VMworld 2013
Jerry Breaud, VMware
Allen Shortnacy, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The document discusses Juniper network solutions for financial organizations. It outlines key network architecture requirements for financial services including segmentation, security, performance, and high availability. It then describes Juniper products that can meet these requirements, including routers, firewalls, VPN appliances, and application acceleration solutions.
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and accelerate application deployment and datacenter agility can be a phased approach that leverages your existing investment. Rapid delivery of applications to anyone, anywhere, at any time is complex—and many businesses struggle with it.
The document provides an overview of Blue Coat's product portfolio for application delivery. It discusses their proxy-based solutions for web security, acceleration, and visibility including ProxySG, ProxyAV, PacketShaper, Director, ProxyRA, WebFilter, IntelligenceCenter, PolicyCenter, Reporter, and SG Client. These solutions provide features such as web filtering, antivirus scanning, traffic shaping, remote access, and WAN optimization to secure networks and optimize application performance.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
- Better protect against costly failures in outbound web security
- Improve scalability, availability, performance, and user experience
- Consolidate application access, secure web access, reducing network footprint and device management
GatewayScript is a new JavaScript runtime for DataPower appliances that simplifies configuration for developers. Link aggregation increases network redundancy and throughput by combining multiple Ethernet interfaces. WebSockets enable full-duplex communication and DataPower can secure and route initial connections. The release also includes enhancements to OAuth 2.0 token handling and support for deploying DataPower virtual editions on Citrix XenServer.
The document discusses Juniper network solutions for financial organizations. It outlines key network architecture requirements for financial services including segmentation, security, performance, and high availability. It then describes Juniper products that can meet these requirements, including routers, firewalls, VPN appliances, and application acceleration solutions.
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and accelerate application deployment and datacenter agility can be a phased approach that leverages your existing investment. Rapid delivery of applications to anyone, anywhere, at any time is complex—and many businesses struggle with it.
The document provides an overview of Blue Coat's product portfolio for application delivery. It discusses their proxy-based solutions for web security, acceleration, and visibility including ProxySG, ProxyAV, PacketShaper, Director, ProxyRA, WebFilter, IntelligenceCenter, PolicyCenter, Reporter, and SG Client. These solutions provide features such as web filtering, antivirus scanning, traffic shaping, remote access, and WAN optimization to secure networks and optimize application performance.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Why Security Teams should care about VMwareJJDiGeronimo
The document discusses VMware's security strategy and how virtualization provides security benefits. It outlines how virtualization allows automation of manual security processes, improves forensics capabilities, and makes patching and recovery faster. VMware focuses on integrating products into existing security policies while enabling broad security for all VMs. Features like vShield Zones and VMsafe appliances provide centralized security management and protection of virtual environments. Virtualization also extends these security advantages from the datacenter to endpoint devices through portable client-side virtual machines.
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
- Better protect against costly failures in outbound web security
- Improve scalability, availability, performance, and user experience
- Consolidate application access, secure web access, reducing network footprint and device management
GatewayScript is a new JavaScript runtime for DataPower appliances that simplifies configuration for developers. Link aggregation increases network redundancy and throughput by combining multiple Ethernet interfaces. WebSockets enable full-duplex communication and DataPower can secure and route initial connections. The release also includes enhancements to OAuth 2.0 token handling and support for deploying DataPower virtual editions on Citrix XenServer.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
The document discusses Cisco's next-generation SD-WAN architecture. It notes that applications are moving to the cloud, users are accessing apps from diverse mobile devices, and the internet edge is moving to branches. The Cisco SD-WAN solution provides a secure WAN fabric with elements like the vEdge router, vSmart controller, and vBond orchestrator. It separates the control, data, and management planes and provides benefits such as application awareness, security, scalability, and simplified operations.
Caretower provides managed endpoint security services through its Security Operations Center. This includes around-the-clock monitoring and management of McAfee ePO and other endpoint security consoles. The service uses a network management system to generate tickets from the ePO console and proactively address incidents. Customers can access reporting and raise tickets through a web portal.
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
The Barracuda Web Application Firewall provides comprehensive protection against web attacks like SQL injection and cross-site scripting. It offers features such as input validation, data theft protection, load balancing, and integration with authentication databases. The firewall also enhances application delivery with capabilities like caching, compression, and SSL offloading. It is an affordable solution that provides easy management through options like delegated administration, exception profiling, and updates from Barracuda Central.
Social Distance Your IBM i from Cybersecurity RiskPrecisely
The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin?
Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees.
Topics will include:
- Protecting data with encryption and the need for strong key management
- Use Cases that are best for tokenization
- Options for permanently deidentifying data
- Securing data in motion across networks
- Complete security solution for IBM I (AS/400)
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
- Cisco's next-gen SD-WAN architecture addresses changing user and application landscapes by moving the internet edge to branches and applications to the cloud.
- It provides centralized policy enforcement and visibility for security, simplified operations, and WAN flexibility while enabling a seamless transition from traditional to SD-WAN.
- Key elements include the vEdge router, vSmart controllers, and vBond orchestration to deliver a secure, application-aware fabric across broadband, MPLS, and 4G/LTE transports.
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
The document describes Motorola's Wireless Vulnerability Assessment module. It allows remote testing of wireless network security by automatically logging into access points and simulating a hacker to identify vulnerabilities. This eliminates expensive on-site security scans. The module integrates with Motorola's AirDefense Services Platform to provide centralized and comprehensive wireless vulnerability testing across entire networks. It helps validate firewall policies and identify potential entry points to protect sensitive wired systems and data.
The document discusses how NSX security services can automate security operations and policies across virtualized environments through features like distributed firewalling, guest introspection, security groups, and integration with third-party security services. It provides an overview of how NSX improves visibility, context, performance, and automation compared to traditional network and host-based security controls. Use cases demonstrated include optimized vulnerability management and context-based isolation in VDI environments.
The document discusses federal compliance standards for information systems used by the US government, including FISMA, DIACAP, and the upcoming FedRAMP. It outlines the six step process for achieving compliance: 1) categorizing the system, 2) selecting controls, 3) implementing and documenting controls, 4) assessing controls, 5) authorizing the system, and 6) ongoing monitoring. It provides an example of how a cloud service provider like Acquia can achieve compliance for their platform by documenting the controls each party is responsible for across the application, OS stack, and infrastructure layers. Finally, it lists some specific FISMA moderate controls applicable to the Drupal content management system.
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
BigFix is a leading provider of security and systems management software. Their unified management platform provides real-time visibility and control over endpoints through a single agent and console. Key benefits shown in customer examples include reducing patch cycles from 7 days to 5 minutes and inventory cycles from 3 weeks to 20 minutes. The platform uses intelligent agents that perform continuous self-assessment and policy enforcement with minimal system impact.
The document provides best practices for Cisco Identity Services Engine (ISE) configurations. It discusses recommendations for wired and wireless dot1x configurations, redirected flows, upgrading to ISE 2.0, and configuring mobile device management (MDM) authorization policies across different ISE versions. Key recommendations include enabling radius server dead detection, using policy sets to optimize policy lookups, and configuring separate authorization policies for MDM redirection and registered devices.
This document discusses IBM DataPower PCI solutions. It provides an overview of the Payment Card Industry Data Security Standard (PCI DSS) and its requirements. It then describes how IBM DataPower appliances can help organizations meet many of the PCI DSS requirements by providing functions like firewalling, encryption, access control, logging, and security policy management. The document also highlights some of DataPower's key products and capabilities for PCI compliance, and provides contact information for the IBM sales representative.
This document discusses IBM DataPower and how it can be used to securely expose APIs and services. It provides an overview of DataPower's key capabilities including security, protocol support, and an application development model. Specific services that DataPower provides are discussed such as the web service proxy, XML firewall, and web application firewall. The document also covers how DataPower can implement various security features and policies to control access and traffic. Finally, it presents some high-level questions to consider when shaping an API strategy.
IBM Endpoint Manager v9.0 provides enhanced security, expanded platform support, improved software distribution capabilities, and expanded mobile device management. Key enhancements include new encryption and internet security options, support for additional operating systems and agents, more robust patching, imaging and remote control functions, and consolidated management for Android, iOS, and other mobile devices. The release further strengthens capabilities for software usage analysis, security and compliance management, and server automation.
Cisco Identity Services Engine (ISE) is a centralized access control and policy management solution that can automate secure access to network resources. It profiles users and devices, authenticates network access, enforces security policy, and shares contextual data across the IT infrastructure. ISE provides capabilities for guest access management, secure BYOD onboarding, network access control, software-defined segmentation with Cisco TrustSec, and visibility/context sharing through its pxGrid technology. It supports a wide range of use cases including guest access, BYOD, network access, device administration, and compliance.
AG Series secure access gateways provide scalable and
controlled remote and mobile access to corporate networks,
enterprise applications and cloud services for any user,
anywhere on any device.
Mechanism Of Polymorphic And Metamorphic Virusvivid_0416
The document discusses polymorphic and metamorphic viruses. It defines polymorphic viruses as viruses that are capable of mutating themselves when replicating, making them harder to detect. Metamorphic viruses can rewrite their own code with each infection while maintaining the same functionality. Some techniques used by these viruses include entry point obfuscation, code permutation, execution flow modification, and code integration. Examples of specific polymorphic and metamorphic viruses like Win32/Vundo and W32/Zmist are also summarized.
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
This document discusses security challenges faced by antivirus engines, products, and systems. It notes that antivirus systems are vulnerable to malware just like other software. The document outlines threats including rootkits that can hijack antivirus software processes, format vulnerabilities that can crash engines, and privilege escalation issues. It discusses improving input validation, privilege control, testing, and secure code development to address these challenges. The goal is for antivirus software to remain vigilant against emerging threats through continued research and responsiveness.
The document discusses computer viruses, including their history, how they spread, symptoms, and prevention methods. It notes that viruses are created by individuals to copy themselves and infect other computers. Today, 87% spread through the internet within hours or days. Symptoms include computers not booting, slowing down, or crashing. The best prevention methods involve using updated antivirus software, being cautious of unexpected files/attachments, and educating others to limit spread.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
The document discusses Cisco's next-generation SD-WAN architecture. It notes that applications are moving to the cloud, users are accessing apps from diverse mobile devices, and the internet edge is moving to branches. The Cisco SD-WAN solution provides a secure WAN fabric with elements like the vEdge router, vSmart controller, and vBond orchestrator. It separates the control, data, and management planes and provides benefits such as application awareness, security, scalability, and simplified operations.
Caretower provides managed endpoint security services through its Security Operations Center. This includes around-the-clock monitoring and management of McAfee ePO and other endpoint security consoles. The service uses a network management system to generate tickets from the ePO console and proactively address incidents. Customers can access reporting and raise tickets through a web portal.
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
The Barracuda Web Application Firewall provides comprehensive protection against web attacks like SQL injection and cross-site scripting. It offers features such as input validation, data theft protection, load balancing, and integration with authentication databases. The firewall also enhances application delivery with capabilities like caching, compression, and SSL offloading. It is an affordable solution that provides easy management through options like delegated administration, exception profiling, and updates from Barracuda Central.
Social Distance Your IBM i from Cybersecurity RiskPrecisely
The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin?
Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees.
Topics will include:
- Protecting data with encryption and the need for strong key management
- Use Cases that are best for tokenization
- Options for permanently deidentifying data
- Securing data in motion across networks
- Complete security solution for IBM I (AS/400)
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
- Cisco's next-gen SD-WAN architecture addresses changing user and application landscapes by moving the internet edge to branches and applications to the cloud.
- It provides centralized policy enforcement and visibility for security, simplified operations, and WAN flexibility while enabling a seamless transition from traditional to SD-WAN.
- Key elements include the vEdge router, vSmart controllers, and vBond orchestration to deliver a secure, application-aware fabric across broadband, MPLS, and 4G/LTE transports.
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
The document describes Motorola's Wireless Vulnerability Assessment module. It allows remote testing of wireless network security by automatically logging into access points and simulating a hacker to identify vulnerabilities. This eliminates expensive on-site security scans. The module integrates with Motorola's AirDefense Services Platform to provide centralized and comprehensive wireless vulnerability testing across entire networks. It helps validate firewall policies and identify potential entry points to protect sensitive wired systems and data.
The document discusses how NSX security services can automate security operations and policies across virtualized environments through features like distributed firewalling, guest introspection, security groups, and integration with third-party security services. It provides an overview of how NSX improves visibility, context, performance, and automation compared to traditional network and host-based security controls. Use cases demonstrated include optimized vulnerability management and context-based isolation in VDI environments.
The document discusses federal compliance standards for information systems used by the US government, including FISMA, DIACAP, and the upcoming FedRAMP. It outlines the six step process for achieving compliance: 1) categorizing the system, 2) selecting controls, 3) implementing and documenting controls, 4) assessing controls, 5) authorizing the system, and 6) ongoing monitoring. It provides an example of how a cloud service provider like Acquia can achieve compliance for their platform by documenting the controls each party is responsible for across the application, OS stack, and infrastructure layers. Finally, it lists some specific FISMA moderate controls applicable to the Drupal content management system.
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.
BigFix is a leading provider of security and systems management software. Their unified management platform provides real-time visibility and control over endpoints through a single agent and console. Key benefits shown in customer examples include reducing patch cycles from 7 days to 5 minutes and inventory cycles from 3 weeks to 20 minutes. The platform uses intelligent agents that perform continuous self-assessment and policy enforcement with minimal system impact.
The document provides best practices for Cisco Identity Services Engine (ISE) configurations. It discusses recommendations for wired and wireless dot1x configurations, redirected flows, upgrading to ISE 2.0, and configuring mobile device management (MDM) authorization policies across different ISE versions. Key recommendations include enabling radius server dead detection, using policy sets to optimize policy lookups, and configuring separate authorization policies for MDM redirection and registered devices.
This document discusses IBM DataPower PCI solutions. It provides an overview of the Payment Card Industry Data Security Standard (PCI DSS) and its requirements. It then describes how IBM DataPower appliances can help organizations meet many of the PCI DSS requirements by providing functions like firewalling, encryption, access control, logging, and security policy management. The document also highlights some of DataPower's key products and capabilities for PCI compliance, and provides contact information for the IBM sales representative.
This document discusses IBM DataPower and how it can be used to securely expose APIs and services. It provides an overview of DataPower's key capabilities including security, protocol support, and an application development model. Specific services that DataPower provides are discussed such as the web service proxy, XML firewall, and web application firewall. The document also covers how DataPower can implement various security features and policies to control access and traffic. Finally, it presents some high-level questions to consider when shaping an API strategy.
IBM Endpoint Manager v9.0 provides enhanced security, expanded platform support, improved software distribution capabilities, and expanded mobile device management. Key enhancements include new encryption and internet security options, support for additional operating systems and agents, more robust patching, imaging and remote control functions, and consolidated management for Android, iOS, and other mobile devices. The release further strengthens capabilities for software usage analysis, security and compliance management, and server automation.
Cisco Identity Services Engine (ISE) is a centralized access control and policy management solution that can automate secure access to network resources. It profiles users and devices, authenticates network access, enforces security policy, and shares contextual data across the IT infrastructure. ISE provides capabilities for guest access management, secure BYOD onboarding, network access control, software-defined segmentation with Cisco TrustSec, and visibility/context sharing through its pxGrid technology. It supports a wide range of use cases including guest access, BYOD, network access, device administration, and compliance.
AG Series secure access gateways provide scalable and
controlled remote and mobile access to corporate networks,
enterprise applications and cloud services for any user,
anywhere on any device.
Mechanism Of Polymorphic And Metamorphic Virusvivid_0416
The document discusses polymorphic and metamorphic viruses. It defines polymorphic viruses as viruses that are capable of mutating themselves when replicating, making them harder to detect. Metamorphic viruses can rewrite their own code with each infection while maintaining the same functionality. Some techniques used by these viruses include entry point obfuscation, code permutation, execution flow modification, and code integration. Examples of specific polymorphic and metamorphic viruses like Win32/Vundo and W32/Zmist are also summarized.
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
This document discusses security challenges faced by antivirus engines, products, and systems. It notes that antivirus systems are vulnerable to malware just like other software. The document outlines threats including rootkits that can hijack antivirus software processes, format vulnerabilities that can crash engines, and privilege escalation issues. It discusses improving input validation, privilege control, testing, and secure code development to address these challenges. The goal is for antivirus software to remain vigilant against emerging threats through continued research and responsiveness.
The document discusses computer viruses, including their history, how they spread, symptoms, and prevention methods. It notes that viruses are created by individuals to copy themselves and infect other computers. Today, 87% spread through the internet within hours or days. Symptoms include computers not booting, slowing down, or crashing. The best prevention methods involve using updated antivirus software, being cautious of unexpected files/attachments, and educating others to limit spread.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMware announced updates to its cloud products and strategies at VMworld 2016, including VMware Cloud Foundation and VMware Cross-Cloud Architecture. VMware Cloud Foundation is a fully integrated private cloud platform that includes vSphere, VSAN, NSX and management and automation tools. The Cross-Cloud Architecture allows applications to run across private, public and hybrid clouds. Updates were also provided for products including vRealize Operations, vRealize Automation, and Horizon to expand capabilities. VMware also announced deeper integration of containers with vSphere through vSphere Integrated Containers.
VMworld Europe 2014: Advanced Network Services with NSXVMworld
This document provides an overview and agenda for a presentation on Network and Security services provided by VMware's NSX software-defined networking platform, including:
1. What network and security services are used by applications today.
2. Details on NSX firewalling, load balancing, and VPN services, including demos.
3. How NSX integrates with third-party security and load balancer vendors to enhance services.
2016年6月25日に開催されたHyper-Converged Infrastructure Community Meetup #3にて発表した、EMC/VCEVxRack及びVBlockの製品説明資料です。
This is EMC/VCE VxRack and VBlock product presentation for HCI Community meetup #3. This presentation is written in Japanese.
The document provides information to help salespeople position and sell the new EMC VMAX3 storage array. It highlights key capabilities of VMAX3 such as simplified management, improved performance and density, support for hybrid cloud environments, and data reduction features. Configuration examples are given to demonstrate how VMAX3 compares favorably to competitors' solutions in terms of price and performance.
Blue Medora - VMware vROps Management Pack for VCE Vblock OverviewBlue Medora
Blue Medora has partnered with VMware to expand the capabilities of VMware's vRealize Operations management suite. Blue Medora's software extends vRealize Operations to provide monitoring and visibility across an entire VCE Vblock infrastructure, including compute, storage, database, applications and networking resources. The VCE Vblock management pack connects directly to the VCE Vision API to collect metrics and map resources, providing a single view of applications and their relationship to underlying hardware.
Self service it with v realizeautomation and nsxsolarisyougood
This document discusses using VMware's NSX and vRealize Automation (vRA) products to provide self-service IT capabilities. It outlines how NSX logical networking and security services like logical switches, firewalls, and load balancers can be dynamically configured and deployed through vRA blueprints and service catalogs. The document also covers updates in NSX and vRA integration in version 6.2, including network profiles, security groups, tags, and distributed logical routing support. Finally, it discusses considerations for deploying NSX with vRA and demonstrates the networking and security workflows.
NSX for vSphere Logical Routing Deep DivePooja Patel
This document provides an overview of NSX logical routing capabilities including:
- NSX logical routing uses distributed logical routers that provide scalable tenant routing and security across ESXi hosts.
- NSX Edge services gateways provide connectivity between logical and physical networks and offer services like firewalls, VPN, and load balancing.
- NSX supports both active-standby and equal-cost multi-path high availability models for logical routers and edge gateways to ensure continuity of operations.
This document discusses EMC RecoverPoint for Virtual Machines, a software-only solution that provides continuous data protection for VMs with VM-level granularity. It protects VMs running on VMware ESXi, supports various storage types, and integrates with VMware vCenter. RecoverPoint for VMs allows admins to optimize RPO and RTO to meet SLAs, streamline recovery workflows, and lower TCO. It provides automated VM discovery, protection, and orchestrated disaster recovery failover/failback to any point in time.
VMworld 2014: Virtualize your Network with VMware NSXVMworld
VMware NSX is a network virtualization platform that allows organizations to virtualize their network infrastructure and implement micro-segmentation. Traditional perimeter-based security has proven insufficient, while micro-segmentation through physical networking is operationally infeasible. NSX addresses this by providing micro-segmentation through software by extending the virtual network to workloads. This allows for security policies to be applied and enforced across any application, on any server, in any location. NSX provides both security isolation and network visibility and context that is not possible with traditional approaches.
This presentation discusses implementing agentless antivirus (AV) and intrusion detection/prevention system (IDS/IPS) security solutions with VMware NSX. It covers using NSX guest introspection for agentless AV and network introspection for IPS/IDS. The presentation demonstrates how these technologies can be tied together and automated through common security policies. It also includes a demo of using NSX features like security groups and distributed firewall to quarantine systems and enforce security policies.
VXLAN with NSX -MH describes VXLAN and how it is implemented with NSX Micro Segmentation. It discusses VXLAN basics like encapsulation and VTEPs. It then covers the NSX control plane and data plane views including logical network view with logical switches/ports and physical transport node view. It provides examples of VXLAN L2 and L3 gateways for inter and intra-subnet communication deployed on NSX managed switches or physical gateways.
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
This document discusses enforcing vSphere cluster designs using PowerCLI automation. It provides an overview of vSphere cluster design basics like HA and DRS configurations. It then discusses crafting declarative configurations to define the desired infrastructure state. Infrastructure as code principles are reviewed for managing configurations outside the endpoints. The presentation introduces the Vester project for declaratively configuring vSphere clusters using PowerCLI.
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
The document provides an overview of troubleshooting methodology for VMware NSX. It discusses that NSX implements logical switching and routing services on top of an IP transport network. The key things to check when troubleshooting include validating the IP transport connectivity using tools like ping, and examining the VTEP tables and MAC tables on the NSX controller and hosts for a given virtual network identifier (VNI) to understand virtual machine connectivity and forwarding. An example is provided where pinging between VMs populates the MAC tables on hosts, demonstrating how NSX forwarding works based on these tables.
This document provides an overview of VMware NSX for vSphere and its use cases. It discusses how NSX addresses barriers to creating a software defined data center by providing network virtualization. It allows network provisioning in seconds, increased compute utilization up to 90%, and cost savings up to 80%. Use cases described include deploying applications from a cloud management platform within logical networks with isolation and micro-segmentation for improved network security.
The document outlines an agenda for an F5 Synthesis Information Session. The agenda includes introductions, a discussion of Software Defined Application Services, reference architectures, total cost of ownership models, ecosystem partners, and global services. It also provides an overview of key technology challenges like mobility, cloud computing, threats, and the growth of software-defined networks and APIs.
Marek Bražina, Senior Systems Engineer, VMware
Virtualization Forum 2014, Prague, 22.10.2014
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Virtualization Forum 2015, Praha, 7.10.2015
sál Citrix
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
VMworld 2013: SDDC is Here and Now: A Success Story VMworld
The document discusses how an SDDC case study assessed a company's technical architecture, processes, and people to reduce infrastructure costs by 50% within 3 years through migrating to a software-defined data center. It presents 3 technology stack options for implementing an SDDC and compares their considerations. The SDDC is projected to deliver dramatic and sustainable 75% cost reductions through server, storage, networking, and labor savings.
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
This document discusses security challenges for enterprise cloud infrastructure and different approaches to addressing them. It summarizes common cloud use cases like ITaaS, development/testing in public clouds, and big data analytics. It then outlines challenges like virtualized networks and lack of hardware controls. Next-generation approaches like virtual appliances, in-hypervisor controls, and workload-based security are presented along with pros and cons. The document focuses on CloudPassage's workload-based security agent Halo, which provides automated security and compliance controls that scale across cloud environments.
The document discusses new features in the F5 BIG-IP v13.0 software release. Key points include enhanced application protection and access, usability improvements, enriched reporting for visibility, support for MQTT IoT traffic, and augmented capabilities for service providers. Notable features are high performance virtual editions for NFV/cloud use cases, simplified management in AWS using roles/permissions, and network behavioral DDoS detection.
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
This document discusses how to automate compliance and security on AWS through infrastructure as code. It recommends architecting for compliance upfront by mapping controls to AWS services, creating standardized baselines, and taking advantage of automation tools. It also emphasizes continuous monitoring and validation to maintain compliance.
Dynamic L4-7 Services for OpenStack Cloud Data CentersA10 Networks
This document summarizes A10 Networks' dynamic L4-7 application networking solutions for OpenStack cloud data centers. It introduces A10's portfolio including application delivery controllers, carrier-grade NAT, and network perimeter security. It describes challenges with legacy static L4-L7 services and how A10's dynamic service chaining addresses demands for agility, scale, and reduced total cost of ownership. Key aspects of A10's cloud services architecture are discussed, including high performance appliances, virtual appliances, pay-as-you-go licensing, OpenStack integration using an LBaaS driver, and how this approach provides scale, reduced TCO, and agility for cloud providers and their tenants.
Make sure you exercise due diligence when selecting a cloud service provider.
Make sure the cloud environment supports the regulatory requirements of your industry and data.
Conduct data classification to understand the sensitivity of your data before moving to the cloud.
Clearly define who owns the data and how it will be “returned” to you and the timing in the event you cancel your agreement.
Understand if you are leveraging the cloud in IaaS, PaaS, SaaS or other model.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
Does moving core business applications to AWS make sense for your organization? This session covers key business and IT considerations gathered from industry experts and real-world enterprise customers who have chosen to move their mission critical ERP applications to the AWS cloud, resulting in lower costs and better service.
This session covers the following:
- Insights from industry experts and analysts, who explain how the cloud affects costs from three angles: launch, operations, and long-term infrastructure expense
- Review of how time-to-value and cloud launch processes differ from on-premises infrastructure
- How AWS offers increased security and reliability over what some enterprises can afford on their own
Sponsored by Infor
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...VMworld
VMworld 2013
Edward Hsu, VMware
Arun Lal, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
VMworld 2013
Shubha Bheemarao, VMware
Bruno Germain, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
La piattaforma di virtualizzazione NSX sta già aiutando centinaia di clienti a sfruttare tutte le potenzialità di un Software-Defined Data Center. NSX sposta la rete nel software, creando livelli di flessibilità mai raggiunti prima d'ora. In altre parole, trasforma il modello operativo della rete deldata center così come la virtualizzazione del server ha fatto 10 anni fa. NSX inoltre integra la sicurezza con policy granulari e automatizzate legate alle macchine virtuali, funzionalità chiamata micro-segmentazione, che consente di ridurre in modo significativo la diffusione delle minacce. Rendendo la micro-segmentazione della rete possibile dal punto di vista operativo, NSX introduce un modello di sicurezza di livello superiore, impossibile da realizzare con tecniche tradizionali. Questa sessione da l’opportunità di approfondire il tema della virtualizzazione della rete possibile con VMware NSX, evidenziandone i benefici: riduzione dei tempi di provisioning, semplificazione del delivery dei servizi di rete, incremento della sicurezza con la micro-segmentazione.
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
IBM DataPower Gateway V7.1 is a consolidated, modular gateway platform that provides security, integration, control and optimization for mobile, API, web, SOA, and cloud workloads. It combines the functionality of previous IBM gateway products onto a single hardware and software platform. The new release features an improved hardware platform for increased performance, deployment flexibility through physical and virtual options, and additional modules for capabilities like B2B integration and access control through IBM Security Access Manager.
O Sophos XG Firewall traz uma nova abordagem na forma de gerenciar o seu firewall, responder às ameaças e monitorar o que acontece na sua rede. Prepare-se para um novo nível de simplicidade, segurança e percepção.
This document provides an introduction and overview of VMware's NSX network virtualization platform. It begins with a disclaimer about features being under development. The agenda then covers an introduction to NSX, its momentum and use cases, new features in NSX 2014, and NSX operations. It demonstrates NSX's ability to provide network and security services in software and enable dynamic application topologies. It also discusses NSX components, deployments, partnerships, and upcoming training and certification opportunities.
Brocade Software Networking Presentation at Interface 2016Scott Sims
This document summarizes Brocade's software networking solutions including Software Defined Networking (SDN) and Network Function Virtualization (NFV). It describes Brocade's SDN controller, vRouter, vADC, and Services Director products. The SDN controller provides a centralized view of the network and APIs for developing applications. The vRouter is a virtual router that can provide networking and security functions with high performance. The vADC provides load balancing, traffic management, and application delivery capabilities. The Services Director provides capacity management and metering for virtual network functions.
The document discusses developing a System Security Plan (SSP) for the Federal Risk and Authorization Management Program (FedRAMP). The SSP is a detailed document that describes how security controls have been implemented based on NIST SP 800-53. It provides an overview of the system, identifies responsible personnel, and delineates control responsibilities. Developing a thorough SSP can streamline the FedRAMP assessment process. The SSP template is lengthy at 352 pages to fully document the system and control implementation.
Similar to VMworld 2013: VMware Compliance Reference Architecture Framework Overview (20)
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
1. This document provides an overview and agenda for a presentation on vSphere 6.x host resource deep dive topics including compute, storage, and network.
2. It introduces the presenters, Niels Hagoort and Frank Denneman, and provides background on their expertise.
3. The document outlines the topics to be covered under each section, including NUMA, CPU cache, DIMM configuration, I/O queue placement, driver considerations, RSS and NetQueue scaling for networking.
VMworld 2016: Troubleshooting 101 for HorizonVMworld
This document provides an overview of troubleshooting tools and techniques for Horizon. It begins with introductions and disclaimers. It then covers defining problems, identifying symptoms, gathering additional information, determining possible causes, identifying the root cause, resolving problems, and documenting solutions. Common troubleshooting tools are discussed, including ESXCLI commands, vSphere CLI commands, and log file locations and contents. Methods for collecting log files from Horizon components like desktops, clients, and servers are also provided.
VMworld 2016: Advanced Network Services with NSXVMworld
NSX provides network virtualization and security services including distributed firewalling, load balancing, and VPN connectivity. It reproduces traditional network and security functions in software throughout the virtual infrastructure for improved performance, agility, and security compared to physical appliances. Over 1700 customers use NSX across various industries, with growth of 100% year-over-year. NSX services can be distributed across hypervisors for massive scalability. The platform also integrates with security and application delivery partners to enhance its native capabilities.
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
Horizon 7 introduces several new features including just-in-time desktops that instantly provision desktops and applications when users log in using VMware's instant clone technology. It also features smart policies that dynamically change desktop configurations based on user location or device. Infrastructure updates improve scalability and failover capabilities. The user experience is enhanced with support for 3D graphics, new protocols like Blast Extreme for optimized mobile access, and expanded capabilities for hosted applications and RDS desktops.
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
Virtual Volumes provide a more efficient operational model for external storage management in vSphere. They integrate storage capabilities directly into virtual machines at the individual disk level through Storage Policy-Based Management. This simplifies operations by removing the need for static LUN/volume provisioning and allows storage services to be applied non-disruptively on a per-virtual machine basis according to policies. A key component is the VASA Provider, which is used to publish an array's storage capabilities and manage the creation of VM-level objects called Virtual Volumes on behalf of vSphere.
VMworld 2016: The KISS of vRealize Operations! VMworld
This presentation introduces new features in vRealize Operations 6.3 that simplify operations management. It begins with an overview of the vRealize Operations architecture and dashboard. New features are then demonstrated, including a recommended actions page, cluster resource dashboard, data collection notifications, workload balancing through rebalancing containers, guided remediation through alerts, integration with vRealize Log Insight, capacity management of clusters and projections, and extensibility with management packs. Finally, related VMworld sessions are listed that provide further information on capacity planning, troubleshooting, intelligent operations management, log insight, and network insight.
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
This document provides an overview and introduction to PowerShell and PowerCLI for managing VMware environments. It discusses what PowerShell and PowerCLI are, important terminology like modules and functions, how to set them up and configure profiles, and examples of how to start coding with PowerShell including gathering data, writing logic statements, and using cmdlets safely. The presenters are introduced and an agenda is provided covering these topics at a high level to get started with PowerShell and PowerCLI.
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
This document is a disclaimer stating that the presentation may include features still under development and not committed to be delivered in final products. Any features discussed are subject to change based on technical feasibility and market demand, and pricing and packaging have not been determined for any new technologies presented. The document is confidential.
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
Virtualizing Active Directory domain controllers provides benefits like increased availability, scalability, and manageability. However, there are some technical challenges to address like ensuring proper time synchronization. This presentation provides best practices for virtualizing domain controllers including using host-guest affinity rules, disabling time synchronization settings, and ensuring the ESXi host clock is correct. It also introduces new "safety" features in Windows Server 2012 like VM GenerationID that help address issues from restoring or reverting snapshots like USN rollback.
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
Iain Leiter from A.T. Still University discussed their organization's migration from a hardware-based firewall to NSX to improve performance and compliance. Some key advantages of NSX include distributed firewalling for high performance and scalability, pay-as-you-grow flexibility, and advanced security features like microsegmentation. Their deployment process involved installing NSX, defining security groups, building security policies using syslog data from "recon rules", and applying a common services policy. Discoveries included many backdoors, application architecture issues, and the security benefits of microsegmentation.
VMworld 2015: Troubleshooting for vSphere 6VMworld
The document provides an overview of troubleshooting tools and techniques for vSphere 6. It discusses gathering diagnostic information, identifying potential causes, and resolving problems. The vSphere ESXi Shell and vCLI commands can be used to troubleshoot issues locally or remotely via SSH. An example troubleshooting process is provided to demonstrate defining a vMotion failure problem, gathering logs, testing connectivity, and resolving an incorrect VMkernel interface IP address.
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
This year VMware vSphere 6 combined with vRealize Operations 6.1 (vR Ops 6) adds critical features to increase technical agility in the infrastructure, and reduce Mean time to Repair. With a new Automated remediation action framework in vR Ops, vSphere 6’s ability to vMotion Physical Raw Device mappings (RDMs), and a complete Management Pack Ecosystem for monitoring Infrastructure to applications, administrators have the tools needed to get to maintain 5 9’s uptime, shorten Mean Time to Repair (MTTR), and predict capacity requirements as and when the business requires.. This session will be a deep technical explanation, and live demonstration of these tools. It will give administrators a solid understanding of how they can use these tools to monitor and manage their application clusters, keep applications running during Infrastructure maintenance, and get deep holistic visibility into the entire Application ecosystem, from Storage to Networking.
VMworld 2015: Advanced SQL Server on vSphereVMworld
Microsoft SQL Server is one of the most widely deployed “apps” in the market today and is used as the database layer for a myriad of applications, ranging from departmental content repositories to large enterprise OLTP systems. Typical SQL Server workloads are somewhat trivial to virtualize; however, business critical SQL Servers require careful planning to satisfy performance, high availability, and disaster recovery requirements. It is the design of these business critical databases that will be the focus of this breakout session. You will learn how build high-performance SQL Server virtual machines through proper resource allocation, database file management, and use of all-flash storage like XtremIO. You will also learn how to protect these critical systems using a combination of SQL Server and vSphere high availability features. For example, did you know you can vMotion shared-disk Windows Failover Cluster nodes? You can in vSphere 6! Finally, you will learn techniques for rapid deployment, backup, and recovery of SQL Server virtual machines using an all-flash array.
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
Active Directory Domain Services (ADDS) allows organizations to deploy a scalable and secure directory service for managing users, resources and applications. Virtualization of ADDS has been supported for many years now, however has required careful management to avoid pitfalls around replication, time management, and access. Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid domain controller deployment.
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
Policy based management greatly simplifies the work of IT Administrators making it easy to ensure that applications and VMs receive the resources, protection and functionality required. Learn about the latest enhancements of Site Recovery Manager in this space, which represent a huge step towards providing policy based DR. In this session we'll dive deep into how this approach works and how to work with them.
VMworld 2015: Building a Business Case for Virtual SANVMworld
This presentation discusses building a business case for VMware Virtual SAN. It provides an overview of Virtual SAN and its benefits for customers like choice, integration, cost savings and performance. A case study is presented of how Dominos Pizza implemented Virtual SAN which resulted in roughly 40% lower costs compared to a traditional storage array. The presentation concludes by demonstrating the Virtual SAN assessment tool and various ways customers can try Virtual SAN.
Not content to simply describe the Virtual Volume (VVOL) framework, this session instead examines practical use cases: How different configurations and workloads benefit from VVOLs. Learn how Storage Policy Based Management (SPBM) couples with VVOLs to provide VM configuration options not previously available. We demonstrate a handful of real-life scenarios, specifically covering how VVOLs benefits oversubscribed systems, disaster recovery preparation and multi-tenant requirements for customers. Specific configuration options and constraints are covered in detail, including how they work with underlying storage.
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
This document provides a technical deep dive on virtual volumes. It begins with an overview of the challenges with today's LUN-centric storage architectures, such as complex provisioning, wasted resources, and lack of granular control. It then introduces an application-centric model using virtual volumes that provides dynamic storage service levels, fine-grained control at the VM level, and common management across arrays. The rest of the document details the management plane, data plane, consumption model using storage policy-based management, virtual machine lifecycles, snapshots, and offloading operations with virtual volumes.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
1. VMware Compliance Reference Architecture
Framework Overview
Jerry Breaud, VMware
Allen Shortnacy, VMware
SEC5428
#SEC5428
2. 2
Agenda
VMware Compliance Reference Architecture Framework
Compliance Reference Architecture Methodology
NSX Service Composer for Compliance Architectures
Network Virtualization
NSX Network Services
Other VMware Product Capabilities Relative to Compliance
Summary
Next Steps VMworld and Beyond
3. 3
Competing Concerns – Pick Any 2
“Are you getting the
maximum efficiency
out of your
infrastructure?”
“How quickly can IT
respond to LOB
requests?”
• Legislative Compliance
• Security – Corp Assets & IP
• Risk Reduction
• SLAs & Business Continuity
?
4. 4
Infrastructure
Requirements
Access
Control
Segmentation
Remediation
Automation
Policy
Management
Audit
Common
Control
Frameworks
Regulations,
Standards,
Best Practices
Reference
Architectures
PCI Zone
VMware vSphere
Security & Compliance Influence Design of the SDDC
6. 6
Technology Solution Categories Mapped to Regulations
Description
ISO
PCI
HIPAASANSCSA
FISM
A
LOW
FISM
A
MOD
FISM
A
HIGH
FedRAM
P
LOW
FedRAM
P
M
OD
PCI
Requirements
NIST
RequirementsCommon Required Technical Security Solutions
1 VAM VulnerabilityAssessment and Management Identify and track vulnerabilities 6.2, 6.5, 6.6, 11.2 RA-5
2 PT Penetration Testing Validate vulnerabilities 11.3 CA-2
3 SEIM SecurityEvent Information Monitoring Log and correlate environment data 10, A.1.3 SI-4, AU-2/3/6/10/12
4 IPS Intrusion Prevention System Identify attacks 11.4 SI-3, SI-4
5 FIM File IntegrityMonitoring Identify changed files 11.5 SI-7
6 2FA Two Factor Authentication Authenticate users 8.3 IA-2
7 IdM IdentityManagement Provision and deprovision users 8.1, 8.2, 8.5.1 IA-4
8 AAA Authentication, Authorization, Accounting (3A) Identity interaction nonrepudiation 7, 8.5 IA-5, AC-3
9 FW Network (N) and Host (H) Firewall Segment and protect networks 1 SC-7
10 AV Server and Endpoint Antivirus Protect against malware 5 SI-3
11 BU SystemBackups Systems survivability 10.5.3, 12.9.1 CP-9
12 DARE Data At Rest Encryption Protect data 3.4, 3.5, 3.6 SC-12/13/28, IA-7
13 DIME Data In Motion Encryption Protect data 2.3, 4, 8.4 SC-9/12/13, IA-7
14 DBM Database Monitoring Protect database environment 10, A.1.3 SI-4
15 CM Configuration Management Protect infrastructure 2.1, 2.2 SI-2, SA-10, CM-1/2/6
16 PM Patch Management Protect infrastructure 6.1 CM-2, SI-2
17 WAF* Web Application Firewall Protect user services 6.6 SI-3, SI-4, SC-7
18 DLP** Data Leakage Protection Identify sensitive data
* Specifically called out in some authorities and implied control in others. Highly recommended where the Internet will be the primary use case.
** Not specifically called out in any authority.
10. 10
Compliance Reference Architecture Methodology
Dynamic Composition with Line of Sight
• Regulatory Specificity for Audit
• Regulation Independent Use Case Controls
• Technology Partner Choice
• Process Methodology for Delivery and Maturity
11. 11
1
Compliance Challenges: Many Systems - Dashboards of Wonder
Vulnerability
Mgmt System
Antivirus
System
Firewall
vCenter
IDS System
DLP System
13. 13
NSX Service Composer
Security services can now be consumed more efficiently in the
software-defined data center.
Apply.
Apply and visualize
security policies for
workloads, in one place.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
14. 14
Concept – Apply Policies to Workloads
Security Groups
WHAT you want to
protect
Members (VM, vNIC…) and
Context (user identity, security
posture
HOW you want to
protect it
Services (Firewall, antivirus…)
and Profiles (labels representing
specific policies)
APPLY
Define security policies based on service profiles already defined (or
blessed) by the security team. Apply these policies to one or more
security groups where your workloads are members.
15. 15
Software Defined Data Center Anti-Virus (AV), Anti-Malware
Application Delivery Controller (ADC)
Application Whitelisting
Application Firewall
Data Loss Prevention (DLP)
Encryption
File Integrity Monitoring (FIM)
Firewall (Host/Network)
Identity and Access Management
Intrusion Detection/Prevention System (IDS/IPS)
Load Balancer
Network Forensics
Network Gateway (VXLAN)
Network Port Profile
Network Switch
Policy and Compliance Solution
Security Intelligence and Event Management (SIEM)
User Access Control (closest to our SAM)
Vulnerability Management
WAN Optimizer
Web Filter
Extend Platform to Best of Breed Services
Properties of virtual services:
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally efficient
17. 17
Priv User
Network Activity
Monitoring
Solution Categories
CMP
vCD, vCAC, etc.
NSX
Service Composer
Automation
vCO, Scripts, etc.
API
REST, Java, .NET
NW Iso
VXLAN, NAT
Firewall
TCP, Identity
VPN
IPsec, SSL
DLP
At Rest, Wire
Priv User
AAA, Session
Recording
AV
Malware,
Whitelist
FIM
Config Files,
Registry
IPS/IDS
Monitor, Prevent,
Report
Vulnerability
Penetration Testing
Next Gen FW
App Aware, Fine Grained
App Layer IPS
Encryption
VMFS, VMDK, OS
Configuration
Management
Patching
SIEM
Syslog,
Event
Correlation
Platform
(Future
NSX Enabled)
Extensibility
NSX
NSX
Enabled
Consumption
VMware &
Platform
Partner
VMware
NSX
Enabled
Partner
VMware +
Customer/
3rd Party/
Open Src
Platform
Partner
Logging
18. 18
Compute Virtualization
The Network is a Barrier to Software Defined Data Center
Any Physical
Infrastructure
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
Software Defined Data Center
SOFTWARE-DEFINED
DATACENTER SERVICES
VDC
19. 19
Network and Security Virtualization Must…
1. Decouple
Physical
Virtual
2. Reproduce 3. Automate
Network
Operations
Cloud
Operations
Hardware
independence
Operational benefits
of virtualization
No change to network
from end host perspective
Virtual
Physical
21. 21
Logical Switching and Routing
• Tightly coupled with physical networks
• Hairpins and bottlenecks reduce
performance and scale
Before
• Completely decoupled from hardware
– Dynamic routing, no Multicast
• Line rate performance with distributed
scale out architecture
• Connect existing networks with logical
networks – L2 bridging
With NSX
• Speed of provisioning applications
across racks, rows or data centers (up
to Metro distances)
• Enable higher server utilization,
leverage existing physical network,
only require basic IP hardware for
future purchases
• Create on demand networks to meet
application needs
Benefits
DynamicRouting
DynamicRouting
DynamicRouting
Physical
Workload
22. 22
Logical Load Balancing
• Physical appliances are costly and
create bottlenecks
• Rigid architectures tie the application
down
Before
• Cloud level feature set for SLB and
GSLB with full HA
• TSAM with enhanced health checks,
connection throttling and CLI
• Simplified Deployment in one-armed or
inline mode
With NSX
• On demand LB services for any
application enabling speedy
deployment
• Pay as you go model for services
• Manage multiple LB instances with
centralized management
Benefits
Logical
Network
Web1a Web1cWeb1b
23. 23
Logical VPN
• VPN Concentrators become
bottlenecks and chokepoints
Before
• Per Tenant VPN appliance when
needed
• High Performance – hardware
acceleration for IPSec and SSL
• Site-2-Site, Client and Cloud
VPN extends Corporate LAN
With NSX
• Network can be extended when
needed for different use cases
• No investment needed in large
VPN Concentrators upfront
Benefits
Public
Cloud
24. 24
NSX Next Generation Firewall
• Scale out architecture “bolted-on” to
L3 with limited performance
• Limited visibility and control unless
hair-pinning (E/W) to L3
• Error prone, static VLANs and
IP/port based policies
Before
• Massive scale and line rate
performance
• Virtualization and identity context
• Centralized management across
entire Datacenter
With NSX
• Simplified operations – single policy
definition
Benefits
Physical View
Web
App
DB
Web
App
DB
Servers
Users
“skinny VLANs”
Business and
Virtual Context
Logical View
VMware
Logical View
25. 25
vCenter Infrastructure Navigator Capabilities
Automated
discovery and
dependency
mapping
Speedy and accurate discovery and dependency
mapping of application services across virtual
infrastructure & adjoining physical servers one hop away
Rapid updates that keep mapping
information up-to-date
26. 26
Cloud Infrastructure
(vSphere, vCenter, vShield, vCloud Director)
! ! !
Overview
Benefits
More than 80 pre-defined templates for
country/industry specific regulations
Accurately discover and report sensitive
data in unstructured files with analysis
engine
Segment off VMs with sensitive data in
separate trust zones
Quickly identify sensitive data
exposures
Reduce risk of non-compliance and
reputation damage
Improve performance by offloading data
discovery functions to a virtual
appliance
NSX Data Security
Visibility Into Sensitive Data to Address Regulatory Compliance
27. 27
vShield Endpoint Partners
VMware vSphere
Introspection
SVM
OS
Hardened
AV
VM
APP
OS
Kernel
BIOS
VM
APP
OS
Kernel
BIOS
VM
APP
OS
Kernel
BIOS
28. 28
vCenter Operations and Log Insight
Machine Data comprises:
• Structured Data
• vCenter Operations
• Unstructured Data
• Log Insight
Log Insight and vCenter Operations
together provide a complete solution
for Cloud Operations Management
29. 29
vCenter Operations Configuration Manager
Harden the VMware Infrastructure
• Harden the configuration for ESX, network, storage, etc.
• Harden the vSphere guest VM settings
• Harden vCD/vCenter settings
Harden the Guest OS
• Physical and Virtual; Desktop and Servers; Win, UNIX, Mac
Virtual Datacenter 1 Virtual Datacenter 2
PCI – PoS PCI Zone Non-PCI Zone
ESX Hardening
Cluster ACluster B
VMware vSphere + vCenter
Vendor Hardening Guidelines
CIS Benchmarks
FISMAHIPAASOX
NERC/
FERC
NIST
ISO
27002
GLBADISA
PCI DSSPCI DSS
30. 30
Applicability to PCI Requirements
PCI Requirement Products
1 Install/maintain a firewall configuration to protect cardholder data vSphere, NSX App/Edge, VIN
2 Don’t use defaults for system passwords/security parameters ESXi, vCenter, VCM, NSX
3 Protect stored cardholder data NSX, VCM
4 Encrypt transmission of cardholder data on public networks NSX Edge
5 Use and regularly update anti-virus software or programs vShield Endpoint + Partners
6 Develop and maintain secure systems and applications
vSphere, NSX , VIN, VCM,
VUM
7 Restrict access to cardholder data by business need to know vSphere, NSX, vCM
8 Assign a unique ID to each person with computer access ESXi, vSphere, NSX, VCM
9 Restrict physical access to cardholder data
10 Track and monitor all access to network resources/cardholder data
vSphere, NSX, VIN, VCM,
Log Insight
11 Regularly test security systems and processes VIN, VCM
12 Maintain a policy that addresses information security
A1 Shared hosting providers must protect the cardholder data vSphere, NSX, vCD, VCM
31. 31
Competing Concerns – Take All 3!
“Are you getting the
maximum efficiency
out of your
infrastructure?”
“How quickly can IT
respond to LOB
requests?”
• Legislative Compliance
• Security – Corp Assets & IP
• Risk Reduction
• SLAs & Business Continuity
32. 32
Summary – Key Takeaways
VMware, its Technology Partners and Audit Partners are working to validate
reference architectures pertaining to mainstream regulations
Guidance is intended to educate SDDC architects, Information Risk personnel
and Auditors involved in customer environments
Best practices for VMware and Technology Partner products, their
configurations and usage in order to meet regulatory controls
VMware Compliance Reference Architectures will evolve to support new
versions of products and the regulations themselves
33. 33
VMworld: Security and Compliance Sessions
Category Topic
NSX
• 5318: NSX Security Solutions In Action (201)
• 5753: Dog Fooding NSX at VMware IT (201)
• 5828: Datacenter Transformation (201)
• 5582: Network Virtualization across Multiple Data Centers (201)
NSX Firewall
• 5893: Economies of the NSX Distributed Firewall (101)
• 5755: NSX Next Generation Firewalls (201)
• 5891: Build a Collapsed DMZ Architecture (301)
• 5894: NSX Distributed Firewall (301)
NSX Service
Composer
• 5749: Introducing NSX Service Composer (101)
• 5750: NSX Automating Security Operations Workflows (201)
• 5889: Troubleshooting and Monitoring NSX Service Composer (301)
Compliance
• 5428: Compliance Reference Architecture Framework Overview (101)
• 5624: Accelerate Deployments – Compliance Reference Architecture (Customer Panel) (201)
• 5253: Streamlining Compliance (201)
• 5775: Segmentation (301)
• 5820: Privileged User Control (301)
• 5837: Operational Efficiencies (301)
Other
• 5589: Healthcare Customer Case Study: Maintaining PCI, HIPAA and HITECH Compliance in
Virtualized Infrastructure (Catbird – Jefferson radiology)
• 5178: Motivations and Solution Components for enabling Trusted Geolocation in the Cloud - A
Panel discussion on NIST Reference Architecture (IR 7904). (Intel and HyTrust)
• 5546: Insider Threat: Best Practices and Risk Mitigation techniques that your VMware based
IaaS provider better be doing! (Intel)
34. 34
For More Information…
VMware Collateral
VMware Approach to Compliance
VMware Solution Guide for PCI
VMware Architecture Design Guide for PCI
VMware QSA Validated Reference Architecture PCI
Partner Collateral
VMware Partner Solution Guides for PCI
How to Engage?
compliance-solutions@vmware.com
@VMW_Compliance on Twitter
35. 3535
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315
vCloud Suite Use Cases - Control & Compliance
HOL-SDC-1317
vCloud Suite Use Cases - Business Critical Applications
HOL-PRT-1306
Compliance Reference Architecture- Catbird, HyTrust and LogRhythm
Group Discussions:
SEC1002-GD
Compliance Reference Architecture: Integrating Firewall, Antivirus,
Logging and IPS in the SDDC with Allen Shortnacy