Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Unified Protection for Multi-Cloud Infrastructure

346 views

Published on

Prezentace z konference Virtualization Forum 2019
Praha, 3.10.2019
Sál B

Published in: Technology
  • Be the first to comment

Unified Protection for Multi-Cloud Infrastructure

  1. 1. Unified Protection for Multi-Cloud Infrastructure Tamas Barna CISSP, CISM, CCSP, Security+ Enterprise Technology Specialist, EMEA Cloud Infrastructure Security
  2. 2. 2 Today’s Enterprise Landscape Transformations Applications and Infrastructures Cloud IaaS/PaaS Offices | Remote Sites Private Cloud On-Prem / Hosted SaaS Providers Business Acceleration
  3. 3. 3 Hybrid Cloud: Data Centers and Service Transformation Physical Server Public Cloud Container and PaaS Monolithic Fixed Virtual Server Private Cloud Serverless Loosely Coupled
  4. 4. 4 Hybrid Cloud: Resulting Challenges Physical Server Public Cloud Container and PaaS Monolithic Fixed Virtual Server Private Cloud Serverless Complexity, Speed & Shared Responsibilities Loosely CoupledComplete Visibility, Protection & Provisioning Shadow IT, Efficient Management & Compliance
  5. 5. 5 Understanding Shared Responsibility Application Platform, Identity and Access Management Customer Data Provider Global Infrastructure (Regions, Availability Zones, Edge Locations) Storage Operating System, Network and Firewall Configuration Client side Data Encryption, Data Integrity Authentication Server-side Encryption (File System and/or data) Network Traffic Protection (Encryption/Integrity/Identity) Compute NetworkingDatabase Customer (Responsible for security ‘in’ the cloud) IaaS Provider (Responsible for security ‘of’ the cloud) PaaS Provider SaaS Provider
  6. 6. 6 IaaS Fastest Growing Segment of Cloud Source: Gartner Forecasts Worldwide Public Cloud Revenue press release April 12, 2019 IaaS 35.9% CAGR SaaS 22.2% CAGR
  7. 7. 7 IaaS—Securing Infrastructure and Apps Infrastructure 1 Detect and correct security misconfigurations 2 Detect and Secure Workloads and Containers Workloads and Containers 3 Protect the data in the apps Apps IaaS
  8. 8. 8 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts IaaS
  9. 9. 9 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts
  10. 10. 10 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts Security Configuration Control
  11. 11. 11 1. Security Configuration Audit Prevent regulated/high-value data being stored in the cloud. ▪ Continuously monitor IaaS security settings for misconfiguration.
  12. 12. 12 1. Security Configuration Audit Prevent regulated/high-value data being stored in the cloud. ▪ As IaaS admins correct misconfigured settings, McAfee automatically resolves the incident.
  13. 13. 13 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts Shadow IaaS Control
  14. 14. 14 2. Managing Rogue IaaS Instances Discover shadow AWS usage and reclaim control of risky IaaS usage. ▪ Identify risky or unsanctioned IaaS platforms in use.
  15. 15. 15 2. Managing Rogue IaaS Instances Discover shadow AWS usage and reclaim control of risky IaaS usage. ▪ Enforce governance policies and coach users to approved IaaS platform.
  16. 16. 16 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts Visibility of Confidential Data Inside PaaS Storage
  17. 17. 17 3. Visibility of Confidential Data Gain visibility of regulated/high-value data stored in AWS S3 and Azure Storage. ▪ Perform on-demand scans to identify sensitive or protected data stored in IaaS storage services.
  18. 18. 18 Data Exfiltration Vectors—IaaS Infrastructure and Apps Compromised AccountsMisconfiguration Rogue User Confidential Data Leaks Rogue IaaS Accounts User Behavior Analytics Forensics
  19. 19. 19 4. Advanced Threat Protection Detect compromised accounts, insider threats, and malware. ▪ Threat funnel correlates multiple anomalies, minimizing false positives.
  20. 20. 20 4. Advanced Threat Protection Detect compromised accounts, insider threats, and malware. ▪ No pre-defined policies or thresholds, automatic models based on activity.
  21. 21. 21 5. Activity Monitoring and Forensics Capture and categorize an audit trail of activity for forensic investigations. ▪ Categorizes 100s of activities into 13 categories for easy filtering/navigation.
  22. 22. 22 5. Activity Monitoring and Forensics Capture and categorize an audit trail of activity for forensic investigations. ▪ Expand the scope of an investigation and browse a geo-location map.
  23. 23. 23 5. Activity Monitoring and Forensics Capture and categorize an audit trail of activity for forensic investigations. ▪ Investigate activities for a specific user centered around an incident.
  24. 24. 24 5. Activity Monitoring and Forensics Capture and categorize an audit trail of activity for forensic investigations. ▪ IP reputation to identify access by a malicious IP such as a TOR network.
  25. 25. 25 IaaS—Securing Infrastructure Infrastructure 1 Detect and correct security misconfigurations 2 Detect and Secure Workloads and Containers Workloads and Containers 3 Protect the data in the Apps Apps IaaS
  26. 26. 26 IaaS Workload and Containers Challenges Malware and Viruses Difficulty Detecting Breaches Lack of Network Traffic Visibility Fragmented Policy Management IaaSLack of Workload and Container Visibility
  27. 27. 27 Discover and Manage Multiple Public Cloud Accounts Security Controls Live Status with details Views: ▪ Workload ▪ Events ▪ VPC Issue Details Workload Count Take Action
  28. 28. 28 Lack of Workload and Container Visibility IaaS Workload and Containers Challenges Malware and Viruses Difficulty Detecting Breaches Lack of Network Traffic Visibility Fragmented Policy ManagementWorkload/Container Inventory
  29. 29. 29 Traffic & Network Visibility Graphical traffic analysis for both E-W & N-S traffic (traffic moving to, from, and between workloads) Correction • Shutdown • Update Firewall rules in AWS/Azure Security Groups Threat Events • Workload threats • Network threats Detection • GTI IP Reputation • Heuristics (Blocked E-W connections, Activity on high-risk ports) • Alerts from vNSP
  30. 30. 30 Lack of Workload and Container Visibility IaaS Workload and Containers Challenges Malware and Viruses Difficulty Detecting Breaches Lack of Network Traffic Visibility Fragmented Policy ManagementAgent Installation & Security Configuration Single-Click Quarantine
  31. 31. 31 Safeguard Workloads Quarantine Infected Workloads and Containers Identify malicious connections Reduce misconfiguration risk and increase initial remediation efficiency by nearly 90% Isolate workloads or containers
  32. 32. 32 Auditing of Security best practices and Compliance checks Security assessment ▪ Industry standard security benchmarks like CIS Regulatory Compliance assessment ▪ Auditing of governance policies like PCI DSS, SOX, GLBA, HIPAA, FISMA.
  33. 33. 33 Lack of Workload and Container Visibility IaaS Workload and Containers Challenges Malware and Viruses Difficulty Detecting Breaches Lack of Network Traffic Visibility Fragmented Policy Management Unified Policy Management and Reporting
  34. 34. 34 Simplify ▪ Single security policy, single pane of glass console management across data center and public and private clouds with McAfee ePO. ▪ Automated policy management across all on-premise and off-premise infrastructure. ▪ APIs, automation and integration with Cloud tools e.g. Chef, Puppet. ▪ Efficient security management keeps operational expenses under control. ▪ Security smart enough to scale up and scale down with the load. Efficiently manage all security policies across on-premise and public, private and hybrid cloud environments. McAfee ePO Device Security | Data Protection Security Operations Center Network & Web Security | Cloud Workloads Security Native Security McAFEE
  35. 35. 35 Secure Containers with CWS There are three ways to apply security for containers as of today in the market space: - Agent based (inside the container itself) - Ephemeral Proxy - Additional container as FW
  36. 36. 36 Securing Containers using agentless approach • Repository Image vulnerability & antimalware scanning • Discovery Pods and Services within Kubernetes environment • Container Runtime Security • Continuous monitoring • Vulnerability Assessment • Access Protection • Application Control • Log management • CIS Benchmark Scanning – misconfiguration • Network Security – Container Firewall with Micro segmentation support • Compliance - AV as service, Access Protection, File Integrity Monitoring, Vulnerability Assessment • Host security (if supported OS is used) • Management– Monitoring, threat anomaly detection, Policy enforcement, Dashboards Kubernetes Node Dock er kubel et kube- proxy fluent d CNI Networ k Plugin Pod Pod API Scheduler Controller etcd A P I McAfee Security Pod Persisten t Storage (Policy & Events) Rule Enforcer (Network Policy) K8s API client API Server CWS - ePO Kubernetes Master DevOps
  37. 37. & McAfee. The device-to-cloud cybersecurity company.
  38. 38. 38 3 Phases In a Common Cloud Breach 1. Land ▪ Gain first foothold into a 3rd parties VPC, and IaaS/PaaS real estate 2. Expand ▪ Find ways to move beyond the node on which the hacker landed in order to extract maximum value out of the breach 3. Exfiltrate ▪ Find ways to exfiltrate GBs of data while staying under the radar
  39. 39. 39 Layered Container Security Validate Container Orchestration System Config (CSPM) Vulnerability Assessment for container components (Vulnerability Mgmt) App Level Visibility and Control (Zero Trust Security Model) Detect and remove known vulnerabilities Block Land Prevent Bad East West Traffic Block Exfiltrate Audit and monitor changes to infrastructure Block Expand
  40. 40. 40 Layered Container Security Deep Visibility and Context • Rapid inventory of current applications, components and processes • Visual mapping of all traffic between applications and dependencies • Blast maps and capabilities to playback traffic for forensics Threat Detection • Modeling behavior of any app to detect Anomalies • Identification of backdoors in components • Identifying unknown processes with elevated privileges Seamless protection • Seamlessly operates across all platforms, with controls at app level • One click Security Policy generation – protect once, run anywhere • Light-weight operation and services ------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------
  41. 41. 41 MVISION ePO Data / Web Protection “Nirvana for Cloud” McAfee Web Gateway / WGCS MVISION Cloud Cloud Workload Security (ePO) A solution built with CASB, DLP and Web components DLP CASB SWG A solution combining CWPP, CSPM and Micro- Segmentation 0-Trust CASB - IaaS CWS / Container
  42. 42. McAfee, the McAfee logo are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2017 McAfee LLC.

×