Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security
-
Upload
trend-micro -
Category
Technology
-
view
1.177 -
download
0
Transcript of Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security
![Page 1: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/1.jpg)
Chris Van den AbbeeleKelly McBrair
SAI3313BUS
#VMworld #SAI3313BUS
Automated Security for the Real-Time Enterprise with VMware NSX and Trend Micro Deep Security
![Page 2: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/2.jpg)
Copyright2017TrendMicroInc.2
Welcometo:AUTOMATEDSECURITYFORTHEREAL-TIMEENTERPRISEWITHVMWARENSXANDTRENDMICRODEEPSECURITY[SAI3313BUS]Presenter:ChrisVandenAbbeele,GlobalSolutionsArchitect,TrendMicroPresenter:KellyMcBrair,ITInfrastructureArchitect,PlexusCorp
JoinusWednesdayat11amfor:SKIPTHESECURITYSLOWLANEWITHVMWAREONAWS[SAI3316BUS]Presenter:BryanWebster,PrincipalArchitect,TrendMicroPresenter:Dharmesh Chovatia,LeadArchitect,GlobalCTOOffice,CapgeminiUS
VisittheVMwareSolutionExchangefora30DayTrialofTrendMicro™DeepSecurityhttps://www.trendmicro.com/product_trials/download/index/us/123
Visittrendmicro.com/vmware
Followus@trendmicro
![Page 3: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/3.jpg)
AutomatedSecurityfortheReal-timeEnterprisewithVMwareNSXandTrendMicroDeepSecurity
KellyMcBrair,ITInfrastructureArchitect,PlexusCorp.ChrisVanDenAbbeele,GlobalSolutionArchitect,TrendMicro
![Page 4: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/4.jpg)
Copyright2017TrendMicroInc.4
CustomerPerspective
![Page 5: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/5.jpg)
PlexusMarketSectorsExclusivelyfocusedinmarketsectorsthatrequiremid-to-lowvolumehighercomplexityvaluestreamsolutions
Communications Healthcare/LifeSciences
Industrial/Commercial
Defense/Security/Aerospace
![Page 6: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/6.jpg)
Copyright2017TrendMicroInc.6
TrendMicro
§ 28yearsfocusedonsecuritysoftware§ HeadquarteredinJapan,TokyoExchangeNikkeiIndex (4704)§ Annualsalesover$1BUS§ Customersinclude45oftop50globalcorporations§ 5500+employees inover50countries
500kcommercialcustomers&155M endpointsprotected
SmallBusiness
MidsizeBusiness
Enterprise
Consumer
Consumers
![Page 7: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/7.jpg)
Copyright2017TrendMicroInc.7
Agenda
• Introductions
• Automatedsecurity:From“boltedon”to“partofthefabric”
• TheBusinessCaseforAutomatedVirtualPatching
• Solvenewproblems
• IntegrationwithvRealizeOperations
• Deploymentlessonslearned
![Page 8: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/8.jpg)
Copyright2017TrendMicroInc.8
Integratedsecurity:From“boltedon”to“partofthefabric”
![Page 9: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/9.jpg)
Copyright2017TrendMicroInc.9
Visibility
Riskassessment Protect MoneyMaintainContextVisibility
![Page 10: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/10.jpg)
Copyright2017TrendMicroInc.10
What’stheproblemwith“boltedon”security?• Withtheintroductionofvirtualization,wemadeaquantumleapinOperations.
ThesameishappeningwithNWvirtualization.Butinmanycases,Security,remainedstuckintheDarkAges.Securityisstillsomethingthatisappliedafterwards.
• Weneedto“shiftleft”securityandintegrateitintheautomation• Intoday’sreal-timeenterprise,theOperationsteamhastodomorewithless,
everyday.Theycreatemorenewworkloadsthaneverbefore.• Manuallyaddingthesecuritycontrols,takesalotoftimeanditisoften
postponed(and/orfinally...“forgotten”)• ManySecurityDashboardsonlyshowworkloadswhichhadbeenbrought
underthecontroloftheSecuritySolution(andhaveasecurityagentinstalledonthem).
• ShadowITcanremaincompletelyundertheRADAR
![Page 11: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/11.jpg)
Copyright2017TrendMicroInc.11
![Page 12: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/12.jpg)
Copyright2017TrendMicroInc.12
Contextofnewsystems
12
Riskassessment Protect MoneyMaintainVisibility Context
![Page 13: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/13.jpg)
Copyright2017TrendMicroInc.13
Event-basedtaskstoprofilenewsystems
![Page 14: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/14.jpg)
Copyright2017TrendMicroInc.14
EstimatetheRisk
Protect MoneyMaintainContextVisibility Riskassessment
![Page 15: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/15.jpg)
Copyright2017TrendMicroInc.15
SomeHighRiskVulnerabilities
![Page 16: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/16.jpg)
Copyright2017TrendMicroInc.16
16
![Page 17: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/17.jpg)
Copyright2017TrendMicroInc.17
![Page 18: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/18.jpg)
Copyright2017TrendMicroInc.18
Riskassessment
Protectingnewsystems
18
MoneyMaintainContextVisibility Protect
![Page 19: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/19.jpg)
Copyright2017TrendMicroInc.19
TheSameExploits...nowProtectedbyDeepSecurity
![Page 20: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/20.jpg)
Copyright2017TrendMicroInc.20
![Page 21: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/21.jpg)
Copyright2017TrendMicroInc.21
8layersofsecurity:- Anti-Malware- WebReputation- Firewall- IntrusionPrevention- IntegrityMonitoring- LogInspection- ApplicationControl- ProtectionforSAP
systems(NW-VSI)
Full,multi-layeredsecurity
![Page 22: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/22.jpg)
Copyright2017TrendMicroInc.22
ProtectRiskassessment
Maintainconsistency
22
MoneyContextVisibility Maintain
![Page 23: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/23.jpg)
Copyright2017TrendMicroInc.23
IntegrityMonitoringMonitorsensitivefilesandsensitiveregistrykeysforchanges
ApplicationControl:“Freezes”theserverandblocksnewexecutablesandscriptsfromrunning
Protectagainstdrift:
![Page 24: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/24.jpg)
Copyright2017TrendMicroInc.24
Protectagainstthelatestvulnerabilities:Scheduled“Vulnerability”Scans
![Page 25: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/25.jpg)
Copyright2017TrendMicroInc.25
Reducedeploymentcomplexity
RichAPIsettointegratewithvirtuallyanyorchestrationandautomationtools
PowerShell
![Page 26: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/26.jpg)
Copyright2017TrendMicroInc.26
TheBusinessCaseForAutomatedVirtualPatching
![Page 27: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/27.jpg)
Copyright2017TrendMicroInc.27
Typicalpatchcyclewithoutvirtualpatching
TypicalpatchcyclewithoutVirtualPatching
MonthlySecurityPatching Half-yearlyFullPatching
12xpatching/year
![Page 28: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/28.jpg)
Copyright2017TrendMicroInc.28
High-impactzerodaysrequireimmediateattention
28
– Arewevulnerable?(risk?)– Who canprovideapatch?– Whencanwehavethepatch?– Whencanwetestit?– Whocantestit(team?)– Wherecanwetestit?(testenvironment)
– WhencanwehaveamaintenancewindowtoPatchandRebootourservers?
![Page 29: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/29.jpg)
Copyright2017TrendMicroInc.29
Typicalpatchcyclewithvirtualpatching
Typicalpatchcyclewith VirtualPatching
Half-yearlyFullPatching
2xpatching/year
AutomatedOngoingSecurityPatching
![Page 30: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/30.jpg)
Copyright2017TrendMicroInc.30
Win-Win:increasessecurity+reducescost
![Page 31: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/31.jpg)
Copyright2017TrendMicroInc.31
5daysafterShellShock:766attacksblocked(Customerexample)
766attacksblockedbyDeepSecurityAutomatedVirtualPatchingonSept30th,atacustomermanaging100+instancesIfEmergency(physical)Patchingtakes5days...
![Page 32: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/32.jpg)
Copyright2017TrendMicroInc.32
SolveNewProblems
![Page 33: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/33.jpg)
WhyVMwarewithNSXandTrendMicroDeepSecurity?
TableStakes• Performance• Security• Cost
NextPlay• IntegrationandChoice• FlexibilityandInnovation
![Page 34: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/34.jpg)
NISTCybersecurity Framework
Identify Protect Detect Respond Recover
• AssetManagement• Business
Environment• Governance• RiskAssessment• RiskManagement
Strategy
• AccessControl• Awarenessand
Training• DataSecurity• Information
ProtectionProcessesandProcedures
• Maintenance• Protective
Technology
• AnomaliesandEvents
• SecurityContinuousMonitoring
• DetectionProcesses
• ResponsePlanning• Communications• Analysis• Mitigation• Improvements
• RecoveryPlanning• Improvements• Communications
SecurityDashboard
Firewall
Antivirus
IPS
VulnerabilityScanning
IDS SIEM
Monitoring
DataRecovery
DisasterRecovery
DisconnectionManagement
SecurityIncidentResponse
![Page 35: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/35.jpg)
• LeverageSyslog,SNMP,Emailand/orvRealize SuiteforBetterIntegrationwithExistingMonitoring/AlertingTools
• IsolateVMTaggedbyDeepSecuritywithNativeNSXFirewalling• Behavior-basedfirewalling,blockinternetphonehome,preventRGE
• TakeActiononVMTaggedbyDeepSecuritywithVMwareOrchestrator• Snapshotsandclones,preparerestores,performadditionalscanning
ExamplevideoofautomatedVMsnapshotandWireshark tap(withcode):http://www.storagegumbo.com/2014/09/automation-multi-action-security.html
• SeetheTrendThreatEncyclopediaforexamplesofHigh,MediumandLowthreats:http://trendmicro.com/vinfo
• FindsamplecodeatTrend’sDSGithub repo:https://github.com/deep-security
AutomatedResponsetoImproveProtection
![Page 36: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/36.jpg)
Copyright2017TrendMicroInc.36
IntegrationwithvRealizeOperations
![Page 37: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/37.jpg)
Copyright2017TrendMicroInc.37
Usercall- VMslowtorespond…
or…Administratorreceivesasecurityalert
LogTicket
LogTicket
AdminlogsintovRealizeOperations
AdminlogsintoDeepSecurityManager
• AttempttovMotion
• ReboottheVM• RecycletheVM
• Changerulestoblockspecificports
• Quarantineandscan
RootCauseAnalysis
RootCauseAnalysis
CloseTicket
CloseTicket
VirtualInfrastructureAdministrator
SecurityAdministrator
Isolatedworlds...
![Page 38: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/38.jpg)
Copyright2017TrendMicroInc.38
SinglepaneofglassForTrendMicroeventsandVMwareevents
![Page 39: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/39.jpg)
Copyright2017TrendMicroInc.39
CorrelatevRopsEventswithSecurityEvents
![Page 40: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/40.jpg)
Copyright2017TrendMicroInc.40
DeploymentLessonsLearned
![Page 41: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/41.jpg)
ReadTrend’sBestPracticesGuide(Notesizing,testing,recommendations):https://help.deepsecurity.trendmicro.com/best-practice-guide.html
ConsiderAdditionalDistributionPointsand/orManagersoverWANTroubleshootDeepSecurityVirtualAppliancesasCattlePlanYourRules:Firewall,Affinity,Restart,etc.
Agentsarestillneeded(today)for:• Server2016and*nixVMs• Someadvancedfeatures• (recommendation)Windows-basedVMwareComponentsandSupporting
SystemsthatmaystartupbeforeTrendDeepSecurityManager(i.e.itsDB)
TipsandThingsYouShouldKnow
![Page 42: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/42.jpg)
GuestIntrospectionDriversandTroubleshooting:https://kb.vmware.com/kb/2094261
VMwareToolsVersionsandUpgradeshttps://packages.vmware.com/tools/index.html (Bewareofv10.0.0-10.0.7)https://kb.vmware.com/kb/1014508 (CorrelateversionsfiletoESXi Build)
AutomatetheUpgradewith:/v“/qn ADDLOCAL=ALLREMOVE=Hgfs,NetworkIntrospection”Note:NetworkIntrospection removaloptionalAddREBOOT=ReallySuppress topreventanyreboots
GettoKnowVMwareTools
![Page 43: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/43.jpg)
Copyright2017TrendMicroInc.43
Summary
![Page 44: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/44.jpg)
HopefullythispresentationhasprovidedafewinsightsandpracticalexamplesonhowtobringyourHybridCloudSecurityintothe21st century.
Byautomatingandintegratingsecurityintheoperationsstack,youcangreatlyimproveyoursecuritypostureandreduceoperationalcosts
DothesamesetupanddemoyourselfintheVMworld HandsonLabsLABHOL-1841
Summary
![Page 45: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/45.jpg)
Copyright2017TrendMicroInc.45
JoinusWednesdayat11amfor:SKIPTHESECURITYSLOWLANEWITHVMWAREONAWS[SAI3316BUS]Presenter:BryanWebster,PrincipalArchitect,TrendMicroPresenter:Dharmesh Chovatia,LeadArchitect,GlobalCTOOffice,CapgeminiUS
VisittheVMwareSolutionExchangefora30DayTrialofTrendMicro™DeepSecurityhttps://www.trendmicro.com/product_trials/download/index/us/123
Visittrendmicro.com/vmware
Followus@trendmicro
![Page 46: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/46.jpg)
![Page 47: Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security](https://reader033.fdocuments.net/reader033/viewer/2022050614/5a64a2607f8b9a46568b503b/html5/thumbnails/47.jpg)