#SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec...The Evolution of Data...

#SymVisionEmea

#SymVisionEmea

The Evolution of Data Center Security, Risk and Compliance

Taha Karim / Patrice Payen

SYMANTEC VISION SYMPOSIUM 2014

The Adoption Curve Virtualization is being stalled due to concerns around Security and Compliance

The Evolution of Data Center Security, Risk and Compliance 5

security is here

adoption is here

this is a problem


The Vision

6

Drivers

Cost

Speed

Flexibility

Inhibitors

Security Cost

Compliance

Complexity

The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC.

Dat

a C

ente

r Se

curi

ty

Compute and Storage Virtualization

Network Virtualization

Software Defined Services

On-Prem/Private/Public Cloud Resources So

ftw

are-

Def

ined

Dat

a C

ente

r Applications and Policies

Au

tom

atio

n a

nd

Man

agem

ent



Dat

a C

ente

r Se

curi

ty

Compute/Storage Virtualization



On-Prem/Private/Public Cloud Resources

So

ftw

are-

Def

ined

Dat

a C

ente


Au

tom

atio

n a

nd

Man

agem

ent

Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack

Security for leading hypervisors

Security for hybrid networks

Integrated security orchestration

Dynamic, context-based, policy-centric security

Compute and Storage Virtualization…

7

“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”

– Neil MacDonald

A dynamic, application-centric data center needs dynamic, application-centric security.

1. Drive down hardware and power costs

2. Abstract workload from

hardware

3. Provision and monitor services

Hypervisor



Little “v”- Virtualization

Consolidation of Identical Apps


Driver: Reduce Hardware and Power Costs Security Concerns: New Threat Surfaces

• Cloud Admin • Hypervisor • Management Plane

Network Security Zones remain unchanged

Hypervisor


Big “V”- Virtualization

Full Abstraction of Application from Hardware


Driver: Agility, Speed , and Utilization Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede

value

App A App A App A App B App B

Server A Server B Server C Server D


Dat

a C

ente

r Se

curi

ty





So

ftw

are-

Def

ined

Dat

a C

ente


Au

tom

atio

n a

nd

Man

agem

ent







10


– Neil MacDonald


1. Agility and Speed

2. Abstract workload from

hardware

3. Drive down hardware costs

SDN



Small “sdn”- Software Defined Networking

Mimic hardware security zones with software


DMZ PCI HIPAA

Driver: Agility, Speed Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede

value


Big “SDN”- Software Defined Networking

Micro Segmentation by Application


Software Defined Networks

Sharepoint Order Processing HR Onboarding

Driver: Agility, Speed Security Impacts: Motioning • Firewall rules follows application Network Security Zones • Large number of security zones • No need to group apps by zones


#SymVisionEmea

The Growing Security Challenge



Dat

a C

ente

r Se

curi

ty





So

ftw

are-

Def

ined

Dat

a C

ente


Au

tom

atio

n a

nd

Man

agem

ent






Benefits of Virtualization

14


– Neil MacDonald


VM

1. Centrally apply and attach policies to workloads

2. Automate workflows across

services



SYMANTEC VISION SYMPOSIUM 2014 15

What customers are still concerned about…

VM

1. Centrally apply and attach policies to workloads

2. Automate workflows across

services


✓ • Threats– how do I continuously combine updated threat and vulnerability intelligence with workload context to optimize security response?

• Security Consistency – how do I ensure consistent security across my virtual and physical infrastructure so I can move workloads from to physical to virtual.

• Compliance – how do I make sure adequate controls are in place at all times to ensure and demonstrate regulatory compliance?

• Policy – how do I make sure I have the right menu of policies available for orchestration and how do I continuously adapt these across multiple products in response to the changing threat environment?

• Segregation of Duties – how do I ensure the integrity of my data center security in the face of converging admin roles?

• Security Tax – how do I optimize security to minimize the performance and operational cost to my data center?

?



#SymVisionEmea

Symantec Data Center Security



Symantec SDDC vision

17

Embed Security into the platform 1

Integrate across point technologies 2 Automate and

orchestrate security 3

Security Orchestration Platform

Serv

er S

ecu

rity

Un

ifie

d

Ass

essm

ent

Dat

e St

ore

Se

curi

ty

VD

I Sec

uri

ty



Embed security into the platform

18

• Integration with SDN/SDDC Platform

• Security via the Hypervisor

• Frictionless agents to deploy higher controls

Integrate across point technologies

• Bring together multiple controls into a single offering

• Integrate across policy and deployment

• Easily allow security to “scale up” based on the policy of the workload

VSM PGP

DLP

Threat Protection

Hypervisor Hardening/SOD

Encryption

Data Protection

Data Store Security

DSS

UA PAN

CSP/ SEP

CSP

Server Hardening


1 2


Automate and Orchestrate Security

• Automate key processes to ensure workloads stay secure - Deployment and

Provisioning - Updating security baselines

to respond to external threats

- Implementing new security profiles as workloads change

- Remediating workloads through their lifecycle

• Ongoing validation and continuous monitoring

SDN/SDDC Platform

Software Defined Security Service

Server Security

Data Store Security

Firewall


3


SDDC Security Workflow Orchestration Sample



How Does Symantec and Vmware NSX Work



Symantec Data Center Security (DCS): Server/Server Advanced

DCS: Server Advanced offers security and compliance capabilities in a single agent, as well as “agentless” AV for VMware infrastructures

Security

• Definition-less host-based security solution, i.e. policy-based

• Network protection capabilities

• Administrator/root de-escalation

• Registry lock-down

• Application sandboxing

• NEW Agentless anti-malware capability for VMWare NSX enabled systems

Compliance

• File integrity monitoring

• Registry monitoring

• Event log monitoring

• Failed/successful login monitoring

• Privilege escalation monitoring

22 The Evolution of Data Center Security, Risk and Compliance


#SymVisionEmea

Demo and Case Studies



Symantec Data Center Security



Case Study #1 – Domain Controller Lockdown Vertical – Financial Industry


• A breach of the company’s domain controllers caused them to rebuild their entire AD environment (750+ DCs).

• To prevent their new environment from being re-compromised, DCS:SA was to be utilized in a full lockdown scenario.

Compelling Event/Challenge

• Cut-over to rebuilt environment occurred on schedule with no complications.

• All known indicators of compromise were successfully blocked by the policy.

Results

• Deployed agent to all domain controllers in less than 2 weeks.

• Created VERY restrictive white-list policy over the course of 2 months.

• Integrated DCS:SA events with third party SIEM solution for alerting/analysis.

Actions


Case Study #2 – Active Breach Response Vertical – Government/Manufacturing


• Organization notified that traffic originating from them was terminating in China.

• Company was already in the process of deploying DCS:SA for monitoring capabilities.

• Company needed a way to immediately terminate the malicious activity without jeopardizing functional aspect of the compromised systems.


• Company was able to affirmatively block all malicious activity.

• Company now looking to proactively lock down DCs and other critical applications to prevent further breaches.

Results

• Completed deployment of agent to in-scope systems.

• Developed targeted prevention policy to block only malicious activity.

Actions


Case Study #3 – Legacy OS Lockdown Vertical – Retail - SCADA


• A company received a audit notification due to failure to patch operating systems.

• Operating system had been “end-of-life’d” by manufacturer, but application was not supported on newer versions of OS.


• Auditors accepted DCSS as configured as a valid compensating control for audit item.

• Organization was able to continue running application on protected OS.

Results

• Deployed agent to legacy OS systems.

• Created strict white-list policy to fully lock down OS on in-scope systems.

• Configured detection policy for FIM, failed login, and successful login monitoring.

• Integrated with 3rd party SIEM for correlation and alerting.

Actions


#SymVisionEmea

Product Strategy and Roadmap



“Any information regarding pre-release Symantec

offerings, future updates or other planned

modifications is subject to ongoing evaluation by

Symantec and therefore subject to change. This

information is provided without warranty of any kind,

express or implied. Customers who purchase Symantec

offerings should make their purchase decision based

upon features that are currently available.”



Protecting the DC at each layer …


Infrastructure Protection • Backplane Hardening • SDN Integration

3 Information Protection Focus Designed for key applications in the data center

Application/Data Plane

Data Store Security

2 Workload

Threat Protection Focus Workload Server Centric

Server Security

VDI Security

Security Orchestration Platform •Operations Director •Security Service •Assessment / Discovery

1 Infrastructure

VM Backplane vCenter (Management) AWS Infrastructure Software Defined Networks

SVA SVA


Data Center Security : Server The first of the ‘new offerings’ to ship from Symantec!


Symantec™ Data Center Security: Server

• Hypervisor-based security virtual appliance

• Low OPEX – Fully integrated with VMware NSX

• Always On – Anywhere Protection

• Utilizing Symantec Best in Class AV and Insight Reputation

• What’s Next: Guest Network Threat Protection

Frictionless AV Protection

• Scale up to Full Lock Down

• Wizard Driven Simplified Hardening

• Protected Application Whitelisting and Control

• What’s Next: Application Centric Protection

Integrated with “CSP”

Data Center Security Service for VMWare NSX

Security Response Insight Reputation

Virtual Data Center


Data Center Security : Data Store

32

Symantec™ Data Center Security: DataStore

• Threat Protection -Content Filtering

• DLP Integration

• Data Insight – Encryption

• Unified Policy and Administration

Unified Protection

• Messaging (Exchange)

• NAS – Filers

• NetApp

• SharePoint

• Cloud Apps

Across Critical Applications & Data

DSS Deployed across Virtual & Cloud

Security Response Insight Reputation


Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

#SymVisionEmea


#SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec...The Evolution of Data...

Documents

Transcript of #SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec...The Evolution of Data...