tech talk: securing hybrid infrastructures

.

Intel Security Confidential1

Securing Hybrid Infrastructures

.


Today’s businesses have to deliver more – and deliver it faster than ever before

The Data Center Is Transforming

1. IDC, Worldwide Public Cloud Services Spending Forecast to Double by 2019, January 20162. IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in Far East. Dec. 2012

3. Cisco Global Cloud Index: Forecast and Methodology, 2013-2018.

4. SNS Research, 2015-2020, Dec.2015

200%Public Cloud Services spending to double from 2015 to 20201

40%of data will be stored or processed by the cloud by 20202

54%CAGR of SDN* and NFV** investments by 20204

78%of workloads will be processed in cloud by 20183

1

0

0

1

1

0

0

1

1

1

0

0

0

1

0

1

1

0

1

1

0

0

0

1

0

0

1

1

0

1

$

*Software-Defined Network**Network Function Virtualization

.


Increased attack surface leads to more breaches

Security for the Data Center is also Transforming

Sources:

1. Verizon 2015 Data Breach Investigations Report

2. Cloud Adoption Practices & Priorities Survey, January 2015.

3. Verizon 2013 State of the Enterprise Cloud Report

4. Arbor Networks Application-Layer Attacks report, 2014

5. Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis, 2015

Mean cost of data breach: $3.79M — up 23% since 20135

of companies don’t know scope of shadow IT at their organization2

of attacks target servers3of breaches lead to organizations being compromised within minutes1

of service providers saw app-layer attacks targeting HTTP and DNS4

60% 40%

82%+ 75%

.


Time to Recover

Months -Weeks

Time to Discover

Years - Months

Current ThreatScape Realities

4

$$$ Catastrophic Impact $$$

Overwhelmed Security Teams

Minimal Adversarial Effort

Time to Compromise

Minutes

.


Time to Recover

Minutes

Time to Discover

HoursHours

Business and Security Outcomes

5

$ Minimized Impact $

Optimized Security Teams

Significant Adversarial Effort

Time to Compromise

Months

.


IT’s Top Objectives for Security

Visibility to security posture across the infrastructure• Full visibility to workloads and data, both inside the enterprise data center and in the public cloud

• Ensure the business is protected from advanced targeted attacks and stays compliant

Detect breaches to keep the business safe• Ability to detect even advanced targeted attacks

• Successfully manage the threat landscape and find threats sooner and stop them faster

Remediate any damage that may have occurred• Respond fast and fully, limiting damage

Security is now a boardroom discussion

CIOs and CISOs are getting more scrutiny than ever

.


Intel Security - Hybrid Infrastructure Solution

McAfee Network Security Platform (IPS)

• Finds and blocks malware and advanced targeted attacks on the network

McAfee Server Security Suites

• Protects servers from malware for physical, virtual, and cloud deployments

Database Security

• Protects against external, internal, and intra-database threats

Threat Intelligence Exchange

• Enables adaptive threat detection and response by operationalizing intelligence across your

endpoint, gateway, network, and data center security solutions in real time

.


PRIVATE / PUBLIC CLOUD & SDDC

Comprehensive Security PortfolioThe whole is greater than the sum of its parts to secure hybrid infrastructures

IaaS Discovery & Monitoring

DC Discovery & Monitoring

(Data Center Connectors)

Data Center Optimized

Security

MOVE-AV

Network Security

Platform (IPS)

Additional Server Security

VirusScanEnterprise

Host IPS

Application Control

Change Control

Software Defined Network Security

Virtual NSP + Intel Security

Controller

Database

Security

Data Center Security Suite for Databases

McAfee ePolicy Orchestrator + Network Security Manager

Threat Intelligence Exchange & DXL

PHYSICAL DATA CENTER

.


Network Security Platform (IPS)

.


Leading the Way in Network Security

consecutive times ranked in the Leaders Quadrant because:9

2015 IPS Magic Quadrant

“ Multiple signature-less inspection techniques give it an advantage over more-signatured-based IPS technologies.”

“ Clients rate manageability and ease of use extremely well.”

“ Regarded as a top competitor by its rivals.”

CHALLENGERS

VISIONARIES

IBMHewlett Packard Enterprise

Huawei

NSFOCUS

Wins

Cisco

Intel Security (McAfee)

NICHE PLAYERS

LEADERS

Completeness of Vision

Ab

ilit

y t

o E

xe

cu

te

.


11

Data Center IPS Comparative Analysis 2016 NSS Labs

NSS Labs Data Center IPS 2016 Test

Five times “Recommended” for security from NSS Labs

Delivered almost twice our claimed throughputwhile blocking 99.4% of attacks

Strongest vendor tested across performance, blocking and TCO

Enable security features with confidence even in the most demanding networks

SECURITY EFFECTIVENESS

TCO PER PROTECTED-MBPS

McAfee NS-9100

.


12

Signature-less Network Inspection

UnderstandAttack

Behavior

FindAttack Traffic

LearnAttack

Reputation Leverage shared intelligence

Respond smarter by learning new threat information in real-time

threat horizon

File and Emulation Analysis Understand malicious file behavior without signature requirements

Intelligently identify callbacks and compromised endpoints

Traffic behavior learning

.


13

Understand Attack BehaviorSignature-less Technologies

Analyze

ATD - Sandboxing

Static Code Analysis

ATD - Sandboxing

Dynamic Analysis

Analyze

Unpacking

Disassembly of Code

Calculate Latent Code

Familial Resemblance

Run Time DLLs

Network Operations

File Operations

Process Operations

Delayed Execution

NSP - Emulation andDeep File Analysis

GAM (Browser)

JavaScript

Adobe PDF

Adobe Flash

.


14

Find Stealthy Attack TrafficSignature-less Technologies

Endpoint Intelligence

Advanced BotnetDetection

Network Threat Behavior Analysis

Malicious Processes

Malware Callbacks

Traffic Patterns

Command and Control

EndpointNetwork Security Platform (IPS)

.


Virtual Machine

OS

App

Virtual Machine

OS

App

Virtual Machine

OS

App

15

Uncompromising Virtual Security

VIRTUAL NETWORK SECURITY PLATFORM

Industry Proven IPS inspectionGartner Leader and NSS recommended

East-West Network Traffic

Next Generation FeaturesApplication Control, DDoS, Callback Detection, ATD, Endpoint and Threat Intelligence

Multiple Deployment ModesSupport for SDN Controller (NSX) or dedicated installations.

.


Safeguard for the SDDC

16

DistributedVirtual Appliances

SecurityFunctions

Catalog

Intel Open Security Controller

SDDC Security Solutions

VMware vCenter VMware NSX

McAfee Network Security Platform

Security Controller

Network ControllerDynamically deploy, manage, protect and remediate virtual security at scale

McAfee MOVEAntiVirus

Quickly scale security across the SDDC with a controller based approach

Optimized protection for Virtual ServersOffload scanning for improved performance

Private Cloud aware IPS inspectionCertified integration with NSX

Automate IPS policy and orchestration

.


17

Discover Breaches Quicker

TraditionalPerspective Increased Noise and User Error

Intelligent Approach SteamlinedInvestigations and Visibility

Chasing Alerts

Actionable Events

ALERT

1ALERT

2ALERT

3

ALERT

4ALERT

5ALERT

6

EVENT 1

ALERT 2

ALERT 3

ALERT 5

ALERT 6

Actionable Workflows

.


Perimeter Security Alone Doesn’t Prevent Breaches

• Strong perimeter defense is typical

• Sophistical threats reach low-priority servers

• Threats spread from server to server

Internal controls are often weak

Low PriorityServers

High PriorityServers

.


Server Security

.


Server Security Suites

ePolicy Orchestrator

VirusScan Enterprise (VSE)

VirusScan Enterprise for Linux (VSEL)

Host IPS for Servers & Linux Firewall

MOVE AV for Servers

MOVE Scheduler

McAfee Agentless Firewall (for servers on VMware ESX)

Data Center Connector for VMware vSphere

Data Center Connectors for AWS, Azure, OpenStack

Application Control for Servers

Change Control for Servers

Cloud Encryption Management (for servers on AWS)

Price (Unit of Measure) Per OS Instance Per OS Instance Usage Based Hourly Pricing (Subscription)

McAfee Server Security Suite EssentialsFoundational protection for physical, virtual and cloud deployments

McAfee Server Security Suite AdvancedComprehensive protection for physical, virtual and cloud deployments

McAfee Public Cloud Server Suite Security Optimized for public cloud protection

.


Why Optimized Security for Virtualized Environments?

Enhanced Performance

Resource Optimization

Ease of Management

Optimized AntiVirus

McAfee ePO

.


Traditional AV vs Optimized AV for Virtualization

Resource Availability

Easy Management Experience

Optimized Resources on Every Hypervisor

OPTIMIZED AV FOR VIRTUALIZED

ENVIRONMENTS

Resource Bottlenecks

Painful Management Experience

Peak Over-loading on the Hypervisor

Wasted Resources

TRADITIONAL AV FOR VIRTUALIZED ENVIRONMENTS

.


Advantages of McAfee MOVE AV

• Supports multiple hypervisors

• Reduces resources required for security

• Improves VM consolidation ratios• Prevents antivirus scan storms • Eliminates DAT updates from each VM• Avoids unnecessary scanning by utilizing

a global cache• Agentless deployment for VMware

• SVAs are secured from vulnerabilities: certified using Dept. of Defense (DISA) tools

• MOVE License Usage report for agentless deployment

Common Criteria EAL2+ certified

.


MOVE AV – Multi-platform deployment

MOVE Security

Appliance

VM VM VM

MOVE MOVE MOVE

OS OS OS

hypervisor2

network

McAfee ePO

• Security is uninterrupted when VMs move between hypervisors• Quarantine restore offering ability to restore quarantines files within ePO• Instantly run on-demand scan on a VM or group of VMs• Run SVA diagnostics from ePO

Key Features

MOVE

hypervisor1

Scans guest VMs over the network

Supported on all major hypervisors

.


MOVE AV – VMware agentless deployment

McAfee ePO

Vmware NSX or vShield Endpoint

VMware ESX

Key Features • Agentless through vCNS or NSX for vSphere• Simple agentless installation for large deployments• VMs with VMtools protected instantly• Intelligent, scheduled file scanning• vMotion-aware protection

VM VM MOVE Security

Appliance

OS OS

VMtools VMtools

MOVEMOVE

MOVE

Scans guest VMs over VMCI channel

No agents to manage in VMs

.


How MOVE AV Agentless Works

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint

Local CacheVMware Tools

SVA

GlobalCacheMcAfee Agent

A virtual machine accesses a file…

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA

Global CacheMcAfee Agent

The file is checked against the Local vShield Endpoint Cache. If not in the Local Cache, vShield sends file handle to SVA.

File 1

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA


MOVE AV creates an MD5 of the file contents, then checks it against the Global Cache

File 1

19870110AE1D2675DB

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA


MD5-IN the Global Cache, no scanning occurs. Access is granted and MOVE AV informs vShield Endpoint to cache the file

19870110AE1D2675DB

19870110AE1D2675DB

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA


MD5-Not in the Global Cache, the File is analyzed for Malware using both Signature and GTI technologies.

File 1

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA

Global Cache

McAfee Agent

If the File is Good, the MD5 is added to the Global Cache, Access is granted and MOVE AV informs vShield Endpoint to cache the file

19870110AE1D2675DB

19870110AE1D2675DB

1987..

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA


If the File is Malicious, MOVE AV will inform vShield Endpoint to delete/deny access to the File based on policy

File 1

Hypervisor

File 1

Endpoint

Local Cache

VMware Tools

Endpoint


SVA


When the File is accessed form a different endpoint, the Global cache is leveraged, that file has been seen and need not be scanned again

19870110AE1D2675DB

19870110AE1D2675DB

1987..

.


McAfee Database Security

27

Database Discovery and Data Classification

Security Assessment

Protection and Virtual Patching

Activity Monitoring

Vulnerabilities Misconfiguration Missing Patches Vulnerable code Over 5000 checks

Database Discovery Sensitive Data

Discovery User Rights

Management

Identify and prevent exploitation attempts

Known attacks Generic patterns Abnormal activity

Real-time Monitoring Enforcing Policy Audit, Alert or Block

activity

.


Threat Intelligence Exchange

.


Threat Intelligence Exchange Approach

Security products should work together

Security products should get stronger over time

Security products should learn from each other

.


3rd Party Threat

Intelligence

McAfeeEnterprise

Security Manager

McAfeeePolicy

Orchestrator

McAfeeAdvanced

Threat DefenseMcAfee

Web Gateway

McAfeeNetwork Security

Platform

TIE Solution Overview

McAfeeGlobal Threat

Intelligence

3rd PartySolutions

McAfeeApplication

Control

McAfeeData Loss

Prevention Endpoint

McAfee Threat Intelligence Exchange

Endpoint Module

McAfee Threat Intelligence Exchange

Endpoint Module

McAfee Threat Intelligence

Exchange Server

McAfeeMOVE AntiVirus

Data Exchange

Layer

.


McAfee Data Exchange Layer (DXL)

Data Exchange

Layer

.


McAfeeESM

McAfeeTIE Endpoint

Module

McAfeeTIE Endpoint

Module

McAfeeePO

McAfeeATD

McAfeeWeb Gateway

McAfeeNSP

Publish/Subscribe Model


Data Exchange

Layer

McAfeeMOVE

McAfeeApplication

Control

McAfeeDLP Endpoint

3rd PartySolutions

McAfeeTIE Server

All components which subscribe to the topic, listen for information

.


McAfeeESM

McAfeeTIE Endpoint

Module

McAfeeTIE Endpoint

Module

McAfeeePO

McAfeeATD

McAfeeWeb Gateway

McAfeeNSP

1:1 Query/Response Model


Data Exchange

Layer

McAfeeMOVE

McAfeeApplication

Control

McAfeeDLP Endpoint

3rd PartySolutions

McAfeeTIE Server

Any DXL integrated component can query a service, such as TIE, and

receive a response

.


Protecting Private Clouds

34

The Power of Threat Intelligence

McAfeeAdvanced Threat Defense(Sandboxing)

McAfeeNetwork Security Platform (IPS)

McAfee MOVE AntiVirus

McAfee Threat Intelligence Exchange Server (managed by ePO)

Data Exchange Layer

Internet

Minimize breach dwell time with Threat Intelligence sharing between

Network-Server Security

.


Comprehensive Security for Hybrid InfrastructureSummary

An integrated approach of leading protection, threat intelligence sharing and security management across the hybrid infrastructure.

• VISIBILITY of security posture across hybrid infrastructures and discovers on-premises and off-premises workloads to help ensure data is protected no matter where it resides.

• PROTECTION against threats, stops exfiltration & infiltration of data, and prevents the spreading of threats across the hybrid data center from the server to the network.

• DETECTION of advanced targeted attacks that do get through, across physical, virtual, and cloud infrastructures and stops attacks from recurring

.


Customer Outcomes

Security visibility to all

computing resources

on-premises and

off-premises

Protect physical, virtual

and cloud infrastructures

and detect advanced

targeted attacks

Centralized security

management and

reporting across entire

infrastructure and data,

on-prem and in the cloud