issa 042711

38
1 © Copyright 2011 EMC Corporation. All rights reserved. Solutions for Cloud Security Erin K. Banks, vSpecialist, CISSP, CISA www.commondenial.com @banksek

Upload: erin-banks

Post on 18-Nov-2014

1.444 views

Category:

Technology


2 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Issa 042711

1© Copyright 2011 EMC Corporation. All rights reserved.

Solutions for Cloud Security

Erin K. Banks, vSpecialist, CISSP, CISAwww.commondenial.com @banksek

Page 2: Issa 042711

2© Copyright 2011 EMC Corporation. All rights reserved.

PrivateCloud

CloudComputing

Virtualized Data

Center

Virtualization

Information

Federation

Internal cloud External cloud

enabling convenient, on-demand access to a shared pool of configurable computing resources

that can be rapidly provisioned and released with minimal management effort or service provider interaction

Page 3: Issa 042711

3© Copyright 2011 EMC Corporation. All rights reserved.

Our Customers Are Asking Themselves

How do I centrally manage compliance across mixed VMware and physical IT environments?

Can I secure access and information in my VMware View environment?

Can I respond more quickly to security events in my virtual environment?

Can I ensure my virtualized business critical applications are running in a secure and compliant environment?

Page 4: Issa 042711

4© Copyright 2011 EMC Corporation. All rights reserved.

Implications of Challenges

CISOs need to manage security and compliance across virtual

and physical IT

Security and compliance

concerns stall the adoption of

virtualization

Missing opportunity for

“better than physical” security

Page 5: Issa 042711

5© Copyright 2011 EMC Corporation. All rights reserved.

Virtualization Creates an Opportunity for More Effective Security • Push Security Enforcement Further Down the

StackvApp and VM layer

• Today most security is enforced by the OS and application stack. This is:

• Ineffective

• Inconsistent

• Complex

APP

OS

APP

OS

APP

OS

APP

OS

Physical Infrastructure

Pushing information security enforcement to the infrastructure layer ensures:

•Consistency

•Simplified security management

•Ability to surpass the levels of security possible in today’s physical infrastructures

Virtual and CloudInfrastructure

Page 6: Issa 042711

6© Copyright 2011 EMC Corporation. All rights reserved.

TRUST

Page 7: Issa 042711

7© Copyright 2011 EMC Corporation. All rights reserved.

Trust

Visibility

Policies

Page 8: Issa 042711

8© Copyright 2011 EMC Corporation. All rights reserved.

Security Tools

• SIEM (security information and event management)

• Compliance (Hardening guidelines)• Encryption• Data Loss Prevention• vShield Zones • Access Control• Network Control • VLANS• Secure Code• …

Page 9: Issa 042711

9© Copyright 2011 EMC Corporation. All rights reserved.

VMware’s Integration Framework

Scalability

Storage QoS

Virtual Provisioning

Virtual Storage

Cisco VN-Link and Nexus Family supported by EMC Ionix and EMC RSA

RSA enVision

RSA DLP

RSA eGRC

RSA Securid

Security

Avamar

Replication Manager

Networker

Data Protection Advisor

Availability

vNetwork

Only Vendor Integrated into all 3 vStorage APIs

PowerPath for VMware

vStorage

Cisco UCS

Ultrascale

V-Max

Ultraflex

EFD

vCompute

VMware vSpherevCenter

Infrastructure APIs

Application APIs

EMC Storage Viewer Plug-in

EMC SRM Failback Plug-in

EMC VDI Plug-in

IonixControl Center

ESM/ADM

IT Compliance Analyzer

Server Config Manager

Page 10: Issa 042711

10© Copyright 2011 EMC Corporation. All rights reserved.

RSA EnvisionRSA DLPRSA eGRCRSA SecurId

Page 11: Issa 042711

11© Copyright 2011 EMC Corporation. All rights reserved.

SIEM

• Security information and event management tool

• Captures event data• Audit logs• Storage • Groups• Virtual network infrastructure• User and Administrative activities

Page 12: Issa 042711

12© Copyright 2011 EMC Corporation. All rights reserved.

VMware Collector for RSA enVision• VMware Collector uses VMware native API’s to retrieve the logs from vCenter and all ESX/ESXi servers

• It can also connect to multiple vCenters!

RSA enVision

Page 13: Issa 042711

13© Copyright 2011 EMC Corporation. All rights reserved.

VMware Messages

• enVision collects messages and parses from– VMware View, VMware vShield, VMware vCloud Director

• Over 800 very well described Message ID’s– vMotion and Storage vMotion– Snapshots– User Login/Logoff– Virtual Machine Operations e.g. Power On/Off/Reset

• 7 taxonomy categories– Authentication, config, policies, system

Page 14: Issa 042711

14© Copyright 2011 EMC Corporation. All rights reserved.

Purpose-built Virtualization Reports

Page 15: Issa 042711

15© Copyright 2011 EMC Corporation. All rights reserved.

enVision and Vblock – Visibility into the Stack

RSA enVision

Comprehensive visibility into security eventsSecurity incident management, compliance reporting

Security and compliance officer

vSphere

Storage

UCS

Validated with Vblock

Networking

Virtual Machines

Applications

Page 16: Issa 042711

16© Copyright 2011 EMC Corporation. All rights reserved.

Clients

VMware Infrastructure

VMwareView Manager

VMwarevCenter

Active Directory

RSA Solution for VMware View

VMware VCM for security config and patch management

RSA SecurID for remote authentication

RSA DLP for protection of data in use

RSA enVision log collection• VMware vCenter & ESX(i)• VMware View• RSA SecurID• RSA DLP• Active Directory• VMware VCM

Validated with Vblock

Page 17: Issa 042711

17© Copyright 2011 EMC Corporation. All rights reserved.

Page 18: Issa 042711

18© Copyright 2011 EMC Corporation. All rights reserved.

GRC• Governance

– Setting the rules

• Risk– Ensuring the correct rules are in place and

functioning

• Compliance– Measuring the effectiveness of the rule

• Understanding the process used to define the rule• Understanding how well people adhere to the rule

Page 19: Issa 042711

19© Copyright 2011 EMC Corporation. All rights reserved.

Overall Compliance Dashboard and Reporting: Physical

and Virtual

Page 20: Issa 042711

20© Copyright 2011 EMC Corporation. All rights reserved.

RSA Archer eGRC Solutions

Compliance ManagementDocument your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues.

Policy ManagementCentrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance.

Threat ManagementTrack threats through a centralized early warning system to help prevent attacks before they affect your enterprise.

Enterprise ManagementManage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives.

Risk ManagementIdentify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance.

Incident ManagementReport incidents and ethics violations, manage their escalation, track investigations and analyze resolutions.

Business Continuity ManagementAutomate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution.

Audit ManagementCentrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency.

Vendor ManagementCentralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls.

Page 21: Issa 042711

21© Copyright 2011 EMC Corporation. All rights reserved.

RSA Solution for Cloud Security and Compliance v1.0

Discover VMware infrastructure

Define security policy

Remediation of non-compliant controls

RSA Archer eGRC

Manage security incidents that

affect compliance

Manual and automated

configuration assessment

What’s NewOver 100 VMware-specific controls added to Archer library, mapped to regulations/standards

What’s NewNew solution component automatically assesses VMware configuration and updates Archer

What’s NewRSA enVision collects,

analyzes and feeds security incidents from

RSA, VMware and ecosystem products to

inform Archer dashboards (e.g. DLP,

VMware vShield and vCD, HyTrust, Ionix, etc.)

What’s New RSA Securbook

Page 22: Issa 042711

22© Copyright 2011 EMC Corporation. All rights reserved.

RSA Archer: Mapping VMware security controls to regulations and standards

CxO

VI Admin

Authoritative SourceRegulations (PCI-DSS, etc.)“10.10.04 Administrator and Operator Logs”

Control StandardGeneralized security controls “CS-179 Activity Logs – system start/stop/config changes etc.”

Control ProcedureTechnology-specific control“CP-108324 Persistent logging on ESXi Server”

Page 23: Issa 042711

23© Copyright 2011 EMC Corporation. All rights reserved.

Discover VMware infrastructure and define policy/controls to manage

Page 24: Issa 042711

24© Copyright 2011 EMC Corporation. All rights reserved.

Distribution and Tracking Control Procedures

Project Manager

Security Admin

ServerAdmin

NetworkAdmin

VIAdmin

Page 25: Issa 042711

25© Copyright 2011 EMC Corporation. All rights reserved.

Initial Deployment Questionnaire

Page 26: Issa 042711

26© Copyright 2011 EMC Corporation. All rights reserved.

Automated Assessment via PowerCLI

RSA Archer eGRC

Automatically discover and assess VMware infrastructure via

PowerCLI

VMware objects (ESX, vSwitches, etc…) are

automatically populated into Archer

They are then mapped to control procedures.

Over 40% are automatically assessed via PowerCLI and the results fed into Archer

for reporting and remediation.

Page 27: Issa 042711

27© Copyright 2011 EMC Corporation. All rights reserved.

Control Procedure – List, Status and Measurement Method

Page 28: Issa 042711

28© Copyright 2011 EMC Corporation. All rights reserved.

Overall Virtual Infrastructure Compliance Dashboard

Page 29: Issa 042711

29© Copyright 2011 EMC Corporation. All rights reserved.

RSA Solution for Cloud Security and Compliance: Architecture

Regulations, standards

Generalized security controls

VMware-specific security controls

VMware cloudinfrastructure

(vSphere, vShield, VCD)

Ecosystem(HyTrust, Ionix,)

RSAenVision

Automatedassessment

ConfigurationState

Security Events

Page 30: Issa 042711

30© Copyright 2011 EMC Corporation. All rights reserved.

Example: VMware vShield Network Security Events Fed to Archer

Page 31: Issa 042711

31© Copyright 2011 EMC Corporation. All rights reserved.

Example: HyTrust - Access Policy Events Fed to Archer

Page 32: Issa 042711

32© Copyright 2011 EMC Corporation. All rights reserved.

Making Archer the Best GRC Solution for Hybrid Clouds

RSA Solution for Cloud Securityand Compliance aligns with CSAConsensus Assessment Questionsby automating 195 questions thatcustomers can issue to assess

cloudservice providers.

Cloud Architecture

Governance and Enterprise Risk Management

Legal and Electronic Discovery

Compliance and Audit

Information Lifecycle Management

Portability and Interoperability

Security, Bus. Cont,, and Disaster Recovery

Data Center Operations

Incident Response, Notification, Remediation

Application Security

Encryption and Key Management

Identity and Access Management

Virtualization

Cloud Security Alliance’s 13 domains of focus for cloud computing

Assessing Service Provider Compliance

Page 33: Issa 042711

33© Copyright 2011 EMC Corporation. All rights reserved.

RSA SecurBook

A technical guide for deploying and operating RSA Solution for Cloud Infrastructure

– Model: RSA SecurBook for VMware View / MS SharePoint– Solution architecture – Solution deployment and configuration guides– Operational guidance for effective using the solution– Troubleshooting guidance

Page 34: Issa 042711

34© Copyright 2011 EMC Corporation. All rights reserved.

More Information

• www.rsa.com/rsavirtualization• RSA SecurBooks – Technical guides for

deploying and operating RSA Solutions

Page 35: Issa 042711

35© Copyright 2011 EMC Corporation. All rights reserved.

VMware Approach to Security

Virtualization Security• Secure hypervisor

architecture• Platform

hardening features

• Secure Development Lifecycle

Audit and Compliance• Prescriptive

guidance for deployment and configuration

• Enterprise controls for security and compliance

Security in the Private Cloud• Virtualization-

aware security• Products taking

Unique Advantage of virtualization

Page 36: Issa 042711

36© Copyright 2011 EMC Corporation. All rights reserved.

vShield Products

VMware vSphere VMware vSphere

DMZ Application 1 Application 2

Securing the Private Cloud End to End: from the Edge to the Endpoint

Edge

vShield Edge

Secure the edge of the virtual datacenter

Security Zone

vShield App and Zones

Create segmentation between enclaves or silos of workloads

Endpoint = VM

vShield Endpoint

Offload anti-virus processing

Endpoint = VM vShield Manager

Centralized Management

Page 37: Issa 042711

37© Copyright 2011 EMC Corporation. All rights reserved.

THANK YOUTHANK YOU

Page 38: Issa 042711

38© Copyright 2011 EMC Corporation. All rights reserved.

Q&A