tamas barna cissp, security+ system engineer, eastern europe · 2010-09-24 · tamas barna cissp,...
TRANSCRIPT
September 23, 2010
McAfee Secure Virtualization
Proven, Comprehensive Protection for Virtualized Environments
Tamas Barna CISSP, Security+
System Engineer, Eastern Europe
Confidential McAfee Internal Use Only
Consolidation and Virtualization Demand
– Data centers are the largest IT budget item
and are the focus of many IT leaders as they
look to reduce their own expenses.
Consolidating the number of data centers
while increasing capacity within a smaller
footprint via virtualization and reducing energy
consumption via Green initiatives are all
winning projects today.
– the Lippis Report #114
– ―Strategic Planning Assumption: By year-end
2010, 70% of large organizations will collapse
all or part of their DMZ by risk-managed
virtualization technologies, up from 10% at
year end 2006.‖
– Neil MacDonald June 2, 2010
–
―How to Securely Implement Virtualization‖
2
Data center cost and consolidation wave
3
Enterprise App
Operating System
What is Virtualization?
• Virtualization
• Decouples software from
hardware
• Allows multiple operating
systems to be installed on
the ―host‖ computer
• Provides many benefits and
efficiencies
Operating System
Virtualization
5
Virtualization Market Opportunity
• Companies are readily deploying
virtualization
– 51% in NA, 35% in EMEA and
21% in APAC1
• 50% of all servers will be
virtualized in 5 years2
• $15B virtualization market in 20093
Virtualized Versus Nonvirtualized Servers
Installed Base Forecast, 2006-20113
1 Forrester 2 Gartner 3IDC 4Gartner May 2010: Highlights From the Security and Risk Track at Symposium/ITxpo
“Make security a mandatory part of the
evaluation of virtualization solutions.”4
Paul E. Proctor, Gartner 2010
6
Top Market Challenges
Secure Virtualization
1National Vulnerability Database
• Need secure virtualization as
virtualization vulnerabilities grew over
400%1 from 2006 to 2010
• Every new virtual machine is:
– a new hacking target
– a new source of infection across a
network.
• Out-of-date security makes offline
images more vulnerable.
• It is more cost-effective to include
security in an initial VMWare
deployment than to add it later.
Hypervisor
Apps
OS
Virtual
Machine
Virus
Spam
Trojan
Worms
DDoS
Vulnerabilities
Out-of-date offline images
Apps
OS
Virtual
Machine
Apps
OS
Offline
Virtual
Image
7
McAfee Secure VirtualizationValue Proposition
Customized protection for virtual environments
including offline virtual machines
Integrated, centralized security management
for both physical and virtual environments
Stronger protection, lower costs, and simplified
compliance for today and tomorrow
8
Stronger Protection Lower Costs
Explosive Growth
of Mobile DevicesCost to managed separate products
is high
Simplified Compliance
Explosive Growth
of Mobile DevicesIncreased
compliance requirements
ITIL
PCI
PIPA
EU DPD
35/46/EC
HIPAA
COBIT
SOX
FISMA
J-SOX
GLBA
ISO
Explosive Growth
of Mobile DevicesAV Alone is NOT
Enough
SPYWARE BOTNET
PHISHINGVIRUSES
EXPLOITS
Key Benefits
9
Broad Secure Virtualization Support
• ToPS for Virtualization
• VirusScan Enterprise (VSE)
• VirusScan Enterprise
for Offline Virtual Images
• Host Intrusion Prevention
• Network Access Control
• ePolicy Orchestrator
• Network Security Platform
• Firewall Enterprise/Virtual Appliance
• Vulnerability Manager
• Policy Auditor
• Remediation Manager
• Email and Web Security Appliance
McAfee meets your secure
virtualization needs
Confidential McAfee Internal Use Only
McAfee Firewall
New Virtualization Solutions
10
• McAfee Firewall Enterprise /
Multi-Firewall Edition
• From 4 to 32 discrete virtual
firewalls (VMWare based) in
a single appliance
• Includes Control Center
• Optional IPS, AV, URL
filtering and SSL decryption
• Designed for your network
segmentation and
consolidation projects
• Dedicated resources per FW.
Manage and report individually
• McAfee Firewall Appliance
Line
• Designed for typical
deployments
• Purpose dedicated, high
security appliances (EAL4+)
• Levels of appliances sized for
branch to data center
deployments
Same High Assurance Firewall Software
All Supported with One Central Management and Reporting Solution
New Offerings
• McAfee Firewall Enterprise /
Virtual Appliance
• Software firewall for VMWare
ESX Server – unlimited
instances per server
• Includes virtualized IPS, as
well as AV, URL filtering, SSL
decryption
• Designed for your server
consolidation projects –
security within ESX platform
and inter VM
• Dedicated resources per FW.
Manage and report individually
Confidential McAfee Internal Use Only
McAfee Network Intrusion Prevention
IntrusionPrevention
• Award-winning, network-class protection for
absolute security confidence
• 10-Gigabit Ethernet performance
• Real-time risk-aware IPS
• System-aware IPS with McAfee ePO™ integration
• Dynamic network access control
• Improved network availability and performance
• Stream-lined security management processes through
ePO integration
• Reduced risk and cost associated with patching cycles
Customer Benefits
VSE for OVI v2
• RTW is scheduled for Oct 14
• Dramatically improved performance on scanning offline
images in sequential order
• Uses ODS tasks to schedule scans
• Product certification for:
– VMware ESX: uses VMsafe API’s
– Microsoft Hyper-V
13
Citrix Ready Certification
The Citrix Ready program identifies trusted, third-party solutions that add the greatest value in the Citrix Delivery Center™ infrastructure.
Certified Products:• VirusScan Enterprise
for Offline Virtual Images*
• VirusScan Enterprise
• AntiSpyware Enterprise
• ePolicy Orchestrator
• Vulnerability Manager
Compatible with Citrix® XenApp™.
*V1 version
www.citrixready.com
14
Host IPS
for
server
VirusScan
Enterprise
ToPS for VirtualizationProtect virtual servers
Components
Anti-spyware
Enterprise
VSE for
Linux
VSE for Offline VirtualImages
ePolicy
Orchestrator
Host IPS
for
server
VirusScan
Enterprise
15
VirusScan Enterprise for Offline Virtual Images
Need to secure offline virtual images
– VM sprawl fuels growth of offline virtual images
– Security profiles of offline virtual images quickly become out-of-date
– Compromised offline VMs threaten the network and other endpoints when activated
VirusScan Enterprise for Offline Virtual Images secures offline VMs without bringing them online
– Identify malware
– Remove malware
– Automate security update
VirusScan Enterprise
for
Offline Virtual Images
169/23/2010
Total Protection for EndpointProtect virtual desktops
Single Integrated
Management Console -
ePO
Anti-Spam (Email server) Anti-Spyware
Host Intrusion PreventionDesktop Firewall
Anti-Virus
Network Access Control Web Security
Policy Auditing
17
ePolicy OchestratorCentrally manage security for physical and virtual environments
“ePO has historically been the standard for
centralized administration consoles.”
Peter Firstbrook,
2008 Endpoint Protection Platform Magic Quadrant
• World’s most scalable security and
compliance mgmt platform
— Manages 58M+ endpoints in 35,000+
enterprises with largest deployment >
5M endpoint
— 3 of 4 Global 2000 companies use ePO
• Deploy, manage and report on
— Secure virtualization
— Online and offline images
— Endpoint security
— Data protection
— Web and messaging security
— Integration with network IPS and
vulnerability management
— Threat alerts from Avert Labs
19
Coverage for
Enterprise from
Physical to
Virtualized
Environments
Virtualization
Security
Assessment
Services
McAfee’s Support for Virtualization
Future:
Optimized and
Flexible
McAfee
Global Threat
Intelligence:
Virtualization
Industry’s 1st
dedicated security
consulting service
for virtualized
environment
Industry’s most
complete and
scalable solution
spanning
virtual servers,
networks and
desktops
Enterprise
Vulnerability
Management
and Host IPS
Offline
Virtual
Server
Security
Virus Scan
Enterprise
Offline Virtual
Images
P
T
P
McAfee’s MOVE (Mgmt for Optimized Virtualized Environments)
MOVE – Platform & Partnerships
MOVE
PLATFORM
• Provide VDI specific security with Citrix
• Open MOVE Platform to Partners
• New developments for security for virtualized environments
Customer Feedback
Operational Issues• How to capacity plan around
AV resource utilization
• Want to achieve higher
virtual machine density per
hypervisor
• Do not want another
management console in the
Enterprise
• Don’t want to lock-in to a
single vendor
Anti-Virus Offloading
• Design Goals
– Move Anti-Virus processing out of each VM – Offloading
– Enhance Efficiency and optimize scalability
• Avoid AV Storming through Hypervisor awareness
• Reducing Memory, CPU load, Disk I/O
• Increase the density of VMs per hypervisor
• Increase scanning efficiency by taking advantage of scan caching
– Work in 100,000 desktop environments
– Integrated management
– Responsive user experience
– Supporting persistent and non-persistent desktops
Client
Virtual Desktop
McAfee MOVE enhances Security for Virtualization
25
ePO
Client
Virtual Desktop
Hypervisor
VM
OS
Applications
MOVE
MOVE
Virtual Appliance
Off-load
Processing
McAfee ePO
VM
OS
Applications
MOVE
MOVE-AV Optimizes Enterprise Anti-virus
• On-Demand Scanning (ODS)
• On-Access Scanning (OAS)
• Offline Scanning (OVI)
Component & Feature On-access On-demand
Checks local cache / requests a scan
Processes file operations
Checks global cache / requests a scan
Hypervisor load-aware task scheduling
End
point
Product
Agent
MOVE Platform
Xen ESX Hyper-V
The Anti-Virus Offloading Process
ePolicy
Orchestrator
• Installation
• Configuration
• Reporting
MOVE Virtual
Appliance(s)
Features – Advanced File Caching
• Reduce overall scanning overhead
– Use scan caching better
– Local scan caching now becomes global scan caching
Hypervisor
MOVE
Server
ePO Server
Cache Synchronization Protocol
Scan
Engineabc
def
g i
abc
def
g i
abc
def
g i
abc
def
g i
Features – Optimised File Scanning
1. Local scan cache
2. Global Scan cache
3. File scan
4. Artemis if appropriate
Hypervisor
Artem
is
Scan
Engineabc
def
g i
abc
def
g i
abc
def
g i
ac
def
g i
1
2
3
4
Features – Hypervisor-aware scheduler
Maximum concurrent scans per
HypervisorMaximum concurrent scans per
Storage
Features
• Efficient Security Management
– Maintains Virtual Machine
Awareness so security can still
be managed regardless of what
hypervisor it resides on
– Intelligent Scanning scheduler
per hypervisor
• Allows for scheduling Offline
Virus Scanning
• Allows for scheduling based
on load of hypervisor
– Security Dashboards/Reports
per hypervisor
• hypervisor
Platform Initial Testing Proof Points with Citrix
A/V within the guest Offloading A/V with MOVE
Memory
Consumption (per
VM)
60-120MB+ ~20MB
Peak CPU Usage
(per hypervisor)
80-100% <10%
VM Density X 3X
Scanning Resource
Utilization
YES NO
(Offloaded to Virtual
Appliance)
DAT Update
Resource Utilization
YES NO
(Offloaded to Virtual
Appliance)
The product plans, specifications and descriptions herein are provided for information only, subject to
change without notice, results may vary and without warranty of any kind, express or implied
MOVE 1.5 Product Package Details
• Not part of any suite
• Components
– EPO Extension (policies, tasks, reports, dashboards)
– Off Load Server (Secure VM)
• MOVE Offload Component/VSE/OVI
• Runs on windows 2008 64 bit
• Platform Support
– Hypervisor
• VMWare ESX/ESXi , Citrix XenServer
– MOVE-AV for VDI
• Windows XP, Win7 (32 bit 64bit)
– MOVE-AV Servers
• Windows 2003, Windows 2008, windows 2008 R2
34
Top McAfee Differentiators
Most complete and scalable, security
solution spanning physical and virtual
servers, desktops, and networks.
ePolicy Orchestrator, the only integrated
management platform for physical and
virtual environments.
First and only security vendor to protect
online and offline virtual machines.
Thank You!
For more information, please visit:
http://www.mcafee.com/us/enterprise/products/virtualization_security/index.html
For more information, please visit:
http://www.mcafee.com/us/enterprise/products/virtualization_security/index.html