XChange Security Transformation(f) · 2018-08-26 · Security Transformation VMware's Network and...
Transcript of XChange Security Transformation(f) · 2018-08-26 · Security Transformation VMware's Network and...
Confidential │ ©2018 VMware, Inc.
Security TransformationVMware's Network and
Security Vision, Strategy and Portfolio
Manny Duron
Staff Systems Engineer / NSBU
August 2018
2Confidential │ ©2018 VMware, Inc.
A bit of Context:v In Cyber Security landscape, the bad
actors/players today have the upper hand: huge amount of data breaches.
v The high mobility, complexity and distributed nature of virtualized applications is forcing a new approach to wheresecurity is placed and how is enforced.
v Fundamental Question: Why?
3Confidential │ ©2018 VMware, Inc.
As Digital Business Expands, So Does Digital RiskCybersecurity vulnerabilities are skyrocketing
5,736
4,6524,155 5,297 5,297
7,946
6,4806,447
14,712
0
2000
4000
6000
8000
10000
12000
14000
16000
2009 2010 2011 2012 2013 2014 2015 2016 2017
Num
ber
of
com
mo
n vu
lner
abili
ties
and
exp
osu
resFrom 2016 to
2017, the industry experienced a 228% increase in IT security vulnerabilities and exposures worldwide.
Source: CVE Details security vulnerability datasource, January 2018.
2009-2016:12.4% average increase in IT security vulnerabilities and exposures worldwide.
228.2% increase from 2016-2017
4Confidential │ ©2018 VMware, Inc.
Increased Security Spending Has NOT Decreased BreachesSecurity spend has increased YoY … and yet, Security Breaches are outpacing that growth
IT Spend Security Spend Security Breaches
Annual Cost of Security Breaches: $445B(Source: Center for Strategic and Int’l Studies)
Security as a % of IT Spend:2012: 11%2015: 21 %
(Source: Forrester)
Projected Growth Rate in IT Spend from 2014-2019: Zero (Flat)
(Source: Gartner)
5Confidential │ ©2018 VMware, Inc.
• Complexity everywhere! (network, infrastructure, applications, security products, etc.)
• Lack of basic Cyber Security Hygiene Rules
• Majority of efforts are focused on Preventing penetration (hackers win 100% of times)
• Endpoints are neglected (difficult to maintain, so it is easy to overlook security)
• Too much focus on Malware
• Security teams are overwhelmed
• Attitude: Not recognizing that there is a problem, or that “I am safe, I have enough security” or “I have plenty of Security Products, do not need more”
• Many other reasons!
Why so many successful attacks?Take your pick!
6Confidential │ ©2018 VMware, Inc.
Policies and Enforcement points are NOT aligned!
Security Policies Security Controls
APPS DATA COMPUTE Physical NETWORK
Misalignment does not protect lateral movement!
7Confidential │ ©2018 VMware, Inc.
Attack Kill ChainWhere are we failing?
Propagation Extraction ExfiltrationInfiltrationAttack vector/malware
Delivery mechanismEntry point compromise
Escalate privilegesInstall C2* infrastructure
Lateral movement
Break into data storesNetwork eavesdropping
App-level extraction
Parcel and obfuscateExfiltration
Cleanup
Chasing Bad:Stopping infiltration
(Not Effective)
Little or Nothing is being done here!
Stop exfiltration?
8Confidential │ ©2018 VMware, Inc.
Huge amounts of “unknowns”
Propagation ExtractionEscalate privileges
Install C2* infrastructureLateral movement
Break into data storesNetwork eavesdropping
App-level extraction
Little or Nothing is being done here!
Known good
Unknown
Known bad
Bad players (hackers) are cashing on this reality to be successful!
9Confidential │ ©2018 VMware, Inc.
Attack VectorsLateral Movement
Little or Nothing is being done here!
Propagation Extraction
PropagationEscalate privileges
Install C2* infrastructureLateral movement
ExtractionBreak into data stores
Network eavesdroppingApp-level extraction
10Confidential │ ©2018 VMware, Inc.
Attack VectorsLateral Movement
Propagation ExtractionApplication
Network
Data Plane
11Confidential │ ©2018 VMware, Inc.
Improving our Cyber DefensesWhat needs to be done for an effective cyber defense platform?
12Confidential │ ©2018 VMware, Inc.
STEP 1: Implement “Core Principles” of Cyber Hygiene.
Source: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-core-principles-cyber-hygiene-whitepaper.pdf
13Confidential │ ©2018 VMware, Inc.
Effectively Implement 5 Core PrinciplesMajor breaches showed core principles were not effectively implemented
Least PrivilegeTarget
Sony
Micro-Segmentation
Target
Sony
OPM
Equifax
US Casino (IoT)
EncryptionRoyal & Sun
Alliance Insurance PLC
NFL
Multi-Factor Authentication
OPM
PatchingWannaCry
Equifax
US Casino (IoT)
01 02 03 04 05
14Confidential │ ©2018 VMware, Inc.
STEP 2: Focus on protecting the crown jewels: Critical Applications
15Confidential │ ©2018 VMware, Inc.
Protect “Individual” Critical ApplicationsNeed to Align Security Controls and Policies to the Application, using new constructs
Change to:
16Confidential │ ©2018 VMware, Inc.
Monitor … Monitor … Monitor – It is about VisibilityMonitor with specific knowledge of the application
Change to:
‹#›Confidential │ ©2018 VMware, Inc.
How to apply those principles effectively?
18Confidential │ ©2018 VMware, Inc.
Any Cloud
Any Device
Any ApplicationTraditional Apps Cloud-Native Apps SaaS Apps
Our Vision: Digital TransformationA software-defined digital foundation built on VMware
Telecommunications Networks
Edge Computing
Private Clouds Public Clouds
Create New Value
Transform Engagement
Protect Brand and Customer
Trust
TransformNetworkingand Security
19Confidential │ ©2018 VMware, Inc.
With Change, a New Approach to Security
Change in Mindset
Change in Attitude
New Security Model
New Abstracted Constructs
New Adaptable and Extensible
Platform
Collaboration with Security
Partners
20Confidential │ ©2018 VMware, Inc.
Addressing attack vectors: Multi-Layered Security ModelBlock all you can, Detect what you cannot, Automated Response whenever possible
StaticCourse Grained
DynamicFine Grained
Prevent
Detect & Respond
Application
Network
Data Plane
Blocking Monitoring
Least Privilege
Zero Trust
21Confidential │ ©2018 VMware, Inc.
None! It is NOT working!
o Highly complex & noisy
o Limited context – requires lots of inputs
o Manual effort to confirm valid threats
o Chase everything, stop almost nothing!
Pitfalls:
Benefits:
Move from Current Model Focused on Chasing Malicious Behavior
22Confidential │ ©2018 VMware, Inc.
o Simpler & Smaller problem set
o Better “Signal-to-Noise” ratio
o Actionable and behavior-based alerts and responses
o Extensible and Adaptable
o Highly complex & noisy
o Limited context – requires lots of inputs
o Manual effort to confirm valid threat
o Chase everything, stop almost nothing!
Pitfalls:
Benefits:
To a New ModelFocused on Chasing Good Behavior
23Confidential │ ©2018 VMware, Inc.
• VMware vSphere Security (6.5/6.7) features
• VMware Horizon (VDI)
• VMware NSX (+ 3rd Party Security vendors)
• VMware vRealize Network Insight (vRNI)
• VMware vRealize Log Insight (vRLI)
• VMware vRealize Automation (vRA)
• VMware AppDefense (+ 3rd party EDR vendors)
• VMware AirWatch
• VMware Workspace One
• VMware Identity Manager (vIDM)
Infrastructure Security: Endpoint / Application Security:
VMware can help!Transforming Security across the SDDC
TransformNetworking and Security
Protect Brand &
Customer Trust
ModernizeData Centers
24Confidential │ ©2018 VMware, Inc.
NETWORK AND SECURITY VIRTUALIZATION
AppDefenseModern application
security
NSX SD-WAN by VeloCloud
WAN connectivity services
NSX Hybrid ConnectData center and cloud
workload migration
NSX Data CenterNetworking and security for all
workloads
NSX CloudCloud-native
network services
Security Integration Extensibility Automation Elasticity
Any Platform
PaaS
Any Infrastructure Any Application
SaaS
Any TransportAny Cloud
Cloud Provider Partner
VMware NSX as the Foundation for the Virtual Cloud NetworkThis should be part of the New Security Model!
NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION
vRealize AutomationEnd-to-end workload automation
Network InsightNetwork discovery and insights
Cloud-Based ManagementWorkflow AutomationBlueprints/TemplatesInsights/DiscoveryVisibility
25Confidential │ ©2018 VMware, Inc.
The Future is here: VMware’s Software-Defined SecuritySecurity Transformation
Correlation/AnalyticsGovernance, Risk & Compliance
Network Security Controls Data Security ControlsCompute Security Controls
Network
Application-CentricMicro-segmentation
Application-CentricDetection & Response
Compute
PREVENT DETECT/RESPOND
ApplicationApplication
SDDC