Confidential │ ©2018 VMware, Inc.
Using Home-Court Advantage to Transform Your Security Approach
Rajiv Ramaswami
Chief Operating Officer,
Products and Cloud Services
T: @RajivRamaswami
September 27, 2018
2Confidential │ ©2018 VMware, Inc.
Infrastructure
Apps Data
Agile
Threats
Data Center / Cloud Infrastructure
Compute Network Data
End User Infrastructure
Users Devices Access
3Confidential │ ©2018 VMware, Inc.
Security Cost
4Confidential │ ©2018 VMware, Inc.
Security Results
Source: Information is Beautiful, “The World’s Biggest Data Breaches” Webpage.
Retrieved on August 23, 2018. Data sources: DataBreaches.net, IdTheftCentre, press reports.
5Confidential │ ©2018 VMware, Inc.
Transformation
6Confidential │ ©2018 VMware, Inc.
Asymmetric Battle
7Confidential │ ©2018 VMware, Inc.
Asymmetric Battle
How do you transform an
?
8Confidential │ ©2018 VMware, Inc.
AMERICAN
REVOLUTION
Take Advantage of Your Terrain
Confidential │ ©2018 VMware, Inc. 8
Confidential │ ©2018 VMware, Inc. 9
Confidential │ ©2018 VMware, Inc. 10
11Confidential │ ©2018 VMware, Inc.
Playroom
Courtyard
Outdoor Kitchen
Garage
Bedroom Kitchen Living Room
Bathroom
StudyMaster
Bedroom
Courtyard Outdoor
Kitchen
Garage
Family
12Confidential │ ©2018 VMware, Inc.
Knowing how our family uses our home
gives us a “home court advantage”
13Confidential │ ©2018 VMware, Inc.
noun
the advantage that you have over an
opponent when a contest takes place
at your own fieldWhy don’t we use this advantage?
Knowing how our family uses our home
gives us a “home court advantage”
14Confidential │ ©2018 VMware, Inc.
We Keep All the Lights On, and All the Rooms Open
Playroom
Courtyard
Outdoor Kitchen
Garage
Bedroom Kitchen Living Room
Bathroom
StudyMaster
Bedroom
Room
Room Room Room
Room
Room
Room
Room
Room
Family
15Confidential │ ©2018 VMware, Inc.
16Confidential │ ©2018 VMware, Inc.
We See Through an Infrastructure Lens
Monitor
Perimeter
For Threats
Monitor
Endpoint
For Threats
Monitor
Network
For Threats
16Confidential │ ©2018 VMware, Inc.
17Confidential │ ©2018 VMware, Inc.
Attack Surface
Attacks
18Confidential │ ©2018 VMware, Inc.
Gartner Market Guide for Cloud Workload Protection Framework
Focusing on Risk
Source: Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, March 26th 2018. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of
a larger research document and should be evaluated in the context of the entire document. Charts/graphics created by VMware based on Gartner research.
AV
Deception
HIPS withVulnerability Shielding
Server Workload EDRBehavioral Monitoring
IaaS Data at Rest Encryption
Exploit Prevention / Memory Protection
Application Control / Whitelisting
System Integrity Monitoring / Management
Network Firewalling, Segmentation and Visibility
Hardening, Configuration and Vulnerability Management
Foundational
Less Critical
Optional Server Protection Strategies
Core Server Protection Strategies
Important, but often provided outside of CWPP
Operations Hygiene
No arbitrary code
No email, web client
Admin Privilege
Management
Change
Management
Log
Management
Restricted Physical and Logical Perimeter Access
Figure 1. Cloud Workload Protection Controls Hierarchy, © 2018 Gartner, Inc.
19Confidential │ ©2018 VMware, Inc.
Apps Data
EncryptionMicro-Segmentation
PatchingLeastPrivilege
Multi-FactorAuthentication
Attack Surface
Attacks
20Confidential │ ©2018 VMware, Inc.
MobilityVirtualization
Apps Data
21Confidential │ ©2018 VMware, Inc.
Mobility
Security Ecosystem
Context
Control
Secure
Infrastructure
SDDC User Access Layer
Compute DataNetwork AccessUsers Devices
Apps Data
Enabling Richer Security Controls
22Confidential │ ©2018 VMware, Inc.
SDDC
Compute Network Data
Apps Data
Compute / App
APP
23Confidential │ ©2018 VMware, Inc.
Apps Data
VM Manifest
Storage
APP
24Confidential │ ©2018 VMware, Inc.
Enforcing the Intended State
Detect RespondCapture & Analyze
Learn Protect
&
Apps Data Apps Data
25Confidential │ ©2018 VMware, Inc.
Snapshot Suspend Block/Alarm
Quarantine Network Blocking
Service Insertion…
Compute Network
Adapt
VM Manifest
VM Manifest
VM Manifest
Intended
State Engine
vCenter ESX
App
Scope
Off-the-shelf apps
OTS
Software
Database
Custom apps
CI/CD pipeline
[Provisioning systems]
[Automation frameworks]Machine Learning
Capture & Analyze Detect Respond&
Learn
Pro
cesses
Pro
cesses
Pro
cesses
OS
AppDefense
Monitor
Protected zone
VM Manifest
Protect
Agile
Apps Data
26Confidential │ ©2018 VMware, Inc.
SDDC
Compute Network Data
Apps Data
Network
APP
27Confidential │ ©2018 VMware, Inc.
28Confidential │ ©2018 VMware, Inc.
29Confidential │ ©2018 VMware, Inc.
Hacker
30Confidential │ ©2018 VMware, Inc.
Hacker
31Confidential │ ©2018 VMware, Inc.
Hacker
32Confidential │ ©2018 VMware, Inc.
Applications
33Confidential │ ©2018 VMware, Inc.
Are they allowed
access?
Are they on a trusted
device?
Are they who they
say they are?
PostureAccess List Credentials
34Confidential │ ©2018 VMware, Inc.
Mobility
Security Ecosystem
Context
Control
Secure
Infrastructure
SDDC User Access Layer
Compute DataNetwork AccessUsers Devices
Apps Data
Enabling Richer Security Controls
35Confidential │ ©2018 VMware, Inc.
Security Ecosystem
Context
Control
Secure
Infrastructure
SDDC User Access Layer
Compute DataNetwork AccessUsers Devices
Apps Data
Transforming CyberSecurity
Source: Momentum Partners Cyberscape 2017Confidential │ ©2018 VMware, Inc.
Confidential │ ©2018 VMware, Inc. 36
Home-court advantage
noun
the advantage that you have
over an opponent when a
contest takes place at your
own sports field or court.
Macmillan Dictionary
Transforming CyberSecurity
Confidential │ ©2018 VMware, Inc. 36
Confidential │ ©2018 VMware, Inc.
Thank You
Top Related