sai2895bu transforming security operations with appdefense ... · puppet’s vision for automation...
TRANSCRIPT
![Page 1: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/1.jpg)
Chris CordeSr. Director, Product Management VMware
Jared SandersPrincipal Operations EngineerTapestry Technologies
SAI2895BU
#VMworld #SAI2895BU
Transforming Security Operations with AppDefense
Closing the security gap between applications and infrastructure
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 2: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/2.jpg)
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 3: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/3.jpg)
Why intended
state security
model is beneficial
How we can use
infrastructure
automation more
efficiently for
security
Review specific
examples with the
Puppet CTO
Hear from an
AppDefense beta
customer
See a demo
1 2 3 4 5
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 4: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/4.jpg)
How Do We Deal with Complexity in Security?
4
Propagation ExtractionUnknown
Known good
Known bad
Rule Based Analytics
Good Analysts
Machine Learning AnalyticsVMworld 2017 Content: N
ot for publicatio
n or distribution
![Page 5: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/5.jpg)
The doctorKnows all the potential maladies your child may face
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 6: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/6.jpg)
The parent
They know every detail about their child
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 7: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/7.jpg)
The doctor
The parent
Security User
Developer
Understands the
intended state - but
finds it difficult to
update all those who
require that
information
Seeks to understand
when something is
wrong
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 8: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/8.jpg)
How can we do more with embedded
knowledge to transform security?
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 9: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/9.jpg)
• Highly complex and noisy
• Untrusted monitoring, limited context
• Manual and lacking orchestration
Focused on malicious behavior
Transforming Data Center Endpoint Security
From our current model
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 10: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/10.jpg)
• Simpler and smaller problem set
• Better signal to noise ratio
• Actionable and behavior-based alerts and responses
Focused on good (intended) behavior
To a new model
Transforming Data Center Endpoint Security
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 11: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/11.jpg)
Intended State as Foundational Security
CONFIDENTIAL 11
“Server workloads
in modern hybrid
data centers use
private and public
cloud computing
and require a
protection strategy
different from end-
user- facing
devices.”
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 12: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/12.jpg)
VMware AppDefense
12
Protecting Applications running in virtualized and cloud environments
[Protected Zone]
AppDefenseMonitor
VM Manifest
VM Manifest
Orchestrated
Remediation
ESX NSX
Quarantine
Network Blocking
Service Insertion
…
Snapshot
Suspend
Block/Alarm
…
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 13: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/13.jpg)
13
The Challenge
How can you create contextual awareness in a modern data center environment?
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 14: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/14.jpg)
Misalignment between security and app lifecyclesCurrent model
Manual security team review
Developer builds an app
App deployed to production
Developer updates app
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 15: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/15.jpg)
Today’s Status Quo – “The Questionnaire”
15
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 16: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/16.jpg)
Today’s Status Quo – The Architecture Review
16
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 17: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/17.jpg)
New model of continuous alignment
Build
1
23
4
Deploy Review
Enforce
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 18: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/18.jpg)
Deepak GiridharagopalCTO, Puppet
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 19: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/19.jpg)
Know what you
have
Control it and
enforce consistency
Secure it and
keep it compliant
Modernize it
Puppet’s vision for automation
Using a common language
Across everything, no matter where it runs
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 20: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/20.jpg)
Gain visibility to prove compliance
Model-driven
language
Unify management
across cloud, virtual and
physical environments
Code
management
Review, test and promote
infrastructure code
across all environments
Automated
provisioning
Ensure provisioning
consistency in self-
service portals
Drift
remediation
Continually enforce
policies and remediate
drift across environments
Visualization &
reporting
Get full traceability,
auditing and reporting to
quickly prove compliance
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 21: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/21.jpg)
Top changes needed to deliver better software, faster
Manually reviewing hundreds of logs
Remediating audit findings
Fixing security problems
Moving to cloud
Adopting containers
Advancing DevOps practices
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 22: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/22.jpg)
Drive change with confidence & easily orchestrate deployments
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 23: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/23.jpg)
Built-in intelligence & automation
23
Orchestrate ordered deployments based on dependencies you define
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 24: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/24.jpg)
Orchestrate deployments to targeted sets of infrastructure
24
Segment infrastructure based on any facts stored in Puppet & target deployments
to matching nodes
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 25: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/25.jpg)
Get full & direct control to drive changes on-demand
View change status in real-time to pause or throttle
deployment if needed
Built-in intelligence ensures that ordered
deployments respect all dependencies across your
apps & infrastructure
25
Run phased deployments & coordinate roll outs of change
Orchestrate deployments to targeted sets of infrastructure
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 26: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/26.jpg)
App Sequencing – Provided by AppDefenseLeverage the unique visibility virtualization has into the provisioned state and run state of applications
Provisioned State Runtime State
Application Isolation Automation
SEQUENCING
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 27: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/27.jpg)
App Sequencing – Provided by AppDefenseAutomatically Discover Applications and the Intended Behavior
INTENDED
STATE
ENGINE
InfrastructureConfig
Systems
ApplicationAutomationFrameworks
MachineLearning
vCenter ESX
App
Scope
Manifest
Manifest
Manifest
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 28: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/28.jpg)
Consolidating Inputs for Intended State
28
App Templates (binaries, hashes, connections)
App Templates (binaries, hashes, connections)
Commonality Analysis
Reputation Feeds
Configuration Management – Provisioning Flow
Runtime Observation App Owner Verification
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 29: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/29.jpg)
The Result - The App Manifest
29
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 30: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/30.jpg)
DETECTLeverage the isolation properties of virtualization to monitor the guest from a protected zone
Application Isolation Automation
DETECT
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 31: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/31.jpg)
DETECTReal time detection of any manipulation of the application or operating system
[Protected Zone]
OS
Pro
ce
ss
es
Pro
ce
ss
es
Pro
ce
ss
es
Manifest
AppDefenseMonitor
OS
Pro
ce
ss
es
Pro
ce
ss
es
Pro
ce
ss
es
Manifest
AppDefenseMonitor
OS
Pro
ce
ss
es
Pro
ce
ss
es
Pro
ce
ss
es
Manifest
AppDefenseMonitor
DETECT
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 32: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/32.jpg)
Application Isolation Automation
RESPONDLeverage the automation properties of virtualization to automate and orchestrate response
RESPOND
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 33: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/33.jpg)
RESPONDAutomated and Orchestrated Incident Response
RESPOND
Secure
Infrastructure
Security
Ecosystem
Leverage ESX, NSX and the Ecosystem to
automate a library of incident response
routines including; Snapshot * Suspend *
Block/Alarm * Quarantine * Network
Blocking * Service Insertion * …
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 34: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/34.jpg)
Jared SandersPrincipal Operations Engineer, Tapestry Technologies
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 35: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/35.jpg)
Jared Sanders
Title: Principal Operations Engineer
4 years at Tapestry, 6 years as a Federal SI, 10 years in IT
Current Focus: Software Defined Enterprise
Previous Roles: Writing Security Guidance, Network Engineering
Tapestry Technologies
Founded in 2005
Women-Owned Small Business (100 Employees)
Systems Integrator in the Federal Space
Expertise: Cybersecurity, Cloud, Network Engineering
35
Me + Tapestry
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 36: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/36.jpg)
• Implementation of automation and virtualization technologies across all aspects of the enterprise (compute, network, storage, security)
Definition
• Enable the ability to rapidly adapt to new requirements, conditions and threats
• Modernize Traditional/Brownfield Datacenters
• Provisioning & Sustainment (including security & patching)
• Automated Incident Response & Smart Alerts
Vision
36
Software Defined Enterprise
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 37: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/37.jpg)
Environment
• vSphere 6.5 & NSX 6.3 Infrastructure
• Windows Server 2012 R2: Exchange and Active Directory
• Learning Mode
Challenge
• Associating infrastructure and security configuration to the application
Feature Requests
• Trusted Templates
• Custom Workflows
• Further 3rd Party Integration
37
AppDefense Beta
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 38: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/38.jpg)
Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 39: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/39.jpg)
Demo Topology – EMR App
39
Web Tier
App Tier
DB Tier
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 40: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/40.jpg)
40
Closing the gap between infrastructure and apps
Security teams
Application developers
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 41: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/41.jpg)
1 2
Leverage the
embedded
knowledge of
application teams for
security
Shift from looking for
threats to enforcing
the known good
Use the unique
advantages of
virtualization to
secure
3
In summary
www.vmware.com/appdefense
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 42: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/42.jpg)
VMworld 2017 Content: Not fo
r publication or distri
bution
![Page 43: SAI2895BU Transforming Security Operations with AppDefense ... · Puppet’s vision for automation Using a common language Across everything, no matter where it runs ... Not for publication](https://reader035.vdocuments.net/reader035/viewer/2022071001/5fbd31d200869865ba02bf92/html5/thumbnails/43.jpg)
VMworld 2017 Content: Not fo
r publication or distri
bution