Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security


Published on

In today’s real-time enterprise where we all must do more with less, the operations team is sometimes forced to take shortcuts. Forgetting to manually apply security controls is often one of the first tasks to fall by the wayside. VMs that are put in production, lacking adequate protection, leave high-risk vulnerabilities open for exploitation. Learn how building-in security automation with VMware NSX and Trend Micro Deep Security provides visibility, assesses risk, and applies the right protection. Once in operation, using the adapter for vRealize Operations, the security events become visible next to the operational events, providing a holistic view of the environment. This will be illustrated through the case study of a leading manufacturing company, Plexus Corporation, who will also share their NSX journey.

This was one of Trend Micro's sessions presented at VMworld 2017.

Published in: Technology
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website!
    Are you sure you want to  Yes  No
    Your message goes here

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security

  1. 1. Chris Van den Abbeele Kelly McBrair SAI3313BUS #VMworld #SAI3313BUS Automated Security for the Real-Time Enterprise with VMware NSX and Trend Micro Deep Security
  2. 2. Copyright 2017 Trend Micro Inc.2 Welcome to: AUTOMATED SECURITY FOR THE REAL-TIME ENTERPRISE WITH VMWARE NSX AND TREND MICRO DEEP SECURITY [SAI3313BUS] Presenter: Chris Van den Abbeele, Global Solutions Architect, Trend Micro Presenter: Kelly McBrair, IT Infrastructure Architect, Plexus Corp Join us Wednesday at 11 am for: SKIP THE SECURITY SLOW LANE WITH VMWARE ON AWS [SAI3316BUS] Presenter: Bryan Webster, Principal Architect, Trend Micro Presenter: Dharmesh Chovatia, Lead Architect, Global CTO Office, Capgemini US Visit the VMware Solution Exchange for a 30 Day Trial of Trend Micro™ Deep Security Visit Follow us @trendmicro
  3. 3. Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Kelly McBrair, IT Infrastructure Architect, Plexus Corp. Chris Van Den Abbeele, Global Solution Architect, Trend Micro
  4. 4. Copyright 2017 Trend Micro Inc.4 Customer Perspective
  5. 5. Plexus Market Sectors Exclusively focused in market sectors that require mid-to- low volume higher complexity value stream solutions Communications Healthcare/ Life Sciences Industrial/ Commercial Defense/Security/ Aerospace
  6. 6. Copyright 2017 Trend Micro Inc.6 Trend Micro § 28 years focused on security software § Headquartered in Japan, Tokyo Exchange Nikkei Index (4704) § Annual sales over $1B US § Customers include 45 of top 50 global corporations § 5500+ employees in over 50 countries 500k commercial customers & 155M endpoints protected Small Business Midsize Business Enterprise Consume r Consumers
  7. 7. Copyright 2017 Trend Micro Inc.7 Agenda • Introductions • Automated security: From “bolted on” to “part of the fabric” • The Business Case for Automated Virtual Patching • Solve new problems • Integration with vRealize Operations • Deployment lessons learned
  8. 8. Copyright 2017 Trend Micro Inc.8 Integrated security: From “bolted on” to “part of the fabric”
  9. 9. Copyright 2017 Trend Micro Inc.9 Visibility Risk assessment Protect MoneyMaintainContextVisibility
  10. 10. Copyright 2017 Trend Micro Inc.10 What’s the problem with “bolted on” security ? • With the introduction of virtualization, we made a quantum leap in Operations. The same is happening with NW virtualization. But in many cases, Security, remained stuck in the Dark Ages. Security is still something that is applied afterwards. • We need to “shift left” security and integrate it in the automation • In today’s real-time enterprise, the Operations team has to do more with less, every day. They create more new workloads than ever before. • Manually adding the security controls, takes a lot of time and it is often postponed (and/or finally... “forgotten”) • Many Security Dashboards only show workloads which had been brought under the control of the Security Solution (and have a security agent installed on them). • Shadow IT can remain completely under the RADAR
  11. 11. Copyright 2017 Trend Micro Inc.11
  12. 12. Copyright 2017 Trend Micro Inc.12 Context of new systems 1 Risk assessment Protect MoneyMaintainVisibility Context
  13. 13. Copyright 2017 Trend Micro Inc.13 Event-based tasks to profile new systems
  14. 14. Copyright 2017 Trend Micro Inc.14 Estimate the Risk Protect MoneyMaintainContextVisibility Risk assessment
  15. 15. Copyright 2017 Trend Micro Inc.15 Some High Risk Vulnerabilities
  16. 16. Copyright 2017 Trend Micro Inc.16 1
  17. 17. Copyright 2017 Trend Micro Inc.17
  18. 18. Copyright 2017 Trend Micro Inc.18 Risk assessment Protecting new systems 1 MoneyMaintainContextVisibility Protect
  19. 19. Copyright 2017 Trend Micro Inc.19 The Same Exploits... now Protected by Deep Security
  20. 20. Copyright 2017 Trend Micro Inc.20
  21. 21. Copyright 2017 Trend Micro Inc.21 8 layers of security: - Anti-Malware - Web Reputation - Firewall - Intrusion Prevention - Integrity Monitoring - Log Inspection - Application Control - Protection for SAP systems (NW-VSI) Full, multi-layered security
  22. 22. Copyright 2017 Trend Micro Inc.22 Protect Risk assessment Maintain consistency 2 MoneyContextVisibility Maintain
  23. 23. Copyright 2017 Trend Micro Inc.23 Integrity Monitoring Monitor sensitive files and sensitive registry keys for changes Application Control: “Freezes” the server and blocks new executables and scripts from running Protect against drift:
  24. 24. Copyright 2017 Trend Micro Inc.24 Protect against the latest vulnerabilities: Scheduled “Vulnerability” Scans
  25. 25. Copyright 2017 Trend Micro Inc.25 Reduce deployment complexity Rich API set to integrate with virtually any orchestration and automation tools PowerShell
  26. 26. Copyright 2017 Trend Micro Inc.26 The Business Case For Automated Virtual Patching
  27. 27. Copyright 2017 Trend Micro Inc.27 Typical patch cycle without virtual patching Typical patch cycle without Virtual Patching Monthly Security Patching Half-yearly Full Patching 12 x patching /year
  28. 28. Copyright 2017 Trend Micro Inc.28 High-impact zero days require immediate attention 2 – Are we vulnerable? (risk?) – Who can provide a patch? – When can we have the patch? – When can we test it? – Who can test it (team?) – Where can we test it ? (test environment) – When can we have a maintenance window to Patch and Reboot our servers?
  29. 29. Copyright 2017 Trend Micro Inc.29 Typical patch cycle with virtual patching Typical patch cycle with Virtual Patching Half-yearly Full Patching 2 x patching /year Automated Ongoing Security Patching
  30. 30. Copyright 2017 Trend Micro Inc.30 Win-Win: increases security + reduces cost
  31. 31. Copyright 2017 Trend Micro Inc.31 5 days after ShellShock: 766 attacks blocked (Customer example) 766 attacks blocked by Deep Security Automated Virtual Patching on Sept 30th, at a customer managing 100+ instances If Emergency (physical) Patching takes 5 days...
  32. 32. Copyright 2017 Trend Micro Inc.32 Solve New Problems
  33. 33. Why VMware with NSX and Trend Micro Deep Security? Table Stakes • Performance • Security • Cost Next Play • Integration and Choice • Flexibility and Innovation
  34. 34. NIST Cybersecurity Framework Identify Protect Detect Respond Recover • Asset Management • Business Environment • Governance • Risk Assessment • Risk Management Strategy • Access Control • Awareness and Training • Data Security • Information Protection Processes and Procedures • Maintenance • Protective Technology • Anomalies and Events • Security Continuous Monitoring • Detection Processes • Response Planning • Communications • Analysis • Mitigation • Improvements • Recovery Planning • Improvements • Communications Security Dashboard Firewall Antivirus IPS Vulnerability Scanning IDS SIEM Monitoring Data Recovery Disaster Recovery Disconnection Management Security Incident Response
  35. 35. • Leverage Syslog, SNMP, Email and/or vRealize Suite for Better Integration with Existing Monitoring/Alerting Tools • Isolate VM Tagged by Deep Security with Native NSX Firewalling • Behavior-based firewalling, block internet phone home, prevent RGE • Take Action on VM Tagged by Deep Security with VMware Orchestrator • Snapshots and clones, prepare restores, perform additional scanning Example video of automated VM snapshot and Wireshark tap (with code): • See the Trend Threat Encyclopedia for examples of High, Medium and Low threats: • Find sample code at Trend’s DS Github repo: Automated Response to Improve Protection
  36. 36. Copyright 2017 Trend Micro Inc.36 Integration with vRealize Operations
  37. 37. Copyright 2017 Trend Micro Inc.37 User call - VM slow to respond … or … Administrator receives a security alert Log Ticket Log Ticket Admin logs in to vRealize Operations Admin logs in to Deep Security Manager • Attempt to vMotion • Reboot the VM • Recycle the VM • Change rules to block specific ports • Quarantine and scan Root Cause Analysis Root Cause Analysis Close Ticket Close Ticket Virtual Infrastructure Administrator Security Administrator Isolated worlds...
  38. 38. Copyright 2017 Trend Micro Inc.38 Single pane of glass For Trend Micro events and VMware events
  39. 39. Copyright 2017 Trend Micro Inc.39 Correlate vRops Events with Security Events
  40. 40. Copyright 2017 Trend Micro Inc.40 Deployment Lessons Learned
  41. 41. Read Trend’s Best Practices Guide (Note sizing, testing, recommendations) : Consider Additional Distribution Points and/or Managers over WAN Troubleshoot Deep Security Virtual Appliances as Cattle Plan Your Rules: Firewall, Affinity, Restart, etc. Agents are still needed (today) for: • Server 2016 and *nix VMs • Some advanced features • (recommendation) Windows-based VMware Components and Supporting Systems that may start up before Trend Deep Security Manager (i.e. its DB) Tips and Things You Should Know
  42. 42. Guest Introspection Drivers and Troubleshooting: VMware Tools Versions and Upgrades (Beware of v10.0.0-10.0.7) (Correlate versions file to ESXi Build) Automate the Upgrade with: /v “/qn ADDLOCAL=ALL REMOVE=Hgfs,NetworkIntrospection” Note: NetworkIntrospection removal optional Add REBOOT=ReallySuppress to prevent any reboots Get to Know VMware Tools
  43. 43. Copyright 2017 Trend Micro Inc.43 Summary
  44. 44. Hopefully this presentation has provided a few insights and practical examples on how to bring your Hybrid Cloud Security into the 21st century. By automating and integrating security in the operations stack, you can greatly improve your security posture and reduce operational costs Do the same setup and demo yourself in the VMworld Hands on Labs LAB HOL-1841 Summary
  45. 45. Copyright 2017 Trend Micro Inc.45 Join us Wednesday at 11 am for: SKIP THE SECURITY SLOW LANE WITH VMWARE ON AWS [SAI3316BUS] Presenter: Bryan Webster, Principal Architect, Trend Micro Presenter: Dharmesh Chovatia, Lead Architect, Global CTO Office, Capgemini US Visit the VMware Solution Exchange for a 30 Day Trial of Trend Micro™ Deep Security Visit Follow us @trendmicro