#vmworld
Enabling Hybrid Cloud Security for NSX
and VMware Cloud on AWS
Bryan Webster, Trend Micro
SAI2335BUS
#SAI2335BUSVMworld 2018 Content: Not for publication or distribution
Enabling Hybrid Cloud Security for NSX and VMware Cloud on AWS
Bryan Webster, Principal Architect, Trend Micro
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.3
Top Hybrid Cloud Security ChallengesWHAT KEEPS YOUR SECURITY TEAM UP AT NIGHT
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.4
Hear no evil• Security teams left out of hybrid cloud planning
• VMC on AWS enables faster provisioning of new compute resources
• IP and network allocation no longer requires security teams to provision routing and firewall
• If the security team doesn’t hear about the project they can’t manage risk!VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.5
See no evil• Lack of visibility into new workload logging
• VPN, direct connect, VPC peering, and other networking technologies add additional challenges to networking visibility
• Reduced visibility into software defined networks
• If the security team doesn’t see the infrastructure they can’t manage risk!VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.6
Speak no evil• Communication gulf between security, operations, and
infrastructure
• Operations and development teams may be taking on infrastructure responsibilities
• Increased automation and use of services reduces business unit reliance on IT and security teams
• If no one talks to the security team its incredibly difficult to manage risk!VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.7
In a perfect worldWE WOULDN’T NEED THIS SESSION
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.8
Break the silenceOps Security
Collaborate with Security teams Don’t dismiss new tech because its new
Help security teams understand risk Talk about controls not policy
Describe how fast you need to move Talk about ways to mitigate risk
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.9
The power of sightOps Security
Giving visibility to security teams will go a long way
Don’t expect to manage tools the same way
Building networks and firewalls is quite boring – let security do it for you
Build security stacks for operations to deploy in a native way
Automate integration of environments and workloads to security fabric
Welcome every bit of data which can improve your posture, not just what we used to do
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.10
Lets talk … franklyOps Security
Communicate application design and goals Collaborate on risk analysis
Have regular check-ins with security teams Communicate the reality of threats to application teams
Let security know what your application or project does for the business
Have a conversation about risk evaluation
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.11
But since its not a perfect worldHAVE ANY TOOLS TO HELP?
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.12
VMware Cloud On AWSvSphere based cloud offering powered by VMware Cloud Foundation
• Provides the ability to move existing on-premises workloads to and from the AWS public cloud
• Allows organizations to maintain the skills, experience and investment made in the datacenter
• Integrates with VMware compute, storage, and network virtualization products (vSphere, vSAN, and NSX), along with vCenter management
• Optimized to run on next-generation elastic, bare metal, AWS infrastructure
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.13
VMware Cloud on Amazon Web Serviceswith Trend Micro protection for workloads across the data center AND the cloud
Service and support by VMware• Retain existing architecture and investments• Scale workloads instantly• Utilize consistent deployment modelsSecurity and protection by Trend Micro• Visibility of all workloads from one console• Prevent known and unknown threats• Automate deployments, policies, and controls • Minimize point solution security tools• Lower operational costs and maintenance
Visit trendmicro.com/vmware/cloud
++
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.14
Add native integrations everywhere possible
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.15
…and continue to leverage current investments
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.16
Single Pane
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.17
Deep Security
Add environments not tools
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.18
How much can you really do with one tool?
Network Security
Firewall Vulnerability Scanning
Intrusion Prevention
Stop network attacks, shield vulnerable
applications & servers
Anti-Malware
Sandbox Analysis
Malware Prevention
Stop malware & targeted attacks
Behavioral Analysis &
Machine Learning
System Security
Lock down systems & detect suspicious activity
Application Control
Integrity Monitoring
Log Inspection
Image Scanning
Pre-deployment Runtime / Deployed
Malware Detection
Continuous image scanning for malware & vulnerabilities
Vulnerability Scanning
Sweeping& Hunting
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.20
PublicCloud
Virtual Servers
Virtual Desktops
Infrastructure change…
PhysicalServers
ContainersServerless
101101000010
AWS Lambda Azure Functions
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.21
Planning
Security Functional Area Ops / Dev Functional Area
Control Plane
Application nodes
Database nodes
Software SaaS Tenant
Data Location
Data Retention
Sovereignty
Procurement
Agent Locations
AvailabilityApplication endpoints
Iden
tify
Secu
rity
& C
ompl
ianc
e Re
quire
men
ts
Iden
tify
& D
escr
ibe
Wor
kloa
ds
Policy Definition
Agent Provisioning
Cont
rol S
elec
tion
High Impact
PCI
Baseline
Security Controls
Antimalware Intrusion Prevention
Integrity Monitoring
Log Inspection
Application Whitelisting
Advanced Lockdown for Automated Workloads
Block Malicious Files and Network Activity Detect Compromise
Provision
DSM APIs and Console Policy Design and
Definition
Operations
Agent Installation Agent Activation Policy Assignment
DSM native automation
Incident Response Compliance Reporting Health Monitoring Remidiation
SIEM
SNS
Report
Investigate
Ongoing Automation
Dashbboard
Respond
Remediate
SIEM
API
IT Automation
Developer Automation
VMworld 2018 Content: Not for publication or distribution
Copyright 2018 Trend Micro Inc.22
Hands on Labs: Secure VMware Horizon with VMware NSX and Trend Micro [HOL-1941-01-NET] - Kevin Moats, Staff Technical Account Manager at VMware and Chris Van Den Abbeele, Trend Micro
THANK YOU FOR ATTENDINGTREND MICRO BOOTH #1112WWW.TRENDMICRO.COM/VMWORLDVMworld 2018 Content: Not for publication or distribution
PLEASE FILL OUTYOUR SURVEY.Take a survey and enter a drawingfor a VMware company store gift card.
#vmworld #SessionIDVMworld 2018 Content: Not for publication or distribution
THANK YOU!
#vmworld #SessionIDVMworld 2018 Content: Not for publication or distribution
Top Related