McAfee MOVE / Endpoint Security    Marco Schultes02.06.2011Marco Schultes - netlogix Hausmesse LIVE/11   1
Was IST eigentlich McAfee MOVE?    Management for          Optimized Virtual      Environments                            ...
Aber warum optimiert?Heutige (AntiVirus)-Applikationen sindnicht für virtuelleUmgebungenprogrammiert, nicht„hypervisor awa...
MOVE - die neue Plattform zurAbsicherung virtueller Umgebungen„MOVE is a new strategic Platform and NOT a single Product“ ...
AntiVirus OptimierungDie Probleme des Administrators                                  5
Problem #1 - Virtuelle Server“Klassisches AV frisst CPU-Leistung”                             Individuelle                ...
Problem #2 - Virtuelle Server“READ-ONLY Images”                                Virtual     Virtual    Offline             ...
Problem #3 - Virtuelle Desktops    “AV-Storming”Organisatorische  Probleme•   Kapazitätsplanung•   Zeitplanung•   VM-Dicht...
McAfee MOVE-AV für Server und VDI              VM                 VM                MOVE                                  ...
FeaturesEffizientes Security-Management – Volle ePO-Integration – Hypervisor-unabhängig (Vmware     ESX / Citrix XenServer...
McAfee MOVEEin technischer Überblick                            11
Optimiertes File Scanning1.   Lokaler Scan Cache2.   Globaler Scan Cache3.   File scannen4.   Artemis Anbindung           ...
Advanced File Caching•   Reduziert den Scan Overhead     – Durch effizienten Einsatz von Caches     – Lokaler Scan Cache a...
Traditionelles AV vs. MOVE AV                                14
McAfee Plattform-Test auf Citrix XenServer                                 A/V within the guest                  Offloadin...
MOVE Agent in Action                       16
MOVE Konfiguration      Bis zu 2 Scan-Server können angegeben werden            (virtuelle oder physikalische Server)     ...
Security Dashboards / Reports                                18
Hypervisor-aware Scheduler                             19
Verhindert „AV Storming“     Scan wird verhindert, da die Hypervisor-Auslastung zu hoch ist                               ...
Zusammenfassung     •   Erhöhen der virtuellen Server Security mit         minimalen Performance-Auswirkungen     •   Akti...
McAfee Data Protection                         22
McAfee Data ProtectionMcAfee Data Loss Prevention                              McAfee Device ControlFull control and absol...
Data Breaches Don’t Discriminate    “DuPont scientist downloaded                    “Royal London Mutual Insurance     22,...
ChallengeHow best to protect confidential corporate data on mobile devices from loss, theft, or exposure                  ...
McAfee Endpoint Encryption                            You need                            •   Encryption for laptops, desk...
Solution: Full Disk EncryptionWhy encrypt?   – Every disk drive in an organization eventually leaves said organization    ...
Solution: Full Disk EncryptionFull Disk Encryption• No data access without proper authentication• Complete, proven protect...
Security Details MatterCC EAL 4 and FIPS 140-2 Level 2 validation     – Proves the security level by an independent bodyAE...
Upcoming SlideShare
Loading in …5
×

McAfee MOVE & Endpoint Security

2,352 views

Published on

McAfee MOVE (Management for Optimized Virtual Environments) bietet Sicherheitsmanagement für virtuelle Umgebungen. Außerdem werden Lösungen für Endpoint Security vorgestellt.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,352
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

McAfee MOVE & Endpoint Security

  1. 1. McAfee MOVE / Endpoint Security Marco Schultes02.06.2011Marco Schultes - netlogix Hausmesse LIVE/11 1
  2. 2. Was IST eigentlich McAfee MOVE? Management for Optimized Virtual Environments 22
  3. 3. Aber warum optimiert?Heutige (AntiVirus)-Applikationen sindnicht für virtuelleUmgebungenprogrammiert, nicht„hypervisor aware“und deshalb sehrverschwenderischim Umgang mitRessourcen. 3
  4. 4. MOVE - die neue Plattform zurAbsicherung virtueller Umgebungen„MOVE is a new strategic Platform and NOT a single Product“ HIPS Plug-in AV for Server Plug-in File Encryption AV for Plug-in McAfee MOVE VDI‘s Platform Plug-in Site SIA Adivsor Partner Plug-in Device Plug-in Control Plug-in 4
  5. 5. AntiVirus OptimierungDie Probleme des Administrators 5
  6. 6. Problem #1 - Virtuelle Server“Klassisches AV frisst CPU-Leistung” Individuelle Konsolidierte Server ServerCPU & I/O Utilization On-Access Scans 3-5% CPU-Last auf 30% mit 10 virtuellen Maschinen individuellen Maschinen On-Demand Scans 50-70% Last auf individuellen Drei gleichzeitige Scans Maschinen können den Host in die Knie zwingen 6
  7. 7. Problem #2 - Virtuelle Server“READ-ONLY Images” Virtual Virtual Offline Machine Machine Virtual Image• READ-ONLY & Offline Apps Apps Apps Images können nicht gepatched werden OS OS OS und keine DAT- Hypervisor Updates erhalten 7
  8. 8. Problem #3 - Virtuelle Desktops “AV-Storming”Organisatorische Probleme• Kapazitätsplanung• Zeitplanung• VM-Dichte auf dem Hypervisor• Verschiedene Management-Oberflächen 8
  9. 9. McAfee MOVE-AV für Server und VDI VM VM MOVE Virtual Appliance Applications Applications MOVE Off-load MOVE Processing OS OS Hypervisor ePO McAfee ePO MOVE AV for VDI’s Client • On-Access Scanning (OAS) • On-Demand Scanning (ODS) (angekündigt)Virtual Desktop • Updates nur auf MOVE Virtual Appliance nötig Client MOVE AV for Virtual Servers • Scan basierend auf Hypervisor-Auslastung Virtual Desktop • On-Demand Scanning (ODS) • Offline Scanning (OVI) • On-Access Scanning (OAS) (angekündigt) 9
  10. 10. FeaturesEffizientes Security-Management – Volle ePO-Integration – Hypervisor-unabhängig (Vmware ESX / Citrix XenServer / MS HyperV (angekündigt) – Offline Virenscan – Hypervisor-lastabhängig – Security Dashboards/Reports per Hypervisor 10
  11. 11. McAfee MOVEEin technischer Überblick 11
  12. 12. Optimiertes File Scanning1. Lokaler Scan Cache2. Globaler Scan Cache3. File scannen4. Artemis Anbindung 3 2 1 4 abc abc Scan abc ac def gi def gi def def g ii g Engine Hypervisor Artemis 12
  13. 13. Advanced File Caching• Reduziert den Scan Overhead – Durch effizienten Einsatz von Caches – Lokaler Scan Cache auf der VM – Globaler Scan Cache auf der Scan Engine ePO Server Scan abc abc abc def gi def gi abc def def g ii g Engine Hypervisor MOVE Cache Synchronization Protocol Server 13
  14. 14. Traditionelles AV vs. MOVE AV 14
  15. 15. McAfee Plattform-Test auf Citrix XenServer A/V within the guest Offloading A/V with MOVEMemory Consumption 60-120MB+ ~20MB(per VM)Peak CPU Usage (per 80-100% <10%hypervisor)VM Density X 3XScanning Resource YES NOUtilization (Offloaded to Virtual Appliance)DAT Update Resource YES NOUtilization (Offloaded to Virtual Appliance) The product plans, specifications and descriptions herein are provided for information only, subject to change without notice, results may vary and without warranty of any kind, express or implied 15
  16. 16. MOVE Agent in Action 16
  17. 17. MOVE Konfiguration Bis zu 2 Scan-Server können angegeben werden (virtuelle oder physikalische Server) 17
  18. 18. Security Dashboards / Reports 18
  19. 19. Hypervisor-aware Scheduler 19
  20. 20. Verhindert „AV Storming“ Scan wird verhindert, da die Hypervisor-Auslastung zu hoch ist 20
  21. 21. Zusammenfassung • Erhöhen der virtuellen Server Security mit minimalen Performance-Auswirkungen • Aktivieren von VDI Security bei gleichzeitig hoher VM Dichte pro Hypervisor • (Zeit-)Einsparungen durch vereinfachtes zentrales Management über ePO • Unabhängig vom Hypervisor – ESX / XenServer / Hyper-V 21
  22. 22. McAfee Data Protection 22
  23. 23. McAfee Data ProtectionMcAfee Data Loss Prevention McAfee Device ControlFull control and absolute Prevent unauthorized usevisibility over user behavior of removable media Data Loss Device devices Prevention ControlMcAfee Total IntegratedProtection™ technologies forfor Data total data protection Endpoint Encrypted Encryption USBMcAfee Endpoint Encryption McAfee Encrypted USBFull disk, mobile device, and Secure, portable externalfile and folder encryption storage devicescoupled with strongauthentication 23
  24. 24. Data Breaches Don’t Discriminate “DuPont scientist downloaded “Royal London Mutual Insurance 22,000 sensitive documents as he Society loses eight laptops and the got ready to take a job with a personal details of 2,135 people” competitor…” SC Magazine“The FSA has fined “Personal data of “ChoicePoint to payNationwide £980,000 600,000 on lost $15 million over datafor a stolen laptop” laptop” breach—Data broker sold info on 163,000 people” 24
  25. 25. ChallengeHow best to protect confidential corporate data on mobile devices from loss, theft, or exposure to unauthorized parties? – Laptops lost or stolen in airports, taxis and hotels cost companies an average of $49,2461 – 36% of data breaches were due to lost or stolen laptop computers • Average cost is $6.75 million per breach2 – Best practices: “Ensure that portable data-bearing devices…are encrypted”2 – “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if encrypted or destroyed”3 – Staying out of the news 1 Ponemon 2 Ponemon, 2009 Cost of a Data Breach 3 HIPAA DHHS Guidance 2009 25
  26. 26. McAfee Endpoint Encryption You need • Encryption for laptops, desktops, and mobile devices with the flexibility to choose full disk or file and folder encryption Data Loss Device • Confidence in integrity of sensitive data when a Prevention Control device is lost or stolen • Safe Harbor protection McAfee offers • Broad support for laptops, desktops, and mobile devices Endpoint Encrypted Encryption USB • Full audit trails for compliance & auditing needs • Support for multiple strong authentication methods • Certifications: FIPS 140-2, Common Criteria Level 4 (highest level for software products), BITS, CSIA, etc. 26
  27. 27. Solution: Full Disk EncryptionWhy encrypt? – Every disk drive in an organization eventually leaves said organization • Natural retirement/replacement • Loss • Theft – Knowing what sensitive information is on a given drive is difficult • Avoids having to classify data to decide what to protect – Applications use a myriad of “hidden” temp files that contain your dataData protection made easy – Simple to deploy – Nearly transparent user experience 27
  28. 28. Solution: Full Disk EncryptionFull Disk Encryption• No data access without proper authentication• Complete, proven protection against loss and theft• Extensible complement to other data protection technologies like file encryption, encrypted USB drives, and DLPHow does it work?• Disk drive is fully encrypted, sector A through sector Z• As new information is created, it is encrypted on-the-fly• A unique, per-device recovery token is used to handle normal “lost password” situations 28
  29. 29. Security Details MatterCC EAL 4 and FIPS 140-2 Level 2 validation – Proves the security level by an independent bodyAES 256-bit encryption – Encryption on-the-fly using strong algorithmsUp to three-factor authentication – McAfee Endpoint Encryption offers a strong pre- boot authentication – Support for various smart cards, USB tokens and biometric devicesePO compliance reporting and deployment – Identify non-encrypted machines – Deploy using McAfee ePOBusiness continuity – McAfee Endpoint Encryption offers offline challenge-response recovery – Reduce costs using our local user self-recovery (questions + answers) 29

×