SlideShare a Scribd company logo

Improving Cyber Security with VMware NSX

D
David Hopland
1 of 2
Download to read offline
Improving Cyber Security with VMware NSX Improving Cyber Security with VMware NSX Cyber security breaches across the Government and the Military are increasing. Through 2014, there has been a 25% increase in the number of breaches from this time last year across the Public and Private Sectors. Some of the recent cyber security breaches include US Postal Service (11/10/14) – 800,000 records exposed, Department of Public Health & Human services in TX (8/27) & MT (6/3/14) – 2,000,000 & 1,062,509 records exposed respectively, the IRS (7/7/14) – 1,400,000 records exposed; as well as the NOAA (10/20) and DOS (11/16) (ITRC, 2014). Security breaches are expensive, and even more so if sensitive data is exposed. The average per capita cost of a data breach is $201/record, with a total organizational cost per breach of $5.85 Million (Ponemon Institute, 2014). The reason cyber security breaches are increasing is that attackers have learned to defeat the current operational model of physical networking security, with the emphasis on perimeter-centric network security. This defense is analogous to the walls and moats we can still see around old towns and cities – they were built at a time when they served a purpose, but that time passed with the invention of large-caliber guns and the growth of the cities themselves. Similarly, the network perimeter security strategy worked well when there were only a few PC's and a mainframe attached to the network. This is no longer the case. The world is becoming more interconnected, and the opportunities for cyber security breaches are increasing as a result. Attackers typically attach to an authorized user to get inside the network, and once inside, move laterally from workload to workload; exactly what happened at the NOAA breach. “The attack in September hit a Web server that connects to many NOAA computers...The server had security protections, but the person compared the security to leaving a house protected by “just a screen door”” (Flaherty, 2014). Until now, it has been too costly (in both resources and money) for most organizations to protect the workloads inside the network perimeter because it required manual intervention to wrap the security controls around these workloads. VMware’s Networking Virtualization platform, NSX, bridges this gap by enabling automated creation and management of firewalls and distributed control policies for workloads or applications across all virtual interfaces. This allows a cost-effective and operationally feasible implementation of Microsegmentation, or wrapping security controls around small clusters of virtualized resources inside the network perimeter, thus, isolating internal applications and virtual networks from each other and from the underlying physical infrastructure. Now IT can automate and operationalize firewalls that branch across the entire infrastructure, manage them centrally, and alter their policies as they move. NSX automated provisioning enables the provisioning of firewall policies as workloads are programmatically created; policies follow the workload as it moves in or between datacenters (VMware, 2014). VMware | Carahsoft Use Case Year Number of Breaches Total Cost 2011 48 $280,200,000 2012 53 $310,050,000 2013 56 $327,600,000 2014 90 $526,500,000 *Costs are based on $5.85 Million cost per breach (Ponemon Institute, 2014 & ITRC, 2015) 1
Improving Cyber Security with VMware NSX Improving Cyber Security with VMware NSX NSX delivers 3 levels of security: isolation, segmentation and segmentation with advanced services. Isolation: Virtual networks are isolated from each other and the underlying physical network infrastructure. There are no physical subnets or firewall rules to enable the isolation. Hypervisor traffic is encapsulated, allowing for separate address spaces for workloads connected to the VM's and the physical network devices. Segmentation: multitier networks are supported by virtual networks, meaning multiple L2 segments with L3 segmentation or Micro-segmentation (with 3rd party introspection) where there are controlled policies at each segment. The virtual network services tied to the workload are programmatically created and distributed to the hypervisor vSwitch. Segmentation with advanced services: By leveraging the SDDC platform and the networking services in the vSwitch, advanced and Third party networking services can be applied in and across virtual networks (VMware, 2014). VMware | Carahsoft Use Case Flaherty, M. Samenow, J. & Rein, L. (2014, November 16). Chinese hack U.S. weather systems, satellite network. The Washington Post. Retrieved from: http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9- 11e4-b053-65cea7903f2e_story.html Barrett, D. Stevens, L. Yadron, D. (2014). U.S. Postal Service Says It Was Victim of Data Breach. The Wall Street Journal. Retrieved from: http://online.wsj.com/articles/u-s-postal-service-says-it-was-victim-of-data-breach-1415632126 Perlroth, N. (2014, November 16). State Department Targeted by Hackers in 4th Agency Computer Breach. The New York Times. Re- trieved from: http://www.nytimes.com/2014/11/17/us/politics/state-department-targeted-by-hackers-in-4th-agency-computer-breach. html?_r=1 Ponemon Institute. (2014). 2014 Cost of Data Breach Study: Global Analysis. Retrieved from: http://securityintelligence.com/me- dia/2014-cost-of-data-breach-study-ponemon/#.VIGzqjHF_OG VMware. (2014). Data Center Micro-Segmentation. A Software Defined Data Center Approach for a “Zero Trust” Security Strategy. Retrieved from: http://blogs.vmware.com/networkvirtualization/files/2014/06/VMware-SDDC-Micro-Segmentation-White-Paper.pdf Identity Theft Resource Center. (2014). Retrieved from: http://www.idtheftcenter.org/id-theft/data-breaches.html http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html http://www.idtheftcenter.org/images/breach/ITRC_Breach_Report_2014.pdf http://www.idtheftcenter.org/images/breach/ITRC_Breach_Stats_Report_2014.pdf http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummar y2014.pdf RESOURCES Carahsoft: David Hopland NSX Specialist at Carahsoft Tel: 703-230-7426 Email: david.hopland@carahsoft.com 2 The recent cyber security breaches at USPS, DOS, NOAA and the IRS could have been mitigated with NSX. NSX makes both perimeter and workload security economically and operationally feasible. Rather than manually configuring firewalls on the thousands of workloads entering/leaving the data center, NSX dynamically automates this and scales out as workloads are added, and when the work is done, the firewalls are automatically dismantled/deleted with the VM they are attached to. By bringing a firewall to each and every workload and machine (virtual and physical), NSX creates a ‘zero trust’ policy inside the network. Now, when your wall is breached, you have controls to find and stop the breach at a reasonable cost. “ ” The average per capita cost of a data breach is $201/record, with a total organizational cost per breach of $5.85 million. (Ponemon Institute, 2014)

Recommended

PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...IJNSA Journal
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Mark Raduenzel
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
A Distributed Approach to Defend Web Service from DDoS Attacks
A Distributed Approach to Defend Web Service from DDoS AttacksA Distributed Approach to Defend Web Service from DDoS Attacks
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...Deenuji Loganathan
 

Recommended

PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...Collaborative defence for distributed attacks (case study of palestinian info...
Collaborative defence for distributed attacks (case study of palestinian info...IJNSA Journal
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Mark Raduenzel
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
A Distributed Approach to Defend Web Service from DDoS Attacks
A Distributed Approach to Defend Web Service from DDoS AttacksA Distributed Approach to Defend Web Service from DDoS Attacks
A Distributed Approach to Defend Web Service from DDoS AttacksCSCJournals
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...Deenuji Loganathan
 
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
 
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
 
Meeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domainMeeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domainDarwin Chimbo
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
 
C43021014
C43021014C43021014
C43021014IJERA Editor
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Presentation Undergraduate Project
Presentation Undergraduate ProjectPresentation Undergraduate Project
Presentation Undergraduate ProjectCevdet Basaran
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
50120140502001 2
50120140502001 250120140502001 2
50120140502001 2IAEME Publication
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
C3
C3C3
C3Praveen Malisetty
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
 
Ids 003 attacks
Ids 003 attacksIds 003 attacks
Ids 003 attacksjyoti_lakhani
 
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld
 
Virtualization / Cloud / SDN
Virtualization / Cloud / SDNVirtualization / Cloud / SDN
Virtualization / Cloud / SDNMarketingArrowECS_CZ
 

More Related Content

What's hot

RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
 
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
 
Meeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domainMeeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domainDarwin Chimbo
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Presentation Undergraduate Project
Presentation Undergraduate ProjectPresentation Undergraduate Project
Presentation Undergraduate ProjectCevdet Basaran
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
 

What's hot (20)

RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
 
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...
 
Meeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domainMeeting national security_space_needs_in_the_contested_cyberspace_domain
Meeting national security_space_needs_in_the_contested_cyberspace_domain
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes Mainstream
 
Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail Applications
 
C43021014
C43021014C43021014
C43021014
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Presentation Undergraduate Project
Presentation Undergraduate ProjectPresentation Undergraduate Project
Presentation Undergraduate Project
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
50120140502001 2
50120140502001 250120140502001 2
50120140502001 2
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
C3
C3C3
C3
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...A Data Hiding Techniques Based on Length of English Text using DES and Attack...
A Data Hiding Techniques Based on Length of English Text using DES and Attack...
 
Ids 003 attacks
Ids 003 attacksIds 003 attacks
Ids 003 attacks
 

Viewers also liked

VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 

Viewers also liked (11)

VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
 
Virtualization / Cloud / SDN
Virtualization / Cloud / SDNVirtualization / Cloud / SDN
Virtualization / Cloud / SDN
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSX
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 

Similar to Improving Cyber Security with VMware NSX

Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
President Donald Trump - Cybersecurity - National Institute of Standards and ...
President Donald Trump - Cybersecurity - National Institute of Standards and ...President Donald Trump - Cybersecurity - National Institute of Standards and ...
President Donald Trump - Cybersecurity - National Institute of Standards and ...Clifton M. Hasegawa & Associates, LLC
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 

Similar to Improving Cyber Security with VMware NSX (15)

Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
President Donald Trump - Cybersecurity - National Institute of Standards and ...
President Donald Trump - Cybersecurity - National Institute of Standards and ...President Donald Trump - Cybersecurity - National Institute of Standards and ...
President Donald Trump - Cybersecurity - National Institute of Standards and ...
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Project 3
Project 3Project 3
Project 3
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 

Improving Cyber Security with VMware NSX

  • 1. Improving Cyber Security with VMware NSX Improving Cyber Security with VMware NSX Cyber security breaches across the Government and the Military are increasing. Through 2014, there has been a 25% increase in the number of breaches from this time last year across the Public and Private Sectors. Some of the recent cyber security breaches include US Postal Service (11/10/14) – 800,000 records exposed, Department of Public Health & Human services in TX (8/27) & MT (6/3/14) – 2,000,000 & 1,062,509 records exposed respectively, the IRS (7/7/14) – 1,400,000 records exposed; as well as the NOAA (10/20) and DOS (11/16) (ITRC, 2014). Security breaches are expensive, and even more so if sensitive data is exposed. The average per capita cost of a data breach is $201/record, with a total organizational cost per breach of $5.85 Million (Ponemon Institute, 2014). The reason cyber security breaches are increasing is that attackers have learned to defeat the current operational model of physical networking security, with the emphasis on perimeter-centric network security. This defense is analogous to the walls and moats we can still see around old towns and cities – they were built at a time when they served a purpose, but that time passed with the invention of large-caliber guns and the growth of the cities themselves. Similarly, the network perimeter security strategy worked well when there were only a few PC's and a mainframe attached to the network. This is no longer the case. The world is becoming more interconnected, and the opportunities for cyber security breaches are increasing as a result. Attackers typically attach to an authorized user to get inside the network, and once inside, move laterally from workload to workload; exactly what happened at the NOAA breach. “The attack in September hit a Web server that connects to many NOAA computers...The server had security protections, but the person compared the security to leaving a house protected by “just a screen door”” (Flaherty, 2014). Until now, it has been too costly (in both resources and money) for most organizations to protect the workloads inside the network perimeter because it required manual intervention to wrap the security controls around these workloads. VMware’s Networking Virtualization platform, NSX, bridges this gap by enabling automated creation and management of firewalls and distributed control policies for workloads or applications across all virtual interfaces. This allows a cost-effective and operationally feasible implementation of Microsegmentation, or wrapping security controls around small clusters of virtualized resources inside the network perimeter, thus, isolating internal applications and virtual networks from each other and from the underlying physical infrastructure. Now IT can automate and operationalize firewalls that branch across the entire infrastructure, manage them centrally, and alter their policies as they move. NSX automated provisioning enables the provisioning of firewall policies as workloads are programmatically created; policies follow the workload as it moves in or between datacenters (VMware, 2014). VMware | Carahsoft Use Case Year Number of Breaches Total Cost 2011 48 $280,200,000 2012 53 $310,050,000 2013 56 $327,600,000 2014 90 $526,500,000 *Costs are based on $5.85 Million cost per breach (Ponemon Institute, 2014 & ITRC, 2015) 1
  • 2. Improving Cyber Security with VMware NSX Improving Cyber Security with VMware NSX NSX delivers 3 levels of security: isolation, segmentation and segmentation with advanced services. Isolation: Virtual networks are isolated from each other and the underlying physical network infrastructure. There are no physical subnets or firewall rules to enable the isolation. Hypervisor traffic is encapsulated, allowing for separate address spaces for workloads connected to the VM's and the physical network devices. Segmentation: multitier networks are supported by virtual networks, meaning multiple L2 segments with L3 segmentation or Micro-segmentation (with 3rd party introspection) where there are controlled policies at each segment. The virtual network services tied to the workload are programmatically created and distributed to the hypervisor vSwitch. Segmentation with advanced services: By leveraging the SDDC platform and the networking services in the vSwitch, advanced and Third party networking services can be applied in and across virtual networks (VMware, 2014). VMware | Carahsoft Use Case Flaherty, M. Samenow, J. & Rein, L. (2014, November 16). Chinese hack U.S. weather systems, satellite network. The Washington Post. Retrieved from: http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9- 11e4-b053-65cea7903f2e_story.html Barrett, D. Stevens, L. Yadron, D. (2014). U.S. Postal Service Says It Was Victim of Data Breach. The Wall Street Journal. Retrieved from: http://online.wsj.com/articles/u-s-postal-service-says-it-was-victim-of-data-breach-1415632126 Perlroth, N. (2014, November 16). State Department Targeted by Hackers in 4th Agency Computer Breach. The New York Times. Re- trieved from: http://www.nytimes.com/2014/11/17/us/politics/state-department-targeted-by-hackers-in-4th-agency-computer-breach. html?_r=1 Ponemon Institute. (2014). 2014 Cost of Data Breach Study: Global Analysis. Retrieved from: http://securityintelligence.com/me- dia/2014-cost-of-data-breach-study-ponemon/#.VIGzqjHF_OG VMware. (2014). Data Center Micro-Segmentation. A Software Defined Data Center Approach for a “Zero Trust” Security Strategy. Retrieved from: http://blogs.vmware.com/networkvirtualization/files/2014/06/VMware-SDDC-Micro-Segmentation-White-Paper.pdf Identity Theft Resource Center. (2014). Retrieved from: http://www.idtheftcenter.org/id-theft/data-breaches.html http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html http://www.idtheftcenter.org/images/breach/ITRC_Breach_Report_2014.pdf http://www.idtheftcenter.org/images/breach/ITRC_Breach_Stats_Report_2014.pdf http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummar y2014.pdf RESOURCES Carahsoft: David Hopland NSX Specialist at Carahsoft Tel: 703-230-7426 Email: david.hopland@carahsoft.com 2 The recent cyber security breaches at USPS, DOS, NOAA and the IRS could have been mitigated with NSX. NSX makes both perimeter and workload security economically and operationally feasible. Rather than manually configuring firewalls on the thousands of workloads entering/leaving the data center, NSX dynamically automates this and scales out as workloads are added, and when the work is done, the firewalls are automatically dismantled/deleted with the VM they are attached to. By bringing a firewall to each and every workload and machine (virtual and physical), NSX creates a ‘zero trust’ policy inside the network. Now, when your wall is breached, you have controls to find and stop the breach at a reasonable cost. “ ” The average per capita cost of a data breach is $201/record, with a total organizational cost per breach of $5.85 million. (Ponemon Institute, 2014)