XChange Security Transformation(f) · 2018-08-26 · Security Transformation VMware's Network and...

Confidential │ ©2018 VMware, Inc.

Security TransformationVMware's Network and

Security Vision, Strategy and Portfolio

Manny Duron

Staff Systems Engineer / NSBU

August 2018

2Confidential │ ©2018 VMware, Inc.

A bit of Context:v In Cyber Security landscape, the bad

actors/players today have the upper hand: huge amount of data breaches.

v The high mobility, complexity and distributed nature of virtualized applications is forcing a new approach to wheresecurity is placed and how is enforced.

v Fundamental Question: Why?


As Digital Business Expands, So Does Digital RiskCybersecurity vulnerabilities are skyrocketing

5,736

4,6524,155 5,297 5,297

7,946

6,4806,447

14,712

0

2000

4000

6000

8000

10000

12000

14000

16000

2009 2010 2011 2012 2013 2014 2015 2016 2017

Num

ber

of

com

mo

n vu

lner

abili

ties

and

exp

osu

resFrom 2016 to

2017, the industry experienced a 228% increase in IT security vulnerabilities and exposures worldwide.

Source: CVE Details security vulnerability datasource, January 2018.

2009-2016:12.4% average increase in IT security vulnerabilities and exposures worldwide.

228.2% increase from 2016-2017


Increased Security Spending Has NOT Decreased BreachesSecurity spend has increased YoY … and yet, Security Breaches are outpacing that growth

IT Spend Security Spend Security Breaches

Annual Cost of Security Breaches: $445B(Source: Center for Strategic and Int’l Studies)

Security as a % of IT Spend:2012: 11%2015: 21 %

(Source: Forrester)

Projected Growth Rate in IT Spend from 2014-2019: Zero (Flat)

(Source: Gartner)


• Complexity everywhere! (network, infrastructure, applications, security products, etc.)

• Lack of basic Cyber Security Hygiene Rules

• Majority of efforts are focused on Preventing penetration (hackers win 100% of times)

• Endpoints are neglected (difficult to maintain, so it is easy to overlook security)

• Too much focus on Malware

• Security teams are overwhelmed

• Attitude: Not recognizing that there is a problem, or that “I am safe, I have enough security” or “I have plenty of Security Products, do not need more”

• Many other reasons!

Why so many successful attacks?Take your pick!


Policies and Enforcement points are NOT aligned!

Security Policies Security Controls

APPS DATA COMPUTE Physical NETWORK

Misalignment does not protect lateral movement!


Attack Kill ChainWhere are we failing?

Propagation Extraction ExfiltrationInfiltrationAttack vector/malware

Delivery mechanismEntry point compromise

Escalate privilegesInstall C2* infrastructure

Lateral movement

Break into data storesNetwork eavesdropping

App-level extraction

Parcel and obfuscateExfiltration

Cleanup

Chasing Bad:Stopping infiltration

(Not Effective)

Little or Nothing is being done here!

Stop exfiltration?


Huge amounts of “unknowns”

Propagation ExtractionEscalate privileges

Install C2* infrastructureLateral movement

Break into data storesNetwork eavesdropping

App-level extraction


Known good

Unknown

Known bad

Bad players (hackers) are cashing on this reality to be successful!


Attack VectorsLateral Movement


Propagation Extraction

PropagationEscalate privileges

Install C2* infrastructureLateral movement

ExtractionBreak into data stores

Network eavesdroppingApp-level extraction


Attack VectorsLateral Movement

Propagation ExtractionApplication

Network

Data Plane


Improving our Cyber DefensesWhat needs to be done for an effective cyber defense platform?


STEP 1: Implement “Core Principles” of Cyber Hygiene.

Source: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-core-principles-cyber-hygiene-whitepaper.pdf


Effectively Implement 5 Core PrinciplesMajor breaches showed core principles were not effectively implemented

Least PrivilegeTarget

Sony

Micro-Segmentation

Target

Sony

OPM

Equifax

US Casino (IoT)

EncryptionRoyal & Sun

Alliance Insurance PLC

NFL

Multi-Factor Authentication

OPM

LinkedIn

PatchingWannaCry

Equifax

US Casino (IoT)

01 02 03 04 05


STEP 2: Focus on protecting the crown jewels: Critical Applications


Protect “Individual” Critical ApplicationsNeed to Align Security Controls and Policies to the Application, using new constructs

Change to:


Monitor … Monitor … Monitor – It is about VisibilityMonitor with specific knowledge of the application

Change to:

‹#›Confidential │ ©2018 VMware, Inc.

How to apply those principles effectively?


Any Cloud

Any Device

Any ApplicationTraditional Apps Cloud-Native Apps SaaS Apps

Our Vision: Digital TransformationA software-defined digital foundation built on VMware

Telecommunications Networks

Edge Computing

Private Clouds Public Clouds

Create New Value

Transform Engagement

Protect Brand and Customer

Trust

TransformNetworkingand Security


With Change, a New Approach to Security

Change in Mindset

Change in Attitude

New Security Model

New Abstracted Constructs

New Adaptable and Extensible

Platform

Collaboration with Security

Partners


Addressing attack vectors: Multi-Layered Security ModelBlock all you can, Detect what you cannot, Automated Response whenever possible

StaticCourse Grained

DynamicFine Grained

Prevent

Detect & Respond

Application

Network

Data Plane

Blocking Monitoring

Least Privilege

Zero Trust


None! It is NOT working!

o Highly complex & noisy

o Limited context – requires lots of inputs

o Manual effort to confirm valid threats

o Chase everything, stop almost nothing!

Pitfalls:

Benefits:

Move from Current Model Focused on Chasing Malicious Behavior


o Simpler & Smaller problem set

o Better “Signal-to-Noise” ratio

o Actionable and behavior-based alerts and responses

o Extensible and Adaptable

o Highly complex & noisy

o Limited context – requires lots of inputs

o Manual effort to confirm valid threat

o Chase everything, stop almost nothing!

Pitfalls:

Benefits:

To a New ModelFocused on Chasing Good Behavior


• VMware vSphere Security (6.5/6.7) features

• VMware Horizon (VDI)

• VMware NSX (+ 3rd Party Security vendors)

• VMware vRealize Network Insight (vRNI)

• VMware vRealize Log Insight (vRLI)

• VMware vRealize Automation (vRA)

• VMware AppDefense (+ 3rd party EDR vendors)

• VMware AirWatch

• VMware Workspace One

• VMware Identity Manager (vIDM)

Infrastructure Security: Endpoint / Application Security:

VMware can help!Transforming Security across the SDDC

TransformNetworking and Security

Protect Brand &

Customer Trust

ModernizeData Centers


NETWORK AND SECURITY VIRTUALIZATION

AppDefenseModern application

security

NSX SD-WAN by VeloCloud

WAN connectivity services

NSX Hybrid ConnectData center and cloud

workload migration

NSX Data CenterNetworking and security for all

workloads

NSX CloudCloud-native

network services

Security Integration Extensibility Automation Elasticity

Any Platform

PaaS

Any Infrastructure Any Application

SaaS

Any TransportAny Cloud

Cloud Provider Partner

VMware NSX as the Foundation for the Virtual Cloud NetworkThis should be part of the New Security Model!

NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION

vRealize AutomationEnd-to-end workload automation

Network InsightNetwork discovery and insights

Cloud-Based ManagementWorkflow AutomationBlueprints/TemplatesInsights/DiscoveryVisibility


The Future is here: VMware’s Software-Defined SecuritySecurity Transformation

Correlation/AnalyticsGovernance, Risk & Compliance

Network Security Controls Data Security ControlsCompute Security Controls

Network

Application-CentricMicro-segmentation

Application-CentricDetection & Response

Compute

PREVENT DETECT/RESPOND

ApplicationApplication

SDDC

XChange Security Transformation(f) · 2018-08-26 · Security Transformation VMware's Network and...

Documents

Transcript of XChange Security Transformation(f) · 2018-08-26 · Security Transformation VMware's Network and...