What’s new in VMware vShield 5 - Customer Presentation


Published on

What’s New in vShield 5 - Customer Presentation

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • To address this challenge, VMware is focused on three core solution areas in IT:How best to evolve the infrastructure to support this new world,Changes in application development to speed time-to-market for business-critical applications, that take advantage of this new world,And a new way of approaching end-user computing, to increase user satisfaction.<click>Let’s begin by exploring the evolution of infrastructure.
  • VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
  • VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
  • IT security is about protecting an organization’s digital assets – the IT infrastructure such as servers, storage and network, applications and the data that lives there. Organizations want to control: who is accessing digital assetswhat apps and data need protection from theft or leakswhat infrastructure is at risk from threats such as malware or network-based attacks Compliance utilizes a set of processes to determine conformance to regulatory frameworks, industry standards, internal organizational standards, or vendor best practices. IT compliance commonly includes requirements for security controls as they pertain to protecting industry-regulated assets such as personal healthcare information or credit card data. In the case of corporate governance, security applies to assets critical to the business such as intellectual property or customer lists. Within the IT compliance area are several regulatory frameworks, many of which are specific to an industry vertical:Healthcare – HIPAARetail - PCIFinancial – GLBAGovernment – FISMAGovernance – Enterprise policies
  • Most surveys on cloud computing1 unanimously cite security and compliance as the by far the most significant concerns hindering the adoption of cloud computing. These high level concerns typically boil down to three concrete security and compliance issues: Patchwork of security solutions. Cloud infrastructure is about breaking the silos in the datacenter, and creating a virtualized shared infrastructure that stands ready to support any application workload on-demand. However, existing security solutions are often based on the old siloed way of managing the datacenter – where each group – the server, storage, network, security, and desktop teams – has its own security frameworks and tools. Without a common, unified security policy management framework to control polices and provide visibility into changes, how can the network, virtualization and security teams maintain the level of control that they desire? How can they make rapid changes to security policies if the need arises when so much manual offline coordination is required? Securing applications and data. Before making the jump to cloud, enterprises must be confident that their applications and data can be properly segmented for compliance, and that trust zones can be maintained. The traditional approach has been to segment applications into different zones by creating physical hardware separation or “air gaps”. This approach no longer works in a cloud environment based on a fully virtualized shared infrastructure. Organizations need a new approach that would allow strict application segmentation in trust zones without the need for hardware separation.  IT compliance - Customers are concerned that cloud computing makes IT compliance more complex. Change management, configuration management, access controls, auditing and logging in a cloud infrastructure are the important concerns. Organizations need compliance solutions that are tuned for the dynamic and ever-changing nature of cloud infrastructure. Exposure or leakage of sensitive business data is another important aspect of security in the cloud. For example, stolen credit card data or compromised personal health information can cost an enterprise millions of dollars or harm its reputation. Many organizations have requirements to keep data in certain jurisdictions (e.g. the EU directive for safeguarding EU citizen’s personal information in EU jurisdictions). Cloud solutions today provide very limited firewalls to segment applications, with very limited ability to detect or prevent leakage of sensitive information. Today’s solutions for protecting applications and data continue to rely on brittle and/or dedicated hardware infrastructure that isn’t suitable for securing a highly virtualized environment. 
  • VMware Transforms Security from Complex…”Traditional IT security is very complex to provision and deploy. First, customers have to configure multiple purpose-built security appliances with proprietary interfaces to deploy the security solution. Second, VI admins, network and security teams have overlapping roles and it takes a lot of manual coordination to properly configure and setup the network, firewall rules and vSphere configurations. These teams are also limited in terms of the proper role based views into policy and implementation. This results in slow provisioning, very complex configuration with significant requirements on coordination, and lack of role based views into policy and implementation details. Finally, traditional security architectures require multiple special purpose appliances. These appliances are expensive and increase CAPex. In addition it delivers a solution with limited scalability, poor availability with multiple points of failure, consumes more power and rack space. All of this increases the Opex of traditional security solutions.
  • vShield drastically reduces the complexity and the number of steps it takes for VI admins to implement clearly defined policies , and along with vCenter this solution enables security, network and VI admin teams to work closely together where the policies can be clearly defined, implemented, viewed and changed seamlessly. With role-based access to administration and reporting interfaces, administration is clear and simple. VI admins are empowered to implement the security policies .The lead times it takes to provision the right set of security services is greatly reduced, and these can be done through UI’s or through scriptable, REST based APIs.vShield technology also helps eliminate the sprawl in VLANs, firewall rules and agents. We’ll talk more about this in a few minutes when we get into the products overview.
  • “VMware Turns Security Solutions from Weak …..”Industry regulations often dictate that ‘in-scope’ systems – ones where regulated/sensitive data are stored or processed – have special policies applied to them. Traditional security solutions are tied to physical hosts and don’t allow flexible groupings of resources to implement these policies.This results in what is known as ‘air-gapped’ solutions. Air gaps are created by the need for dedicated hardware and appliances. They are also created because traditional IT security requires dedicated hardware resources/clusters for specific application tiers or groups, since mixing and matching applications across tiers/groups is not possible because of the implied exposure and infection risks. In virtualized environments, the airgap effect is just as bad, since it implies that specific groups of VMs must be limited to specific hosts. This reduces overall efficiency, imposes constraints on how applications /workloads are scaled, load balanced or otherwise managed. This also means that where datacenter-level or user driven infrastructure changes are required, a lot of manual work and cost is incurred to support such change – this leads to a very rigid infrastructure that does not adapt to changing business needs.
  • Lets start with an overview of the broad security market.The traditional security market is a mature market segment which has over 27Billion spend – the larger segments in this market include network security, along with Identity Management, Antivirus/endpoint.VMware vShield in it’s initial version is targeting the network security, endpoint security and application security segments to begin with. We also plan to partner closely with key vendor such as RSA, Trend, McAfee, Symantec etc to jointly address other segments.
  • The Sensitive Data Discovery feature includes over 80 pre-built templates for the most common standards for protecting sensitive data including PII (Personally Identifiable Information), PCI-DSS cardholder data, and PHI (Private Health Information). Each pre-built template provides the ability to scans all elements of a virtualization environment - whether datacenters, file shares, resource pools, hosts and VMs – and produces a detailed report that identifies if all of them are in compliances with the specific standardThe key benefits of this feature is quickly identifies sensitive data and reduces risk of non-compliance and reputation damage. It also improves performance over traditional solutions by offloading all sensitive data discovery functions to a secure virtual appliance.
  • What’s new in VMware vShield 5 - Customer Presentation

    1. 1. What’s New in vShield 5.0 – Trust your Cloud<br />
    2. 2. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    3. 3. Re-think End-User Computing<br />Modernize Application Development<br />SaaS Apps<br />Existing Apps<br />New Enterprise Apps<br />Evolve the Infrastructure<br />Public Cloud Services<br />Existing Datacenters<br />Three Core Focus Areas<br />
    4. 4. In 2010 VMware Unveiled a Complete Hybrid Cloud Stack…<br />vSphere<br />vSphere<br />vSphere<br />vCloud Director<br />vShield Security<br />vCenter Management<br />
    5. 5. vSphere<br />vSphere<br />vSphere<br />New<br />Cloud Infrastructure Launch(vSphere, vCenter, vShield, vCloud Director)<br />vCloud Director 1.5<br />vCloud Director<br />vShield Security<br />vShield 5.0<br />vCenter Operations 1.0vCenter SRM 5.0<br />vCenter Management<br />vSphere 5.0<br />In 2011 VMware is Introducing a Major Upgrade of the Entire Cloud Infrastructure Stack<br />
    6. 6. VMware Cloud Infrastructure<br />Respond to Business Faster<br />Trust Your Cloud<br />Run Business Critical Apps with Confidence<br /><ul><li>Intelligent Policy Management
    7. 7. Resource Elasticity
    8. 8. Flexible Hybrid Cloud Management
    9. 9. Visibility into Sensitive Data
    10. 10. Protection Against Network Intrusions
    11. 11. Efficient Anti-Virus
    12. 12. Scalability and Performance
    13. 13. High Availability and Disaster Recovery
    14. 14. Broad Industry Support </li></li></ul><li>VMware Cloud Infrastructure<br />Respond to Business Faster<br />Trust Your Cloud<br />Run Business Critical Apps with Confidence<br /><ul><li>Intelligent Policy Management
    15. 15. Resource Elasticity
    16. 16. Flexible Hybrid Cloud Management
    17. 17. Visibility into Sensitive Data
    18. 18. Protection Against Network Intrusions
    19. 19. Efficient Anti-Virus
    20. 20. Scalability and Performance
    21. 21. High Availability and Disaster Recovery
    22. 22. Broad Industry Support </li></li></ul><li>Security and Compliance are Key Concerns for CIOs in Moving to the Cloud<br />What are the top challenges or barriers to implementing a cloud computing strategy? <br />Top 4 Concerns are on Security and Compliance<br />Source: 2010 IDG Enterprise Cloud-based Computing Research, November 2010<br />
    23. 23. Security and Compliance Defined<br />Security is about protecting applications, data, server, storage, and networks from malware, and unauthorized human access.<br />Compliance is demonstrating adherence to a standard or regulatory requirement. <br />
    24. 24. Security and Compliance Concerns in Detail…..<br />How can I manage security policies across virtual desktops, servers and networks?<br />How do I verify that confidential and regulated data is secure in the cloud? How do I implement compliance audits for resources in the cloud?<br />I have too many VLANsfor segmenting traffic, and agents for securing applications. I can’t keep up<br />InfrastructureTeam<br />Security OperationsTeam<br />Compliance Officer<br />Both Security and Proof of Compliance are Required to Build Trust<br />
    25. 25. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    26. 26. The VMware Advantage<br />Traditional Securityand Compliance<br />VMware Advantage<br />Complex<br /><ul><li>Multiple provisioning interfaces
    27. 27. Overlapping admin roles
    28. 28. Multiple point solutions</li></ul>Simple<br /><ul><li>Single interface for provisioning
    29. 29. Separation of duties
    30. 30. Firewall policy reduction 70:1, virtual security appliances</li></ul>Weak<br /><ul><li>Agents in each VM, AV storms
    31. 31. No granular segmentation
    32. 32. Rigid – Policies tied to servers </li></ul>Strong<br /><ul><li>Agentless
    33. 33. Hypervisor level firewall
    34. 34. Adaptive trust zones, compromised apps quarantined</li></ul>Labor Intensive Compliance<br /><ul><li>Not change-aware, data leaks
    35. 35. Manual assessment
    36. 36. Manual remediation</li></ul>Automatic Compliance<br /><ul><li>Change aware, discover sensitive data
    37. 37. Continuous assessment
    38. 38. Automated remediation, programmable</li></ul>Deployments on VMware are More Secure than Physical <br />
    39. 39. VMware Transforms Security from Complex…<br />Network Admin<br />Security Admin<br />VI admin<br />2<br />1<br />Overlapping Roles / Responsibilities<br />Multiple frameworks and provisioning interfaces<br />Network<br />Firewall<br />Load Balancer<br />Application<br />VMware vSphere<br />3<br />Multiple physical3rd party solutions<br />
    40. 40. …To Disruptively Simple<br />Network Admin<br />Security Admin<br />VI admin<br />2<br />1<br />UnifiedFramework<br />Clear separation of Roles / Responsibilities<br />Reduced numberof steps: Configure vCenter<br />vCenter + vShield Manager<br />Network<br />Load Balancer<br />Application<br />Firewall<br />vCenter<br />RSA<br />Other AVvendors<br />Other ISV<br />Trend<br />VMware vSphere<br />3<br />Integrated into Virtual Security appliances<br />
    41. 41. VMware Turns Security from Weak...<br />Not Virtualization aware<br />Virus spreads quickly in flat networks without segmentation<br />Antivirus storms<br />Agents in every VM<br />DMZ<br />PCI Compliant<br />1<br />1<br />WEB<br />MAIL <br />2<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />“Air gap”<br />3<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />VMware vSphere and vCenter<br />VMware vSphere and vCenter<br />VMware vSphereand vCenter<br />VMware vSphereand vCenter<br />File Server<br />Switch<br />Switch<br />Switch<br />Switch<br />
    42. 42. PCI Compliant<br />….to More Secure <br />Protect every VM with hypervisor level firewall & IPS <br /> Quarantine infected VMs<br />Eliminate agents and antivirus storms<br />Enforce policies with adaptive trust zones <br />DMZ<br />PCI Compliant<br />DMZ<br />2<br />3<br />3<br />1<br />Quarantine Zone<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />Agent<br />AV<br />PartnerProduct<br />IPS<br />PartnerProduct<br />AV<br />PartnerProduct<br />Agent<br />Agent<br />Agent<br />Agent<br />VMware vSphere vCenter<br />
    43. 43. VMware Turns Compliance from Being Labor Intensive… <br />FISMA<br />HIPAA<br />SOX<br />Using Traditional Ways of <br />Maintaining Compliance<br />ISO 27002<br />GLBA<br />DISA<br />Requires specialized knowledge<br />Not change-aware<br />Manual remediation<br />NERC/<br />FERC<br />PCI DSS<br />NIST<br /> Virtualization Hardening Guidelines<br />CIS Benchmarks <br />
    44. 44. …To Automated Continuous Compliance<br />Preconfigured templates<br />Monitor data and changes <br />1<br />PCI<br />FISMA<br />HIPAA<br />SOX<br />Continuous assessment <br />Automated remediation <br />SOX<br />VMware<br />2<br />NERC/<br />FERC<br />PCI DSS<br />NIST<br />3<br />
    45. 45. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    46. 46. Security and Compliance Market Overview <br />Market <br />Size in 2012<br />Endpoint Security<br />Antivirus<br />$30B Worldwide in 2009<br />New in vShield 5.0<br />Content Security<br />Network Security<br />Identity Mgmt<br />$3,565(20%)<br />Segments Addressed Today<br />$9,136 (8%)<br />Security Operations<br />Market Size($M) in 2009<br />$2,987 (15%)<br />$4,062 (7%)<br />Change Mgmt<br />Endpoint Security<br />$3,001 <br />(8%)<br />$3,001 <br />(2%)<br />Data Security<br />$3,258 (19%)<br />Application<br />Security<br />$713<br />(8%)<br />Market Growth Rate<br />Source: IDC, 2009 <br />Network Security<br />Identity Management<br />Change & Compliance<br />Others<br />
    47. 47. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    48. 48. New Features in vShield 5.0 <br />Customer Need<br />VMware Solution<br /><ul><li>Protect sensitive data
    49. 49. Protect infrastructure from being compromised by hackers
    50. 50. Improve performance of Anti-Virus solution
    51. 51. Sensitive Data Discovery to meet standards & regulations
    52. 52. Accurately discover and report sensitive data in unstructured files
    53. 53. Segment off VMs with sensitive data in separate trust zones
    54. 54. Strong and efficient protection against network intrusions
    55. 55. Ability to quarantine compromised VMs
    56. 56. Efficient Anti-Virus</li></li></ul><li>Sensitive Data Discovery to Meet Standards & Regulations<br />!<br />!<br />!<br />Overview<br /><ul><li>More than 80 pre-defined templates for country/industry specific regulations
    57. 57. Accurately discover and report sensitive data in unstructured files with analysis engine
    58. 58. Segment off VMs with sensitive data in separate trust zones</li></ul>Benefits<br /><ul><li>Quickly identify sensitive data exposures
    59. 59. Reduce risk of non-compliance and reputation damage
    60. 60. Improve performance by offloading data discovery functions to a virtual appliance </li></ul>Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)<br />
    61. 61. Strong and Efficient Protection Against Network Intrusions <br />Overview<br />Partner product<br /><ul><li>Leverage 3rd party intrusion detection solutions (IDS) to identify network based threats
    62. 62. Automatically isolate compromised VMs</li></ul>IDS<br />Benefits<br />quarantine<br /><ul><li>Contain network intrusions and prevent them from spreading in the environment</li></ul>Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)<br />
    63. 63. Efficient Anti-virus Solution to Protect Virtual Machines <br />Overview<br />Partner product<br /><ul><li>Offloaded anti-virus protection for desktop and server applications
    64. 64. Leverage 3rd party anti-virus solutions</li></ul>AV<br />agent<br />agent<br />agent<br />agent<br />agent<br />agent<br />Benefits<br /><ul><li>Eliminate anti-virus storms
    65. 65. Rapid provisioning: deploy and patch
    66. 66. Reduce risk and improve performance by eliminating agents susceptible to attack
    67. 67. Lower cost and complexity to protect virtual machines against malware</li></ul>agent<br />agent<br />agent<br />agent<br />agent<br />agent<br />Cloud Infrastructure(vSphere, vCenter, vShield, vCloud Director)<br />
    68. 68. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    69. 69. Large National Lab — Trust Zones for Applications <br />Customer Need<br />VMware Solution<br />Build and maintain a secure network that isolates highly sensitive scientific applications from the rest of the environment without creating “airgaps”.<br /><ul><li>Create adaptive trust zones on the same shared infrastructure to control access to
    70. 70. Highly sensitive scientific apps
    71. 71. Shared services
    72. 72. Business critical apps
    73. 73. and the DMZ
    74. 74. Restrict inbound and outbound traffic to the trust zones
    75. 75. Restrict access to applications in a trust zone to View users in the subgroup within the zone
    76. 76. Automatically move infected VMs to a remediation zone</li></ul>Business Benefits<br />.<br />Scientific Apps<br />Shared Svrs<br />Business Apps<br />View Users<br />View Users<br />View Users<br /><ul><li>Reduced provisioning time from 30 days to 30 minutes
    77. 77. Lower Capex & Opex by replacing hardware appliances with virtual appliances</li></ul>VMware vSphere + vCenter + vShield Manager<br />
    78. 78. Agenda<br />Primary customer concerns with the cloud<br />VMware value proposition<br />New features and use cases<br />Customer examples<br />Product summary<br />
    79. 79. Summary – To build Trust in Cloud You NeedSecurity and Proof of Compliance <br />Security<br />Proof of Compliance<br />$300/VM<br />$800/VM<br />VMware vShield and vCenter Configuration Manager Deliver Trust in Your Cloud<br />
    80. 80.
    81. 81. Thank You! <br />