tech talk: securing hybrid infrastructures
TRANSCRIPT
.
Intel Security Confidential2
Today’s businesses have to deliver more – and deliver it faster than ever before
The Data Center Is Transforming
1. IDC, Worldwide Public Cloud Services Spending Forecast to Double by 2019, January 20162. IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in Far East. Dec. 2012
3. Cisco Global Cloud Index: Forecast and Methodology, 2013-2018.
4. SNS Research, 2015-2020, Dec.2015
200%Public Cloud Services spending to double from 2015 to 20201
40%of data will be stored or processed by the cloud by 20202
54%CAGR of SDN* and NFV** investments by 20204
78%of workloads will be processed in cloud by 20183
1
0
0
1
1
0
0
1
1
1
0
0
0
1
0
1
1
0
1
1
0
0
0
1
0
0
1
1
0
1
$
*Software-Defined Network**Network Function Virtualization
.
Intel Security Confidential3
Increased attack surface leads to more breaches
Security for the Data Center is also Transforming
Sources:
1. Verizon 2015 Data Breach Investigations Report
2. Cloud Adoption Practices & Priorities Survey, January 2015.
3. Verizon 2013 State of the Enterprise Cloud Report
4. Arbor Networks Application-Layer Attacks report, 2014
5. Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis, 2015
Mean cost of data breach: $3.79M — up 23% since 20135
of companies don’t know scope of shadow IT at their organization2
of attacks target servers3of breaches lead to organizations being compromised within minutes1
of service providers saw app-layer attacks targeting HTTP and DNS4
60% 40%
82%+ 75%
.
Intel Security Confidential4
Time to Recover
Months -Weeks
Time to Discover
Years - Months
Current ThreatScape Realities
4
$$$ Catastrophic Impact $$$
Overwhelmed Security Teams
Minimal Adversarial Effort
Time to Compromise
Minutes
.
Intel Security Confidential5
Time to Recover
Minutes
Time to Discover
HoursHours
Business and Security Outcomes
5
$ Minimized Impact $
Optimized Security Teams
Significant Adversarial Effort
Time to Compromise
Months
.
Intel Security Confidential6
IT’s Top Objectives for Security
Visibility to security posture across the infrastructure• Full visibility to workloads and data, both inside the enterprise data center and in the public cloud
• Ensure the business is protected from advanced targeted attacks and stays compliant
Detect breaches to keep the business safe• Ability to detect even advanced targeted attacks
• Successfully manage the threat landscape and find threats sooner and stop them faster
Remediate any damage that may have occurred• Respond fast and fully, limiting damage
Security is now a boardroom discussion
CIOs and CISOs are getting more scrutiny than ever
.
Intel Security Confidential7
Intel Security - Hybrid Infrastructure Solution
McAfee Network Security Platform (IPS)
• Finds and blocks malware and advanced targeted attacks on the network
McAfee Server Security Suites
• Protects servers from malware for physical, virtual, and cloud deployments
Database Security
• Protects against external, internal, and intra-database threats
Threat Intelligence Exchange
• Enables adaptive threat detection and response by operationalizing intelligence across your
endpoint, gateway, network, and data center security solutions in real time
.
Intel Security Confidential8
PRIVATE / PUBLIC CLOUD & SDDC
Comprehensive Security PortfolioThe whole is greater than the sum of its parts to secure hybrid infrastructures
IaaS Discovery & Monitoring
DC Discovery & Monitoring
(Data Center Connectors)
Data Center Optimized
Security
MOVE-AV
Network Security
Platform (IPS)
Additional Server Security
VirusScanEnterprise
Host IPS
Application Control
Change Control
Software Defined Network Security
Virtual NSP + Intel Security
Controller
Database
Security
Data Center Security Suite for Databases
McAfee ePolicy Orchestrator + Network Security Manager
Threat Intelligence Exchange & DXL
PHYSICAL DATA CENTER
.
Intel Security Confidential10
Leading the Way in Network Security
consecutive times ranked in the Leaders Quadrant because:9
2015 IPS Magic Quadrant
“ Multiple signature-less inspection techniques give it an advantage over more-signatured-based IPS technologies.”
“ Clients rate manageability and ease of use extremely well.”
“ Regarded as a top competitor by its rivals.”
CHALLENGERS
VISIONARIES
IBMHewlett Packard Enterprise
Huawei
NSFOCUS
Wins
Cisco
Intel Security (McAfee)
NICHE PLAYERS
LEADERS
Completeness of Vision
Ab
ilit
y t
o E
xe
cu
te
.
Intel Security Confidential11
11
Data Center IPS Comparative Analysis 2016 NSS Labs
NSS Labs Data Center IPS 2016 Test
Five times “Recommended” for security from NSS Labs
Delivered almost twice our claimed throughputwhile blocking 99.4% of attacks
Strongest vendor tested across performance, blocking and TCO
Enable security features with confidence even in the most demanding networks
SECURITY EFFECTIVENESS
TCO PER PROTECTED-MBPS
McAfee NS-9100
.
Intel Security Confidential12
12
Signature-less Network Inspection
UnderstandAttack
Behavior
FindAttack Traffic
LearnAttack
Reputation Leverage shared intelligence
Respond smarter by learning new threat information in real-time
threat horizon
File and Emulation Analysis Understand malicious file behavior without signature requirements
Intelligently identify callbacks and compromised endpoints
Traffic behavior learning
.
Intel Security Confidential13
13
Understand Attack BehaviorSignature-less Technologies
Analyze
ATD - Sandboxing
Static Code Analysis
ATD - Sandboxing
Dynamic Analysis
Analyze
Unpacking
Disassembly of Code
Calculate Latent Code
Familial Resemblance
Run Time DLLs
Network Operations
File Operations
Process Operations
Delayed Execution
NSP - Emulation andDeep File Analysis
GAM (Browser)
JavaScript
Adobe PDF
Adobe Flash
.
Intel Security Confidential14
14
Find Stealthy Attack TrafficSignature-less Technologies
Endpoint Intelligence
Advanced BotnetDetection
Network Threat Behavior Analysis
Malicious Processes
Malware Callbacks
Traffic Patterns
Command and Control
EndpointNetwork Security Platform (IPS)
.
Intel Security Confidential15
Virtual Machine
OS
App
Virtual Machine
OS
App
Virtual Machine
OS
App
15
Uncompromising Virtual Security
VIRTUAL NETWORK SECURITY PLATFORM
Industry Proven IPS inspectionGartner Leader and NSS recommended
East-West Network Traffic
Next Generation FeaturesApplication Control, DDoS, Callback Detection, ATD, Endpoint and Threat Intelligence
Multiple Deployment ModesSupport for SDN Controller (NSX) or dedicated installations.
.
Intel Security Confidential16
Safeguard for the SDDC
16
DistributedVirtual Appliances
SecurityFunctions
Catalog
Intel Open Security Controller
SDDC Security Solutions
VMware vCenter VMware NSX
McAfee Network Security Platform
Security Controller
Network ControllerDynamically deploy, manage, protect and remediate virtual security at scale
McAfee MOVEAntiVirus
Quickly scale security across the SDDC with a controller based approach
Optimized protection for Virtual ServersOffload scanning for improved performance
Private Cloud aware IPS inspectionCertified integration with NSX
Automate IPS policy and orchestration
.
Intel Security Confidential17
17
Discover Breaches Quicker
TraditionalPerspective Increased Noise and User Error
Intelligent Approach SteamlinedInvestigations and Visibility
Chasing Alerts
Actionable Events
ALERT
1ALERT
2ALERT
3
ALERT
4ALERT
5ALERT
6
EVENT 1
ALERT 2
ALERT 3
ALERT 5
ALERT 6
Actionable Workflows
.
Intel Security Confidential18
Perimeter Security Alone Doesn’t Prevent Breaches
• Strong perimeter defense is typical
• Sophistical threats reach low-priority servers
• Threats spread from server to server
Internal controls are often weak
Low PriorityServers
High PriorityServers
.
Intel Security Confidential20
Server Security Suites
ePolicy Orchestrator
VirusScan Enterprise (VSE)
VirusScan Enterprise for Linux (VSEL)
Host IPS for Servers & Linux Firewall
MOVE AV for Servers
MOVE Scheduler
McAfee Agentless Firewall (for servers on VMware ESX)
Data Center Connector for VMware vSphere
Data Center Connectors for AWS, Azure, OpenStack
Application Control for Servers
Change Control for Servers
Cloud Encryption Management (for servers on AWS)
Price (Unit of Measure) Per OS Instance Per OS Instance Usage Based Hourly Pricing (Subscription)
McAfee Server Security Suite EssentialsFoundational protection for physical, virtual and cloud deployments
McAfee Server Security Suite AdvancedComprehensive protection for physical, virtual and cloud deployments
McAfee Public Cloud Server Suite Security Optimized for public cloud protection
.
Intel Security Confidential21
Why Optimized Security for Virtualized Environments?
Enhanced Performance
Resource Optimization
Ease of Management
Optimized AntiVirus
McAfee ePO
.
Intel Security Confidential22
Traditional AV vs Optimized AV for Virtualization
Resource Availability
Easy Management Experience
Optimized Resources on Every Hypervisor
OPTIMIZED AV FOR VIRTUALIZED
ENVIRONMENTS
Resource Bottlenecks
Painful Management Experience
Peak Over-loading on the Hypervisor
Wasted Resources
TRADITIONAL AV FOR VIRTUALIZED ENVIRONMENTS
.
Intel Security Confidential2323
Advantages of McAfee MOVE AV
• Supports multiple hypervisors
• Reduces resources required for security
• Improves VM consolidation ratios• Prevents antivirus scan storms • Eliminates DAT updates from each VM• Avoids unnecessary scanning by utilizing
a global cache• Agentless deployment for VMware
• SVAs are secured from vulnerabilities: certified using Dept. of Defense (DISA) tools
• MOVE License Usage report for agentless deployment
Common Criteria EAL2+ certified
.
Intel Security Confidential24
MOVE AV – Multi-platform deployment
MOVE Security
Appliance
VM VM VM
MOVE MOVE MOVE
OS OS OS
hypervisor2
network
McAfee ePO
• Security is uninterrupted when VMs move between hypervisors• Quarantine restore offering ability to restore quarantines files within ePO• Instantly run on-demand scan on a VM or group of VMs• Run SVA diagnostics from ePO
Key Features
MOVE
hypervisor1
Scans guest VMs over the network
Supported on all major hypervisors
.
Intel Security Confidential25
MOVE AV – VMware agentless deployment
McAfee ePO
Vmware NSX or vShield Endpoint
VMware ESX
Key Features • Agentless through vCNS or NSX for vSphere• Simple agentless installation for large deployments• VMs with VMtools protected instantly• Intelligent, scheduled file scanning• vMotion-aware protection
VM VM MOVE Security
Appliance
OS OS
VMtools VMtools
MOVEMOVE
MOVE
Scans guest VMs over VMCI channel
No agents to manage in VMs
.
Intel Security Confidential26
How MOVE AV Agentless Works
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
GlobalCacheMcAfee Agent
A virtual machine accesses a file…
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
The file is checked against the Local vShield Endpoint Cache. If not in the Local Cache, vShield sends file handle to SVA.
File 1
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
MOVE AV creates an MD5 of the file contents, then checks it against the Global Cache
File 1
19870110AE1D2675DB
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
MD5-IN the Global Cache, no scanning occurs. Access is granted and MOVE AV informs vShield Endpoint to cache the file
19870110AE1D2675DB
19870110AE1D2675DB
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
MD5-Not in the Global Cache, the File is analyzed for Malware using both Signature and GTI technologies.
File 1
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global Cache
McAfee Agent
If the File is Good, the MD5 is added to the Global Cache, Access is granted and MOVE AV informs vShield Endpoint to cache the file
19870110AE1D2675DB
19870110AE1D2675DB
1987..
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
If the File is Malicious, MOVE AV will inform vShield Endpoint to delete/deny access to the File based on policy
File 1
Hypervisor
File 1
Endpoint
Local Cache
VMware Tools
Endpoint
Local CacheVMware Tools
SVA
Global CacheMcAfee Agent
When the File is accessed form a different endpoint, the Global cache is leveraged, that file has been seen and need not be scanned again
19870110AE1D2675DB
19870110AE1D2675DB
1987..
.
Intel Security Confidential27
McAfee Database Security
27
Database Discovery and Data Classification
Security Assessment
Protection and Virtual Patching
Activity Monitoring
Vulnerabilities Misconfiguration Missing Patches Vulnerable code Over 5000 checks
Database Discovery Sensitive Data
Discovery User Rights
Management
Identify and prevent exploitation attempts
Known attacks Generic patterns Abnormal activity
Real-time Monitoring Enforcing Policy Audit, Alert or Block
activity
.
Intel Security Confidential29
Threat Intelligence Exchange Approach
Security products should work together
Security products should get stronger over time
Security products should learn from each other
.
Intel Security Confidential30
3rd Party Threat
Intelligence
McAfeeEnterprise
Security Manager
McAfeeePolicy
Orchestrator
McAfeeAdvanced
Threat DefenseMcAfee
Web Gateway
McAfeeNetwork Security
Platform
TIE Solution Overview
McAfeeGlobal Threat
Intelligence
3rd PartySolutions
McAfeeApplication
Control
McAfeeData Loss
Prevention Endpoint
McAfee Threat Intelligence Exchange
Endpoint Module
McAfee Threat Intelligence Exchange
Endpoint Module
McAfee Threat Intelligence
Exchange Server
McAfeeMOVE AntiVirus
Data Exchange
Layer
.
Intel Security Confidential32
McAfeeESM
McAfeeTIE Endpoint
Module
McAfeeTIE Endpoint
Module
McAfeeePO
McAfeeATD
McAfeeWeb Gateway
McAfeeNSP
Publish/Subscribe Model
McAfee Data Exchange Layer (DXL)
Data Exchange
Layer
McAfeeMOVE
McAfeeApplication
Control
McAfeeDLP Endpoint
3rd PartySolutions
McAfeeTIE Server
All components which subscribe to the topic, listen for information
.
Intel Security Confidential33
McAfeeESM
McAfeeTIE Endpoint
Module
McAfeeTIE Endpoint
Module
McAfeeePO
McAfeeATD
McAfeeWeb Gateway
McAfeeNSP
1:1 Query/Response Model
McAfee Data Exchange Layer (DXL)
Data Exchange
Layer
McAfeeMOVE
McAfeeApplication
Control
McAfeeDLP Endpoint
3rd PartySolutions
McAfeeTIE Server
Any DXL integrated component can query a service, such as TIE, and
receive a response
.
Intel Security Confidential34
Protecting Private Clouds
34
The Power of Threat Intelligence
McAfeeAdvanced Threat Defense(Sandboxing)
McAfeeNetwork Security Platform (IPS)
McAfee MOVE AntiVirus
McAfee Threat Intelligence Exchange Server (managed by ePO)
Data Exchange Layer
Internet
Minimize breach dwell time with Threat Intelligence sharing between
Network-Server Security
.
Intel Security Confidential35
Comprehensive Security for Hybrid InfrastructureSummary
An integrated approach of leading protection, threat intelligence sharing and security management across the hybrid infrastructure.
• VISIBILITY of security posture across hybrid infrastructures and discovers on-premises and off-premises workloads to help ensure data is protected no matter where it resides.
• PROTECTION against threats, stops exfiltration & infiltration of data, and prevents the spreading of threats across the hybrid data center from the server to the network.
• DETECTION of advanced targeted attacks that do get through, across physical, virtual, and cloud infrastructures and stops attacks from recurring
.
Intel Security Confidential36
Customer Outcomes
Security visibility to all
computing resources
on-premises and
off-premises
Protect physical, virtual
and cloud infrastructures
and detect advanced
targeted attacks
Centralized security
management and
reporting across entire
infrastructure and data,
on-prem and in the cloud