securing your network
TRANSCRIPT
“There are only two types of companies: those that have been hacked, and those that will be.”
- Robert Mueller, former FBI Director
Breaches occur in data centers even with a secure perimeter. Why? Little or no lateral controls inside the perimeter allow for unconstrained propagation of malware.
Low priority systems are targeted first.
Attackers can move freely around the data center.
10110100110 101001010000010 1001110010100
Attackers then gather and exfiltrate data over weeks or even months.
Internet
Data Center Perimeter
© 2016 ePlus inc. Confidential and Proprietary.
Perimeter-centric security is just the first step. Little or no lateral controls within the network lead to:
Internet
Data Center Perimeter
+Inside of data center left unprotected
+Higher-risk to potential security breaches
+Reactive clean-up +Increased costs
© 2016 ePlus inc. Confidential and Proprietary.
Once malware gets behind the perimeter security, other alternatives have been tried to contain the breaches.
Each has their own challenges.
+ Cost prohibitive
+ Complex configuration: security policies restricted by network topology
+ Inefficient “choke point” firewalling
ADDING MORE INTERNAL SECURITY… PHYSICAL FIREWALLS:
Internet
Data Center Perimeter
+ Requires placing more firewalls across workloads
VIRTUAL FIREWALLS: + Similar to physical firewalls, only slower performance
+ Limited, cumbersome micro-segmentation capabilities
+ Limited central management
+ Costly and complicated © 2016 ePlus inc. Confidential and Proprietary.
You need a layered approach to networking and security that gives you:
- The agility and speed you need to support your business
- While providing an inherently more secure infrastructure
That solution is VMware NSX.
Why NSX?
Better security Facilitate security solutions inside virtual environments
Speed and agility Deploy faster and adapt to changes more easily
SDDC Foundation Flexible network foundation for the software-defined data center
© 2016 ePlus inc. Confidential and Proprietary.
NSX enables the next-gen networking model. Handles many of your current network and security services.
L2 Switching Firewalling/ACLs
L3 Routing Load Balancing
© 2016 ePlus inc. Confidential and Proprietary.
…and incorporates micro-segmentation. Micro-segmentation enables security that follows the VM.
Ubiquity and centralized control
Unit-level trust / least privilege
Isolation and segmentation
1 2 3
© 2016 ePlus inc. Confidential and Proprietary.
That means better security and operational feasibility.
Hypervisor-based, in kernel distributed firewalling
• High throughput rates on a per hypervisor basis
• Every hypervisor adds additional east-west firewalling
capacity
Platform-based automation
• Automated provisioning and workload
adds/moves/changes
• Accurate firewall policies follow
workloads as they move
© 2016 ePlus inc. Confidential and Proprietary.
And flexibility—you choose the level of micro-segmentation that works best for your networks.
Controlled communication path within a single network
• Fine-grained enforcement of security
• Security policies based on logical groupings of VMs
Advanced services: addition of third-party security, as needed by policy
• Platform for including leading security solutions
• Dynamic addition of advanced security to adapt to changing security conditions
No communication path between unrelated networks
• No cross-talk between networks
• Overlay technology assures networks are separated by default
© 2016 ePlus inc. Confidential and Proprietary.
With NSX, there are fewer hops…
Which leads to more efficient and precise VM networking.
NSX vSwitch
Nexus 7000
UCS Fabric A UCS Fabric B
UCS Blade 1
vswitch
6 wire hops
Nexus 7000
UCS Fabric A UCS Fabric B
0 wire hops
With NSX
Distributed Virtual Firewall
Before NSX
East-West Firewalling / Same host
UCS Blade 1
© 2016 ePlus inc. Confidential and Proprietary.
More secure and a third of the cost of a less secure infrastructure
Security policy management simplified
Logical groups enabled
Threats contained
Micro-segmentation delivers an enhanced secure infrastructure.
Data Center Perimeter
DMZ
Secure User Environments
© 2016 ePlus inc. Confidential and Proprietary.
And NSX is the platform to integrate with additional security services.
+ Add leading security solutions to your micro-segmentation deployment for greater security
+ Apply the SDDC operational model to
third-party security products
+ Adapt to changing security conditions in the data center by enabling security solutions to share intelligence
The NSX data center utilizes a dynamic service chain for a more efficient and flexible approach.
NSX Data Center Dynamic service chain: Third -party security solutions use NSX security tags to share intelligence and adapt to changing security conditions. NSX automatically applies the correct security function as needed.
Traditional Data Center Static service chain: Security services must be configured when the network is architected, meaning the “chain” of services is locked in once deployed. This is an inefficient use of resources and cannot defend
against changing threat conditions.
1 2 3
ePlus Security Consulting Services can help you make sense of it all. +Assess your current security posture, both
on the perimeter and inside the data center
+Provide a high-level, customized security roadmap
+Develop a stronger risk management framework to secure valuable data
+Consolidate the multitude of security point solutions
+Showcase the value of your security team by focusing on higher-value efforts
ePlus. Where Technology Means More. ®
Contact ePlus to learn more about securing your network with VMware NSX.
©2016 ePlus inc. All rights reserved. ePlus, the ePlus logo, and all referenced product names are trademarks or registered tr ademarks of ePlus inc. All other company names, product images and products mentioned herein are trademarks or registered trademarks of their respective companies.
www.eplus.com/vmware I 888.482.1122 I [email protected]