Issa 042711


Published on

Published in: Technology
1 Comment
  • Hi,
    Can you please let us know how this is done .. I mean in what format does envision get the log data out of VMware cloud infrastructure ?

    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Based on our primary research during discussions with customers like you, our customers are asking themselves these questions.Four basic questions;1) Can I virtualize my Tier 1 applications and make sure that they are secure2) How do I really manage compliance across both a physical and virtualized environment?3) How quickly respond to Security events in my Physical and virtual data center?4) How can I secure the access information in my Virtualized environment?All virtualization platforms are not the same. As you move to adopt virtual infrastructure solutions to reduce costs and improve IT operations, make sure you understand the security implications of virtualization technology and the platform you choose. VMware offers the most robust and secure virtualization platform available. Separate fact from fiction when it comes to virtualization and IT securityUnderstand the most significant ways in which virtualization affects securityFind resources as well as the latest news on virtualization security
  • VMware offers secure and robust virtualization solutions for virtual data centers and cloud infrastructures, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. VMware virtualization gives youSecure architecture and design: Based on its streamlined and purpose-built architecture, vSphere is considered by experts to be the most secure virtualization platform.Third-party validation of security standards: VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations.Proven technology: More than 250,000 customers—including all of the Fortune 100 as well as military and government installations—trust VMware to virtualize their mission-critical applications.NSA being one of Vmware customers!!
  • Today most security is enforced as an add-on to the OS or the application, making it ineffective, inconsistent and complex. Pushing information security enforcement in the virtualization and cloud infrastructure ensures consistency, simplifies security management and enables customers to surpass the levels of security possible in today’s physical infrastructures by making security SEAMLESS.You won't need to sacrifice security, control or compliance on your journey to the cloud or virtualization. With the VMware vShield family and the RSA product line security solutions, you get virtualization-aware protection that adapts to dynamic cloud environments, making it "better-than-physical." Reduce the complexity of endpoint, application and edge network security by improving visibility and accelerating compliance, all within a single framework.
  • The future direction for the RSA Cloud Solution for Security and Compliance will make Archer the best GRC solution for hybrid clouds using the same tool that is used widely to manage risk and compliance across the enterprise. RSA offers one additional differentiator today as we are first to market with this feature which helps customers assess cloud service providers.The Cloud Security Alliance is a not-for-profit organization that is producing leading guidance about best practice in cloud computing and has produced a check-list for potential users of such services. Its membership comprises RSA plus both vendors and enterprises from over 20 major companies. RSA’s Cloud Solution aligns with the CSA Assessment Questions (part of the CSA GRC Stack) by using Archer’s questionnaire workflow to help customers automate the process of asking cloud service providers 195 CSA questions covering the most critical components of a service providers offering, from business and legal processes to technical infrastructure best practices. This will help customers assess against industry established best practices, standards, and critical compliance requirements which hybrid and public cloud service providers best fit their needs.
  • vCloud InfrastructureUnderlying vSpherevCloud-specificResource SharingEnsure isolationLogging and MonitoringWatch for anomalies and violationsUser Management
  • For vSphere-based environments, vShield solutions provide capabilities to secure the edge of the vDC, protect virtual applications from network-based threats, and streamline antivirus protection for VMware View deployments by offloading AV processing to dedicated security VMs.These new product offerings can start securing infrastructure almost immediately since all the underlying compute resources are already present in the vsphere environment. These same solutions in the traditional security model would have taken months to authorize and provision in the physical data center.So what is vshield edge and how is it LIKE what you’ve already seen in the physical data center? The solution provides a virtual appliance with the following capabilities:DHCP – to automate IP address assignment to virtual machines in the vDCNAT – network address translation to mask private IP addresses in the vDC when they send traffic to untrusted networksFirewall – inbound and outbound connection control based on source/destination IP address and application portSite to site VPN: to encrypt traffic between vDCs to allow for confidentiality between organizations or partner extranetsWeb load balancer – actually load balancing based on IP address but in practice, since over 70% of server virtualization is for the web tier, organizations use load balancing for HTTP/S trafficAnd for each vSphere host, the virtual network can be carved up just as a physical network can be carved up using VLANs. This “Network Isolation” keeps traffic within the organization contained within a single port group.But while there are similarities with security in the physical world, there are key differences – and benefits – to vshield Edge over the alternatives:1. No additional hardware: the virtual appliance with all the aforementioned edge features is provisioned using existing vsphere resources2. No complicated VLAN rules: network isolation is enforced at the hypervisor layer, not requiring VLAN-enabled switches3. Rapid and scalable provisioning: each ‘tenant’ gets their edge security virtually on-demand, rather than through some complicated change management process which would require budget and rack space for new edge security hardware4. Centralized management and logging: with traditional security, each point solution would require its own management interface and logging infrastructure. With vShield, all policy management is done from one interface and logs written in syslog format to a single location. Demonstrating compliance is a breeze.Offload Anti-virus processTighter collaborative effort with leading AV partnersHypervisor-based introspection for all major AV functionsFile-scanning engines and virus definitions offloaded to security VM – scheduled and realtimeThin file-virtualization driver in-guest >95%+ reduction in guest footprint (eventually fully agentless)Deployable as a serviceNo agents to manage - thin-guest driver bundling with VMTools (est vSphere 4.1U1)Turnkey, security-as-service deliveryApplicable to all virtualized deployment models – private clouds (virtual datacenters), public clouds (service providers), virtual desktops
  • Issa 042711

    1. 1. Solutions for Cloud Security<br />Erin K. Banks, vSpecialist, CISSP, CISA<br /> @banksek<br />
    2. 2. Federation<br />Virtualization<br />Information<br />CloudComputing<br />enabling convenient, on-demand access to a shared pool of configurable computing resources <br />that can be rapidly provisioned and released with minimal management effort or service provider interaction<br />PrivateCloud<br />Virtualized Data Center<br />Internal cloud<br />External cloud<br />
    3. 3. Our Customers Are Asking Themselves<br />Can I ensure my virtualized business critical applications are running in a secure and compliant environment?<br /> How do I centrally manage compliance across <br /> mixed VMware and physical IT environments?<br />Can I respond more quickly to security events in my virtual environment? <br />Can I secure access and information in my VMware View environment?<br />
    4. 4. Implications of Challenges<br />Security and compliance concerns stall the adoption of virtualization<br />Missing opportunity for “better than physical” security<br />CISOs need to manage security and compliance across virtual and physical IT<br />
    5. 5. Virtualization Creates an Opportunity for More Effective Security <br /><ul><li>Today most security is enforced by the OS and application stack. This is:
    6. 6. Ineffective
    7. 7. Inconsistent
    8. 8. Complex</li></ul>Push Security Enforcement Further Down the Stack<br />vApp and VM layer<br />APP<br />APP<br />APP<br />APP<br />OS<br />OS<br />OS<br />OS<br />Pushing information security enforcement to the infrastructure layer ensures:<br /><ul><li>Consistency
    9. 9. Simplified security management
    10. 10. Ability to surpass the levels of security possible in today’s physical infrastructures</li></ul>Virtual and Cloud<br />Infrastructure<br />Physical Infrastructure<br />
    11. 11. TRUST<br />
    12. 12.
    13. 13. Security Tools<br />SIEM (security information and event management)<br />Compliance (Hardening guidelines)<br />Encryption<br />Data Loss Prevention<br />vShield Zones <br />Access Control<br />Network Control <br />VLANS<br />Secure Code<br />…<br />
    14. 14. Ionix<br />Control Center<br />ESM/ADM<br />IT Compliance Analyzer<br />Server Config Manager<br />VMware’s Integration Framework<br />Avamar<br />Replication Manager<br />Networker<br />Data Protection Advisor<br />RSA enVision<br />RSA DLP<br />RSA eGRC<br />RSA Securid<br />Storage QoS<br />Virtual Provisioning<br />Virtual Storage<br />vCenter<br />Application APIs<br />Scalability<br />Security<br />Availability<br />VMware vSphere<br />vCompute<br />Infrastructure APIs<br />vStorage<br />vNetwork<br />Cisco UCS<br />Ultrascale<br />V-Max<br />Ultraflex<br />EFD<br />Only Vendor Integrated into all 3 vStorage APIs<br />PowerPath for VMware<br />Cisco VN-Link and Nexus Family supported by EMC Ionix and EMC RSA<br />EMC Storage Viewer Plug-in<br />EMC SRM Failback Plug-in<br />EMC VDI Plug-in<br />
    15. 15. RSA Envision<br />RSA DLP<br />RSA eGRC<br />RSA SecurId<br />
    16. 16. SIEM<br />Security information and event management tool<br />Captures event data<br />Audit logs<br />Storage <br />Groups<br />Virtual network infrastructure<br />User and Administrative activities<br />
    17. 17. VMware Collector for RSA enVision<br />VMware Collector uses VMware native API’s to retrieve the logs from vCenterand all ESX/ESXi servers<br />It can also connect to multiple vCenters!<br />RSA enVision<br />
    18. 18. VMware Messages<br />enVision collects messages and parses from<br />VMware View, VMware vShield, VMware vCloud Director<br />Over 800 very well described Message ID’s<br />vMotion and Storage vMotion<br />Snapshots<br />User Login/Logoff<br />Virtual Machine Operations e.g. Power On/Off/Reset<br />7 taxonomy categories<br />Authentication, config, policies, system<br />
    19. 19. Purpose-built Virtualization Reports<br />
    20. 20. enVision and Vblock – Visibility into the Stack<br />Validated with Vblock<br />Applications<br />Security and compliance officer<br />Virtual Machines<br /> vSphere<br />RSA enVision<br />Networking<br /> UCS<br />Comprehensive visibility into security events<br /> Storage<br />Security incident management, compliance reporting<br />
    21. 21. RSA Solution for VMware View <br />VMware VCM for security config and patch management <br />RSA DLP for <br />protection of data in use<br />VMware Infrastructure <br />RSA SecurID<br /> for remote authentication<br />RSA enVision log collection<br /><ul><li>VMware vCenter & ESX(i)
    22. 22. VMware View
    23. 23. RSA SecurID
    24. 24. RSA DLP
    25. 25. Active Directory
    26. 26. VMware VCM</li></ul>Active Directory<br />VMwareView Manager<br />VMwarevCenter<br />Validated with Vblock<br />Clients<br />
    27. 27.
    28. 28. GRC<br />Governance<br />Setting the rules<br />Risk<br />Ensuring the correct rules are in place and functioning<br />Compliance<br />Measuring the effectiveness of the rule<br />Understanding the process used to define the rule<br />Understanding how well people adhere to the rule<br />
    29. 29. Overall Compliance Dashboard and Reporting: Physical and Virtual<br />
    30. 30. RSA Archer eGRC Solutions<br />Policy Management<br />Centrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance. <br />Audit Management<br />Centrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency.<br />Risk Management<br />Identify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance.<br />Business Continuity Management<br />Automate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution.<br />Compliance Management<br />Document your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues.<br />Threat Management<br />Track threats through a centralized early warning system to help prevent attacks before they affect your enterprise.<br />Enterprise Management<br />Manage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives.<br />Vendor Management<br />Centralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls.<br />Incident Management<br />Report incidents and ethics violations, manage their escalation, track investigations and analyze resolutions.<br />
    31. 31. RSA Solution for Cloud Security and Compliance v1.0<br />What’s New<br />Over 100 VMware-specific controls added to Archer library, mapped to regulations/standards<br />What’s New <br />RSA Securbook<br />Discover VMware infrastructure<br />Define security policy<br />Manual and automated configuration assessment<br />Manage security incidents that affect compliance<br />Remediation of non-compliant controls <br />Respond<br />Prevent<br />What’s New<br />RSA enVision collects, analyzes and feeds security incidents from RSA, VMware and ecosystem products to inform Archer dashboards (e.g. DLP, VMware vShield and vCD, HyTrust, Ionix, etc.)<br />RSA Archer eGRC<br />What’s New<br />New solution component automatically assesses VMware configuration and updates Archer<br />
    32. 32. RSA Archer: Mapping VMware security controls to regulations and standards<br />Authoritative Source<br />Regulations (PCI-DSS, etc.)<br />“10.10.04 Administrator and Operator Logs”<br />Control Standard<br />Generalized security controls <br />“CS-179 Activity Logs – system start/stop/config changes etc.”<br />Control Procedure<br />Technology-specific control<br />“CP-108324 Persistent logging on ESXi Server”<br />VI Admin<br />CxO<br />
    33. 33. Discover VMware infrastructure and define policy/controls to manage<br />
    34. 34. Distribution and Tracking Control Procedures<br />Security Admin<br />ServerAdmin<br />NetworkAdmin<br />Project Manager<br />VIAdmin<br />
    35. 35. Initial Deployment Questionnaire<br />
    36. 36. Automated Assessment via PowerCLI<br />Automatically discover and assess VMware infrastructure via PowerCLI<br />VMware objects (ESX, vSwitches, etc…) are automatically populated into Archer<br />They are then mapped to control procedures. Over 40% are automatically assessed via PowerCLI and the results fed into Archer for reporting and remediation.<br />RSA Archer eGRC<br />
    37. 37. Control Procedure – List, Status and Measurement Method<br />
    38. 38. Overall Virtual Infrastructure Compliance Dashboard<br />
    39. 39. RSA Solution for Cloud Security and Compliance: Architecture<br />Regulations, standards<br />Generalized security controls<br />VMware-specific security controls<br />Automated<br />assessment<br />RSA<br />enVision<br />VMware cloud<br />infrastructure<br />(vSphere, vShield, VCD) <br />Configuration<br />State<br />Security Events<br />Ecosystem<br />(HyTrust, Ionix,)<br />
    40. 40. Example: VMware vShield Network Security Events Fed to Archer<br />
    41. 41. Example: HyTrust - Access Policy Events Fed to Archer<br />
    42. 42. Making Archer the Best GRC Solution for Hybrid Clouds<br />Assessing Service Provider Compliance<br />Cloud Architecture<br />Governance and Enterprise Risk Management<br />Legal and Electronic Discovery<br />Compliance and Audit<br />RSA Solution for Cloud Security<br />and Compliance aligns with CSA<br />Consensus Assessment Questions<br />by automating 195 questions that<br />customers can issue to assess cloud<br />service providers.<br />Information Lifecycle Management<br />Portability and Interoperability<br />Security, Bus. Cont,, and Disaster Recovery<br />Data Center Operations<br />Incident Response, Notification, Remediation<br />Application Security<br />Encryption and Key Management<br />Virtualization<br />Identity and Access Management<br />Cloud Security Alliance’s 13 domains of focus for cloud computing<br />
    43. 43. RSA SecurBook<br />A technical guide for deploying and operating RSA Solution for Cloud Infrastructure <br /><ul><li>Model: RSA SecurBook for VMware View / MS SharePoint
    44. 44. Solution architecture
    45. 45. Solution deployment and configuration guides
    46. 46. Operational guidance for effective using the solution
    47. 47. Troubleshooting guidance </li></li></ul><li>More Information<br /><br />RSA SecurBooks – Technical guides for deploying and operating RSA Solutions<br />
    48. 48. VMware Approach to Security<br />
    49. 49. vShield Products<br />Securing the Private Cloud End to End: from the Edge to the Endpoint<br />vShield App and Zones<br />Security Zone<br />Endpoint = VM <br />Edge<br />vShield Edge<br />vShield Endpoint<br />vShield Manager<br />Endpoint = VM <br />Create segmentation between enclaves or silos of workloads<br />Secure the edge of the virtual datacenter<br />Offload anti-virus processing<br />Centralized Management<br />DMZ<br />Application 1<br />Application 2<br />VMware vSphere<br />VMware vSphere<br />
    50. 50.
    51. 51. Q&A<br />