SlideShare a Scribd company logo

vSEC pro VMware NSX

MarketingArrowECS_CZ
MarketingArrowECS_CZ

1. Check Point vSEC and VMware NSX provide security for software-defined datacenters through a 100% software-based approach. 2. vSEC can be automatically deployed on each ESXi host via NSX to provide automated security provisioning. It enforces security policies between virtual machines through micro-segmentation. 3. The joint solution provides consistent security for both north-south and east-west traffic in the datacenter through features like advanced threat prevention, application-aware policies, and shared security context between vSEC and NSX Manager.

Technology
1 of 48
Download to read offline
©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd. Zabezpečení softwarově definovaných datových center prostřednictvím Check Point vSEC a VMware NSX Peter Kovalčík Security Engineer, Check Point Software Technologies
©2015 Check Point Software Technologies Ltd. 2 Hey, I can spin-up VMs in minutes. Why does it take a week to get network/firewall changes State of Virtualization vs. Networking
©2015 Check Point Software Technologies Ltd. 3 ​DATA CENTERS ​are rapidly evolving.
©2015 Check Point Software Technologies Ltd. 4 Virtual Datacenter ​DATA CENTER EVOLUTION • Server (compute) virtualization • Network operation is manual Software Defined Datacenter Private Cloud • Network are is also virtualized • Services can be dynamically inserted and orchestrated via automation
©2015 Check Point Software Technologies Ltd. 5 ​THE NEW ERA OF SOFTWARE-DEFINED DATACENTERS (SDDC) Allowing IT to deliver applications at a fraction of the cost and time in a more secure way!
©2014 Check Point Software Technologies Ltd. 6 SECURITY CHALLENGES IN THE CURRENT DATACENTER
©2015 Check Point Software Technologies Ltd. 7 WEST EAST SOUTH NORTH Perimeter (north-south) security is blind to 80% of the east-west data center traffic ​Challenge #1: Increasing Traffic Inside the Datacenter
©2015 Check Point Software Technologies Ltd. 8 • Lack of security control between VMs • Threat can easily traverse VLANs • Threats attack low-priority service and then move to critical systems Modern threats can spread laterally inside the data center, moving from one application to another ​Challenge #2: Lateral Threats Inside the Data Center
©2015 Check Point Software Technologies Ltd. 9 Traditional static controls fail to secure dynamic networks and highly mobile applications ​Challenge #3: Security Ignores Data Center Changes • New Virtual Machines • Virtual Machine movement • VM that change IP address • Dormant VMs that wakes up • VMs move between VLANs
©2015 Check Point Software Technologies Ltd. 10 How to define secure policy for catalog applications that have not been provisioned and still don’t have IP address? Lack of security automation impacts business agility in delivering services, results in security gaps ​Challenge #4: Security Inhibits Data Center Agility
©2015 Check Point Software Technologies Ltd. 11 Securing SDDC - goals  Better SECURITY  Better MANAGED  Better PERFORMANCE
©2015 Check Point Software Technologies Ltd. 12 Securing SDDC - goals  Increased visibility and control  DEEP inspection, CLOSE to applications  Security is natural part of modern SDDC design  Improved security policy management  avoid overhead by knowing CONTEXT  FLEXIBLE for application deployments and changes  Performance and scalability  SCALABLE - growing with datacenter growth  no choke point design
©2015 Check Point Software Technologies Ltd. 13 Building blocks • Automated security provisioning (new ESXi hosts deployed with security from beginning) • Transparent security insertion – configurable redirection to deep inspection engine • Cloud management systems integration into Security Management – consume objects and state of NSX/vCenter (using SDDC context) • Tagging VMs with security incidents • API and CLI for security automation and orchestration
14©2013 Check Point Software Technologies Ltd. Beyond L4 firewall… Users, applications, data, known and unknown threats GranularVisibility Identity Awareness DLP Mobile Access SmartEvent Application Control URLF IPS Anti-Bot Antivirus Threat Emulation HTTPSHTTPSHTTPS USERCHECKUCUC
©2015 Check Point Software Technologies Ltd. 15 WHAT IS NEEDED?
©2015 Check Point Software Technologies Ltd. 16 SECURITY REQUIREMENTS INSIDE THE DATA CENTER Automated insertion and deployment of advanced threat prevention to protect inside the data center3 Automated security provisioning to keep pace with dynamic data center changes2 Security visibility into traffic inside the data center1
©2015 Check Point Software Technologies Ltd. 18 CHECK POINT & VMWARE Automating Security inside the Data Center + Virtual Security with Advanced Threat Prevention Security Control & Visibility Next Generation Networking and security Lateral Threat Prevention Automated Security Provisioning
©2015 Check Point Software Technologies Ltd. 19 vSEC & NSX DATACENTER SECURITY 100% Software Based: Service, Network & Security s Segmented Data Center Micro-Segmentation with advanced threat prevention Security Orchestration between Virtual Machines Automation of Virtual Network & Security s Consistent security for N-S and E-W traffic Security Control for All Data Center Traffic
©2015 Check Point Software Technologies Ltd. 23 Check Point vSEC + VMware NSX How it works
©2015 Check Point Software Technologies Ltd. 24 CHECK POINT vSEC DEPLOYMENT NSX automatically provisions Check Point vSEC gateway on each host
©2015 Check Point Software Technologies Ltd. 25 NSX manager automatically deploys and provisions Check Point vSEC Gateway on each host CHECK POINT vSEC AUTO-DEPLOYMENT
©2015 Check Point Software Technologies Ltd. 26 Automatically & instantly scale vSEC to secure VMs on new host members CHECK POINT vSEC AUTO-DEPLOYMENT
©2015 Check Point Software Technologies Ltd. 27 Use NSX to segment Virtual Machines into different Security Groups using a flat network MICRO-SEGMENTATION Finance Legal Web Database Partners NSX Security Group
©2015 Check Point Software Technologies Ltd. 28 Use Check Point vSEC to control traffic access between Virtual Machines EAST-WEST SECURITY CONTROL NSX Service Chain Policy Traffic from Partner to Legal Security Group must go through Check Point vSEC Gateway
©2015 Check Point Software Technologies Ltd. 29 Use vSEC for Advanced Threat Prevention inside data center PREVENT LATERAL THREATS
©2015 Check Point Software Technologies Ltd. 30 APPLICATION-AWARE POLICY Check Point Access Policy Rule From To Service Action 3 WEB_VM (vCenter Object) Database (NSX SecGroup) SQL Allow Use Fine-grained security policies tied to NSX Security Groups and Virtual Machine identities Check Point dynamically fetches objects from NSX and vCenter
©2015 Check Point Software Technologies Ltd. 31 SHARED-CONTEXT POLICY NSX Policy From To Action Infected VM (Tagged by Check Point) Any Quarantine Shared security context between vSEC and NSX Manager to automatically quarantine and trigger remediation by other services Check Point tags infected Virtual Machines in NSX manager
©2015 Check Point Software Technologies Ltd. 32 UNIFIED MANAGEMENT Use Check Point unified management for consistent policy control and threat visibility across virtual and perimeter gateways
©2015 Check Point Software Technologies Ltd. 33 Use Check Point SmartEvent to monitor and investigate threats across north-south and east-west traffic THREAT VISIBILITY INSIDE THE DATACENTER 4800 12400 Infected Virtual Machines VM Identity Severity Date VM_Web_22 High 3:22:12 2/4/201 VM_DB_12 High 5:22:12 2/4/201 VM_AD_15 Medium 5:28:12 2/4/201 VM_SAP_34 Medium 7:28:12 2/4/201
©2015 Check Point Software Technologies Ltd. 35[Confidential] For designated groups and individuals Feature Check Point Policy Management Unified management for Virtual and physical Gateways Datacenter policy segmentation with sub policies* Fetch vCenter and NSX objects for use in Check Point policy Security Threat Prevention with multi-layered defenses for Virtual Data Center Tag infected VM and update NSX for automatic remediation Visibility & Forensics View VM objects in security logs Comprehensive Datacenter Threat Visibility Automation & Orchestration Granular privilege down to individual rule for trusted integrations* Check Point vSEC Key Features * Available in R80
©2015 Check Point Software Technologies Ltd. 36 LIVE DEMO
©2015 Check Point Software Technologies Ltd. 37 SUMMARY
©2015 Check Point Software Technologies Ltd. 38 vSEC & NSX DATACENTER SECURITY 100% Software Based: Service, Network & Security s SDDC Software Defined Datacenters Security Orchestration between Virtual Machines Automation of Virtual Network & Security s Consistent security for N-S and E-W traffic Security Control for All Data Center Traffic Software Defined Datacenter Private Cloud
©2015 Check Point Software Technologies Ltd. 40©2015 Check Point Software Technologies Ltd. THANK YOU!
©2015 Check Point Software Technologies Ltd. 41 Backup slides
©2015 Check Point Software Technologies Ltd. 42 NSX Security Group
©2015 Check Point Software Technologies Ltd. 43 NSX Security Group - definition
©2015 Check Point Software Technologies Ltd. 44 NSX and vCenter in Check Point
©2015 Check Point Software Technologies Ltd. 45 Data Center Objects Group
©2015 Check Point Software Technologies Ltd. 46 CP Network Introspection Service
©2015 Check Point Software Technologies Ltd. 47 Service Deployments
©2015 Check Point Software Technologies Ltd. 48 Running as Service VM (ESX Agent)
©2015 Check Point Software Technologies Ltd. 49 NSX DFW does redirection to CP
©2015 Check Point Software Technologies Ltd. 50 by Security Policy applied to Security Group
©2015 Check Point Software Technologies Ltd. 51 Granular CP policy
©2015 Check Point Software Technologies Ltd. 52 Data Center Object identity acquisition
©2015 Check Point Software Technologies Ltd. 53 Botnet incident
©2015 Check Point Software Technologies Ltd. 54 …is translated to VM Security Tag

Recommended

vSEC pro CISCO ACI
vSEC pro CISCO ACIvSEC pro CISCO ACI
vSEC pro CISCO ACI
MarketingArrowECS_CZ
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
kimw001
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
NETSCOUT
 
Application Centric Infrastructure (ACI)
Application Centric Infrastructure (ACI)Application Centric Infrastructure (ACI)
Application Centric Infrastructure (ACI)
Cisco IT
 
SDN/NFV Industry analysis
SDN/NFV Industry analysisSDN/NFV Industry analysis
SDN/NFV Industry analysis
Yu (Robert) Dong
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Canada
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APAC
NGINX, Inc.
 
Monitoring NGINX Deployments with Sumo Logic
Monitoring NGINX Deployments with Sumo LogicMonitoring NGINX Deployments with Sumo Logic
Monitoring NGINX Deployments with Sumo Logic
NGINX, Inc.
 

Recommended

vSEC pro CISCO ACI
vSEC pro CISCO ACIvSEC pro CISCO ACI
vSEC pro CISCO ACI
MarketingArrowECS_CZ
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
kimw001
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
NETSCOUT
 
Application Centric Infrastructure (ACI)
Application Centric Infrastructure (ACI)Application Centric Infrastructure (ACI)
Application Centric Infrastructure (ACI)
Cisco IT
 
SDN/NFV Industry analysis
SDN/NFV Industry analysisSDN/NFV Industry analysis
SDN/NFV Industry analysis
Yu (Robert) Dong
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Canada
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APAC
NGINX, Inc.
 
Monitoring NGINX Deployments with Sumo Logic
Monitoring NGINX Deployments with Sumo LogicMonitoring NGINX Deployments with Sumo Logic
Monitoring NGINX Deployments with Sumo Logic
NGINX, Inc.
 
Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
islam Salah
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINXStrengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
FactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewFactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: Overview
Rockwell Automation
 
Controller and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API ManagementController and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API Management
NGINX, Inc.
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security Solutions
NGINX, Inc.
 
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital BusinessesWhy CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
NGINX, Inc.
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
Debra Jennings
 
The Evolution of the Data Centre
The Evolution of the Data CentreThe Evolution of the Data Centre
The Evolution of the Data Centre
Cisco Canada
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtect
NGINX, Inc.
 
Best Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API ManagementBest Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API Management
NGINX, Inc.
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress Controller
NGINX, Inc.
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJDeploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
NGINX, Inc.
 
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
SDNRG ITB
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
NGINX, Inc.
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server Databases
Red Gate Software
 
APPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTUREAPPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTURE
Cisco Russia
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015
ldangelo0772
 
Aci presentation
Aci presentationAci presentation
Aci presentation
Joe Ryan
 
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for youCisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Canada
 
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
MarketingArrowECS_CZ
 
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
MarketingArrowECS_CZ
 

More Related Content

What's hot

Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
islam Salah
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINXStrengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
FactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewFactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: Overview
Rockwell Automation
 
Controller and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API ManagementController and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API Management
NGINX, Inc.
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security Solutions
NGINX, Inc.
 
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital BusinessesWhy CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
NGINX, Inc.
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
Debra Jennings
 
The Evolution of the Data Centre
The Evolution of the Data CentreThe Evolution of the Data Centre
The Evolution of the Data Centre
Cisco Canada
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtect
NGINX, Inc.
 
Best Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API ManagementBest Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API Management
NGINX, Inc.
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress Controller
NGINX, Inc.
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJDeploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
NGINX, Inc.
 
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
SDNRG ITB
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
NGINX, Inc.
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server Databases
Red Gate Software
 
APPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTUREAPPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTURE
Cisco Russia
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015
ldangelo0772
 
Aci presentation
Aci presentationAci presentation
Aci presentation
Joe Ryan
 
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for youCisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Canada
 

What's hot (20)

Cisco Application Centric Infrastructure
Cisco Application Centric InfrastructureCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINXStrengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
 
FactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: OverviewFactoryTalk® AssetCentre: Overview
FactoryTalk® AssetCentre: Overview
 
Controller and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API ManagementController and Coffee: Deliver APIs in Real Time with API Management
Controller and Coffee: Deliver APIs in Real Time with API Management
 
What's New with NGINX Application Security Solutions
What's New with NGINX Application Security SolutionsWhat's New with NGINX Application Security Solutions
What's New with NGINX Application Security Solutions
 
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital BusinessesWhy CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
Why CIOs Need Real-Time APIs to Drive Competitive Digital Businesses
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
The Evolution of the Data Centre
The Evolution of the Data CentreThe Evolution of the Data Centre
The Evolution of the Data Centre
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtect
 
Best Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API ManagementBest Practices for DevOps-Friendly API Management
Best Practices for DevOps-Friendly API Management
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
Production-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress ControllerProduction-Grade Kubernetes With NGINX Ingress Controller
Production-Grade Kubernetes With NGINX Ingress Controller
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJDeploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
 
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server Databases
 
APPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTUREAPPLICATION CENTRIC INFRASTRUCTURE
APPLICATION CENTRIC INFRASTRUCTURE
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015
 
Aci presentation
Aci presentationAci presentation
Aci presentation
 
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for youCisco Connect Toronto 2017 - Cisco meraki let simple work for you
Cisco Connect Toronto 2017 - Cisco meraki let simple work for you
 

Similar to vSEC pro VMware NSX

Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
MarketingArrowECS_CZ
 
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
MarketingArrowECS_CZ
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
MarketingArrowECS_CZ
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
Cristian Garcia G.
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
EBERTE
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution Brief
LiveAction Next Generation Network Management Software
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
MarketingArrowECS_CZ
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
Leonardo Antichi
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Check Point Software Technologies
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
 
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
VMware and Puppet: How to Plan, Deploy & Manage Modern ApplicationsVMware and Puppet: How to Plan, Deploy & Manage Modern Applications
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
Puppet
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
PCM
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
Irsandi Hasan
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
DevSecOpsSg
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
VMworld
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
Abasse KPEGOUNI
 
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
VMworld
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
Angel Villar Garea
 
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
Avi Networks
 

Similar to vSEC pro VMware NSX (20)

Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...
 
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and Security
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution Brief
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
VMware and Puppet: How to Plan, Deploy & Manage Modern ApplicationsVMware and Puppet: How to Plan, Deploy & Manage Modern Applications
VMware and Puppet: How to Plan, Deploy & Manage Modern Applications
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
 
Implementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices InfrastructureImplementing Docker Load Balancing in Microservices Infrastructure
Implementing Docker Load Balancing in Microservices Infrastructure
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
 
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
VMworld 2013: VMware and Puppet: How to Plan, Deploy & Manage Modern Applicat...
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
 
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...
 

More from MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
MarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
MarketingArrowECS_CZ
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
MarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
MarketingArrowECS_CZ
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
MarketingArrowECS_CZ
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
MarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
MarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
MarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
MarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
MarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
MarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
MarketingArrowECS_CZ
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
MarketingArrowECS_CZ
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
MarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
MarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
MarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
MarketingArrowECS_CZ
 

More from MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Recently uploaded

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 

Recently uploaded (20)

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 

vSEC pro VMware NSX

  • 1. ©2015 Check Point Software Technologies Ltd. 1©2015 Check Point Software Technologies Ltd. Zabezpečení softwarově definovaných datových center prostřednictvím Check Point vSEC a VMware NSX Peter Kovalčík Security Engineer, Check Point Software Technologies
  • 2. ©2015 Check Point Software Technologies Ltd. 2 Hey, I can spin-up VMs in minutes. Why does it take a week to get network/firewall changes State of Virtualization vs. Networking
  • 3. ©2015 Check Point Software Technologies Ltd. 3 ​DATA CENTERS ​are rapidly evolving.
  • 4. ©2015 Check Point Software Technologies Ltd. 4 Virtual Datacenter ​DATA CENTER EVOLUTION • Server (compute) virtualization • Network operation is manual Software Defined Datacenter Private Cloud • Network are is also virtualized • Services can be dynamically inserted and orchestrated via automation
  • 5. ©2015 Check Point Software Technologies Ltd. 5 ​THE NEW ERA OF SOFTWARE-DEFINED DATACENTERS (SDDC) Allowing IT to deliver applications at a fraction of the cost and time in a more secure way!
  • 6. ©2014 Check Point Software Technologies Ltd. 6 SECURITY CHALLENGES IN THE CURRENT DATACENTER
  • 7. ©2015 Check Point Software Technologies Ltd. 7 WEST EAST SOUTH NORTH Perimeter (north-south) security is blind to 80% of the east-west data center traffic ​Challenge #1: Increasing Traffic Inside the Datacenter
  • 8. ©2015 Check Point Software Technologies Ltd. 8 • Lack of security control between VMs • Threat can easily traverse VLANs • Threats attack low-priority service and then move to critical systems Modern threats can spread laterally inside the data center, moving from one application to another ​Challenge #2: Lateral Threats Inside the Data Center
  • 9. ©2015 Check Point Software Technologies Ltd. 9 Traditional static controls fail to secure dynamic networks and highly mobile applications ​Challenge #3: Security Ignores Data Center Changes • New Virtual Machines • Virtual Machine movement • VM that change IP address • Dormant VMs that wakes up • VMs move between VLANs
  • 10. ©2015 Check Point Software Technologies Ltd. 10 How to define secure policy for catalog applications that have not been provisioned and still don’t have IP address? Lack of security automation impacts business agility in delivering services, results in security gaps ​Challenge #4: Security Inhibits Data Center Agility
  • 11. ©2015 Check Point Software Technologies Ltd. 11 Securing SDDC - goals  Better SECURITY  Better MANAGED  Better PERFORMANCE
  • 12. ©2015 Check Point Software Technologies Ltd. 12 Securing SDDC - goals  Increased visibility and control  DEEP inspection, CLOSE to applications  Security is natural part of modern SDDC design  Improved security policy management  avoid overhead by knowing CONTEXT  FLEXIBLE for application deployments and changes  Performance and scalability  SCALABLE - growing with datacenter growth  no choke point design
  • 13. ©2015 Check Point Software Technologies Ltd. 13 Building blocks • Automated security provisioning (new ESXi hosts deployed with security from beginning) • Transparent security insertion – configurable redirection to deep inspection engine • Cloud management systems integration into Security Management – consume objects and state of NSX/vCenter (using SDDC context) • Tagging VMs with security incidents • API and CLI for security automation and orchestration
  • 14. 14©2013 Check Point Software Technologies Ltd. Beyond L4 firewall… Users, applications, data, known and unknown threats GranularVisibility Identity Awareness DLP Mobile Access SmartEvent Application Control URLF IPS Anti-Bot Antivirus Threat Emulation HTTPSHTTPSHTTPS USERCHECKUCUC
  • 15. ©2015 Check Point Software Technologies Ltd. 15 WHAT IS NEEDED?
  • 16. ©2015 Check Point Software Technologies Ltd. 16 SECURITY REQUIREMENTS INSIDE THE DATA CENTER Automated insertion and deployment of advanced threat prevention to protect inside the data center3 Automated security provisioning to keep pace with dynamic data center changes2 Security visibility into traffic inside the data center1
  • 17. ©2015 Check Point Software Technologies Ltd. 18 CHECK POINT & VMWARE Automating Security inside the Data Center + Virtual Security with Advanced Threat Prevention Security Control & Visibility Next Generation Networking and security Lateral Threat Prevention Automated Security Provisioning
  • 18. ©2015 Check Point Software Technologies Ltd. 19 vSEC & NSX DATACENTER SECURITY 100% Software Based: Service, Network & Security s Segmented Data Center Micro-Segmentation with advanced threat prevention Security Orchestration between Virtual Machines Automation of Virtual Network & Security s Consistent security for N-S and E-W traffic Security Control for All Data Center Traffic
  • 19. ©2015 Check Point Software Technologies Ltd. 23 Check Point vSEC + VMware NSX How it works
  • 20. ©2015 Check Point Software Technologies Ltd. 24 CHECK POINT vSEC DEPLOYMENT NSX automatically provisions Check Point vSEC gateway on each host
  • 21. ©2015 Check Point Software Technologies Ltd. 25 NSX manager automatically deploys and provisions Check Point vSEC Gateway on each host CHECK POINT vSEC AUTO-DEPLOYMENT
  • 22. ©2015 Check Point Software Technologies Ltd. 26 Automatically & instantly scale vSEC to secure VMs on new host members CHECK POINT vSEC AUTO-DEPLOYMENT
  • 23. ©2015 Check Point Software Technologies Ltd. 27 Use NSX to segment Virtual Machines into different Security Groups using a flat network MICRO-SEGMENTATION Finance Legal Web Database Partners NSX Security Group
  • 24. ©2015 Check Point Software Technologies Ltd. 28 Use Check Point vSEC to control traffic access between Virtual Machines EAST-WEST SECURITY CONTROL NSX Service Chain Policy Traffic from Partner to Legal Security Group must go through Check Point vSEC Gateway
  • 25. ©2015 Check Point Software Technologies Ltd. 29 Use vSEC for Advanced Threat Prevention inside data center PREVENT LATERAL THREATS
  • 26. ©2015 Check Point Software Technologies Ltd. 30 APPLICATION-AWARE POLICY Check Point Access Policy Rule From To Service Action 3 WEB_VM (vCenter Object) Database (NSX SecGroup) SQL Allow Use Fine-grained security policies tied to NSX Security Groups and Virtual Machine identities Check Point dynamically fetches objects from NSX and vCenter
  • 27. ©2015 Check Point Software Technologies Ltd. 31 SHARED-CONTEXT POLICY NSX Policy From To Action Infected VM (Tagged by Check Point) Any Quarantine Shared security context between vSEC and NSX Manager to automatically quarantine and trigger remediation by other services Check Point tags infected Virtual Machines in NSX manager
  • 28. ©2015 Check Point Software Technologies Ltd. 32 UNIFIED MANAGEMENT Use Check Point unified management for consistent policy control and threat visibility across virtual and perimeter gateways
  • 29. ©2015 Check Point Software Technologies Ltd. 33 Use Check Point SmartEvent to monitor and investigate threats across north-south and east-west traffic THREAT VISIBILITY INSIDE THE DATACENTER 4800 12400 Infected Virtual Machines VM Identity Severity Date VM_Web_22 High 3:22:12 2/4/201 VM_DB_12 High 5:22:12 2/4/201 VM_AD_15 Medium 5:28:12 2/4/201 VM_SAP_34 Medium 7:28:12 2/4/201
  • 30. ©2015 Check Point Software Technologies Ltd. 35[Confidential] For designated groups and individuals Feature Check Point Policy Management Unified management for Virtual and physical Gateways Datacenter policy segmentation with sub policies* Fetch vCenter and NSX objects for use in Check Point policy Security Threat Prevention with multi-layered defenses for Virtual Data Center Tag infected VM and update NSX for automatic remediation Visibility & Forensics View VM objects in security logs Comprehensive Datacenter Threat Visibility Automation & Orchestration Granular privilege down to individual rule for trusted integrations* Check Point vSEC Key Features * Available in R80
  • 31. ©2015 Check Point Software Technologies Ltd. 36 LIVE DEMO
  • 32. ©2015 Check Point Software Technologies Ltd. 37 SUMMARY
  • 33. ©2015 Check Point Software Technologies Ltd. 38 vSEC & NSX DATACENTER SECURITY 100% Software Based: Service, Network & Security s SDDC Software Defined Datacenters Security Orchestration between Virtual Machines Automation of Virtual Network & Security s Consistent security for N-S and E-W traffic Security Control for All Data Center Traffic Software Defined Datacenter Private Cloud
  • 34. ©2015 Check Point Software Technologies Ltd. 40©2015 Check Point Software Technologies Ltd. THANK YOU!
  • 35. ©2015 Check Point Software Technologies Ltd. 41 Backup slides
  • 36. ©2015 Check Point Software Technologies Ltd. 42 NSX Security Group
  • 37. ©2015 Check Point Software Technologies Ltd. 43 NSX Security Group - definition
  • 38. ©2015 Check Point Software Technologies Ltd. 44 NSX and vCenter in Check Point
  • 39. ©2015 Check Point Software Technologies Ltd. 45 Data Center Objects Group
  • 40. ©2015 Check Point Software Technologies Ltd. 46 CP Network Introspection Service
  • 41. ©2015 Check Point Software Technologies Ltd. 47 Service Deployments
  • 42. ©2015 Check Point Software Technologies Ltd. 48 Running as Service VM (ESX Agent)
  • 43. ©2015 Check Point Software Technologies Ltd. 49 NSX DFW does redirection to CP
  • 44. ©2015 Check Point Software Technologies Ltd. 50 by Security Policy applied to Security Group
  • 45. ©2015 Check Point Software Technologies Ltd. 51 Granular CP policy
  • 46. ©2015 Check Point Software Technologies Ltd. 52 Data Center Object identity acquisition
  • 47. ©2015 Check Point Software Technologies Ltd. 53 Botnet incident
  • 48. ©2015 Check Point Software Technologies Ltd. 54 …is translated to VM Security Tag