloud, MSS)
  12. 12. What does good information centricsecurity look like??
  13. 13. 1. Visibility of RiskWhat is the potential problem? Calgary, Alberta Dublin, Ireland Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Culver City, CA Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid DetectionAttack Activity Malware Intelligence Vulnerabilities Spam/Phishing• 240,000 sensors • 133M client, server, • 40,000+ vulnerabilities • 5M decoy accounts• 200+ countries gateways monitored • 14,000 vendors • 8B+ email messages/day • Global coverage • 105,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions
  14. 14. 2. Visibility of environment System Discovery • Across both virtual and physical • Identify VMs that are: • Rogue • Vulnerable • Non-compliant • Centralized visibility of risks Virtual PhysicalSymantec Solutions Control Compliance Suite IT Management Suite
  15. 15. Define & manage risk policies • Across both virtual and physical • For appropriate functions: • Malware protection • Data • Change process • Access rights • Backup • Across logical groupings: Virtual • Regulations • Asset profiles Physical • Geographies • Business unitsSymantec Solutions Symantec Endpoint Protection Critical System Protection Control Compliance Suite Backup Exec
  16. 16. 3. Security built for purpose Deploy and Configure Appropriate Controls • Across both virtual and physical • For appropriate functions: • Malware scanning • System hardening • Access • Change monitoring/prevention • Guest isolation • Across logical groupings: Virtual • In scope of regulatory audits (PCI) • Protection profiles (CIA values) Physical • Business criticality (HR/Finance/etc…)Symantec Solutions Symantec Endpoint Protection Critical System Protection
  17. 17. SEP 12.1 Delivers What Matters Symantec is working closely with our key virtualization partners to take us even further• Full Security• Higher Density• Avoid “AV-Storms”• Easier Management• Optimized for virtual environments
  18. 18. What’s Needed to Defend the Virtual Endpoint Signature and Heuristic File Scanning Advanced Reputation Security Network and Host IPS Browser Protection Real Time Behavioral Protection Application and Device Control
  19. 19. Results Virtual Desktop Malware Defense 100% 12% 90% 100% 4% 80% 40% 70% 84%% of samples 60% Compromised 50% Neutralized 40% Defended 30% 60% 20% 10% 0% Symantec Trend McAfee Endpoint Protection (SEP) 12.1 OfficeScan 8.5 MOVE (Beta) + HIPS + SiteAdvisor 22
  20. 20. Proactive protection against new, mutating threatsFile context using community based security rating Check the DB 2 Rate nearly 4 during scans 2.5 billion every file on the files internet1 175 million PCs Is it new? Bad reputation? Prevalence Age Provide 3 Look for Source 5 associations Behavior actionable data Associations
  21. 21. Insight Faster, Smarter, Fewer Scans On a typical system, 70% of active applications can be skipped! Traditional Scanning Insight - Optimized Scanning Has to scan every file Skips any file we are sure is good, leading to much faster scan times
  22. 22. Offline Image Scan Tool The Symantec Offline Image Scanner – Scans offline VMware images – Command-line options for silent and automated operation – Detailed logging/reporting capabilities – Runs as a portable application and doesn’t require a traditional install
  23. 23. 4. Harden against Risk • Shield critical ESX Host and Guest systems • Files • Applications • Registries • Configurations • Network Communications • Apply Isolation Trust Zones via Virtual Policy Groupings Physical • Restrict administrative access to privileged networksSymantec Solutions Critical System Protection
  24. 24. Symantec Critical System ProtectionMulti-layer protection for physical and virtual critical systems • Restrict apps & O/S • Close back doors (block behaviors ports) • Protect systems from • Limit network connectivity Network Exploit buffer overflow by application Protection Prevention • Intrusion prevention for• Restrict traffic flow inbound (Host IPS) (Host IPS) day-zero attacks and outbound • Application control Symantec Critical System Protection• Lock down configuration & • Monitor logs and security settings events • Enforce security policy System Auditing & • Consolidate & forward • De-escalate user Controls Alerting logs for archives and privileges (Host IPS) (Host IDS) reporting• Prevent removable media • Smart event response use for quick action
  25. 25. 5. Integrated data controlsData Ripples Define usage ➫ Classification of data (owner/content) ➫Data Usage policy definition (defining the boundaries) ➫Context data used ➫ Who & where ➫ User authentication ➫ Insight of data usage ➫ New content – Vector Mach. Learning ➫ Data cleanup & de-dupe How to cross the boundary (Encryption) ➫ What happens to the data outside the boundary (IRM?) ➫How do I apply Data governance? ➫How do I link incidents to data controls?
  26. 26. CCS Compliance Technical Inventory/Asset Info Controls Policy Procedural User Education Dynamic Encryption Storage/Email PGP Map content Data Insight DLPEncryption Analyze Real Usage Risk Classification Encrypted content Dynamic Learning Security Risk (e.g. Insight finds new malware file) Verisign User SEP12 Authentication
  27. 27. Information Protection Control Identity Content Role Information Vector Machine Learning Data Protection Data Insight v2.0 Suite Application File Access Control
  28. 28. Control Compliance Suite Symantec Global Data Loss PreventionIntelligence Network Suite & Encryption Symantec™ Protection Center3rd Party Technology VeriSign Identity & Partners Authentication State Incident Symantec MSS & IT Management Symantec.cloud Suite Symantec Protection Suites
  29. 29. Automation and Visibility–Across Physical/Virtual You’re automating server provisioning and application management processes. Now automate storage, availability, and security processes too. Storage Management Data Protection Security and Compliance • Automated classification • Auto-detect new VMs and • Real-time threat reporting • Dynamic tiering apply backup policies • Auto-detect new VMs • Real-time usage reporting • Coordinated restore from • Policy-driven access controls tape, disk, or cloud • On-demand encryption HA/DR Endpoint Management • Real-time app status monitoring • Automated provisioning • Policy-driven restart • Software license management • Visibility & control from vCenter • Auto-detect for VMs • Coordinated physical/virtual failover 33
  30. 30. Perpetual Subscription SaaS On Premise On Premise/SaaS Vendor SaaS Distributor Fulfilment Partner Fulfilment Partner Reseller Service Provider Rental License Owner Reseller/ ExSP Service Provider End Users Technical Support Owner Perpetual License Owner Express, Rewards, Eflex Technical Support Owner End Users End UsersOther Vendor equivalents 34
  31. 31. Symantec Solutions mentioned:  Symantec Endpoint Protection  Critical System Protection  Control Compliance Suite  Backup ExecThank You  DLPDave Barnett @davedoesecurity
  32. 32. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  33. 33. THE WHOLETECHNOLOGY STACKfrom start to finish
  34. 34. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  35. 35. VIDEOYour source of live information – all the presentations from our live events
  36. 36. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  37. 37. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  38. 38. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  39. 39. ALL FREE TO ACCESS 24/7
  40. 40. online.ipexpo.co.uk

×