Virtualize Application Security Today - Hardware is No Longer Needed.pptx
•Download as PPTX, PDF•
0 likes•49 views
This document discusses how security functions that were traditionally performed by specialized hardware can now be virtualized and performed in software. It notes that hardware is no longer needed for common security functions like inspection, encryption/decryption, and behavior prevention. It also discusses some of the problems with relying on physical hardware security appliances, like cost, need for updates, and lack of availability across cloud environments. The document promotes a software-based security solution as offering more flexibility, agility, and cost savings compared to traditional hardware-based security approaches.
Recommended
Recommended
More Related Content
Similar to Virtualize Application Security Today - Hardware is No Longer Needed.pptx
Similar to Virtualize Application Security Today - Hardware is No Longer Needed.pptx (20)
More from Avi Networks
More from Avi Networks (20)
Recently uploaded
Recently uploaded (20)
Virtualize Application Security Today - Hardware is No Longer Needed.pptx
- 1. ©2023 VMware, Inc. 1 Virtualize Application Security Today - Hardware is No Longer Needed
- 2. ©2023 VMware, Inc. 2 Common Security Functions Inspect and allow/block Encrypt/Decrypt content Prevent bad behavior (DoS)
- 3. ©2023 VMware, Inc. 3 Security Requires Horsepower • Layer 4-7 content inspection • Full packet payload inspection • Assembly/disassembly • Faster networks • Encryption • Complex algorithms • A lot of data • Increasing complexity • Application awareness • Context-aware
- 4. ©2023 VMware, Inc. 4 Security Requires Specialized Horsepower (?) • Encryption/decryption silicon • DPU/GPU/FPGA ^^^^^^^^^^^
- 5. ©2023 VMware, Inc. 5 Problems With Hardware
- 6. ©2023 VMware, Inc. 6 Physical Dependencies Only usable where installed Not available in the cloud Datacenter 2 Datacenter 1
- 7. ©2023 VMware, Inc. 7 Cost Specialized hardware is expensive SSL acceleration card can cost >$7000
- 8. ©2023 VMware, Inc. 8 Keeping Current Technology advances require updated hardware i.e. - ECC encryption Time
- 9. ©2023 VMware, Inc. 9 More Horses Off the Shelf (OTS)
- 10. ©2023 VMware, Inc. 10 Moore’s Law
- 11. ©2023 VMware, Inc. 11 CPU Performance With TLS Encryption Source: https://www.yugabyte.com/blog/measuring-the-performance-impact-of-tls- encryption-using-tpcc/ (2021)
- 12. ©2023 VMware, Inc. 12 TLS in CPU Source: https://istlsfastyet.com/
- 13. ©2023 VMware, Inc. 13 Software-based Security Matters
- 14. ©2023 VMware, Inc. 14 Load Balancing and Security Makes Sense L3/4/7 ACLs Encryption User Authentication Application Rate Limiting Bot Management Security Insights Security score Attack insights SSL Insights WAF analytics Web Application Firewall Data Center Public Cloud Private Cloud AV Malware Protection DDoS Protection PULSE Cloud Services Live Updates
- 15. © 2023 VMware, Inc. 15 Legacy Hardware / Software LB Challenges NSX Advanced Load Balancer delivers Business Agility, Operational Simplicity, and Cost Savings DC 1 DC2 DEPT1 DEPT2 Active Standby 0% Used Capacity Control Plane Control Plane Separate control points – operational complexity Over provisioning, manual capacity management Hard to troubleshoot, finger-pointing Network Team App Owners Not designed for modern new environments • Central orchestration and management • Active-Active deployment • Elastic scaling and self-healing • Per-app / per-tenant • Multi-cloud • Rich visibility and analytics • Automation/self-service 15% ? Customer-managed / SaaS vRA Custom X On-premises Cloud Container
- 16. ©2023 VMware, Inc. 16 Control Plane Bare Metal Virtualized Containers ON PREMISES PUBLIC CLOUD Distributed Architecture for Multi-Cloud Application Services Centralized policies and full lifecycle management Data Plane Controller (Customer-managed | SaaS) ELASTICITY Application Services Fabric ANALYTICS / OBSERVABILITY AUTOMATION RESILIENCE Pulse Cloud Service CENTRAL ORCHESTRATION
- 17. ©2023 VMware, Inc. 17 Protect your application attack surface Application Security Solution App Security Visibility API Protection Bot Management Web Application Firewall Attack Types Actors: Human vs Bot File Uploads API / App Web Traffic Pulse Cloud Services Threat Intelligence Threat Research Signature Updates 0-day analysis Rule Updates
- 18. © 2023 VMware, Inc. 18 Switzerland of Load Balancers & Web App Security Modern software-defined distributed architecture Multi-cloud consistency and operational simplicity API-driven integrations and analytics-driven decisions A single platform for all application services 12000+ Hardware Appliances Replaced
- 19. 19 ©2023 VMware, Inc. Demo A single application services fabric across multiple clouds Virtualized Containers Bare Metal Virtualized Containers Virtualized Containers On-premises Clickthrough Demo Web App Security
- 20. © 2023 VMware, Inc. 20 Software = Flexibility and Agility Source: The Business Value of VMware NSX Advanced Load Balancer (IDC # US49589722, August 2022) 27% higher application development productivity gains 90% faster scale to capacity 54% fewer unplanned outages per year 43% lower cost of operations
- 21. © 2023 VMware, Inc. 21 Next Steps LEARN avinetworks.com/ docs | webinars TRY vmware.com/go/try- avi-networks vmware.com/go/aviw orkshops TRAIN
- 22. Thank You ©2023 VMware, Inc.