This document provides information about VMware, including: - VMware is headquartered in Palo Alto with over 17,800 employees worldwide and over $25 billion in revenues. - VMware promotes a software-defined data center approach using technologies like NSX for network virtualization, vSphere for compute virtualization, and vSAN for storage virtualization. - NSX allows for micro-segmentation within the data center, enabling granular security policies to be applied at the workload level for improved security compared to traditional perimeter-based approaches. - VMware AppDefense provides visibility and control over the application lifecycle to detect deviations from intended application behavior and automate security responses.

1. © 2014 VMware Inc. All rights reserved.
Paul Penn - ppenn@vmware.com
Sales Director Western US
Garrett Kray- krayg@vmware.com
Security Specialist
Network and Security Business Unit
VMware NSX
Transforming Security

2. VMware – Who we are…
 Headquartered in Palo Alto
• Campus the size of Disneyland
 Over $25 billion in revenues
 17 years old
 Over 55,000 partners worldwide
 ~17,800 employees worldwide
 Fastest Software Company in
history to grow to $5 billion in
sales (and did it with one
product)
 Corporate Mascot: Turtle

3. VMware Software Defined Enterprise
3
Policy-based
Management &
Automation
Cloud Automation Cloud Operations Cloud Business
Software-Defined Data Center
Private
Clouds
Public
Clouds
vCHS
Virtualized Infrastructure
Abstract & Pool
Applications
End User
Computing
Desktop Mobile
Virtual Workspace
Modern SaaSTraditional
Compute Network Security Storage Availability
vSphere NSX vSAN SRM
vCenter Server
vCenter Automation Center (VCAC)
vCenter Operations
(vCOPS)
ITBM
Horizon Workspace
Horizon View
Horizon Mirage

4. Agenda
1 SDDC/NSX Overview
2 The Killer Use Case // Micro-segmentation
3 Current Customers and Benchmarks
4 VMware AppDefense
4Confidential

5. IT’S TIME FOR A NEW IT APPROACH
SLOW TECHNOLOGY
ADOPTION RATES
HIGH USER
EXPECTATIONS
SLOW
REPONSES
PRIVACY
ISSUES
INTEGRATION
PROBLEMS
SERVICE
OUTAGES
SHORTAGE
OF RIGHT
SKILLS
DECLINING BUDGET
DIFFERENT
APPLICATIONS AGING INFRASTRUCTURE
SECURITY
PROLIFERATION
OF DEVICES
FRAGMENTED
DATA CENTER
LIMITED
RESOURCES
CLOUD SILOS
SECURITY
PROLIFERATION
OF DEVICES
FRAGMENTED
DATA CENTER
CLOUD SILOS

6. We are in the 3rd fundamental structural transition in the history of IT
Client Server Cloud/MDM/SDDC
We are here
Mainframe
Mainframe
PC Revolution
Client/Server
Cloud
Cloud
• Mobile Devices & Clouds
(public & private)
• Software Defined
• Local Applications
• Minor role for networking
• Desktops & Servers
• Campus Networks
• Data Centers

7. What Is a Software-Defined Data Center (SDDC)?
7
Hardware
Software
Data center virtualization layer
Pooled compute, network, and storage capacity
Vendor independent, best price/performance/service
Simplified configuration and management
Intelligence in software
Operational model of VM for data center
Automated provisioning and configuration
CONFIDENTIAL

8. NSX value proposition
Network virtualization is at
the core of the software-
defined data center
approach
Network, storage, compute
Virtualization layer
8CONFIDENTIAL

9. Network and
security services
now in the
hypervisor
Switching
Routing Firewalling/ACLs
Load balancing
East-west firewalling
High throughput rates
Hardware independent
The Next-generation Networking Model
9CONFIDENTIAL

10. NSX value proposition
Network, storage, compute
Virtualization layer
“Network platform”
Virtual networks
10CONFIDENTIAL

11. 11
SECURITY
Architecting security as an inherent part of the
data center infrastructure
Network Virtualization
How is it being used today?
AUTOMATION
Automating IT processes to deliver IT at the
speed of business
APPLICATION CONTINUITY
Enabling applications and data to reside and
be accessible anywhere
CONFIDENTIAL

12. CONFIDENTIAL 12
Transforming Security with Micro-segmentation

13. Increased Security Spending Has Not Decreased Breaches
CONFIDENTIAL 13
IT Spend Security Spend Security Breaches
Annual Cost of Security
Breaches: $445B
(Source: Center for Strategic and
International Studies)
Security as a
Percentage of IT Spend:
2012: 11%
2015: 21 %
(Source: Forrester)
Projected Growth Rate in
IT Spend from 2014-2019:
Zero (Flat)
(Source: Gartner)

14. Digital makes reliance on data lucrative for thieves
Security investments are increasing, yet the cost of breaches are rising faster
14
Underfunding security
isn’t the problem.

15. Improved Data Center Network Security
Perimeter-centric network security has proven insufficient, and HW micro-segmentation is operationally infeasible
Little or no
lateral controls
inside perimeter
Internet Internet
Traditional Edge FW NSX dFW

16. 16
Web App DB
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
Security
Micro-segmentation | Secure End User | DMZ Anywhere
Granular Policy Enforcement
Enables zero trust security model with
policy enforced at every workload

17. CONFIDENTIAL 17
3rd Party Service Insertion with NSX

18. Advanced Services Insertion – Example: Palo Alto Networks NGFW
Internet
Security Policy
Security Admin
Traffic
Steering

19. Public Cloud Provider
Your Data Center
Your IT Governance
VMware on AWS powered by NSX

20. Coalfire Benchmark Report
CONFIDENTIAL 20
• Does VMware NSX functionally
satisfy NIST recommendations?
• Are the precepts of micro-
segmentation, as defined in the
complete definition, satisfied
conceptually and in testing by NSX?
• Can real-world threats be stopped by
NSX in E-W and N-S, using industry-
standard Penetration Testing tools?

21. Expanding Security to Scale with
the Business
Columbia Sportswear continues to stay ahead
of competitors and threats by combining
advanced, automated security inside the data
center.
“There just wasn’t a great
way to insert security in order
to address east-west traffic
between VMs, nor have the
security tied to the
applications as they moved
around dynamically.”
John Spiegel
Network Manager
Columbia Sportswear

22. CONFIDENTIAL 22
VMware AppDefense

23. Abstraction layer between infrastructure and apps
23
We call this the
“Goldilocks Zone”
We can use this zone
to transform endpoint
detection and response
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense

24. Hypervisor
IT
provisions a
new app
1
Visibility and context into application lifecycle
24
Automated collection
of intended state
across app lifecycle
IT provisions a
change to the app
3
AppDefense
notes the change
4
AppDefense
collects intended
state of the app
2
AppDefense
NSX
Insert security into
DevOps process
VMware AppDefense

25. Hypervisor
Automated detection & response
25
Compare intended state
against run-time state
to detect deviations
Automate response
through vSphere
and NSX:
• Quarantine
• Modify security policy
• Increase logging
AppDefense
NSX
Attacker
compromise
s an app
1
AppDefense
automatically
responds
2
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense

26. Hypervisor
AppDefense
NSX
Isolation from attack surface
26
Isolated environment
to monitor and control
all endpoints
AppDefense itself is
protected from attacks
Attacker
compromise
s an app
1
AppDefense is
protected from the
attack surface
2
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense

27. “Simple works, especially in
InfoSec…I can sleep easy at night
knowing that when AppDefense
detects a problem, it will respond
automatically.”
Brad Doctor
Senior Director, Information Security
VMware
VMware’s Information
Security team uses
AppDefense in our SOC to
protect the critical security
systems that secure our
business applications.
VMware Information Security – Case Study

28. Thank you