SlideShare a Scribd company logo

Privileged Access Management for the Software-Defined Network

CA Technologies
CA Technologies

New extensions to CA Privileged Access Manager significantly expand the ability of the product to protect and defend resources in VMware NSX virtualized network environments. In this session, we’ll examine and demonstrate those capabilities, which take advantage of new technologies and methods made available by the NSX infrastructure, in more detail. For more information, please visit http://cainc.to/Nv2VOe

Technology
1 of 19
Download to read offline
Privileged Access Management for the Software-Defined Network Shawn Hank Security CA Technologies Director, Presales SCT32T @shawnhank #CAWorld
2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Abstract New extensions to CA Privileged Access Manager significantly expand the ability of the product to protect and defend resources in VMware NSX virtualized network environments. In this session, we’ll examine and demonstrate those capabilities, which take advantage of new technologies and methods made available by the NSX infrastructure, in more detail. Shawn Hank CA Technologies Director, Presales
4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Network virtualization overview Decoupled Hardware Software General Purpose Networking Hardware Network Hypervisor Requirement: IP Transport Virtual Network Virtual Network Virtual Network Workload Workload Workload L2, L3, L4-7 Network Services General Purpose Server Hardware Server Hypervisor Requirement: x86 Virtual Machine Virtual Machine Virtual Machine Application Application Application x86 Environment
5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD NSX Delivers the Operational Model of a VM for the Network  Abstracts, pools, automates networking for the SDDC  Reproduces L2/3 networking, L4-7 services  Runs on any existing networking hardware  Provides scale out/distributed switching, routing, firewalling
6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Distributed firewalling An NSX network is made up of distributed network elements embedded in each hypervisor, enabling each VM to have its own firewall.  Firewalls/policies provisioned simultaneously with VMs  Policies move with their VMs  Retiring a VM deprovisions its firewall – no possibility of stale rules NSX firewalling: fully distributed, embedded in every hypervisor in the data center
7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Configure policy with Security Groups Select elements to uniquely identify application workloads Use attributes to create Security Groups Apply policies to security groups 1 2 3 ABC DEF Group XYZ App 1 OS: Windows 8 TAG: “Production”  Enforce policy based on logical constructs  Reduce configuration errors  Policy follows VM, not IP  Reduce rule sprawl and complexity Group XYZ Policy 1 “IPS for Desktops” “FW for Desktops” Policy 2 “AV for Production” “FW for Production” Element type Static Dynamic Data center Virtual net Virtual machine vNIC VM name OS type User ID Security tag Use security groups to abstract policy from application workloads.
8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Automate security operations ACTION (then)ATTRIBUTE (if) Virus found IIS.EXE Vulnerability found (old software version) “PCI” Sensitive Data Found Allow & Encrypt* Restrict access while investigating OR  Automated detection of security conditions (virus, vulnerability, etc.)  Security policies define automated actions Security operations are automated and adapt to dynamic conditions Monitor VM with IPS Quarantine VM with Firewall
9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Achieving segmentation with NSX  Each VM can now be its own perimeter  Policies align with logical groups  Control communication within a single VLAN  Prevents threats from spreading NSX segmentation simplifies network security App DMZ Services DB Perimeter firewall Finance HR IT AD NTP DHCP DNS CERT Inside firewall
10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Privileged Access Manager for VMware NSX-V™ Integration Overview VMware vCenter HTTPS (443/tcp) CA Privileged Access Manager VM Network Windows Targets: RDP (3389/tcp) HTTP (80/tcp) & HTTPS (443/tcp) … and more! Linux Targets: SSH (22/tcp) Telnet (23/tcp) HTTP (80/tcp) & HTTPS (443/tcp) … and more! VMware UIs: vCloud Automation Center vCloud Director vShield Manager vSphere Web Client … and more! Operational Dependencies: AD/LDAP/etc services RADIUS/TACACS+ servers NTP/DNS/Basic IP services SYSLOG services SAN/NAS/share (recordings) NSX Manager SSH (22/tcp) HTTPS (443/tcp) NSX Controllers SSH (22/tcp) Supported Authentication Types: Local, AD/LDAP, TACACS+, RADIUS, RSA, SMS/Mobile Token, SAML, and/or PIV/CAC/Smartcard
11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – NSX Manager REST API Proxy The last mile for full NSX Manager administration visibility  Users and scripts talk to the Proxy, not to NSX Manager, with different credentials, which may rotate on a policy or schedule  CA PAM vaults – and rotates – the NSX Manager credentials  Integrates with Application to Application (A2A) Closing the “API Loop” to the NSX management plane Consumer NSX Manager NAP NSX Manager API Proxy Logs A2A Requests Change Password Z-side Request/ResponseA-side Request/Response CA Privileged Access Manager
12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Dynamic Tagging and Grouping CA PAM Policy in lockstep with NSX Security Tags and Groups  NSX Security Tags and Groups synced with CA PAM and tied to Policies  As VMs enter/leave NSX Security Groups, CA PAM Access is provisioned/removed Synchronize CA PAM policies with changes in the NSX security posture VMware vCenter VM Network NSX Manager Sync CA Privileged Access Manager
13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Access Restrictor DFW Rules added and removed on-demand  Rules added when connections are opened and removed when closed  Removes the human element and potential for error  Enables a highly-secure “deny all” environment where exceptions are forced through CA PAM and only CA PAM may access protected resources Automatic, runtime, ephemeral Distributed Firewall Rules maintained by CA PAM Client User Target VM NSX Manager DFWCA Privileged Access Manager
14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Service Composer Integration Deep integration with Service Composer  As VMs enter or leave NSX Security Groups, CA PAM will: - Enable or disable session recording - Terminate sessions - Force CA PAM session re-authentication Trigger events in CA PAM via NSX Service Composer workflows User Session NSX Partner Ecosystem Product NSX Manager Vmware vCenter Admin Apply Tag Apply Tag Enable/Disable Session Recording Terminate Sessions Xsuite Re-Authentication CA Privileged Access Manager
15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Recommended Sessions SESSION # TITLE DATE/TIME SCT19T Defend Against Data Breaches With CA Privileged Access Management 11/18/2015 at 3:00 pm SCT07S Roadmap: Privileged Identity Management 11/19/15 at 4:30 pm SCT33S Protecting the Software-Defined Data Center from Data Breach 11/18/2015 at 2:00 pm
16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Must See Demos Positive Privileged User Authentication CA Privileged Access Manager Security Theater Fine-Grained Access Control for Servers CA Privileged Access Manager Server Control Security Theater Privileged Access Control CA Privileged Access Manager Security Theater Record and Analyze User Sessions CA Privileged Access Manager Security Theater
17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Follow On Conversations At… Smart Bar CA Privileged Access Manager Security Theater Tech Talks Defend Against Data Breaches With CA Privileged Access Management SCT19T
18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Q & A
19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD For More Information To learn more, please visit: http://cainc.to/Nv2VOe CA World ’15

Recommended

Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...
Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...
Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...CA Technologies
 
Tech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session ManagementTech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session ManagementCA Technologies
 
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in? Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in? CA Technologies
 
Getting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication SolutionGetting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication SolutionCA Technologies
 
Hands-On Lab: Using CA Mobile Application Analytics REST APIs
Hands-On Lab: Using CA Mobile Application Analytics REST APIsHands-On Lab: Using CA Mobile Application Analytics REST APIs
Hands-On Lab: Using CA Mobile Application Analytics REST APIsCA Technologies
 
See Inside the Middleware Black Box
See Inside the Middleware Black Box See Inside the Middleware Black Box
See Inside the Middleware Black Box CA Technologies
 
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...CA Technologies
 
Case Study: Molina Medicaid Solutions Transforms Healthcare Through Automation
Case Study: Molina Medicaid Solutions Transforms Healthcare Through AutomationCase Study: Molina Medicaid Solutions Transforms Healthcare Through Automation
Case Study: Molina Medicaid Solutions Transforms Healthcare Through AutomationCA Technologies
 

Recommended

Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...
Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...
Hands-On Lab: CA Spectrum : How To Leverage UI Updates For Operational Effic...CA Technologies
 
Tech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session ManagementTech Talk: Preventing Data Breaches with Risk-Aware Session Management
Tech Talk: Preventing Data Breaches with Risk-Aware Session ManagementCA Technologies
 
Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in? Knock, Knock…The Internet of Things wants to come in?
Knock, Knock…The Internet of Things wants to come in? CA Technologies
 
Getting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication SolutionGetting the Most from Your CA Advanced Authentication Solution
Getting the Most from Your CA Advanced Authentication SolutionCA Technologies
 
Hands-On Lab: Using CA Mobile Application Analytics REST APIs
Hands-On Lab: Using CA Mobile Application Analytics REST APIsHands-On Lab: Using CA Mobile Application Analytics REST APIs
Hands-On Lab: Using CA Mobile Application Analytics REST APIsCA Technologies
 
See Inside the Middleware Black Box
See Inside the Middleware Black Box See Inside the Middleware Black Box
See Inside the Middleware Black Box CA Technologies
 
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...
Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...CA Technologies
 
Case Study: Molina Medicaid Solutions Transforms Healthcare Through Automation
Case Study: Molina Medicaid Solutions Transforms Healthcare Through AutomationCase Study: Molina Medicaid Solutions Transforms Healthcare Through Automation
Case Study: Molina Medicaid Solutions Transforms Healthcare Through AutomationCA Technologies
 
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...CA Technologies
 
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...CA Technologies
 
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?CA Technologies
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Technologies
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...CA Technologies
 
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...CA Technologies
 
Explore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsExplore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsCA Technologies
 
CA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and GreatestCA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and GreatestCA Technologies
 
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...CA Technologies
 
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...CA Technologies
 
Pre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash CoursePre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash CourseCA Technologies
 
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...CA Technologies
 
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...CA Technologies
 
How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...CA Technologies
 
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...CA Technologies
 
CA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent BystanderCA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent BystanderCA Technologies
 
Delivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen ApplicationsDelivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen ApplicationsCA Technologies
 
Server Monitoring Battles
Server Monitoring BattlesServer Monitoring Battles
Server Monitoring BattlesCA Technologies
 
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...CA Technologies
 
Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management CA Technologies
 
Deep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access ManagerDeep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access ManagerCA Technologies
 
Pre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach PreventionPre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach PreventionCA Technologies
 

More Related Content

What's hot

Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...CA Technologies
 
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...CA Technologies
 
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?CA Technologies
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Technologies
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...CA Technologies
 
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...CA Technologies
 
Explore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsExplore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsCA Technologies
 
CA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and GreatestCA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and GreatestCA Technologies
 
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...CA Technologies
 
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...CA Technologies
 
Pre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash CoursePre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash CourseCA Technologies
 
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...CA Technologies
 
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...CA Technologies
 
How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...CA Technologies
 
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...CA Technologies
 
CA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent BystanderCA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent BystanderCA Technologies
 
Delivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen ApplicationsDelivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen ApplicationsCA Technologies
 
Server Monitoring Battles
Server Monitoring BattlesServer Monitoring Battles
Server Monitoring BattlesCA Technologies
 
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...CA Technologies
 
Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management CA Technologies
 

What's hot (20)

Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
Technology Primer: Monitor Node.js App Performance and the Impact to DevOps w...
 
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
Hands-On Lab: Quickly Identify the Fault Domain – Is It the Network, the Se...
 
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and Better
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
 
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
Speed time to value with CA IAM solutions deployed on Docker, Kubernetes, and...
 
Explore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration TopicsExplore Advanced CA Release Automation Configuration Topics
Explore Advanced CA Release Automation Configuration Topics
 
CA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and GreatestCA Service Virtualization 9.0—What's the Latest and Greatest
CA Service Virtualization 9.0—What's the Latest and Greatest
 
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
Pre-Con Education: How to Deliver a "5-Star" Mobile App Experience With CA ...
 
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
TechTalk: Extend Existing Architectures to Digital Endpoints with CA API Mana...
 
Pre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash CoursePre-Con Education: CA Service Operations Insight Power User Crash Course
Pre-Con Education: CA Service Operations Insight Power User Crash Course
 
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
CA ACF2™ and CA Top Secret® Part 1: The Road Leading to r16 and Capabilities ...
 
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
CA UIM for z Systems Technical Deep Dive: Get the Right People Solving Probl...
 
How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...How to Increase User Accountability by Eliminating the Default User in Unix S...
How to Increase User Accountability by Eliminating the Default User in Unix S...
 
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
Tech Talk: Harness the Power of Innovations Like Microservice Architecture an...
 
CA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent BystanderCA Single Sign-On (CA SSO), The Innocent Bystander
CA Single Sign-On (CA SSO), The Innocent Bystander
 
Delivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen ApplicationsDelivering CICS Web Services for CA Gen Applications
Delivering CICS Web Services for CA Gen Applications
 
Server Monitoring Battles
Server Monitoring BattlesServer Monitoring Battles
Server Monitoring Battles
 
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
How to Get Your Life Back: Succeeding at Software Asset Management (SAM) at F...
 
Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management Hands-On Labs: Introduction to CA Unified Infrastructure Management
Hands-On Labs: Introduction to CA Unified Infrastructure Management
 

Viewers also liked

Deep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access ManagerDeep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access ManagerCA Technologies
 
Pre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach PreventionPre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach PreventionCA Technologies
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachCA Technologies
 
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...CA Technologies
 
Pre-Con Ed: Privileged Access Management for Hybrid Enterprises
Pre-Con Ed: Privileged Access Management for Hybrid EnterprisesPre-Con Ed: Privileged Access Management for Hybrid Enterprises
Pre-Con Ed: Privileged Access Management for Hybrid EnterprisesCA Technologies
 
Privleged Access Management
Privleged Access ManagementPrivleged Access Management
Privleged Access ManagementLance Peterman
 
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4CA Technologies
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...DialogueScience
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 

Viewers also liked (11)

Deep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access ManagerDeep Dive: CA Privileged Access Manager
Deep Dive: CA Privileged Access Manager
 
Pre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach PreventionPre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
Pre-Con Ed: Governance of Privileged Identities—Key to Breach Prevention
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
 
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...
How Do US and EU Cybersecurity and Data Protection Policy Developments Impact...
 
Pre-Con Ed: Privileged Access Management for Hybrid Enterprises
Pre-Con Ed: Privileged Access Management for Hybrid EnterprisesPre-Con Ed: Privileged Access Management for Hybrid Enterprises
Pre-Con Ed: Privileged Access Management for Hybrid Enterprises
 
Privleged Access Management
Privleged Access ManagementPrivleged Access Management
Privleged Access Management
 
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4
Pre-Con Ed: Deep Dive into CA Workload Automation ESP 11.4
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...
CYBERARK - ЗАЩИТА ПРИВИЛЕГИРОВАННЫХ УЧЕТНЫХ ЗАПИСЕЙ ОТ ВНУТРЕННИХ И ВНЕШНИХ К...
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
 

Similar to Privileged Access Management for the Software-Defined Network

Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMwareAngel Villar Garea
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...CA Technologies
 
Designing CloudStack Clouds
Designing CloudStack CloudsDesigning CloudStack Clouds
Designing CloudStack CloudsShapeBlue
 
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxNSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxAvi Networks
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingAvi Networks
 
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...VMworld
 
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...CA Technologies
 
What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)Avi Networks
 
Breeze overview
Breeze overviewBreeze overview
Breeze overviewYang Cheng
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbourIT
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 

Similar to Privileged Access Management for the Software-Defined Network (20)

Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
Demo to Prepare for “Hands-On Lab: Take a Deep Dive with Experts Who Have Int...
 
Designing CloudStack Clouds
Designing CloudStack CloudsDesigning CloudStack Clouds
Designing CloudStack Clouds
 
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxNSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load Balancing
 
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...
 
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...
Technology Primer: New Cloud Monitoring Capabilities in CA Unified Infrastruc...
 
What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)
 
Breeze overview
Breeze overviewBreeze overview
Breeze overview
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
Harbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 WrapHarbour IT & VMware - vForum 2010 Wrap
Harbour IT & VMware - vForum 2010 Wrap
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 

More from CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 

More from CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Privileged Access Management for the Software-Defined Network

  • 1. Privileged Access Management for the Software-Defined Network Shawn Hank Security CA Technologies Director, Presales SCT32T @shawnhank #CAWorld
  • 2. 2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
  • 3. 3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Abstract New extensions to CA Privileged Access Manager significantly expand the ability of the product to protect and defend resources in VMware NSX virtualized network environments. In this session, we’ll examine and demonstrate those capabilities, which take advantage of new technologies and methods made available by the NSX infrastructure, in more detail. Shawn Hank CA Technologies Director, Presales
  • 4. 4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Network virtualization overview Decoupled Hardware Software General Purpose Networking Hardware Network Hypervisor Requirement: IP Transport Virtual Network Virtual Network Virtual Network Workload Workload Workload L2, L3, L4-7 Network Services General Purpose Server Hardware Server Hypervisor Requirement: x86 Virtual Machine Virtual Machine Virtual Machine Application Application Application x86 Environment
  • 5. 5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD NSX Delivers the Operational Model of a VM for the Network  Abstracts, pools, automates networking for the SDDC  Reproduces L2/3 networking, L4-7 services  Runs on any existing networking hardware  Provides scale out/distributed switching, routing, firewalling
  • 6. 6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Distributed firewalling An NSX network is made up of distributed network elements embedded in each hypervisor, enabling each VM to have its own firewall.  Firewalls/policies provisioned simultaneously with VMs  Policies move with their VMs  Retiring a VM deprovisions its firewall – no possibility of stale rules NSX firewalling: fully distributed, embedded in every hypervisor in the data center
  • 7. 7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Configure policy with Security Groups Select elements to uniquely identify application workloads Use attributes to create Security Groups Apply policies to security groups 1 2 3 ABC DEF Group XYZ App 1 OS: Windows 8 TAG: “Production”  Enforce policy based on logical constructs  Reduce configuration errors  Policy follows VM, not IP  Reduce rule sprawl and complexity Group XYZ Policy 1 “IPS for Desktops” “FW for Desktops” Policy 2 “AV for Production” “FW for Production” Element type Static Dynamic Data center Virtual net Virtual machine vNIC VM name OS type User ID Security tag Use security groups to abstract policy from application workloads.
  • 8. 8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Automate security operations ACTION (then)ATTRIBUTE (if) Virus found IIS.EXE Vulnerability found (old software version) “PCI” Sensitive Data Found Allow & Encrypt* Restrict access while investigating OR  Automated detection of security conditions (virus, vulnerability, etc.)  Security policies define automated actions Security operations are automated and adapt to dynamic conditions Monitor VM with IPS Quarantine VM with Firewall
  • 9. 9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Achieving segmentation with NSX  Each VM can now be its own perimeter  Policies align with logical groups  Control communication within a single VLAN  Prevents threats from spreading NSX segmentation simplifies network security App DMZ Services DB Perimeter firewall Finance HR IT AD NTP DHCP DNS CERT Inside firewall
  • 10. 10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA Privileged Access Manager for VMware NSX-V™ Integration Overview VMware vCenter HTTPS (443/tcp) CA Privileged Access Manager VM Network Windows Targets: RDP (3389/tcp) HTTP (80/tcp) & HTTPS (443/tcp) … and more! Linux Targets: SSH (22/tcp) Telnet (23/tcp) HTTP (80/tcp) & HTTPS (443/tcp) … and more! VMware UIs: vCloud Automation Center vCloud Director vShield Manager vSphere Web Client … and more! Operational Dependencies: AD/LDAP/etc services RADIUS/TACACS+ servers NTP/DNS/Basic IP services SYSLOG services SAN/NAS/share (recordings) NSX Manager SSH (22/tcp) HTTPS (443/tcp) NSX Controllers SSH (22/tcp) Supported Authentication Types: Local, AD/LDAP, TACACS+, RADIUS, RSA, SMS/Mobile Token, SAML, and/or PIV/CAC/Smartcard
  • 11. 11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – NSX Manager REST API Proxy The last mile for full NSX Manager administration visibility  Users and scripts talk to the Proxy, not to NSX Manager, with different credentials, which may rotate on a policy or schedule  CA PAM vaults – and rotates – the NSX Manager credentials  Integrates with Application to Application (A2A) Closing the “API Loop” to the NSX management plane Consumer NSX Manager NAP NSX Manager API Proxy Logs A2A Requests Change Password Z-side Request/ResponseA-side Request/Response CA Privileged Access Manager
  • 12. 12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Dynamic Tagging and Grouping CA PAM Policy in lockstep with NSX Security Tags and Groups  NSX Security Tags and Groups synced with CA PAM and tied to Policies  As VMs enter/leave NSX Security Groups, CA PAM Access is provisioned/removed Synchronize CA PAM policies with changes in the NSX security posture VMware vCenter VM Network NSX Manager Sync CA Privileged Access Manager
  • 13. 13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Access Restrictor DFW Rules added and removed on-demand  Rules added when connections are opened and removed when closed  Removes the human element and potential for error  Enables a highly-secure “deny all” environment where exceptions are forced through CA PAM and only CA PAM may access protected resources Automatic, runtime, ephemeral Distributed Firewall Rules maintained by CA PAM Client User Target VM NSX Manager DFWCA Privileged Access Manager
  • 14. 14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD CA PAM for VMware NSX – Service Composer Integration Deep integration with Service Composer  As VMs enter or leave NSX Security Groups, CA PAM will: - Enable or disable session recording - Terminate sessions - Force CA PAM session re-authentication Trigger events in CA PAM via NSX Service Composer workflows User Session NSX Partner Ecosystem Product NSX Manager Vmware vCenter Admin Apply Tag Apply Tag Enable/Disable Session Recording Terminate Sessions Xsuite Re-Authentication CA Privileged Access Manager
  • 15. 15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Recommended Sessions SESSION # TITLE DATE/TIME SCT19T Defend Against Data Breaches With CA Privileged Access Management 11/18/2015 at 3:00 pm SCT07S Roadmap: Privileged Identity Management 11/19/15 at 4:30 pm SCT33S Protecting the Software-Defined Data Center from Data Breach 11/18/2015 at 2:00 pm
  • 16. 16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Must See Demos Positive Privileged User Authentication CA Privileged Access Manager Security Theater Fine-Grained Access Control for Servers CA Privileged Access Manager Server Control Security Theater Privileged Access Control CA Privileged Access Manager Security Theater Record and Analyze User Sessions CA Privileged Access Manager Security Theater
  • 17. 17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Follow On Conversations At… Smart Bar CA Privileged Access Manager Security Theater Tech Talks Defend Against Data Breaches With CA Privileged Access Management SCT19T
  • 18. 18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Q & A
  • 19. 19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD For More Information To learn more, please visit: http://cainc.to/Nv2VOe CA World ’15