Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Steve Porter : cloud Computing Security

723 views

Published on

A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Steve Porter : cloud Computing Security

  1. 1. Securing Your Journey to the Cloud Trend Micro Stephen Porter Alliance BDM Data Center Evolution: Physical. Virtual. Cloud.
  2. 2. Control vs Responsibility? Servers Virtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS % Enterprise Responsibility Control Gap
  3. 3. Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
  4. 4. A New Model for Security – Securing the Computing Chain All environments should be considered un-trusted 4 Users access app Host defends itself from attack Image ensures data is always encrypted and managed Encrypted Data Encryption keys only controlled by you When this whole chain is secure Components can move DC1, LAN 1 Cloud 1, LAN 2 Data Cloud, LAN 1 Data DC2, LAN 2 Virtual “neighbours” don’t matterLocation doesn’t matter Service provider “lock” goes away Shared storage ROI goes up
  5. 5. Advanced Targeted Threats Empowered Employees Re-Perimeterization Virtualization, Cloud Consumerization & Mobility Outside-in Perimeter Defense Isn’t Enough… Source: Forrester
  6. 6. Reduce Noise 6 Stopping stuff on the outside from getting inside allows a focus on events on the inside that would otherwise be impossible
  7. 7. APT and Targeted Attack Profile Social • Spear Phishing • Drive-by Downloads • Zero-day malware Key Characteristics Stealthy • Low profile • Masked activities • Requires specialized detection Sophisticated • Exploits vulnerabilities • Remote control and backdoor • Uses credentials & privileges
  8. 8. Deep Discovery: Key Technologies • Deep content inspection across 100’s of protocols & applications • Smart Protection Network reputation and dynamic black listing • Sandbox simulation and analysis • Communication fingerprinting • Multi-level rule-based event correlation • And more… Driven by Trend Micro threat researchers and billions of daily events Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, service exploitation . . . • Data exfiltration communication
  9. 9. Real-Time Inspection Analyze Deep Analysis CorrelateSimulate Actionable Intelligence Threat Connect Watch List GeoPlotting Alerts, Reports, Evidence Gathering 9 Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence Identify Attack Behavior & Reduce False Positives Detect Malicious Content and Communication Out of band network data feed of all network traffic
  10. 10. Physical Virtual Cloud Manageability Glut of security products Less security Higher TCO Reduce Complexity One Security Model is Possible across Physical, Virtual, and Cloud Environments PLATFORM-SPECIFIC SECURITY RISKS Integrated Security: Single Management Console Performance & Threats Traditional security degrades performance New VM-based threats Increase Efficiency Visibility & Threats Less visibility More external risks Deliver Agility
  11. 11. Consolidate Physical Security REDUCE COMPLEXITY
  12. 12. One Server Security Platform REDUCE COMPLEXITY Firewall HIPS / Virtual Patching Web Application Protection Antivirus Integrity Monitoring Log Inspection Advanced Reporting Module Single Management Console Software Agent Based Solution
  13. 13. Server and Desktop Virtualization Security INCREASE EFFICIENCY
  14. 14. Challenge: Complexity of Management VIRTUALIZATION SECURITY VM sprawl inhibits compliance Patch agents Rollout patterns Provisioning new VMs Reconfiguring agents
  15. 15. Cloned  Challenge: Instant-on Gaps VIRTUALIZATION SECURITY    DormantActive Reactivated with out dated security   Reactivated and cloned VMs can have out-of-date security
  16. 16. Challenge: Dynamic movement Load Balancing or V-Motion VIRTUALIZATION SECURITY VMs moving between hosts can cause manual intervention and Introduce risk
  17. 17. Challenge: Resource Contention VIRTUALIZATION SECURITY Typical Security Console 09:00am Virus Definition Updates Configuration Storm Automatic security scans overburden the system 3:00am Integrity Scan
  18. 18. Security Zone vShield App and Zones Application protection from network based threats vShield Security Securing the Private Cloud End to End: from the Edge to the Endpoint Edge vShield Edge Secure the edge of the virtual datacenter Endpoint = VM vShield Endpoint Enables offloaded Security FIM, anti-virus, IDS/IPS … Virtual Datacenter 1 Virtual Datacenter 2 DMZ PCI compliant GPG13 compliant Web View VMware vShield VMware vShield VMware vShield Manager
  19. 19. Fitting into the VMware Ecosystem VIRTUALIZATION SECURITY vSphere Virtual Environment Integrates with vCenter Trend Micro Deep Security Security Virtual Machine Log Inspection Agent-based Other VMware APIs IDS / IPS Web Application Protection Application Control Firewall Agentless Agentless vShield Endpoint Antivirus Integrity Monitoring
  20. 20. Secure the lifecycle of the VM VIRTUALIZATION SECURITY Moving VM’s Restarted VM Self Service new VMs Reconfiguring VM - Clones Relevant Deep Security ControlsFIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV Recommendation Scan vCenter
  21. 21. •Jan 2011 results of testing conducted by AV-Test.org •Threats prevented at each layer (of total threats that reached that layer) •33% •65 / 200 •53% •72 / 135 •19% •12/ 65 •200 threats •135 threats •65 threats •51 threats •End-to-End •75% •(149 of 200)•average of all enterprise products 97% of threats blocked at the first layer of defense 21 Trend Micro Microsoft Sophos McAfee Symantec Exposure Layer 97% 2% 63% 1% 0% (194 of 200) (3 of 200) (126 of 200) (2 of 200) (0 of 200) Infection Layer 67% 68% 19% 50% 54% (4 of 6) (134 of 197) (14 of 74) (99 of 198) (108 of 200) Dynamic Layer 100% 6% 23% 25% 16% (2 of 2) (4 of 63) (14 of 60) (25 of 99) (15 of 92) All Layers 100% 71% 77% 63% 62% (200 of 200) (141 of 200) (154 of 200) (126 of 200) (123 of 200)
  22. 22. Integrated Management - vCenter Deep Security 8.0 VM Lifecycle • Creation • Configuration • Deployment • Dynamic update • V-Motion • Restart vCenter
  23. 23. Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations 3X higher VDI VM consolidation ratios Increased ROI with Deep Security Example: Agentless Antivirus VIRTUALIZATION SECURITY 0 10 20 30 40 50 60 70 80 Traditional AV Agentless AV VM servers per host 75 25 3-year Savings on 1000 VDI VMs = $539,600
  24. 24. Cloud Deployments and Security DELIVER AGILITY
  25. 25. Protect my data 2 Inside-out Security Smart Context aware Self-Secured Workload Local Threat Intelligence When Timeline Aware Who Identity Aware Where Location Aware What Content Aware User-defined Access Policies Encryption DATAINSIDE-OUT SECURITY
  26. 26. When data is moved, unsecured data remnants can remain Challenge: Data Destruction CLOUD SECURITY 10011 01110 00101 10011 01110 00101 10011 0 00101
  27. 27. Sensitive Research Results • Unreadable for unauthorized users • Control of when and where data is accessed • Server validation • Custody of keys Data Security Encryption with Policy-based Key Management Server & App Security Modular Protection • Self-defending VM security • Agentless and agent-based • One management portal for all modules, all deployments vSphere & vCloud Integration ensures servers have up-to-date security before encryption keys are released What is the Solution? Data Protection CLOUD SECURITY
  28. 28. VM VM VM VMVM VM VM VMVM VM VM VM VMware vCloud VMware vSphere Encryption throughout your cloud journey—data protection for virtual & cloud environments Enterprise Key Key Service Console Trend Micro SecureCloud Data Center Private Cloud Public Cloud Fitting Encryption into a VMware Ecosystem CLOUD SECURITY
  29. 29. Test Deep Security / Secure Cloud Example Classification 7/26/2013 29 Vmware Vsphere ESX Customer Customer 1 Customer 2 Unix/ Win Server Encrypted Volumes on SAN, NAS, Cloud Service … Policy Server Key Service
  30. 30. Specialized Protection for Physical, Virtual, and Cloud Physical Virtual Cloud TREND MICRO DEEP SECURITY Only fully integrated server security platform First hypervisor-integrated agentless antivirus First agentless file integrity monitoring (FIM) Only solution in its category to be EAL4+ and FIPS certified
  31. 31. 2011 Technology Alliance Partner of the Year TREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER Improves Security by providing the most secure virtualization infrastructure, with APIs, and certification programs Improves Virtualization by providing security solutions architected to fully exploit the VMware platform 2008 2009 2011 Feb: Join VMsafe program RSA: Trend Micro VMsafe demo, announces Coordinated approach & Virtual pricing RSA: Trend Micro announces virtual appliance 2010: >100 customers >$1M revenue VMworld: Announce Deep Security 8 w/ Agentless FIM 1000 Agentless customers VMworld: Trend virtsec customer, case study, webinar, video May: Trend acquires Third Brigade July: CPVM GA Nov: Deep Security 7 with virtual appliance RSA: Trend Micro Demos Agentless 2010 Q4: Joined EPSEC vShield Program VMworld: Announce Deep Security 7.5 Sale of DS 7.5 Before GA Dec: Deep Security 7.5 w/ Agentless Antivirus RSA: Other vendors “announce” Agentless

×