5. @NTXISSA #NTXISSACSC3
Act 1 - Tenants of Traditional Server Security
NTX ISSA Cyber Security Conference – October 2-3, 2015 5
• Servers in a trusted network
• Segmentation for added protection
• Anti-malware (virus) for all servers,
added security capability for critical
servers
• Security had time to plan, test &
deploy for each new application
• Provisioned with plentiful overhead
Servers viewed as “investments”
6. @NTXISSA #NTXISSACSC3
Act 2 - Server Virtualization – A New Dawn
• Economic benefit to adoption
• Combatting data center sprawl
• Physical servers more powerful
• Pressure applied on Security to be:
• Faster
• More efficient
• More accurate
• Traditional tools proved adequate
NTX ISSA Cyber Security Conference – October 2-3, 2015 6
7. @NTXISSA #NTXISSACSC3
Virtualization Impacts Traditional Security
• Servers in a trusted network
• Segmentation for added protection
(shared hardware = segmentation
challenges)
• Anti-malware (virus) for all servers,
added security products for critical
servers
(difficult given VM density, overhead
impact and licensing)
• Security had time to test & deploy for
each new application
(policies and images became more
powerful)
• Provision with plentiful overhead
(at odds with VM density)
NTX ISSA Cyber Security Conference – October 2-3, 2015 7
8. @NTXISSA #NTXISSACSC3
Act 3 - Server Workloads - The Next Wave
• Utility Computing
• Cloud servers or “Cloud server workloads in the data center, public cloud,
private cloud or any combination
• These server workloads are:
• On-demand, Elastic and Agile
• Cloned, Orchestrated and Automated
• Often short-lived
• Can be “containers” (i.e. Docker)
• Possibly never patched
• Part of an overall movement of deploying and updating faster (DevOps)
NTX ISSA Cyber Security Conference – October 2-3, 2015 8
9. @NTXISSA #NTXISSACSC3
Critical Server Instances
Data Center Architecture Changes
NTX ISSA Cyber Security Conference – October 2-3, 2015 9
Non-Critical Server Instances
- Anti-Malware
Semi-critical
Server Instances
On-server security:
- Anti-Malware
- Vulnerability Scan
Critical
Server Instances
On-server security:
- Anti-Malware
- Vulnerability Scan
- Config. Monitor
- HIPS/HIDS
- FIM
Internet
Data CenterPublic Cloud
Some Semi-critical
Server Instances
On-server security:
- Anti-Malware
- Vulnerability Scan
10. @NTXISSA #NTXISSACSC3
Server Workloads Break Security
• Servers in a trusted network
(Cloud viewed as non-trusted)
• Segmentation for added protection
(shared hardware = segmentation
challenges)
• Anti-malware (virus) for all servers,
added security products for critical
servers
(difficult given VM density, overhead
impact and licensing)
• Security had time to test & deploy for
each new application
(Security must move faster often with
little lead time)
• Provision with plentiful overhead
(at odds with VM density)
NTX ISSA Cyber Security Conference – October 2-3, 2015 10
Servers viewed as
“application building blocks”
11. @NTXISSA #NTXISSACSC3
• Public Cloud servers only accessible from inside the data center’s
trusted network
• Positioned by many cloud providers to resolve “Tenant #1”
• “Servers in a trusted network…”
• Issues
• Can be cost prohibitive
• May impact performance
• Does not mitigate security issues
NTX ISSA Cyber Security Conference – October 2-3, 2015 11
Cloud VPC = Bringing The Trusted Network Back?
13. @NTXISSA #NTXISSACSC3
Workload Security – The New Tenants
• Embrace the “Workload as an Application Building Block”
philosophy
• Take advantage of automation and orchestration
• Small footprints matter
• Minimize staff overhead
• Total visibility
• Limit server communication
• Integrate versus manage stand-alone
NTX ISSA Cyber Security Conference – October 2-3, 2015 13
14. @NTXISSA #NTXISSACSC3
The Basics Still Apply
• Use server (host) firewalls
• Reduce attack surface
• Manage East-West traffic
• Require multi-factor authentication
for server logins
• Monitor configurations for “drift”
• Discover & address vulnerabilities
• Monitor system file integrity
• Monitor security logs
Dump anti-malware (if you can)
NTX ISSA Cyber Security Conference – October 2-3, 2015 14
Radical Thought!!!!
15. @NTXISSA #NTXISSACSC3
Approaches to Workload Security
• Do it manually with multiple security tools
• Too time consuming
• Many consoles, difficult integration
• Use orchestration tools with multiple security tools
• Many consoles, difficult integration
• Set of security tools can consume more resources than what
they’re protecting
• Use CloudPassage® Halo®
NTX ISSA Cyber Security Conference – October 2-3, 2015 15
16. @NTXISSA #NTXISSACSC3
CloudPassage Halo: Instant Layered Security
for Every Server Workload
• One tool providing 8 layers of
visibility & enforcement
• Using less compute resources
than a single-layer point
product
• Highly automated; “set and
forget” security
• Add to gold images, protects
servers at instantiation
NTX ISSA Cyber Security Conference – October 2-3, 2015 16
17. @NTXISSA #NTXISSACSC3
CloudPassage Halo
• A Security Orchestration
Framework
• Integrated and layered security
• Automated into your workflow
• Visibility
• See vulnerabilities, configuration
errors, file integrity, access – no
matter where the workload is
• Apply controls – even
quarantine workloads
• Compliance
• Drive automation to audits
• Continuous vs. point-in-time
NTX ISSA Cyber Security Conference – October 2-3, 2015 17
20. @NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3
The Collin College Engineering Department
Collin College Student Chapter of the North Texas ISSA
North Texas ISSA (Information Systems Security Association)
NTX ISSA Cyber Security Conference – October 2-3, 2015 20
Thank you