Creating Cloud ConfidenceGreg BrownVP, CTO - Cloud and Data Center Solutionswww.mcafee.com/networksecuritygreg_brown@mcafe...
Can I Borrow $20?                                      How About $100,00?2                   August 28, 2012
And Now?3          August 28, 2012
Should We Think About Data Center the Same Way?
Can We Apply the Security Here?
Challenges     Loss of Physical Controls• Fotostock
Challenges     Loss of Physical Controls• Fotostock
ChallengesNew Attack Surfaces                         Data                      Application                          OS Pr...
ChallengesNew Attack Surfaces                         Data                      Data                      Application     ...
ChallengeExtending Compliance                       VIRTUALIZED       PHYSICAL        MFR | ENG | HR                      ...
Building Foundation of Client to Cloud Security                                            Cloud Security Mission: Worry-F...
Up and Down – IntegrityServer Infrastructure  Intel Identity Theft Protection (ITP)       Endpoint Aware Integrity        ...
Extending Security to the Virtual Cloud World           Virtualized and Private Cloud Data                                ...
McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center                          ...
McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center                          ...
McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center                Reliable R...
McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center                Industry l...
McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center                          ...
McAfee Data Center SecurityThe Heart of a Flexible, Efficient, Secure Data Center                Unified Security Manageme...
Connecting to the Cloud With Confidence                                                           • Flexible deployment op...
McAfee’s Tailored Data Protection Methodology                              1                                            •1...
Cloud Identity Manager                                        Account                           SSO        Provisioning   ...
Security and Cloud Adoption                                                          CLOUD                                ...
Usage Case       Financial Transaction Clearinghouse            Financial Institution                                     ...
Financial Transaction Clearinghouse           Financial Institution                                                       ...
Trapezoid RSA Demo   Enabling Private Cloud Adoption   ePO is not aware of Hypervisor      or physical sever risks        ...
Sample Usage CaseEnabling Public Cloud Adoption                                                          3. Customer ePO q...
Cut Costs And Increase The Level of     Content And Data Protection     • Proliferation of Technology at The Gateway      ...
Types of SSO Connectors      SAML                • SAML2 or SAML 1.1 federation  Proprietary             • custom method s...
Front-end Authentication into Cloud Identity Manager  Username/Password         • User store - Directory (AD / LDAP), Data...
Strong Authentication Features                                                  Software OTP                              ...
Intel Cloud Summit: Greg Brown McAfee
Upcoming SlideShare
Loading in …5
×

Intel Cloud Summit: Greg Brown McAfee

2,454 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,454
On SlideShare
0
From Embeds
0
Number of Embeds
54
Actions
Shares
0
Downloads
77
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Intel Cloud Summit: Greg Brown McAfee

  1. 1. Creating Cloud ConfidenceGreg BrownVP, CTO - Cloud and Data Center Solutionswww.mcafee.com/networksecuritygreg_brown@mcafee.comAugust 2012
  2. 2. Can I Borrow $20? How About $100,00?2 August 28, 2012
  3. 3. And Now?3 August 28, 2012
  4. 4. Should We Think About Data Center the Same Way?
  5. 5. Can We Apply the Security Here?
  6. 6. Challenges Loss of Physical Controls• Fotostock
  7. 7. Challenges Loss of Physical Controls• Fotostock
  8. 8. ChallengesNew Attack Surfaces Data Application OS Provisioning Hypervisor Platform BIOS Processor
  9. 9. ChallengesNew Attack Surfaces Data Data Application Application OS OS Provisioning Hypervisor Platform BIOS Processor
  10. 10. ChallengeExtending Compliance VIRTUALIZED PHYSICAL MFR | ENG | HR CLOUD Company A Company B MFR ENG HR
  11. 11. Building Foundation of Client to Cloud Security Cloud Security Mission: Worry-Free Cloud Computing Make cloud security equal to or better than traditional best in class enterprise security Public/Private Clouds User & Intelligent Devices (Servers, Network, Storage) Private Cloud Secure the Connections Public Apps, data, traffic Cloud Secure Cloud Datacenters Secure the Devices Infrastructure & data protection, Identity, device integrity & data audit/compliance protection Common Security Standards & Broad Industry Collaboration Hardware-enhanced security + software & services key to achieve mission 11McAfee Confidential
  12. 12. Up and Down – IntegrityServer Infrastructure Intel Identity Theft Protection (ITP) Endpoint Aware Integrity Client/cloud mutual trust EMM/MMS, NG Endpoint Real-time Integrity Continuous monitoring GTI Security Stack Integrity MOVE, McAfee Application Security systems operational Control, & Change Control Intel Virtualization Technology (VT) VM Integrity SIA – Vendors Ensure all VMs are “known good” Location & Asset Control Control workload location Intel Trusted Execution Technology Host Integrity (TXT) Ensure server is “known good” External Assessment McAfee SiteAdvisor Enterprise and Reputation McAfee Cloud Secure Digital Certificates Validate web server is authentic Will deliver on-going advancements to hardware & software security for greater controls & auditability 12
  13. 13. Extending Security to the Virtual Cloud World Virtualized and Private Cloud Data Public Cloud Data Center Center Extended Security Policy Isolate, protect, control VMs Company Intel Virtualization Tech., Intel Trusted Execution Tech., A Mfg Sales McAfee MOVE AV* HR Sales Company Company Provide visibility & reporting B C VMM Apply security policy at multiple control points Monitor workloads across cloud infrastructures McAfee ePO, Intel TXT McAfee ePO1 Intel Trusted Execution Technology Intel Trusted Execution Technology is run: Server “known good” is run: “issue identified” 1 Integrating McAfee ePolicy Orchestrator (ePO) with Intel TXT requires custom integration work 13McAfee Confidential *McAfee MOVE AV = McAfee Management of Optimized Virtualized Environments Anti-Virus
  14. 14. McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center Security Management14
  15. 15. McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center Comprehensive Security for Servers Blacklisting – Advanced Anti-Malware Protection McAfee Virus Scan Enterprise Whitelisting – Complete protection from malicious codes and applications McAfee Application Control Security Management System Control – Server configuration control and tracking against internal “gold standards” McAfee Change Control Virtualization – Advanced Anti-malware protection extended to the Virtual Machines McAfee MOVE-AV15
  16. 16. McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center Reliable Real-Time Protection for Business-Critical Databases Database discovery and comprehensive Vulnerability Assessment McAfee Vulnerability Manager for Databases Non-intrusive, real-time database visibility & Security Management protection across all threat vectors McAfee Database Activity Monitoring Patch databases without downtime McAfee Virtual Patching for Databases16
  17. 17. McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center Industry leading next generation Network Protection Solutions Protection of network connected devices against targeted attacks McAfee Next Generation IPS High-assurance strong next-generation firewall capabilities, including application visibility Security McAfee Next Generation Firewall Management Advanced threat response, behavioral analysis and access control solutions for the network McAfee Network Threat Response, McAfee Network Access Control and McAfee Network Threat Behavior Analysis17
  18. 18. McAfee Datacenter SecurityThe Heart of a Flexible, Efficient, Secure Next Generation Data Center Comprehensive Security for Storage Devices Continuous protection for storage devices and their data Security Management Scan, detect and quarantine files on NAS storage devices (NetAPP, EMC, Hitachi, Sharepoint, etc.) McAfee Virus Scan Enterprise - Storage18
  19. 19. McAfee Data Center SecurityThe Heart of a Flexible, Efficient, Secure Data Center Unified Security Management and Powerful Threat Intelligence High-performance security information and event management (SIEM) solutions for complete visibility and situational awareness to protect critical information and infrastructure McAfee SIEM Single Management Console for McAfee Security Products and over 130 partner integrated Products Security Management McAfee ePO Comprehensive threat intelligence from over 150 million sensors across the web, channeled into all products in real time McAfee Global Threat Intelligence19
  20. 20. Connecting to the Cloud With Confidence • Flexible deployment options – Cloud Ecosystem On-premise, Saas or virtual • Protection and policies across Email and Email Data Loss Web Identity Web Channels Security Prevention Security Management • Confidence to migrate data safely to public Global Threat Intelligence cloud McAfee ePolicy Orchestrator • Unify identity policies across SaaS and federated solutions Enterprise Mobile Enterprise Private Cloud Users Users Applications20
  21. 21. McAfee’s Tailored Data Protection Methodology 1 •1 Discover and Learn Find all your sensitive data wherever it may be 2 •2 Assess Risk Ensure secure data handling procedures are in place •3 Define Effective Policies 5 Create policies to protect data and test them for effectiveness •4 Apply Controls Restrict access to authorized people and limit transmission 3 •5 Monitor, Report and Audit Ensure successful data security through 4 alerting and incident management21
  22. 22. Cloud Identity Manager Account SSO Provisioning Strong Auth Laptop Access 100s of External SaaS Apps User Mobile McAfee Cloud Identity ManagerInternal User Any Device Any Time Any Where AD, LDAP, Database, SAML IdP, OpenID, etc.
  23. 23. Security and Cloud Adoption CLOUD VIRTUALIZED IaaS PaaS PHYSICAL MFR | ENG | HR • Enable Adoption MFR ENG HR • Ensure Compliance • Unified Security Process • Optimized • Sustained investment Performance • Continuous Protection
  24. 24. Usage Case Financial Transaction Clearinghouse Financial Institution Service Provider Financial Transaction Records Clearing House FW/DLP/ … Bot FW: Protocol Secure ✔ FW: Intended Destination ✔There is no model to create awareness of the health of the system receiving the data. This is generally true of all systems outside the perimeter 25 August 28, 2012
  25. 25. Financial Transaction Clearinghouse Financial Institution Clearing House Healthy Assessment Financial Transaction Records FW Data transmitted based on health measure of service. FW: Protocol Secure ✔ ✔ FW: Intended Destination ✔McAfee is well positioned both in technology assets and in brand permission to become the standard for conveying system integrity across management domains. 26 August 28, 2012
  26. 26. Trapezoid RSA Demo Enabling Private Cloud Adoption ePO is not aware of Hypervisor or physical sever risks ePO Once the application server is built the the system admin turns it over to the DC operations team to deploy on the PRIVATE CLOUD infrastructure. Provisions virtual Hypervisor The system admin is blind to all of the underlying sever to DC Server infrastructure.System Admin in finance builds new ePO has no visibility into thepayroll application on virtual server hypervisor or the infrastructure today. Corporate 27 Data Center
  27. 27. Sample Usage CaseEnabling Public Cloud Adoption 3. Customer ePO queries ePO GTI for integrity 2. ePO sends integrity to GTI Cloud Provider 4. Payroll application reported ePO compliant while running in Public Cloud 1. TXT signals TRUSTED Hypervisor to ePO Provisions virtual DC Ops Pushes virtual sever to DC Hypervisor sever to Cloud Provider Hypervisor Server Server TRUSTED TRUSTED Safe Private Cloud Enabled Safe Public Cloud EnabledNet Result:- CIO public cloud objectives enabled- Cloud provider preferred over others – Greater Value! Corporate Public Cloud Data Center Data Center
  28. 28. Cut Costs And Increase The Level of Content And Data Protection • Proliferation of Technology at The Gateway – Adoption of point solutions has increased operational costs Firewall Proxy Cache Anti- Web URL SSL InspectionInstant Messaging Users and Virus Exploit Filter Inspection Data Protection29 McAfee Web Gateway
  29. 29. Types of SSO Connectors SAML • SAML2 or SAML 1.1 federation Proprietary • custom method supported by the target application Agent • agent needs to be installed on the target app. Java, .NET, and PHP agents available today HTTP-Post • username/password are captured during first login, and automated HTTP form post is performed in subsequent logins
  30. 30. Front-end Authentication into Cloud Identity Manager Username/Password • User store - Directory (AD / LDAP), Database, CAS • OTP (built-in) 2-factor authentication • Facial Recognition (through partner BioID) • AD IWA First mile SSO • 3rd party IdM session (such as CA Siteminder) • Accept SAML assertion • Facebook Internet Identity • OpenID (Google, Yahoo, Paypal, etc.) Providers • SAML (Salesforce)
  31. 31. Strong Authentication Features Software OTP • Coverage across multiple devices and delivery methods • Simple & fast to roll out with user self enrollment – Mobile Token - Pledge – USB Key - YubiKey – Email – Runs on all platforms: iPhone, BlackBerry, WinMobile, etc. Silicon OTP • IPT - Secure ME layer in Intel chip • “hardens” software OTP • Attest that SSO came from corp issued laptop Embedded in Ultra Books Deliver a more secure Cloud SSO by invoking strong auth from hardware or mobile software clients

×