sai2895bu transforming security operations with appdefense ... · puppet’s vision for automation...

Chris CordeSr. Director, Product Management VMware

Jared SandersPrincipal Operations EngineerTapestry Technologies

SAI2895BU

#VMworld #SAI2895BU

Transforming Security Operations with AppDefense

Closing the security gap between applications and infrastructure

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

Why intended

state security

model is beneficial

How we can use

infrastructure

automation more

efficiently for

security

Review specific

examples with the

Puppet CTO

Hear from an

AppDefense beta

customer

See a demo

1 2 3 4 5



bution

How Do We Deal with Complexity in Security?

4

Propagation ExtractionUnknown

Known good

Known bad

Rule Based Analytics

Good Analysts

Machine Learning AnalyticsVMworld 2017 Content: N

ot for publicatio

n or distribution

The doctorKnows all the potential maladies your child may face



bution

The parent

They know every detail about their child



bution

The doctor

The parent

Security User

Developer

Understands the

intended state - but

finds it difficult to

update all those who

require that

information

Seeks to understand

when something is

wrong



bution

How can we do more with embedded

knowledge to transform security?



bution

• Highly complex and noisy

• Untrusted monitoring, limited context

• Manual and lacking orchestration

Focused on malicious behavior

Transforming Data Center Endpoint Security

From our current model



bution

• Simpler and smaller problem set

• Better signal to noise ratio

• Actionable and behavior-based alerts and responses

Focused on good (intended) behavior

To a new model

Transforming Data Center Endpoint Security



bution

Intended State as Foundational Security

CONFIDENTIAL 11

“Server workloads

in modern hybrid

data centers use

private and public

cloud computing

and require a

protection strategy

different from end-

user- facing

devices.”



bution

VMware AppDefense

12

Protecting Applications running in virtualized and cloud environments

[Protected Zone]

AppDefenseMonitor

VM Manifest

VM Manifest

Orchestrated

Remediation

ESX NSX

Quarantine

Network Blocking

Service Insertion

…

Snapshot

Suspend

Block/Alarm

…



bution

13

The Challenge

How can you create contextual awareness in a modern data center environment?



bution

Misalignment between security and app lifecyclesCurrent model

Manual security team review

Developer builds an app

App deployed to production

Developer updates app



bution

Today’s Status Quo – “The Questionnaire”

15



bution

Today’s Status Quo – The Architecture Review

16



bution

New model of continuous alignment

Build

1

23

4

Deploy Review

Enforce



bution

Deepak GiridharagopalCTO, Puppet



bution

Know what you

have

Control it and

enforce consistency

Secure it and

keep it compliant

Modernize it

Puppet’s vision for automation

Using a common language

Across everything, no matter where it runs



bution

Gain visibility to prove compliance

Model-driven

language

Unify management

across cloud, virtual and

physical environments

Code

management

Review, test and promote

infrastructure code

across all environments

Automated

provisioning

Ensure provisioning

consistency in self-

service portals

Drift

remediation

Continually enforce

policies and remediate

drift across environments

Visualization &

reporting

Get full traceability,

auditing and reporting to

quickly prove compliance



bution

Top changes needed to deliver better software, faster

Manually reviewing hundreds of logs

Remediating audit findings

Fixing security problems

Moving to cloud

Adopting containers

Advancing DevOps practices



bution

Drive change with confidence & easily orchestrate deployments



bution

Built-in intelligence & automation

23

Orchestrate ordered deployments based on dependencies you define



bution

Orchestrate deployments to targeted sets of infrastructure

24

Segment infrastructure based on any facts stored in Puppet & target deployments

to matching nodes



bution

Get full & direct control to drive changes on-demand

View change status in real-time to pause or throttle

deployment if needed

Built-in intelligence ensures that ordered

deployments respect all dependencies across your

apps & infrastructure

25

Run phased deployments & coordinate roll outs of change

Orchestrate deployments to targeted sets of infrastructure



bution

App Sequencing – Provided by AppDefenseLeverage the unique visibility virtualization has into the provisioned state and run state of applications

Provisioned State Runtime State

Application Isolation Automation

SEQUENCING



bution

App Sequencing – Provided by AppDefenseAutomatically Discover Applications and the Intended Behavior

INTENDED

STATE

ENGINE

InfrastructureConfig

Systems

ApplicationAutomationFrameworks

MachineLearning

vCenter ESX

App

Scope

Manifest

Manifest

Manifest



bution

Consolidating Inputs for Intended State

28

App Templates (binaries, hashes, connections)

App Templates (binaries, hashes, connections)

Commonality Analysis

Reputation Feeds

Configuration Management – Provisioning Flow

Runtime Observation App Owner Verification



bution

The Result - The App Manifest

29



bution

DETECTLeverage the isolation properties of virtualization to monitor the guest from a protected zone


DETECT



bution

DETECTReal time detection of any manipulation of the application or operating system

[Protected Zone]

OS

Pro

ce

ss

es

Pro

ce

ss

es

Pro

ce

ss

es

Manifest

AppDefenseMonitor

OS

Pro

ce

ss

es

Pro

ce

ss

es

Pro

ce

ss

es

Manifest

AppDefenseMonitor

OS

Pro

ce

ss

es

Pro

ce

ss

es

Pro

ce

ss

es

Manifest

AppDefenseMonitor

DETECT



bution


RESPONDLeverage the automation properties of virtualization to automate and orchestrate response

RESPOND



bution

RESPONDAutomated and Orchestrated Incident Response

RESPOND

Secure

Infrastructure

Security

Ecosystem

Leverage ESX, NSX and the Ecosystem to

automate a library of incident response

routines including; Snapshot * Suspend *

Block/Alarm * Quarantine * Network

Blocking * Service Insertion * …



bution

Jared SandersPrincipal Operations Engineer, Tapestry Technologies



bution

Jared Sanders

Title: Principal Operations Engineer

4 years at Tapestry, 6 years as a Federal SI, 10 years in IT

Current Focus: Software Defined Enterprise

Previous Roles: Writing Security Guidance, Network Engineering

Tapestry Technologies

Founded in 2005

Women-Owned Small Business (100 Employees)

Systems Integrator in the Federal Space

Expertise: Cybersecurity, Cloud, Network Engineering

35

Me + Tapestry



bution

• Implementation of automation and virtualization technologies across all aspects of the enterprise (compute, network, storage, security)

Definition

• Enable the ability to rapidly adapt to new requirements, conditions and threats

• Modernize Traditional/Brownfield Datacenters

• Provisioning & Sustainment (including security & patching)

• Automated Incident Response & Smart Alerts

Vision

36

Software Defined Enterprise



bution

Environment

• vSphere 6.5 & NSX 6.3 Infrastructure

• Windows Server 2012 R2: Exchange and Active Directory

• Learning Mode

Challenge

• Associating infrastructure and security configuration to the application

Feature Requests

• Trusted Templates

• Custom Workflows

• Further 3rd Party Integration

37

AppDefense Beta



bution

Demo



bution

Demo Topology – EMR App

39

Web Tier

App Tier

DB Tier



bution

40

Closing the gap between infrastructure and apps

Security teams

Application developers



bution

1 2

Leverage the

embedded

knowledge of

application teams for

security

Shift from looking for

threats to enforcing

the known good

Use the unique

advantages of

virtualization to

secure

3

In summary

www.vmware.com/appdefense



bution



bution

sai2895bu transforming security operations with appdefense ... · puppet’s vision for automation...

Documents