security automation in virtual and cloud environments v2
DESCRIPTION
Virtualization security must be as dynamic as the environment it is protecting. Learn how to build security automation into your virtual and cloud computing environments by using VMware's vShield API. In this webinar, you will learn:1. An introduction to security automation and why it matters2. An overview of VMware's vShield and its API3. Real world cloud examples of how to use the vShield API for security automationTRANSCRIPT
SECURITY AUTOMATION IN VIRTUAL AND CLOUD ENVIRONMENTS
Richard ParkSenior Product [email protected]@richardpark31
2
About Me
Virtualization
Cloud
3
In Virtual & Cloud Environments
Security Automation
4
The ‘fortress mentality’ is outdated – and is no longer realistic or practical… Automation will quickly become a ‘must-have’ component in the overall security strategy of every IT organization. There is simply no other way to detect threats swiftly enough, let alone to contain the damage and recover from it.
“
”- Accenture Technology Vision 2011
5
Presentation Outline
Virtualization Security Challenges
vShield Vision and Overview
Achieving the Security Automation VIsion
1 2
4
Security IntegrationUse Cases
3
6
Server Ops
Security
Networking
Dealing With Enterprise Silos
7
Today’s security is often static...
8
But we don’t live in a static world!
9
New PCI Virtualization Guidelines
www.sourcefire.com/pcivirt
10
The Niche Apps(LOB apps, Tier 2 DB,
etc.)
The Easy Apps(infrastructure, file, print)
Exchange
SQL
Oracle
SharePoint
Custom Java Apps
30% penetration
>60% penetration
SAP
Inflection Point for Virtualization
11
vShield Vision for Security
Security products work together to adjust to changes in the environment.
vShield is security middlewarebetween disparate devices.
12
vShield as security middleware is a realistic vision for virtual environments
vShield Is NOT A Silver Bullet
vShield≠
13
“Code is law.”Lawrence Lessig
14
vShield Overview
15
Our Focus Today
Application 1
VMware vSphere
X
XvShield App/Edge
FW rule changes
Policy Violations
3rd Party Vendor
16
Example of REST API GET command
GET https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ---->
<-----------------------------vShield XML Ruleset
(username, password)
17
REST API POST Command
POST https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ---->
<------------------------------------Ruleset Acknowledgement
18
https://10.1.1.1/api/1.0/network/network-244/snat/rules
https://10.1.1.1/api/1.0/network/network-244/loadbalancer/action/start
https://10.1.1.1/api/1.0/zones/syslogServers
Examples of vShield REST Commands
19
vShield and Private Cloud Provisioning
User-Initiated Automated Automated Automated
User requests virtual infrastructure via Web portal Third party security
products use vShield & vCenter APIs to update security configuration
vCenter, vCloud APIs are used to provision VM(s)
Request Provision Secure Maintain Security
vShield APIs are used to provision VM firewall rulesets
20
Step 1: User requests a VM from a Web portal
Use Case: Virtual Server Deployment
Virtual Server Portal
Your Contact Information
Region
Your Org Information, Cost
Code, etc.
Server Type
Lease timeframe
More…
VM Configuration
CPU
Memory
Disk Storage
2 CPU
2 GB
40 GB
21
Use Case: Virtual Server DeploymentStep 2: vCloud Director provisions the VM
22
Step 3: Apply security group and firewall ruleset
Use Case: Virtual Server Deployment
23
Step 4: Third party products update configuration
Use Case: Virtual Server Deployment
443
Third Party Security Vendor
vShield API
24
Step 4 (optional): VM Quarantine can be used
Use Case: Virtual Server Deployment
Third Party Security Vendor
vShield API
25
vShield and Multitenant Clouds
Provision Cloud
Step 1
Weeks? Months?minutes
Secure Cloud
Step 2
Maintain Security
Step 3
26
vShield and Multitenant Clouds
Provision Cloud
Step 1
Secure Cloud
Step 2
Maintain Security
Step 3
Update firewall configuration as required
Tenant requests a datacentervCloud Director provisions a resource pool and a port group
vShield Edge is deployed on port group with appropriate firewall, NAT, and load balancing configuration
IT-Initiated Automated Automated
27
Use Case: Public Cloud Deployment
VMware vSphere + vCenter
Port Group
CPU Memory Network Storage
Resource Pool
Step 1: Tenant requests datacenter
Resource pool and port group are provisioned
28
Use Case: Public Cloud DeploymentStep 2: vShield Edge is deployed
VMware vSphere + vCenter
Virtual Datacenter
Physical Datacenter
SHARED SERVICES
Tenant A
NAT NAT
29
Virtual Datacenter
Tenant A
Use Case: Public Cloud Deployment
Step 3: Update firewall configuration as required
VMware vSphere + vCenter
30
Change control exists for a reason!
31
Virtual Environments are Dynamic
Source: Christofer Hoff, Virtualization & the End of Network Security
32
Operation Shady RAT
There are only two types of Fortune 2000 companies – those that know they’ve been compromised, and those that don’t know.
“”- Dmitri Alperovitch, McAfee Threat Research
33
In the past, IT has architected everything around the idea of ‘100 percent security’… there is no such thing as watertight IT security. This fortress mentality must now give way to a realistic and practical approach… the speed and frequency of attacks dictate that human responses must make way for automated capabilities.
“
”- Accenture Technology Vision 2011
34
Never send a man to do a machine’s job.“ ”Agent Smith
35
Applications are like fish and data is like wine. Only one gets better with age.”“James Governor, RedMonk
36
vCenter Integration Becomes Crucial
VM and Host InventoryMigration & Snapshot HistoryVM Online/Offline Status
37
Security APIs Become Important
IDS/IPS
Fire
wall
Ant
ivirus
Vuln
era
bility
Asse
ssment
Full Packet Capture
Flo
w A
naly
sis
API Data Exchange
38
So How Do I Get Started?So how do I get started with security automation?
39
Implement Security in Virtual Environments
Bridge the Enterprise Silos
Consider Open Source Vendor Integrations
1 2
4
Require vShield Integration and APIs
3
VMware vSphere
40
Security Must be Dynamic and Automated
41
vShield Has a Vision for Dynamic Security
42
Vendors Must Evolve With Better Automation and Integration