securing your network

SECURING YOUR NETWORK

“There are only two types of companies: those that have been hacked, and those that will be.”

- Robert Mueller, former FBI Director

Breaches occur in data centers even with a secure perimeter. Why? Little or no lateral controls inside the perimeter allow for unconstrained propagation of malware.

Low priority systems are targeted first.

Attackers can move freely around the data center.

10110100110 101001010000010 1001110010100

Attackers then gather and exfiltrate data over weeks or even months.

Internet

Data Center Perimeter

© 2016 ePlus inc. Confidential and Proprietary.

Perimeter-centric security is just the first step. Little or no lateral controls within the network lead to:

Internet


＋Inside of data center left unprotected

＋Higher-risk to potential security breaches

＋Reactive clean-up ＋Increased costs


Once malware gets behind the perimeter security, other alternatives have been tried to contain the breaches.

Each has their own challenges.

＋ Cost prohibitive

＋ Complex configuration: security policies restricted by network topology

＋ Inefficient “choke point” firewalling

ADDING MORE INTERNAL SECURITY… PHYSICAL FIREWALLS:

Internet


＋ Requires placing more firewalls across workloads

VIRTUAL FIREWALLS: ＋ Similar to physical firewalls, only slower performance

＋ Limited, cumbersome micro-segmentation capabilities

＋ Limited central management

＋ Costly and complicated © 2016 ePlus inc. Confidential and Proprietary.

You need a layered approach to networking and security that gives you:

- The agility and speed you need to support your business

- While providing an inherently more secure infrastructure

That solution is VMware NSX.

Why NSX?

Better security Facilitate security solutions inside virtual environments

Speed and agility Deploy faster and adapt to changes more easily

SDDC Foundation Flexible network foundation for the software-defined data center


NSX enables the next-gen networking model. Handles many of your current network and security services.

L2 Switching Firewalling/ACLs

L3 Routing Load Balancing


…and incorporates micro-segmentation. Micro-segmentation enables security that follows the VM.

Ubiquity and centralized control

Unit-level trust / least privilege

Isolation and segmentation

1 2 3


That means better security and operational feasibility.

Hypervisor-based, in kernel distributed firewalling

• High throughput rates on a per hypervisor basis

• Every hypervisor adds additional east-west firewalling

capacity

Platform-based automation

• Automated provisioning and workload

adds/moves/changes

• Accurate firewall policies follow

workloads as they move


And flexibility—you choose the level of micro-segmentation that works best for your networks.

Controlled communication path within a single network

• Fine-grained enforcement of security

• Security policies based on logical groupings of VMs

Advanced services: addition of third-party security, as needed by policy

• Platform for including leading security solutions

• Dynamic addition of advanced security to adapt to changing security conditions

No communication path between unrelated networks

• No cross-talk between networks

• Overlay technology assures networks are separated by default


With NSX, there are fewer hops…

Which leads to more efficient and precise VM networking.

NSX vSwitch

Nexus 7000

UCS Fabric A UCS Fabric B

UCS Blade 1

vswitch

6 wire hops

Nexus 7000

UCS Fabric A UCS Fabric B

0 wire hops

With NSX

Distributed Virtual Firewall

Before NSX

East-West Firewalling / Same host

UCS Blade 1


More secure and a third of the cost of a less secure infrastructure

Security policy management simplified

Logical groups enabled

Threats contained

Micro-segmentation delivers an enhanced secure infrastructure.


DMZ

Secure User Environments


And NSX is the platform to integrate with additional security services.

＋ Add leading security solutions to your micro-segmentation deployment for greater security

＋ Apply the SDDC operational model to

third-party security products

＋ Adapt to changing security conditions in the data center by enabling security solutions to share intelligence

The NSX data center utilizes a dynamic service chain for a more efficient and flexible approach.

NSX Data Center Dynamic service chain: Third -party security solutions use NSX security tags to share intelligence and adapt to changing security conditions. NSX automatically applies the correct security function as needed.

Traditional Data Center Static service chain: Security services must be configured when the network is architected, meaning the “chain” of services is locked in once deployed. This is an inefficient use of resources and cannot defend

against changing threat conditions.

1 2 3

ePlus Security Consulting Services can help you make sense of it all. ＋Assess your current security posture, both

on the perimeter and inside the data center

＋Provide a high-level, customized security roadmap

＋Develop a stronger risk management framework to secure valuable data

＋Consolidate the multitude of security point solutions

＋Showcase the value of your security team by focusing on higher-value efforts

ePlus. Where Technology Means More.™

ePlus. Where Technology Means More. ®

Contact ePlus to learn more about securing your network with VMware NSX.

©2016 ePlus inc. All rights reserved. ePlus, the ePlus logo, and all referenced product names are trademarks or registered tr ademarks of ePlus inc. All other company names, product images and products mentioned herein are trademarks or registered trademarks of their respective companies.

www.eplus.com/vmware I 888.482.1122 I [email protected]