Professional Documents
Culture Documents
80% 40%
1 1 1 1 0 0 0 1 1 1
of servers will be of data will be stored or 0 0 1 0 1 0 1 0 1
virtualized by 20161 processed by the cloud 0 0 0 1 1 1 1 1 0
by 20203 1 1 0 1 0 0 0 0 1
0 0 0 0 1 1 0 0
$ 5.4B 61%
Size of the software-defined of businesses used a hybrid cloud
data center market by 20182 environment by the end of 20144
Only 50
% of data that 40% of attacks
needs protection is protected1 target servers3
Mean cost of data breaches per minute: $7900—up 41% since 20105
Sources:
1. IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in Far East. Dec. 2012
2. Stratecast, The Hidden Truth Behind Shadow IT. November 2013. http://www.mcafee.com/us/resources/reports/rp-six-trends-security.pdf
3. Verizon 2013 State of the Enterprise Cloud Report
4. McAfee Labs August 2015 Threats Report .
5
SDI – The Application Defines the System
The evolution to software-defined infrastructure
One application One application Applications DEFINE
per system per virtual system the system
Applications
Applications
Compute application
Network application
VM Manager
Storage Network Compute
Resource pool
Storage application
6
SDDC: Automating
Server Security
SDDC: Familiar Territory for IT – Server Virtualization
Advantages of Server Virtualization
.
Automating Advanced Security for SDDC
Optimized Antivirus
Ease of Management
Resource Optimization
McAfee ePO
Enhanced Performance
.
Traditional AV vs. Optimized AV for Virtualization
TRADITIONAL AV OPTIMIZED AV FOR
FOR VIRTUALIZED VIRTUALIZED
ENVIRONMENTS ENVIRONMENTS
Resource Bottlenecks
Resource Availability
Painful Management
Experience Easy Management
Experience
Peak Overloading on the
Hypervisor Optimized Resources on
Every Hypervisor
Wasted Resources
.
McAfee MOVE AV – Optimized for Virtualized Servers
Agentless deployment for VMware environments
OS OS
VSE
VMtools VMtools
MOVE AV
Features
VMware NSX OR vShield Endpoint • Optimized Antivirus by offloading file scanning
Virtual Infrastructure
• Three deployment modes:
• Agentless through vCNS (vSphere only)
• Agentless through NSX (vSphere only)
• Multi-platform for ALL hypervisors
(unique in the industry)
Data Center • Simple ePO-based deployment
11
New: McAfee MOVE AV Integration with NSX
Automating Advanced Security
McAfee ePO
Intelligent Optimized Antivirus
Automatic SVA AV Scans
deployment
Automatic
detection of NSX
New ePO policies are
seen instantly on NSX
console and vice versa
VM VM
VM VM
VM
NSX VM
.
To Deliver the Software-Defined Data Center Approach
Location Independence/
Infrastructure Convergence
.
Perimeter Security Alone Does Not Prevent Breaches
Internal controls are often weak
16
Perimeter Security Alone Does Not Prevent Breaches
Internal controls are often weak
Inside
firewall
APP
DB
Services
17
East-West Traffic in the Private Cloud
Perimeter defense remains effective while decreased in relevance
18
East-West Traffic in the Private Cloud
Cases for Security Control Alignment
19
Software-Defined Data Center Approach
Network Virtualization
Micro-Segmentation
Advanced Security Services Insertion
.
NSX Native Security Capabilities
.
NSX Automates Security Operations
Platform-based automation
• Automated
provisioning and
workload
adds/moves/changes
• Centralized
management of single,
logical, distributed
firewall
.
NSX Platform Extensibility… with Advanced Security
Add leading security solutions, like McAfee Network Security Platform, to your micro-segmentation deployment for
greater security
Adapt to changing security conditions in the data center by enabling security solutions to share intelligence
1 2 3
.
SDDC/NSX: The Foundation for Practical Micro-Segmentation
Isolation Segmentation Service Insertion
Production DB DB
24
Intel Security Controller
The Intel Security Controller
NSX enables dynamic insertion of advanced security
Security
ISC orchestration and APIs Functions
Catalog
Distributed
Intel® Security Controller Virtual Appliances
Exposure of IA power
and functions
(Intel DPDK, HyperScan, AES-NI etc.)
.
Intel Security Controller in VMware environments
VNF 1 VNF 2
(McAfee (McAfee
vNSP) vNSP)
Application vSphere/vCenter VIM
SFV
Intel Security Controller
Orchestration
Network
VMware NSX Controller
Virtualization
ISC integrates with VMware NSX and vSphere to orchestrate advanced security
.
27
ISC Security Implementation with VMWare NSX
.
VMware NSX Micro-Segmentation with McAfee NSP
Advanced threat protection for east-west traffic flows
Finance HR Production
Security Security Security
Security Group Group Group
Management Perimeter vNSP vNSP
firewall
DMZ
McAfee Network
Security Manager Inside
vNSP vNSP
firewall
APP
Security
Functions
Catalog vNSP vNSP
DB
Intel® Security
Controller
Services
29
Separation of Duties
30
Use Case: VMware NSX East-West Traffic Protection
Intel Security Controller
Security Infrastructure
Administrator Administrator
Intel® Security Quarantine
Quarantine VM Controller
Alerts (Security Response API) Quarantine action
Security orchestration
Bulk, dynamic provisioning,
and policy updates
Attacks detected
& blocked
Security
management
VMware
vCenter
vNSP vNSP vNSP
McAfee Network
Security Manager VMware
NSX Agent NSX Agent NSX Agent NSX Manager
31
Multi-Tenancy (e.g. MSP)
Tenant
Perspective Air gap
Must be fully Tenant DARK’s Tenant LIGHT’s
isolated Cloud Cloud
VSF VSF
Logical
Tenant DARK’s Tenant LIGHT’s
Perspective Security Group Security Group
Require IPS
inspection at edge All network
traffic
Intel®
Practical Security
Controller
Perspective Virt. Management
Must share VSF VSF
Security Infrastructure
resources Security
Manager Administrator
Administrator
SDN .
32
Summary
Benefits of the Joint Intel Security & VMware NSX
McAfee vNSP, Intel® Security Controller, McAfee MOVE AV, VMware NSX
34
Where to start projects? Where to get started
A tangible place to get the most bang per buck The things you need to do…