Security automation in virtual and cloud environments v2

664 views

Published on

Virtualization security must be as dynamic as the environment it is protecting. Learn how to build security automation into your virtual and cloud computing environments by using VMware's vShield API.

In this webinar, you will learn:

1. An introduction to security automation and why it matters

2. An overview of VMware's vShield and its API

3. Real world cloud examples of how to use the vShield API for security automation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security automation in virtual and cloud environments v2

  1. 1. SECURITY AUTOMATION IN VIRTUAL AND CLOUD ENVIRONMENTS<br />Richard Park<br />Senior Product Manager<br />rpark@sourcefire.com<br />@richardpark31<br />
  2. 2. About Me<br />Virtualization<br />Cloud<br />
  3. 3. Security Automation<br />In Virtual & Cloud Environments<br />
  4. 4. “<br />The ‘fortress mentality’ is outdated – and is no longer realistic or practical… Automation will quickly become a ‘must-have’ component in the overall security strategy of every IT organization. There is simply no other way to detect threats swiftly enough, let alone to contain the damage and recover from it.<br />”<br />- Accenture Technology Vision 2011<br />
  5. 5. Presentation Outline<br />1<br />2<br />Virtualization Security Challenges<br />vShield Vision and Overview<br />4<br />3<br />Achieving the Security Automation VIsion<br />Security Integration<br />Use Cases<br />
  6. 6. Dealing With Enterprise Silos<br />Networking<br />Security<br />Server Ops<br />
  7. 7. Today’s security is often static...<br />
  8. 8. But we don’t live in a static world!<br />
  9. 9. New PCI Virtualization Guidelines<br />www.sourcefire.com/pcivirt<br />
  10. 10. <ul><li>The Niche Apps(LOB apps, Tier 2 DB, etc.)</li></ul>>60% penetration<br /><ul><li>SAP
  11. 11. Custom Java Apps
  12. 12. SharePoint
  13. 13. Exchange
  14. 14. SQL
  15. 15. Oracle
  16. 16. The Easy Apps(infrastructure, file, print)</li></ul>30% penetration<br />Inflection Point for Virtualization<br />
  17. 17. vShield Vision for Security<br />vShield is security middleware<br />between disparate devices.<br />Security products work together to adjust to changes in the environment.<br />
  18. 18. vShield as security middleware is a realistic vision for virtual environments<br />vShield Is NOT A Silver Bullet<br />≠<br />vShield<br />
  19. 19. “Code is law.”<br />Lawrence Lessig<br />
  20. 20. vShieldOverview<br />
  21. 21. Our Focus Today<br />Policy Violations<br />Application 1<br />3rd Party Vendor<br />X<br />FW rule changes<br />vShield App/Edge<br />X<br />VMware vSphere<br />
  22. 22. Example of REST API GET command<br />GET https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ----><br />(username, password)<br /><-----------------------------<br />vShield XML Ruleset<br />
  23. 23. REST API POST Command<br />POST https://10.1.1.1/api/2.0/app/firewall/datacenter01/config----><br /><------------------------------------<br />Ruleset Acknowledgement<br />
  24. 24. https://10.1.1.1/api/1.0/network/network-244/snat/rules<br />https://10.1.1.1/api/1.0/network/network-244/loadbalancer/action/start<br />https://10.1.1.1/api/1.0/zones/syslogServers<br />Examples of vShield REST Commands<br />
  25. 25. vShield and Private Cloud Provisioning<br />Provision<br />Secure<br />Maintain Security<br />Request<br />User-Initiated<br />Automated<br />Automated<br />Automated<br />User requests virtual infrastructure via Web portal<br />vCenter, vCloudAPIs are used to provision VM(s)<br />vShield APIs are used to provision VM firewall rulesets<br />Third party security products use vShield & vCenter APIs to update security configuration<br />
  26. 26. Use Case: Virtual Server Deployment<br />Virtual Server Portal<br />Step 1: User requests a VM from a Web portal<br />Your Contact Information<br />VM Configuration<br />Your Org Information, Cost Code, etc.<br />2 CPU<br />CPU<br />Region<br />2 GB<br />Memory<br />Server Type<br />40 GB<br />Lease timeframe<br />Disk Storage<br />More…<br />
  27. 27. Use Case: Virtual Server Deployment<br />Step 2: vCloud Director provisions the VM<br />
  28. 28. Step 3: Apply security group and firewall ruleset<br />Use Case: Virtual Server Deployment<br />
  29. 29. Step 4: Third party products update configuration<br />Use Case: Virtual Server Deployment<br />443<br />vShield API<br />Third Party Security Vendor<br />
  30. 30. Step 4 (optional): VM Quarantine can be used<br />Use Case: Virtual Server Deployment<br />vShield API<br />Third Party Security Vendor<br />
  31. 31. vShield and Multitenant Clouds<br />Step 3<br />Maintain Security<br />Step 2<br />Secure Cloud<br />Step 1<br />Provision Cloud<br />minutes<br />Weeks? Months?<br />
  32. 32. vShield and Multitenant Clouds<br />Step 3<br />Maintain Security<br />Step 2<br />Secure Cloud<br />Step 1<br />Provision Cloud<br />Tenant requests a datacenter<br />vCloud Director provisions a resource pool and a port group<br />vShield Edge is deployed on port group with appropriate firewall, NAT, and load balancing configuration<br />Automated<br />IT-Initiated<br />Automated<br />Update firewall configuration as required<br />
  33. 33. Use Case: Public Cloud Deployment<br />Step 1: Tenant requests datacenter<br />Resource pool and port group are provisioned<br />Port Group<br />Resource Pool<br />CPU<br />Memory<br />Storage<br />Network<br />VMware vSphere + vCenter<br />
  34. 34. Use Case: Public Cloud Deployment<br />Step 2: vShield Edge is deployed<br />SHARED SERVICES<br />Physical Datacenter<br />Virtual Datacenter<br />Tenant A<br />NAT<br />NAT<br />VMware vSphere + vCenter<br />
  35. 35. Step 3: Update firewall configuration as required<br />Virtual Datacenter<br />Tenant A<br />Use Case: Public Cloud Deployment<br />VMware vSphere + vCenter<br />
  36. 36. Change control exists for a reason!<br />
  37. 37. Virtual Environments are Dynamic<br />Source: Christofer Hoff, Virtualization & the End of Network Security<br />
  38. 38. Operation Shady RAT<br />“<br />There are only two types of Fortune 2000 companies – those that know they’ve been compromised, and those that don’t know.<br />”<br />- Dmitri Alperovitch, McAfee Threat Research<br />
  39. 39. “<br />In the past, IT has architected everything around the idea of ‘100 percent security’… there is no such thing as watertight IT security. This fortress mentality must now give way to a realistic and practical approach… the speed and frequency of attacks dictate that human responses must make way for automated capabilities.<br />”<br />- Accenture Technology Vision 2011<br />
  40. 40. ”<br />“<br />Never send a man to do a machine’s job.<br />Agent Smith<br />
  41. 41. “<br />Applications are like fish and data is like wine. Only one gets better with age.<br />”<br />James Governor, RedMonk<br />
  42. 42. vCenter Integration Becomes Crucial<br />VM and Host Inventory<br />Migration & Snapshot History<br />VM Online/Offline Status<br />
  43. 43. Security APIs Become Important<br />IDS/IPS<br />Antivirus<br />Firewall<br />API Data Exchange<br />Flow Analysis<br />Vulnerability Assessment<br />Full Packet Capture<br />
  44. 44. So How Do I Get Started?<br />So how do I get started with security automation?<br />
  45. 45. 1<br />2<br />VMware vSphere<br />Implement Security in Virtual Environments<br />Bridge the Enterprise Silos<br />4<br />3<br />Consider Open Source Vendor Integrations<br />Require vShieldIntegration and APIs <br />
  46. 46. Security Must be Dynamic and Automated<br />
  47. 47. vShield Has a Vision for Dynamic Security <br />
  48. 48. Vendors Must Evolve With Better Automation and Integration <br />

×