Enabling Hybrid Cloud Security for NSX or distribution for ... · VMware Cloud on Amazon Web...

#vmworld

Enabling Hybrid Cloud Security for NSX

and VMware Cloud on AWS

Bryan Webster, Trend Micro

SAI2335BUS

#SAI2335BUSVMworld 2018 Content: Not for publication or distribution

Enabling Hybrid Cloud Security for NSX and VMware Cloud on AWS

Bryan Webster, Principal Architect, Trend Micro

VMworld 2018 Content: Not for publication or distribution

Copyright 2018 Trend Micro Inc.3

Top Hybrid Cloud Security ChallengesWHAT KEEPS YOUR SECURITY TEAM UP AT NIGHT



Hear no evil• Security teams left out of hybrid cloud planning

• VMC on AWS enables faster provisioning of new compute resources

• IP and network allocation no longer requires security teams to provision routing and firewall

• If the security team doesn’t hear about the project they can’t manage risk!VMworld 2018 Content: Not for publication or distribution


See no evil• Lack of visibility into new workload logging

• VPN, direct connect, VPC peering, and other networking technologies add additional challenges to networking visibility

• Reduced visibility into software defined networks

• If the security team doesn’t see the infrastructure they can’t manage risk!VMworld 2018 Content: Not for publication or distribution


Speak no evil• Communication gulf between security, operations, and

infrastructure

• Operations and development teams may be taking on infrastructure responsibilities

• Increased automation and use of services reduces business unit reliance on IT and security teams

• If no one talks to the security team its incredibly difficult to manage risk!VMworld 2018 Content: Not for publication or distribution


In a perfect worldWE WOULDN’T NEED THIS SESSION



Break the silenceOps Security

Collaborate with Security teams Don’t dismiss new tech because its new

Help security teams understand risk Talk about controls not policy

Describe how fast you need to move Talk about ways to mitigate risk



The power of sightOps Security

Giving visibility to security teams will go a long way

Don’t expect to manage tools the same way

Building networks and firewalls is quite boring – let security do it for you

Build security stacks for operations to deploy in a native way

Automate integration of environments and workloads to security fabric

Welcome every bit of data which can improve your posture, not just what we used to do



Lets talk … franklyOps Security

Communicate application design and goals Collaborate on risk analysis

Have regular check-ins with security teams Communicate the reality of threats to application teams

Let security know what your application or project does for the business

Have a conversation about risk evaluation



But since its not a perfect worldHAVE ANY TOOLS TO HELP?



VMware Cloud On AWSvSphere based cloud offering powered by VMware Cloud Foundation

• Provides the ability to move existing on-premises workloads to and from the AWS public cloud

• Allows organizations to maintain the skills, experience and investment made in the datacenter

• Integrates with VMware compute, storage, and network virtualization products (vSphere, vSAN, and NSX), along with vCenter management

• Optimized to run on next-generation elastic, bare metal, AWS infrastructure



VMware Cloud on Amazon Web Serviceswith Trend Micro protection for workloads across the data center AND the cloud

Service and support by VMware• Retain existing architecture and investments• Scale workloads instantly• Utilize consistent deployment modelsSecurity and protection by Trend Micro• Visibility of all workloads from one console• Prevent known and unknown threats• Automate deployments, policies, and controls • Minimize point solution security tools• Lower operational costs and maintenance

Visit trendmicro.com/vmware/cloud

++



Add native integrations everywhere possible



…and continue to leverage current investments



Single Pane



Deep Security

Add environments not tools



How much can you really do with one tool?

Network Security

Firewall Vulnerability Scanning

Intrusion Prevention

Stop network attacks, shield vulnerable

applications & servers

Anti-Malware

Sandbox Analysis

Malware Prevention

Stop malware & targeted attacks

Behavioral Analysis &

Machine Learning

System Security

Lock down systems & detect suspicious activity

Application Control

Integrity Monitoring

Log Inspection

Image Scanning

Pre-deployment Runtime / Deployed

Malware Detection

Continuous image scanning for malware & vulnerabilities

Vulnerability Scanning

Sweeping& Hunting



PublicCloud

Virtual Servers

Virtual Desktops

Infrastructure change…

PhysicalServers

ContainersServerless

101101000010

AWS Lambda Azure Functions



Planning

Security Functional Area Ops / Dev Functional Area

Control Plane

Application nodes

Database nodes

Software SaaS Tenant

Data Location

Data Retention

Sovereignty

Procurement

Agent Locations

AvailabilityApplication endpoints

Iden

tify

Secu

rity

& C

ompl

ianc

e Re

quire

men

ts

Iden

tify

& D

escr

ibe

Wor

kloa

ds

Policy Definition

Agent Provisioning

Cont

rol S

elec

tion

High Impact

PCI

Baseline

Security Controls

Antimalware Intrusion Prevention

Integrity Monitoring

Log Inspection

Application Whitelisting

Advanced Lockdown for Automated Workloads

Block Malicious Files and Network Activity Detect Compromise

Provision

DSM APIs and Console Policy Design and

Definition

Operations

Agent Installation Agent Activation Policy Assignment

DSM native automation

Incident Response Compliance Reporting Health Monitoring Remidiation

SIEM

SNS

Report

Investigate

Ongoing Automation

Dashbboard

Respond

Remediate

SIEM

API

IT Automation

Developer Automation



Hands on Labs: Secure VMware Horizon with VMware NSX and Trend Micro [HOL-1941-01-NET] - Kevin Moats, Staff Technical Account Manager at VMware and Chris Van Den Abbeele, Trend Micro

THANK YOU FOR ATTENDINGTREND MICRO BOOTH #1112WWW.TRENDMICRO.COM/VMWORLDVMworld 2018 Content: Not for publication or distribution

PLEASE FILL OUTYOUR SURVEY.Take a survey and enter a drawingfor a VMware company store gift card.

#vmworld #SessionIDVMworld 2018 Content: Not for publication or distribution

THANK YOU!

#vmworld #SessionIDVMworld 2018 Content: Not for publication or distribution

Enabling Hybrid Cloud Security for NSX or distribution for ... · VMware Cloud on Amazon Web...

Documents

Transcript of Enabling Hybrid Cloud Security for NSX or distribution for ... · VMware Cloud on Amazon Web...