SlideShare a Scribd company logo

Ibm security virtual server protection

E-Government Center Moldova
E-Government Center Moldova
1 of 22
IBM Security Systems Protecting Virtualized Environments with IBM Security Virtual Server Protection Chisinau Feb 15, 2013 Adrian Aldea EMEA Security Tiger Team © 2012 IBM Corporation 1 © 2012 IBM Corporation
IBM Security Systems Agenda Protecting Virtual Servers in a Cloud Environment Virtualization Security Landscape IBM Security Virtual Server Protection Conclusion 2 © 2012 IBM Corporation 2 © 2012 IBM Corporation © 2012 IBM Corporation
IBM Security Systems Roadmap Information Notice – Information subject to change until products are announced. IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release and timing of any future features or functionality described for our products remains at our sole discretion. © 2012 IBM Corporation
IBM Security Systems Virtualization Security Landscape 4 © 2012 IBM Corporation © 2012 IBM Corporation
IBM Security Systems Summary of Virtualization System Security Challenges New Vulnerabilities •259 new virtualization vulnerabilities over the last 5 years •New attack types (e.g. Hyperjacking, hypervisor escape, VM attacks) Larger Attack Surface •Virtual endpoints have same security challenges as their physical counterparts •Virtualization management systems provide new attack vector •Hypervisor itself is an attack vector Increased flexibility can increase security risk •Migration of VMs for load balancing can make them more difficult to secure •Ease of addition of VMs increases likelihood that insecure systems will go online •Malicious insiders can inflict massive damage very quickly © 2012 IBM Corporation
IBM Security Systems Virtualization Platform Vulnerabilities © 2012 IBM Corporation
IBM Security Systems Three reasons you need virtualization infrastructure protection Need How IBM Virtual Server Protection for VMware® helps Mitigate new risks and Provides dynamic complexities introduced protection for every layer of by Virtualization the virtual infrastructure Maintain compliance Helps meet regulatory compliance standards and by providing security and reporting regulations functionality customized for the virtual infrastructure Increases ROI of the virtual Drive operational infrastructure by maximizing efficiency capacity utilization (VM density) © 2012 IBM Corporation
IBM Security Systems IBM Security Virtual Server Protection 8 © 2012 IBM Corporation © 2012 IBM Corporation
IBM Security Systems IBM Security Virtual Server Protection for VMware Integrated threat protection for VMware vSphere Helps customers to be more secure, compliant and cost-effective by delivering integrated and optimized security for virtual data centers. VMsafe Integration Firewall and Intrusion Prevention Rootkit Detection/Prevention Inter-VM Traffic Analysis Automated Protection for Mobile VMs (VMotion) Virtual Network Segment Protection Virtual Network-Level Protection Virtual Infrastructure Auditing (Privileged User) Virtual Network Access Control © 2012 IBM Corporation
IBM Security Systems Host-based Protection vs. Hypervisor Integrated Protection Host-Based Agent Virtual Server Protection Firewall functions only in the Firewall enforces virtual Isolation context of the VM Isolation network-wide policy Attack Attack Secures all virtual machines Requires agent to be present Prevention Prevention automatically VM State Security is impacted by VM Security is not impacted by state change VM State VM state change Policy is enforced only within Policy is enforced outside of Security Policies Security Policies the VM and irrespective of the the VM VMs location © 2012 IBM Corporation
IBM Security Systems Virtualization Vulnerability Protection Optimal Security Controls Optimal Security Controls IBM Security Server Virtualization has introduced new Virtualization has introduced new Protection (HIPS) Virtual Server Protection attack vectors, risks, and components attack vectors, risks, and components BigFix (Patch, SCM) to the IT environment: the hypervisor to the IT environment: the hypervisor and its management system. and its management system. Vuln Vuln Admin vCenter clients Hypervisor escape, hyperjacking, and Hypervisor escape, hyperjacking, and Vuln Vuln vCenter Vuln Vuln VM man-in-the-middle attacks require VM man-in-the-middle attacks require servers an attacker to first compromise the an attacker to first compromise the Vuln Vuln Service Unprotected VM system through aaGuest VM or the system through Guest VM or the Console management infrastructure. management infrastructure. Virtual Devices Vuln Vuln VSP can reduce the risk of this type of VSP can reduce the risk of this type of Privileged Privileged Access Access breach by helping to prevent aa breach by helping to prevent successful attack against the guest VMs successful attack against the guest VMs through integration at the hypervisor through integration at the hypervisor Vuln Vuln level. level. A multi-pronged solution that matches A multi-pronged solution that matches the right security product to the the right security product to the vulnerable component can help to vulnerable component can help to prevent aasuccessful attack on the prevent successful attack on the virtualization system. virtualization system. Optimal Security Controls Proventia GX(NIPS) © 2012 IBM Corporation
IBM Security Systems Protecting a Dynamic, Distributed Environment SIEM SiteProtector Reporting Web Application Automated Database Response © 2012 IBM Corporation
IBM Security Systems Lack of Visibility Into Activity Within the Virtual Network Unauthorized communication between is prevented Attacks through authorized communication channels are stopped. © 2012 IBM Corporation
IBM Security Systems Dynamic Environment Protection Maintain security posture Abstraction from underlying irrespective of the physical server physical servers provides on which the VM resides dynamic security optimized for SiteProtector mobility ESX Server ESX Server SVM VM VM VM VM VM SVM VMSafe VMSafe vSwitch vSwitch vSwitch vSwitch © 2012 IBM Corporation
IBM Security Systems Virtual Machine Rootkit Detection Rootkits are an integral tool in aa Rootkits are an integral tool in malicious attacker’s toolkit and can be malicious attacker’s toolkit and can be Physical Host dangerous in the wrong hands. For dangerous in the wrong hands. For example, rootkits were aakey component in example, rootkits were key component in VSP VM VM VM SVM the spread of the Stuxnet worm. the spread of the Stuxnet worm. Rootkits are notoriously difficult to Rootkits are notoriously difficult to detect because they can conceal their detect because they can conceal their presence from the guest OS. presence from the guest OS. VSP can protect against rootkits by VSP can protect against rootkits by scanning the guest VM memory tables for scanning the guest VM memory tables for rootkits from the hypervisor, as opposed to rootkits from the hypervisor, as opposed to the guest VM. the guest VM. © 2012 IBM Corporation
IBM Security Systems Virtual Machine Sprawl Mitigation Strategy: Automated VM Discovery and Virtual Network Access Control •VM Sprawl: Obsolete or rogue VMs proliferating in the virtualized environment Automatically quarantine •Control VM sprawl through from network auto-discovery of assets 1.Detect VMs •Detect new VMs as they automatically Apply relevant security come on-line 2.Assess security posture policy Known Known Known Unknow Rogue Rogue SVM Guest Guest SVM Guest n Guest VM VM VM VM VM VM Hypervisor Hypervisor •Assess security posture •Ensure only approved VMs gain network access © 2012 IBM Corporation
IBM Security Systems Virtual Patch Protection for VMs The IBM X-Force Research tracks and analyzes The IBM X-Force Research tracks and analyzes every critical software vulnerability each year. every critical software vulnerability each year. Vendors quickly patch aamajority of these Vendors quickly patch majority of these vulnerabilities. However, approximately 37% of vulnerabilities. However, approximately 37% of all disclosed vulnerabilities remain all disclosed vulnerabilities remain unpatched. unpatched. Physical Host VSP VM VM VM SVM VSP can protect against un-patched VSP can protect against un-patched vulnerabilities across all Guest VMs, using IBM vulnerabilities across all Guest VMs, using IBM Virtual Patch technology. Virtual Patch technology. IBM Virtual Patch can provide zero-day IBM Virtual Patch can provide zero-day protection and reduce the need for emergency protection and reduce the need for emergency software patching. software patching. © 2012 IBM Corporation
IBM Security Systems Optimal Security Footprint Redundant instances of traditional agent-based Redundant instances of traditional agent-based security solutions can consume significant security solutions can consume significant machine resources. machine resources. Tradeoff between running aatraditional security agent Tradeoff between running traditional security agent in each VM and providing no security at all. Neither in each VM and providing no security at all. Neither approach is optimal. approach is optimal. VSP optimizes the security footprint by providing aa VSP optimizes the security footprint by providing single security VM that protects all guest VMs on that single security VM that protects all guest VMs on that physical host, providing agentless security. physical host, providing agentless security. VMware ESX/i Host The resources consumed by VSP can be carefully The resources consumed by VSP can be carefully VSP VM VM controlled. controlled. VM VM SVM VSP impact to network performance is VSP impact to network performance is minimal, as are memory and disk footprint. minimal, as are memory and disk footprint. VM VM VM VM VSP can protect all OS platforms supported by VSP can protect all OS platforms supported by VMware. VMware. © 2012 IBM Corporation
IBM Security Systems Centralized Management, Event Analysis by SiteProtector © 2012 IBM Corporation
IBM Security Systems Conclusion 20 © 2012 IBM Corporation © 2012 IBM Corporation
IBM Security Systems IBM Virtual Server Protection for VMware increases ROI of the virtual infrastructure, while reducing risk Automated Protection as each Less management overhead eliminates redundant processing tasks VM comes online – One Security Virtual Machine (SVM) per physical • Automatic Discovery server • Automated vulnerability assessment – 1:many protection-to-VM ratio • IBM Virtual Patch® technology – CPU-intensive processing removed from the guest OS and consolidated in SVM Non-intrusive Centralized Management • No reconfiguration of the virtual network – IBM Proventia® Management • No presence in the guest OS SiteProtector™ system Improved stability More CPU/memory available for workloads Reduced attack surface Protection for any guest OS • Reduction in security agents for multiple OSs © 2012 IBM Corporation 21
IBM Security Systems THANK YOU 22 © 2012 IBM Corporation © 2012 IBM Corporation

Recommended

Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
LAN Security
LAN Security LAN Security
LAN Security Syed Ubaid Ali Jafri
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloudAshok Kumar
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threatAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 

Recommended

Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
LAN Security
LAN Security LAN Security
LAN Security Syed Ubaid Ali Jafri
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloudAshok Kumar
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threatAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is VirtualizationDhrupesh Kotadiya
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 

More Related Content

What's hot

Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualizationhktripathy
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 

What's hot (20)

Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud Computing
 
Lecture5 virtualization
Lecture5 virtualizationLecture5 virtualization
Lecture5 virtualization
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisors
 
Dmz
Dmz Dmz
Dmz
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 

Similar to Ibm security virtual server protection

VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...Security Challenges in the Virtualized World IBM Virtual Server Protection fo...
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...Digicomp Academy AG
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsIBM India Smarter Computing
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environmentsArun Gopinath
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingenDesktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingenUNIT4 IT Solutions
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microCw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microTheInevitableCloud
 

Similar to Ibm security virtual server protection (20)

VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised security
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...Security Challenges in the Virtualized World IBM Virtual Server Protection fo...
Security Challenges in the Virtualized World IBM Virtual Server Protection fo...
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
 
Securing virtualization in real world environments
Securing virtualization in real world environmentsSecuring virtualization in real world environments
Securing virtualization in real world environments
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure
 
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingenDesktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 News
 
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend microCw13 securing your journey to the cloud by rami naccache-trend micro
Cw13 securing your journey to the cloud by rami naccache-trend micro
 
Campus jueves
Campus juevesCampus jueves
Campus jueves
 

More from E-Government Center Moldova

The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsE-Government Center Moldova
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucE-Government Center Moldova
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterE-Government Center Moldova
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...E-Government Center Moldova
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranE-Government Center Moldova
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielE-Government Center Moldova
 

More from E-Government Center Moldova (20)

The new era of smart
The new era of smart The new era of smart
The new era of smart
 
The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data Analytics
 
Digital Transformation by Richard Baird
Digital Transformation by Richard BairdDigital Transformation by Richard Baird
Digital Transformation by Richard Baird
 
Mpay&Mcloud
Mpay&McloudMpay&Mcloud
Mpay&Mcloud
 
Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013
 
Hannes astok data protection agency
Hannes astok data protection agencyHannes astok data protection agency
Hannes astok data protection agency
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariuc
 
Hannes astok policy development
Hannes astok policy developmentHannes astok policy development
Hannes astok policy development
 
Digital security hannes astok
Digital security hannes astokDigital security hannes astok
Digital security hannes astok
 
Assessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreAssessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto Veldre
 
MCloud operational framework
MCloud operational frameworkMCloud operational framework
MCloud operational framework
 
Arhitectura de securitate_MCloud
Arhitectura de securitate_MCloudArhitectura de securitate_MCloud
Arhitectura de securitate_MCloud
 
Ibm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloudIbm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloud
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedter
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud week
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moran
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur riel
 
4 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_20134 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_2013
 
3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud
 

Ibm security virtual server protection

  • 1. IBM Security Systems Protecting Virtualized Environments with IBM Security Virtual Server Protection Chisinau Feb 15, 2013 Adrian Aldea EMEA Security Tiger Team © 2012 IBM Corporation 1 © 2012 IBM Corporation
  • 2. IBM Security Systems Agenda Protecting Virtual Servers in a Cloud Environment Virtualization Security Landscape IBM Security Virtual Server Protection Conclusion 2 © 2012 IBM Corporation 2 © 2012 IBM Corporation © 2012 IBM Corporation
  • 3. IBM Security Systems Roadmap Information Notice – Information subject to change until products are announced. IBM’s statements regarding its plans, directions and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release and timing of any future features or functionality described for our products remains at our sole discretion. © 2012 IBM Corporation
  • 4. IBM Security Systems Virtualization Security Landscape 4 © 2012 IBM Corporation © 2012 IBM Corporation
  • 5. IBM Security Systems Summary of Virtualization System Security Challenges New Vulnerabilities •259 new virtualization vulnerabilities over the last 5 years •New attack types (e.g. Hyperjacking, hypervisor escape, VM attacks) Larger Attack Surface •Virtual endpoints have same security challenges as their physical counterparts •Virtualization management systems provide new attack vector •Hypervisor itself is an attack vector Increased flexibility can increase security risk •Migration of VMs for load balancing can make them more difficult to secure •Ease of addition of VMs increases likelihood that insecure systems will go online •Malicious insiders can inflict massive damage very quickly © 2012 IBM Corporation
  • 6. IBM Security Systems Virtualization Platform Vulnerabilities © 2012 IBM Corporation
  • 7. IBM Security Systems Three reasons you need virtualization infrastructure protection Need How IBM Virtual Server Protection for VMware® helps Mitigate new risks and Provides dynamic complexities introduced protection for every layer of by Virtualization the virtual infrastructure Maintain compliance Helps meet regulatory compliance standards and by providing security and reporting regulations functionality customized for the virtual infrastructure Increases ROI of the virtual Drive operational infrastructure by maximizing efficiency capacity utilization (VM density) © 2012 IBM Corporation
  • 8. IBM Security Systems IBM Security Virtual Server Protection 8 © 2012 IBM Corporation © 2012 IBM Corporation
  • 9. IBM Security Systems IBM Security Virtual Server Protection for VMware Integrated threat protection for VMware vSphere Helps customers to be more secure, compliant and cost-effective by delivering integrated and optimized security for virtual data centers. VMsafe Integration Firewall and Intrusion Prevention Rootkit Detection/Prevention Inter-VM Traffic Analysis Automated Protection for Mobile VMs (VMotion) Virtual Network Segment Protection Virtual Network-Level Protection Virtual Infrastructure Auditing (Privileged User) Virtual Network Access Control © 2012 IBM Corporation
  • 10. IBM Security Systems Host-based Protection vs. Hypervisor Integrated Protection Host-Based Agent Virtual Server Protection Firewall functions only in the Firewall enforces virtual Isolation context of the VM Isolation network-wide policy Attack Attack Secures all virtual machines Requires agent to be present Prevention Prevention automatically VM State Security is impacted by VM Security is not impacted by state change VM State VM state change Policy is enforced only within Policy is enforced outside of Security Policies Security Policies the VM and irrespective of the the VM VMs location © 2012 IBM Corporation
  • 11. IBM Security Systems Virtualization Vulnerability Protection Optimal Security Controls Optimal Security Controls IBM Security Server Virtualization has introduced new Virtualization has introduced new Protection (HIPS) Virtual Server Protection attack vectors, risks, and components attack vectors, risks, and components BigFix (Patch, SCM) to the IT environment: the hypervisor to the IT environment: the hypervisor and its management system. and its management system. Vuln Vuln Admin vCenter clients Hypervisor escape, hyperjacking, and Hypervisor escape, hyperjacking, and Vuln Vuln vCenter Vuln Vuln VM man-in-the-middle attacks require VM man-in-the-middle attacks require servers an attacker to first compromise the an attacker to first compromise the Vuln Vuln Service Unprotected VM system through aaGuest VM or the system through Guest VM or the Console management infrastructure. management infrastructure. Virtual Devices Vuln Vuln VSP can reduce the risk of this type of VSP can reduce the risk of this type of Privileged Privileged Access Access breach by helping to prevent aa breach by helping to prevent successful attack against the guest VMs successful attack against the guest VMs through integration at the hypervisor through integration at the hypervisor Vuln Vuln level. level. A multi-pronged solution that matches A multi-pronged solution that matches the right security product to the the right security product to the vulnerable component can help to vulnerable component can help to prevent aasuccessful attack on the prevent successful attack on the virtualization system. virtualization system. Optimal Security Controls Proventia GX(NIPS) © 2012 IBM Corporation
  • 12. IBM Security Systems Protecting a Dynamic, Distributed Environment SIEM SiteProtector Reporting Web Application Automated Database Response © 2012 IBM Corporation
  • 13. IBM Security Systems Lack of Visibility Into Activity Within the Virtual Network Unauthorized communication between is prevented Attacks through authorized communication channels are stopped. © 2012 IBM Corporation
  • 14. IBM Security Systems Dynamic Environment Protection Maintain security posture Abstraction from underlying irrespective of the physical server physical servers provides on which the VM resides dynamic security optimized for SiteProtector mobility ESX Server ESX Server SVM VM VM VM VM VM SVM VMSafe VMSafe vSwitch vSwitch vSwitch vSwitch © 2012 IBM Corporation
  • 15. IBM Security Systems Virtual Machine Rootkit Detection Rootkits are an integral tool in aa Rootkits are an integral tool in malicious attacker’s toolkit and can be malicious attacker’s toolkit and can be Physical Host dangerous in the wrong hands. For dangerous in the wrong hands. For example, rootkits were aakey component in example, rootkits were key component in VSP VM VM VM SVM the spread of the Stuxnet worm. the spread of the Stuxnet worm. Rootkits are notoriously difficult to Rootkits are notoriously difficult to detect because they can conceal their detect because they can conceal their presence from the guest OS. presence from the guest OS. VSP can protect against rootkits by VSP can protect against rootkits by scanning the guest VM memory tables for scanning the guest VM memory tables for rootkits from the hypervisor, as opposed to rootkits from the hypervisor, as opposed to the guest VM. the guest VM. © 2012 IBM Corporation
  • 16. IBM Security Systems Virtual Machine Sprawl Mitigation Strategy: Automated VM Discovery and Virtual Network Access Control •VM Sprawl: Obsolete or rogue VMs proliferating in the virtualized environment Automatically quarantine •Control VM sprawl through from network auto-discovery of assets 1.Detect VMs •Detect new VMs as they automatically Apply relevant security come on-line 2.Assess security posture policy Known Known Known Unknow Rogue Rogue SVM Guest Guest SVM Guest n Guest VM VM VM VM VM VM Hypervisor Hypervisor •Assess security posture •Ensure only approved VMs gain network access © 2012 IBM Corporation
  • 17. IBM Security Systems Virtual Patch Protection for VMs The IBM X-Force Research tracks and analyzes The IBM X-Force Research tracks and analyzes every critical software vulnerability each year. every critical software vulnerability each year. Vendors quickly patch aamajority of these Vendors quickly patch majority of these vulnerabilities. However, approximately 37% of vulnerabilities. However, approximately 37% of all disclosed vulnerabilities remain all disclosed vulnerabilities remain unpatched. unpatched. Physical Host VSP VM VM VM SVM VSP can protect against un-patched VSP can protect against un-patched vulnerabilities across all Guest VMs, using IBM vulnerabilities across all Guest VMs, using IBM Virtual Patch technology. Virtual Patch technology. IBM Virtual Patch can provide zero-day IBM Virtual Patch can provide zero-day protection and reduce the need for emergency protection and reduce the need for emergency software patching. software patching. © 2012 IBM Corporation
  • 18. IBM Security Systems Optimal Security Footprint Redundant instances of traditional agent-based Redundant instances of traditional agent-based security solutions can consume significant security solutions can consume significant machine resources. machine resources. Tradeoff between running aatraditional security agent Tradeoff between running traditional security agent in each VM and providing no security at all. Neither in each VM and providing no security at all. Neither approach is optimal. approach is optimal. VSP optimizes the security footprint by providing aa VSP optimizes the security footprint by providing single security VM that protects all guest VMs on that single security VM that protects all guest VMs on that physical host, providing agentless security. physical host, providing agentless security. VMware ESX/i Host The resources consumed by VSP can be carefully The resources consumed by VSP can be carefully VSP VM VM controlled. controlled. VM VM SVM VSP impact to network performance is VSP impact to network performance is minimal, as are memory and disk footprint. minimal, as are memory and disk footprint. VM VM VM VM VSP can protect all OS platforms supported by VSP can protect all OS platforms supported by VMware. VMware. © 2012 IBM Corporation
  • 19. IBM Security Systems Centralized Management, Event Analysis by SiteProtector © 2012 IBM Corporation
  • 20. IBM Security Systems Conclusion 20 © 2012 IBM Corporation © 2012 IBM Corporation
  • 21. IBM Security Systems IBM Virtual Server Protection for VMware increases ROI of the virtual infrastructure, while reducing risk Automated Protection as each Less management overhead eliminates redundant processing tasks VM comes online – One Security Virtual Machine (SVM) per physical • Automatic Discovery server • Automated vulnerability assessment – 1:many protection-to-VM ratio • IBM Virtual Patch® technology – CPU-intensive processing removed from the guest OS and consolidated in SVM Non-intrusive Centralized Management • No reconfiguration of the virtual network – IBM Proventia® Management • No presence in the guest OS SiteProtector™ system Improved stability More CPU/memory available for workloads Reduced attack surface Protection for any guest OS • Reduction in security agents for multiple OSs © 2012 IBM Corporation 21
  • 22. IBM Security Systems THANK YOU 22 © 2012 IBM Corporation © 2012 IBM Corporation