Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

#PCMVision: VMware NSX - Transforming Security

1,476 views

Published on

VMware NSX - Transforming Security

  • Be the first to comment

  • Be the first to like this

#PCMVision: VMware NSX - Transforming Security

  1. 1. © 2014 VMware Inc. All rights reserved. Paul Penn - ppenn@vmware.com Sales Director Western US Garrett Kray- krayg@vmware.com Security Specialist Network and Security Business Unit VMware NSX Transforming Security
  2. 2. VMware – Who we are…  Headquartered in Palo Alto • Campus the size of Disneyland  Over $25 billion in revenues  17 years old  Over 55,000 partners worldwide  ~17,800 employees worldwide  Fastest Software Company in history to grow to $5 billion in sales (and did it with one product)  Corporate Mascot: Turtle
  3. 3. VMware Software Defined Enterprise 3 Policy-based Management & Automation Cloud Automation Cloud Operations Cloud Business Software-Defined Data Center Private Clouds Public Clouds vCHS Virtualized Infrastructure Abstract & Pool Applications End User Computing Desktop Mobile Virtual Workspace Modern SaaSTraditional Compute Network Security Storage Availability vSphere NSX vSAN SRM vCenter Server vCenter Automation Center (VCAC) vCenter Operations (vCOPS) ITBM Horizon Workspace Horizon View Horizon Mirage
  4. 4. Agenda 1 SDDC/NSX Overview 2 The Killer Use Case // Micro-segmentation 3 Current Customers and Benchmarks 4 VMware AppDefense 4Confidential
  5. 5. IT’S TIME FOR A NEW IT APPROACH SLOW TECHNOLOGY ADOPTION RATES HIGH USER EXPECTATIONS SLOW REPONSES PRIVACY ISSUES INTEGRATION PROBLEMS SERVICE OUTAGES SHORTAGE OF RIGHT SKILLS DECLINING BUDGET DIFFERENT APPLICATIONS AGING INFRASTRUCTURE SECURITY PROLIFERATION OF DEVICES FRAGMENTED DATA CENTER LIMITED RESOURCES CLOUD SILOS SECURITY PROLIFERATION OF DEVICES FRAGMENTED DATA CENTER CLOUD SILOS
  6. 6. We are in the 3rd fundamental structural transition in the history of IT Client Server Cloud/MDM/SDDC We are here Mainframe Mainframe PC Revolution Client/Server Cloud Cloud • Mobile Devices & Clouds (public & private) • Software Defined • Local Applications • Minor role for networking • Desktops & Servers • Campus Networks • Data Centers
  7. 7. What Is a Software-Defined Data Center (SDDC)? 7 Hardware Software Data center virtualization layer Pooled compute, network, and storage capacity Vendor independent, best price/performance/service Simplified configuration and management Intelligence in software Operational model of VM for data center Automated provisioning and configuration CONFIDENTIAL
  8. 8. NSX value proposition Network virtualization is at the core of the software- defined data center approach Network, storage, compute Virtualization layer 8CONFIDENTIAL
  9. 9. Network and security services now in the hypervisor Switching Routing Firewalling/ACLs Load balancing East-west firewalling High throughput rates Hardware independent The Next-generation Networking Model 9CONFIDENTIAL
  10. 10. NSX value proposition Network, storage, compute Virtualization layer “Network platform” Virtual networks 10CONFIDENTIAL
  11. 11. 11 SECURITY Architecting security as an inherent part of the data center infrastructure Network Virtualization How is it being used today? AUTOMATION Automating IT processes to deliver IT at the speed of business APPLICATION CONTINUITY Enabling applications and data to reside and be accessible anywhere CONFIDENTIAL
  12. 12. CONFIDENTIAL 12 Transforming Security with Micro-segmentation
  13. 13. Increased Security Spending Has Not Decreased Breaches CONFIDENTIAL 13 IT Spend Security Spend Security Breaches Annual Cost of Security Breaches: $445B (Source: Center for Strategic and International Studies) Security as a Percentage of IT Spend: 2012: 11% 2015: 21 % (Source: Forrester) Projected Growth Rate in IT Spend from 2014-2019: Zero (Flat) (Source: Gartner)
  14. 14. Digital makes reliance on data lucrative for thieves Security investments are increasing, yet the cost of breaches are rising faster 14 Underfunding security isn’t the problem.
  15. 15. Improved Data Center Network Security Perimeter-centric network security has proven insufficient, and HW micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Traditional Edge FW NSX dFW
  16. 16. 16 Web App DB VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM Security Micro-segmentation | Secure End User | DMZ Anywhere Granular Policy Enforcement Enables zero trust security model with policy enforced at every workload
  17. 17. CONFIDENTIAL 17 3rd Party Service Insertion with NSX
  18. 18. Advanced Services Insertion – Example: Palo Alto Networks NGFW Internet Security Policy Security Admin Traffic Steering
  19. 19. Public Cloud Provider Your Data Center Your IT Governance VMware on AWS powered by NSX
  20. 20. Coalfire Benchmark Report CONFIDENTIAL 20 • Does VMware NSX functionally satisfy NIST recommendations? • Are the precepts of micro- segmentation, as defined in the complete definition, satisfied conceptually and in testing by NSX? • Can real-world threats be stopped by NSX in E-W and N-S, using industry- standard Penetration Testing tools?
  21. 21. Expanding Security to Scale with the Business Columbia Sportswear continues to stay ahead of competitors and threats by combining advanced, automated security inside the data center. “There just wasn’t a great way to insert security in order to address east-west traffic between VMs, nor have the security tied to the applications as they moved around dynamically.” John Spiegel Network Manager Columbia Sportswear
  22. 22. CONFIDENTIAL 22 VMware AppDefense
  23. 23. Abstraction layer between infrastructure and apps 23 We call this the “Goldilocks Zone” We can use this zone to transform endpoint detection and response Hypervisor AppDefense NSX Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  24. 24. Hypervisor IT provisions a new app 1 Visibility and context into application lifecycle 24 Automated collection of intended state across app lifecycle IT provisions a change to the app 3 AppDefense notes the change 4 AppDefense collects intended state of the app 2 AppDefense NSX Insert security into DevOps process VMware AppDefense
  25. 25. Hypervisor Automated detection & response 25 Compare intended state against run-time state to detect deviations Automate response through vSphere and NSX: • Quarantine • Modify security policy • Increase logging AppDefense NSX Attacker compromise s an app 1 AppDefense automatically responds 2 Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  26. 26. Hypervisor AppDefense NSX Isolation from attack surface 26 Isolated environment to monitor and control all endpoints AppDefense itself is protected from attacks Attacker compromise s an app 1 AppDefense is protected from the attack surface 2 Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  27. 27. “Simple works, especially in InfoSec…I can sleep easy at night knowing that when AppDefense detects a problem, it will respond automatically.” Brad Doctor Senior Director, Information Security VMware VMware’s Information Security team uses AppDefense in our SOC to protect the critical security systems that secure our business applications. VMware Information Security – Case Study
  28. 28. Thank you

×