Your SlideShare is downloading. ×
What’s new in VMware vShield 5 - Customer Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

What’s new in VMware vShield 5 - Customer Presentation

2,560
views

Published on

What’s New in vShield 5 - Customer Presentation

What’s New in vShield 5 - Customer Presentation

Published in: Technology

0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,560
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • To address this challenge, VMware is focused on three core solution areas in IT:How best to evolve the infrastructure to support this new world,Changes in application development to speed time-to-market for business-critical applications, that take advantage of this new world,And a new way of approaching end-user computing, to increase user satisfaction.<click>Let’s begin by exploring the evolution of infrastructure.
  • VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
  • VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
  • IT security is about protecting an organization’s digital assets – the IT infrastructure such as servers, storage and network, applications and the data that lives there. Organizations want to control: who is accessing digital assetswhat apps and data need protection from theft or leakswhat infrastructure is at risk from threats such as malware or network-based attacks Compliance utilizes a set of processes to determine conformance to regulatory frameworks, industry standards, internal organizational standards, or vendor best practices. IT compliance commonly includes requirements for security controls as they pertain to protecting industry-regulated assets such as personal healthcare information or credit card data. In the case of corporate governance, security applies to assets critical to the business such as intellectual property or customer lists. Within the IT compliance area are several regulatory frameworks, many of which are specific to an industry vertical:Healthcare – HIPAARetail - PCIFinancial – GLBAGovernment – FISMAGovernance – Enterprise policies
  • Most surveys on cloud computing1 unanimously cite security and compliance as the by far the most significant concerns hindering the adoption of cloud computing. These high level concerns typically boil down to three concrete security and compliance issues: Patchwork of security solutions. Cloud infrastructure is about breaking the silos in the datacenter, and creating a virtualized shared infrastructure that stands ready to support any application workload on-demand. However, existing security solutions are often based on the old siloed way of managing the datacenter – where each group – the server, storage, network, security, and desktop teams – has its own security frameworks and tools. Without a common, unified security policy management framework to control polices and provide visibility into changes, how can the network, virtualization and security teams maintain the level of control that they desire? How can they make rapid changes to security policies if the need arises when so much manual offline coordination is required? Securing applications and data. Before making the jump to cloud, enterprises must be confident that their applications and data can be properly segmented for compliance, and that trust zones can be maintained. The traditional approach has been to segment applications into different zones by creating physical hardware separation or “air gaps”. This approach no longer works in a cloud environment based on a fully virtualized shared infrastructure. Organizations need a new approach that would allow strict application segmentation in trust zones without the need for hardware separation.  IT compliance - Customers are concerned that cloud computing makes IT compliance more complex. Change management, configuration management, access controls, auditing and logging in a cloud infrastructure are the important concerns. Organizations need compliance solutions that are tuned for the dynamic and ever-changing nature of cloud infrastructure. Exposure or leakage of sensitive business data is another important aspect of security in the cloud. For example, stolen credit card data or compromised personal health information can cost an enterprise millions of dollars or harm its reputation. Many organizations have requirements to keep data in certain jurisdictions (e.g. the EU directive for safeguarding EU citizen’s personal information in EU jurisdictions). Cloud solutions today provide very limited firewalls to segment applications, with very limited ability to detect or prevent leakage of sensitive information. Today’s solutions for protecting applications and data continue to rely on brittle and/or dedicated hardware infrastructure that isn’t suitable for securing a highly virtualized environment. 
  • VMware Transforms Security from Complex…”Traditional IT security is very complex to provision and deploy. First, customers have to configure multiple purpose-built security appliances with proprietary interfaces to deploy the security solution. Second, VI admins, network and security teams have overlapping roles and it takes a lot of manual coordination to properly configure and setup the network, firewall rules and vSphere configurations. These teams are also limited in terms of the proper role based views into policy and implementation. This results in slow provisioning, very complex configuration with significant requirements on coordination, and lack of role based views into policy and implementation details. Finally, traditional security architectures require multiple special purpose appliances. These appliances are expensive and increase CAPex. In addition it delivers a solution with limited scalability, poor availability with multiple points of failure, consumes more power and rack space. All of this increases the Opex of traditional security solutions.
  • vShield drastically reduces the complexity and the number of steps it takes for VI admins to implement clearly defined policies , and along with vCenter this solution enables security, network and VI admin teams to work closely together where the policies can be clearly defined, implemented, viewed and changed seamlessly. With role-based access to administration and reporting interfaces, administration is clear and simple. VI admins are empowered to implement the security policies .The lead times it takes to provision the right set of security services is greatly reduced, and these can be done through UI’s or through scriptable, REST based APIs.vShield technology also helps eliminate the sprawl in VLANs, firewall rules and agents. We’ll talk more about this in a few minutes when we get into the products overview.
  • “VMware Turns Security Solutions from Weak …..”Industry regulations often dictate that ‘in-scope’ systems – ones where regulated/sensitive data are stored or processed – have special policies applied to them. Traditional security solutions are tied to physical hosts and don’t allow flexible groupings of resources to implement these policies.This results in what is known as ‘air-gapped’ solutions. Air gaps are created by the need for dedicated hardware and appliances. They are also created because traditional IT security requires dedicated hardware resources/clusters for specific application tiers or groups, since mixing and matching applications across tiers/groups is not possible because of the implied exposure and infection risks. In virtualized environments, the airgap effect is just as bad, since it implies that specific groups of VMs must be limited to specific hosts. This reduces overall efficiency, imposes constraints on how applications /workloads are scaled, load balanced or otherwise managed. This also means that where datacenter-level or user driven infrastructure changes are required, a lot of manual work and cost is incurred to support such change – this leads to a very rigid infrastructure that does not adapt to changing business needs.
  • Lets start with an overview of the broad security market.The traditional security market is a mature market segment which has over 27Billion spend – the larger segments in this market include network security, along with Identity Management, Antivirus/endpoint.VMware vShield in it’s initial version is targeting the network security, endpoint security and application security segments to begin with. We also plan to partner closely with key vendor such as RSA, Trend, McAfee, Symantec etc to jointly address other segments.
  • The Sensitive Data Discovery feature includes over 80 pre-built templates for the most common standards for protecting sensitive data including PII (Personally Identifiable Information), PCI-DSS cardholder data, and PHI (Private Health Information). Each pre-built template provides the ability to scans all elements of a virtualization environment - whether datacenters, file shares, resource pools, hosts and VMs – and produces a detailed report that identifies if all of them are in compliances with the specific standardThe key benefits of this feature is quickly identifies sensitive data and reduces risk of non-compliance and reputation damage. It also improves performance over traditional solutions by offloading all sensitive data discovery functions to a secure virtual appliance.
  • Transcript

    • 1. What’s New in vShield 5.0 – Trust your Cloud
    • 2. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 3. Re-think End-User Computing
      Modernize Application Development
      SaaS Apps
      Existing Apps
      New Enterprise Apps
      Evolve the Infrastructure
      Public Cloud Services
      Existing Datacenters
      Three Core Focus Areas
    • 4. In 2010 VMware Unveiled a Complete Hybrid Cloud Stack…
      vSphere
      vSphere
      vSphere
      vCloud Director
      vShield Security
      vCenter Management
    • 5. vSphere
      vSphere
      vSphere
      New
      Cloud Infrastructure Launch(vSphere, vCenter, vShield, vCloud Director)
      vCloud Director 1.5
      vCloud Director
      vShield Security
      vShield 5.0
      vCenter Operations 1.0vCenter SRM 5.0
      vCenter Management
      vSphere 5.0
      In 2011 VMware is Introducing a Major Upgrade of the Entire Cloud Infrastructure Stack
    • 6. VMware Cloud Infrastructure
      Respond to Business Faster
      Trust Your Cloud
      Run Business Critical Apps with Confidence
      • Intelligent Policy Management
      • 7. Resource Elasticity
      • 8. Flexible Hybrid Cloud Management
      • 9. Visibility into Sensitive Data
      • 10. Protection Against Network Intrusions
      • 11. Efficient Anti-Virus
      • 12. Scalability and Performance
      • 13. High Availability and Disaster Recovery
      • 14. Broad Industry Support
    • VMware Cloud Infrastructure
      Respond to Business Faster
      Trust Your Cloud
      Run Business Critical Apps with Confidence
      • Intelligent Policy Management
      • 15. Resource Elasticity
      • 16. Flexible Hybrid Cloud Management
      • 17. Visibility into Sensitive Data
      • 18. Protection Against Network Intrusions
      • 19. Efficient Anti-Virus
      • 20. Scalability and Performance
      • 21. High Availability and Disaster Recovery
      • 22. Broad Industry Support
    • Security and Compliance are Key Concerns for CIOs in Moving to the Cloud
      What are the top challenges or barriers to implementing a cloud computing strategy?
      Top 4 Concerns are on Security and Compliance
      Source: 2010 IDG Enterprise Cloud-based Computing Research, November 2010
    • 23. Security and Compliance Defined
      Security is about protecting applications, data, server, storage, and networks from malware, and unauthorized human access.
      Compliance is demonstrating adherence to a standard or regulatory requirement.
    • 24. Security and Compliance Concerns in Detail…..
      How can I manage security policies across virtual desktops, servers and networks?
      How do I verify that confidential and regulated data is secure in the cloud? How do I implement compliance audits for resources in the cloud?
      I have too many VLANsfor segmenting traffic, and agents for securing applications. I can’t keep up
      InfrastructureTeam
      Security OperationsTeam
      Compliance Officer
      Both Security and Proof of Compliance are Required to Build Trust
    • 25. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 26. The VMware Advantage
      Traditional Securityand Compliance
      VMware Advantage
      Complex
      • Multiple provisioning interfaces
      • 27. Overlapping admin roles
      • 28. Multiple point solutions
      Simple
      • Single interface for provisioning
      • 29. Separation of duties
      • 30. Firewall policy reduction 70:1, virtual security appliances
      Weak
      • Agents in each VM, AV storms
      • 31. No granular segmentation
      • 32. Rigid – Policies tied to servers
      Strong
      • Agentless
      • 33. Hypervisor level firewall
      • 34. Adaptive trust zones, compromised apps quarantined
      Labor Intensive Compliance
      • Not change-aware, data leaks
      • 35. Manual assessment
      • 36. Manual remediation
      Automatic Compliance
      • Change aware, discover sensitive data
      • 37. Continuous assessment
      • 38. Automated remediation, programmable
      Deployments on VMware are More Secure than Physical
    • 39. VMware Transforms Security from Complex…
      Network Admin
      Security Admin
      VI admin
      2
      1
      Overlapping Roles / Responsibilities
      Multiple frameworks and provisioning interfaces
      Network
      Firewall
      Load Balancer
      Application
      VMware vSphere
      3
      Multiple physical3rd party solutions
    • 40. …To Disruptively Simple
      Network Admin
      Security Admin
      VI admin
      2
      1
      UnifiedFramework
      Clear separation of Roles / Responsibilities
      Reduced numberof steps: Configure vCenter
      vCenter + vShield Manager
      Network
      Load Balancer
      Application
      Firewall
      vCenter
      RSA
      Other AVvendors
      Other ISV
      Trend
      VMware vSphere
      3
      Integrated into Virtual Security appliances
    • 41. VMware Turns Security from Weak...
      Not Virtualization aware
      Virus spreads quickly in flat networks without segmentation
      Antivirus storms
      Agents in every VM
      DMZ
      PCI Compliant
      1
      1
      WEB
      MAIL
      2
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      “Air gap”
      3
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      VMware vSphere and vCenter
      VMware vSphere and vCenter
      VMware vSphereand vCenter
      VMware vSphereand vCenter
      File Server
      Switch
      Switch
      Switch
      Switch
    • 42. PCI Compliant
      ….to More Secure
      Protect every VM with hypervisor level firewall & IPS
      Quarantine infected VMs
      Eliminate agents and antivirus storms
      Enforce policies with adaptive trust zones
      DMZ
      PCI Compliant
      DMZ
      2
      3
      3
      1
      Quarantine Zone
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      Agent
      AV
      PartnerProduct
      IPS
      PartnerProduct
      AV
      PartnerProduct
      Agent
      Agent
      Agent
      Agent
      VMware vSphere vCenter
    • 43. VMware Turns Compliance from Being Labor Intensive…
      FISMA
      HIPAA
      SOX
      Using Traditional Ways of
      Maintaining Compliance
      ISO 27002
      GLBA
      DISA
      Requires specialized knowledge
      Not change-aware
      Manual remediation
      NERC/
      FERC
      PCI DSS
      NIST
      Virtualization Hardening Guidelines
      CIS Benchmarks
    • 44. …To Automated Continuous Compliance
      Preconfigured templates
      Monitor data and changes
      1
      PCI
      FISMA
      HIPAA
      SOX
      Continuous assessment
      Automated remediation
      SOX
      VMware
      2
      NERC/
      FERC
      PCI DSS
      NIST
      3
    • 45. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 46. Security and Compliance Market Overview
      Market
      Size in 2012
      Endpoint Security
      Antivirus
      $30B Worldwide in 2009
      New in vShield 5.0
      Content Security
      Network Security
      Identity Mgmt
      $3,565(20%)
      Segments Addressed Today
      $9,136 (8%)
      Security Operations
      Market Size($M) in 2009
      $2,987 (15%)
      $4,062 (7%)
      Change Mgmt
      Endpoint Security
      $3,001
      (8%)
      $3,001
      (2%)
      Data Security
      $3,258 (19%)
      Application
      Security
      $713
      (8%)
      Market Growth Rate
      Source: IDC, 2009
      Network Security
      Identity Management
      Change & Compliance
      Others
    • 47. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 48. New Features in vShield 5.0
      Customer Need
      VMware Solution
      • Protect sensitive data
      • 49. Protect infrastructure from being compromised by hackers
      • 50. Improve performance of Anti-Virus solution
      • 51. Sensitive Data Discovery to meet standards & regulations
      • 52. Accurately discover and report sensitive data in unstructured files
      • 53. Segment off VMs with sensitive data in separate trust zones
      • 54. Strong and efficient protection against network intrusions
      • 55. Ability to quarantine compromised VMs
      • 56. Efficient Anti-Virus
    • Sensitive Data Discovery to Meet Standards & Regulations
      !
      !
      !
      Overview
      • More than 80 pre-defined templates for country/industry specific regulations
      • 57. Accurately discover and report sensitive data in unstructured files with analysis engine
      • 58. Segment off VMs with sensitive data in separate trust zones
      Benefits
      • Quickly identify sensitive data exposures
      • 59. Reduce risk of non-compliance and reputation damage
      • 60. Improve performance by offloading data discovery functions to a virtual appliance
      Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)
    • 61. Strong and Efficient Protection Against Network Intrusions
      Overview
      Partner product
      • Leverage 3rd party intrusion detection solutions (IDS) to identify network based threats
      • 62. Automatically isolate compromised VMs
      IDS
      Benefits
      quarantine
      • Contain network intrusions and prevent them from spreading in the environment
      Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)
    • 63. Efficient Anti-virus Solution to Protect Virtual Machines
      Overview
      Partner product
      • Offloaded anti-virus protection for desktop and server applications
      • 64. Leverage 3rd party anti-virus solutions
      AV
      agent
      agent
      agent
      agent
      agent
      agent
      Benefits
      • Eliminate anti-virus storms
      • 65. Rapid provisioning: deploy and patch
      • 66. Reduce risk and improve performance by eliminating agents susceptible to attack
      • 67. Lower cost and complexity to protect virtual machines against malware
      agent
      agent
      agent
      agent
      agent
      agent
      Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)
    • 68. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 69. Large National Lab — Trust Zones for Applications
      Customer Need
      VMware Solution
      Build and maintain a secure network that isolates highly sensitive scientific applications from the rest of the environment without creating “airgaps”.
      • Create adaptive trust zones on the same shared infrastructure to control access to
      • 70. Highly sensitive scientific apps
      • 71. Shared services
      • 72. Business critical apps
      • 73. and the DMZ
      • 74. Restrict inbound and outbound traffic to the trust zones
      • 75. Restrict access to applications in a trust zone to View users in the subgroup within the zone
      • 76. Automatically move infected VMs to a remediation zone
      Business Benefits
      .
      Scientific Apps
      Shared Svrs
      Business Apps
      View Users
      View Users
      View Users
      • Reduced provisioning time from 30 days to 30 minutes
      • 77. Lower Capex & Opex by replacing hardware appliances with virtual appliances
      VMware vSphere + vCenter + vShield Manager
    • 78. Agenda
      Primary customer concerns with the cloud
      VMware value proposition
      New features and use cases
      Customer examples
      Product summary
    • 79. Summary – To build Trust in Cloud You NeedSecurity and Proof of Compliance
      Security
      Proof of Compliance
      $300/VM
      $800/VM
      VMware vShield and vCenter Configuration Manager Deliver Trust in Your Cloud
    • 80.
    • 81. Thank You!