Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Skip the Security Slow Lane with VMware Cloud on AWS


Published on

While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow.

This was one of Trend Micro's sessions presented at VMworld 2017.

Published in: Technology
  • Want to earn $4000/m? Of course you do. Learn how when you join today! 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website!
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Skip the Security Slow Lane with VMware Cloud on AWS

  1. 1. Bryan Webster, Principal Architect, Trend Micro Dharmesh Chovatia, Cap Gemini SAI3316BUS VMworld #SAI3316BUS Skip the Security Slow Lane with VMware Cloud on AWS
  2. 2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 2#SAI3316BUS CONFIDENTIAL
  3. 3. Why cloud in the first place? 3#SAI3316BUS CONFIDENTIAL
  4. 4. Who’s driving this train? Technology budgets shifting from IT to Business Units 4 Need to move code quickly from dev to production IT seen as reducing business speed IT #SAI3316BUS CONFIDENTIAL
  5. 5. Split-Brain IT leads to… 5 Cloud DC #SAI3316BUS CONFIDENTIAL
  6. 6. Disruption at its finest 6 Premise DC #SAI3316BUS CONFIDENTIAL
  7. 7. Why do we care? Security teams blinded to environment specific risks 7 Loss of consolidated audit and logging capabilities Inability to leverage targeted efficiency in teams #SAI3316BUS CONFIDENTIAL
  8. 8. Hybrid Is here to stay 8#SAI3316BUS CONFIDENTIAL
  9. 9. Challenges bringing hybrid to reality Visibility 9 Inconsistent tooling Industry and business experience #SAI3316BUS CONFIDENTIAL
  10. 10. What does visibility really mean? 10#SAI3316BUS CONFIDENTIAL
  11. 11. Too many… Agents.. 11 Consoles.. and tools #SAI3316BUS CONFIDENTIAL
  12. 12. Expertise 12#SAI3316BUS CONFIDENTIAL
  13. 13. VMware Cloud on AWS 13#SAI3316BUS CONFIDENTIAL
  14. 14. VMware Cloud on AWS 14#SAI3316BUS CONFIDENTIAL
  15. 15. VMware Cloud on AWS 15#SAI3316BUS CONFIDENTIAL
  16. 16. Learnings from Capgemini #SAI3316BUS CONFIDENTIAL
  17. 17. Who is Capgemini 17 As a Leader in the Gartner Magic Quadrant for SAP Implementation Services, Worldwide. (July 2015) *See disclaimer In the Leaders category in The Forrester Wave™: Global Infrastructure Outsourcing Wave™, Q1 2015. (Jan 2015) In the Leaders category in The Forrester Wave™: Implementation Partners in 2015 (June 2015) As a Leader in IDC MarketScape: Worldwide Application Modernization Services for Digital Transformation Vendor Assessment (Dec. 2015) 2015 2016 As a Leader in The Forrester Wave ™: Services Providers For Next-Generation SAP Products, Q1 2016 In the Leaders category application in The Forrester Wave™: Services Providers for Next-Generation Oracle projects, Q3 2016 As a Major Player in the IDC MarketScape: Worldwide Business Analytics Consulting and Systems Integration Services 2016 Vendor Assessment (Apr 2016) As a Major Player in the IDC MarketScape: Worldwide Big Data Consulting and Systems Integration Services 2016 Vendor Assessment (May 2016) As a Major Player in the IDC MarketScape on Digital Strategy Consulting in 2016 for Worldwide, North America, EMEA and Asia Pacific (May 2016) Diversified and Robust Financial Performance Consistently Recognized as a Market Leader Revenue by Industry 11% 26% 17%4% 19% 7% 16% Energy, Utilities and Chemicals Financial Services Public Sector Telecom, Media & Entertainment Consumer Products, Retail, Distribution & Transportation Manufacturing, Automotive & Life Sciences Others 2016 Operating Margin $1.59 billion 2016 Operating Profit $1.27 billion 2016 Revenue $13.8 billion #SAI3316BUS CONFIDENTIAL
  18. 18. Capgemini Infrastructure, Cloud and Cybersecurity Managed Services 18 End-to-end cloud services portfolio • Cloud strategy and advisory • Cloud migration and hybrid cloud managed services • Cloud native development and integration • Private cloud hosting and transformation Industrialized, proven assets to accelerate timeline • Capgemini Application Profiler • Cloud migration factory (CMF) • Capgemini Cloud Managed Services (CCMS) • Infrastructure Monitoring Operations Center (IMOCTM) Comprehensive cybersecurity approach Global Presence• State-of-the-art GSOCs for security monitoring & protection • End-to-end cybersecurity consulting #SAI3316BUS CONFIDENTIAL
  19. 19. Problem we were trying to Solve 19 • Cloud changes the security monitoring and protection. • There are no facilities to deploy a Network based IDS/IPS. • Perimeter security is typically at L4, unless expensive security virtual appliances are deployed • Non-Standard and non-uniform security configurations between cloud vendors. • Workloads are scalable and variable. • Cloud vendors have security control as part of the platform and integration is often via an API. • Cloud vendors protect underneath infrastructure but virtual resources are customers’ responsibility. Traditional Security Tiers #SAI3316BUS CONFIDENTIAL
  20. 20. Cloud Security Model with Trend Hypervisor Compute Storage Networking Bare Metal Infrastructure Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data CloudProviderCapgemini § DDoS (Distributed Denial of Service): § Standard Mitigation Technique in effect § MITM (Man in the Middle) § API Endpoints protected by SSL § IP Spoofing: § Prohibited at instance level § Unauthorized Port Scanning: § Violation of TOS § Detected, stopped and blocked § Inbound ports are blocked by default § Packet Sniffing § Promiscuous Mode is ineffective CloudVendor Built-in Sectools Instance Protections Sectools #SAI3316BUS CONFIDENTIAL
  21. 21. Modules in Deep Security 21 Network Security Firewall Vulnerability Scanning Intrusion Prevention Stop network attacks, shield vulnerable applications & servers Anti- Malware Sandbox Analysis Malware Prevention Stop malware & targeted attacks Behavioral Analysis & Machine Learning (2H/17) System Security Lock down systems & detect suspicious activity Application Control Integrity Monitoring Log Inspection #SAI3316BUS CONFIDENTIAL
  22. 22. Agent based Architecture and Deployment 22 Deep Security #SAI3316BUS CONFIDENTIAL
  23. 23. Parting thoughts #SAI3316BUS CONFIDENTIAL
  24. 24. As your digital transformation continues… • Look for capabilities and design patterns to give you the greatest uniform visibility across the enterprise • Enterprise Transformation in cloud is an opportunity to consolidate tooling and reduce the impact of: – Personnel training and context switching – Overhead on compute resources from too many agents – Server platforms, databases, and consoles to maintain • Build hybrid teams for hybrid infrastructure • Transformation doesn’t have to stop at technologies – Transform IT from the org perceived as innovation crushing to enabler – Deliver capabilities to platform teams and let them focus on their business – Leverage existing expertise to build your hybrid infrastructure 24#SAI3316BUS CONFIDENTIAL
  25. 25. Always more to learn… • …. and we can’t wait to learn from all of you. • Please come tell us about your hybrid journey at Booth #610 • and see what else we’ve learned from you on the web at • 25