Roadmap: The Evolution of Data Center Security, Risk and...

Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640

Kurt Van Etten / Joe Bertnick Product Management, Data Center Security


1

Agenda


the evolution of the data center

the growing security challenge

Symantec Data Center Security

product strategy and roadmap

1

2

3

4

2

the evolution of the data center


1

3

the bar is set high…


I I I I I I I I I I I I I I I I I I I I I I I

The bar

“AWS is who we are

measured against. We

need to deliver that agility

with the same security and

management we have today.”

- Vice President IT Infrastructure,

Retail

“For security to keep up – we need a simpler way to manage security from our

Firewalls to the Workload. With the rate of change in our data center, a gap

between products or process is where a breach is likely to occur.”

- Director, IT Security Financial Services

• solutions integrated with the SDDC infrastructures

• automation across network and server security

policies

• better protection with more

tightly integrated solutions

Security needs to evolve

• many organizations protyping SDDC

infrasturcutres (NSX, OpenStack)

• focus on auotmation for lower TCO

• security automation is the bottleneck

AWS is the new benchmark

4


security is here

adoption is here

this is a problem

the adoption curve Virtualization is being stalled due to concerns around Security and Compliance.

5

the vision


Drivers

Cost

Speed

Flexibility

Inhibitors

Security Tax

Compliance

Complexity

The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC.

Data

Cente

r S

ecurity

Compute and Storage Virtualization

Network Virtualization

Software Defined Services

On-Prem/Private/Public Cloud Resources

So

ftw

are

-De

fin

ed

Da

ta C

en

ter

Applications and Policies

Auto

mation a

nd M

anagem

ent

6

Da

ta C

en

ter

Se

cu

rity

Compute/Storage Virtualization




So

ftw

are

-De

fin

ed

Da

ta C

en

ter Applications

and Policies

Auto

mation a

nd M

anagem

ent

Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack

Security for leading hypervisors

Security for hybrid networks

Integrated security orchestration

Dynamic, context-based, policy-centric security

compute and storage virtualization


“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”

– Neil MacDonald

A dynamic, application-centric data center needs dynamic, application-centric security.

1. Drive down hardware and power costs

2. Abstract workload from

hardware

3. Provision and monitor services

Hypervisor

7

virtualization Little “v”- Consolidation of Identical Apps


Hypervisor

8


Driver: Reduce Hardware and Power Costs Security Concerns: New Threat Surfaces

• Cloud Admin • Hypervisor • Management Plane

Network Security Zones remain unchanged

Hypervisor

little “v”- virtualization Consolidation of Identical Apps

9

big “V”- virtualization full abstraction of application from hardware

App A App A App A App B App B

Server A Server B Server C Server D

Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 10

big “V”- virtualization full abstraction of application from hardware

Driver: Agility, Speed , and Utilization Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede

value

App A App A App A App B App B

Server A Server B Server C Server D


Da

ta C

en

ter

Se

cu

rity





So

ftw

are

-De

fin

ed

Da

ta C

en

ter Applications

and Policies

Auto

mation a

nd M

anagem

ent






network virtualization



– Neil MacDonald

1. Agility and Speed

2. Abstract workload from

hardware

3. Drive down hardware costs

SDN

A dynamic, application-centric data center needs dynamic, application-centric security.

12

small “sdn”- Software Defined Networking mimic hardware security zones with software


DMZ PCI HIPAA

13

small “sdn”- Software Defined Networking mimic hardware security zones with software


DMZ PCI HIPAA

Driver: Agility, Speed Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede

value

14

big “SDN”- Software Defined Networking micro segmentation by application


Software Defined Networks

Sharepoint Order Processing HR Onboarding

15

big “SDN”- Software Defined Networking micro segmentation by application


Software Defined Networks

Sharepoint Order Processing HR Onboarding

Driver: Agility, Speed Security Impacts: Motioning • Firewall rules follows application Network Security Zones • Large number of security zones • No need to group apps by zones

16

the players


Clear leaders are emerging within layers and across the stack.

17

the growing security challenge


2

Da

ta C

en

ter

Se

cu

rity





So

ftw

are

-De

fin

ed

Da

ta C

en

ter Applications

and Policies

Auto

mation a

nd M

anagem

ent






benefits of data center virtualization



– Neil MacDonald

VM

1. Centrally apply and attach policies to workloads

2. Automate workflows across

services


19


what customers are still concerned about…

VM

1. Centrally apply and attach policies to workloads

2. Automate workflows across

services


✓ • Threats– how do I continuously combine updated threat and vulnerability intelligence with workload context to optimize security response?

• Security Consistency – how do I ensure consistent security across my virtual and physical infrastructure so I can move workloads from to physical to virtual.

• Compliance – how do I make sure adequate controls are in place at all times to ensure and demonstrate regulatory compliance?

• Policy – how do I make sure I have the right menu of policies available for orchestration and how do I continuously adapt these across multiple products in response to the changing threat environment?

• Segregation of Duties – how do I ensure the integrity of my data center security in the face of converging admin roles?

• Security Tax – how do I optimize security to minimize the performance and operational cost to my data center?

?

20

Symantec Data Center Security


3

Symantec SDDC vision


Embed Security into the platform

Integrate across point technologies

Automate and orchestrate security 1 2 3

Security Orchestration Platform

Serv

er S

ecu

rity

Un

ifie

d

Ass

essm

ent

Dat

e St

ore

Se

curi

ty

VD

I Sec

uri

ty

22

Embed security into the platform


• Integration with SDN/SDDC

Platform

• Security via the Hypervisor

• Frictionless agents to deploy

higher controls

Integrate across point technologies

• Bring together multiple controls

into a single offering

• Integrate across policy and

deployment

• Easily allow security to “scale

up” based on the policy of the

workload

VSM PGP

DLP

Threat Protection

Hypervisor Hardening/SOD

Encryption

Data Protection

Data Store Security

1 2

DSS

UA PAN

CSP/ SEP

CSP

Server Hardening

23


Automate and Orchestrate Security • Automate key processes to

ensure workloads stay secure

- Deployment and

Provisioning

- Updating security baselines

to respond to external threats

- Implementing new security

profiles as workloads change

- Remediating workloads

through their lifecycle

• Ongoing validation and

continuous monitoring

SDN/SDDC Platform

Software Defined Security Service

3

Server Security

Data Store

Security Firewall

24

product strategy and roadmap


4

protecting the data center at each layer…


Infrastructure Protection • Backplane Hardening • SDN Integration

3 Information Protection Focus Designed for key applications in the data center

Application/Data Plane

Data Store Security

2 Workload

Threat Protection Focus Workload Server Centric

Server Security

VDI Security

Security Orchestration Platform • Operations Director • Security Service • Assessment / Discovery

1 Infrastructure

VM Backplane vCenter (Management) AWS Infrastructure Software Defined Networks

SVA SVA

26

Data Center Security: Server the first of the ‘new offerings’ to ship from Symantec!

Symantec™ Data Center Security: Server

• Hypervisor-based security virtual appliance

• Low OPEX – Fully integrated with VMware NSX

• Always On – Anywhere Protection

• Utilizing Symantec Best in Class AV and Insight Reputation

• What’s Next: Guest Network Threat Protection

Frictionless AV Protection

• Scale up to Full Lock Down

• Wizard Driven Simplified Hardening

• Protected Application Whitelisting and Control

• What’s Next: Application Centric Protection

Integrated with “CSP”

Data Center Security

Service for VMWare NSX

Security Response Insight Reputation

Virtual Data Center


VDI Security Appliance

Data Center Security : VDI

Non-Disclosure Commercial in Confidence

2

8

Citrix XenApp VMware View/Horizon

Thin Client

• Hypervisor-based security virtual appliance

• Low OPEX – Fully integrated with VMware NSX

• Always On – Anywhere Protection

• Utilizing Symantec Best in Class AV and Insight Reputation

AV Protection with Insight Reputation

Thin Client

Citrix XenApp

VMware Horizon


Data Center Security: Data Store

Symantec™ Data Center Security: DataStore

• Threat Protection -Content Filtering

• DLP Integration

• Data Insight – Encryption

• Unified Policy and Administration

Unified Protection

• Messaging (Exchange)

• NAS – Filers

• NetApp

• SharePoint

• Cloud Apps

Across Critical Applications & Data

DSS Deployed across

Virtual & Cloud



28

“Any information regarding pre-release Symantec

offerings, future updates or other planned

modifications is subject to ongoing evaluation by

Symantec and therefore subject to change. This

information is provided without warranty of any kind,

express or implied. Customers who purchase Symantec

offerings should make their purchase decision based

upon features that are currently available.”


High-level product roadmap


DC Protection: Integrated security for agile workloads, networks, and data intensive/strategic applications

Anti-Malware DCS: Server (HyperVisor AV

Server Hardening - CSP)

DCS: Server (Application Centric Security

Enhanced IPS)

DCS: Server (DLP Endpoint,

Multi HyperVisors) Server Hardening

VDI Protection Symantec Endpoint Protection Symantec Endpoint Protection DCS: VDI

(Frictionless Protection for VDI)

HyperVisor Hardening Symantec Virtual Security Manager

Symantec Virtual Security Manager

DCS: Virtual Security Manager

Data Store Protection (Exchange, Sharepoint, NAS, Cloud) Symantec Protection Engine

Symantec Mail Security

DCS: Data Store (Threat Protection

Exchange / SharePoint Security Content Filtering DLP Integration)

DCS: Data Store (DLP Engine, Encryption

App / SAN Security)

DC Security Orchestration: Automated evaluation and application of security to virtual environments

Security Orchestration DCS: Operations Director

Security settings for New Workloads

DCS: Operations Director

Security settings in response

Asset Discovery Risk Management Secure Configuration Vulnerability Scanning

CCS SM, RM, SM, VM

CCS SM, RM, SM, VM

DCS: Unified Assessment (Secure Configuration, VM, Risk

Management) Public/Private cloud assessment

Current Phase II Phase III

30

Thank you!

YOUR FEEDBACK IS VALUABLE TO US!

Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.

To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.


https://vision2014.quickmobile.com/

https://vision2014.quickmobile.com/

Transition With Background Picture


Roadmap: The Evolution of Data Center Security, Risk and...

Documents

Transcript of Roadmap: The Evolution of Data Center Security, Risk and...