9670 greg brown presentation v1[1]
TRANSCRIPT
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 1/21
Real Network Security for
Virtual Data Centers
Greg Brown, VP Network
Security, McAfee
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 2/21
Virtualization Trends
2
Organizations planning to or are engagedin data center upgrades.
-Network World, 2011
Organizations planning to virtualize over40% of their servers this year.
-Network World, 2011
Organizations concerned about moving virtualmachines causing operational complexity.
-Network World, 2011
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 3/21
Virtualization Challenges
Traditional Security• Flat network designs eliminate the ‘single egress point’
• Elimination of physical boundaries can cause blind spots
• VM portability challenges port/IP-based security policies• Disparate management tools for physical and virtual
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 4/21
Top Security Concerns
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 5/21
New Requirements for Network
Security• Eliminate blind spots with inspection of inter-VM traffic
• Port-agile security policies that move with virtual assets
• Common management across physical and virtual
• Integrated Network and Security controls
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 6/21
NETWORK SECURITY FORVIRTUAL ENVIRONMENTS
6
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 7/21
Did You Know?
• Average default IPS accuracy is 62%
• Average tuned IPS accuracy is 83%
• Minimum accuracy 30%
• Vendors underperformed 25-75% relative to claims
Souce: NSS Labs, 2010
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 8/21
Vulnerability AssessmentNetwork DLP
Advanced Malware
Network Forensics
Network Behavior
Virtual Agent
Network Security Management
Next-gen hardware architecture
Advanced Analysis
policy definition reporting & alerts network visibility
reputationanalysis
behavioranalysis
Enforcement
protocolanalysis
quarantine
rate limit
block
access controlalert
virtual patch
10 Gig connections max port density
Centralized Policy & Risk Mgmt
7-10 yearlifecycle
botdetection
Analysis Extensions Visibility Extensions
Outstanding Threat Prevention
Requires More than IPS
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 9/21
Impact of Networks Flattening
However, Aggregation Points Disappear
and Machines Go on the Mo
Greater ResilienceBetter Performance
Simpler Design
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 10/21
Providing Outstanding Threat
Prevention…
for Virtual Environments• Benefits:
– Real-time visibility and threat detection for inter-VM traffic
– Common management across physical and virtual
– Quarantine of infected VMs
– No additional load on virtual servers
10
Physical Environment Physical Environment
Source Destination
Hypervisor-based Agent
Virtual machines
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 11/21
The Importance of Threat Intelligence
.
ThreatReputation
NetworkIPS
Firewall WebGateway Host AVMail
Gateway Host IPS 3rd PartyFeed
300M IPSAttacks/Mo.
300M IPSAttacks/Mo.
2B BotnetC&C IP
Reputation
Queries/Mo.
20B MessageReputation
Queries/Mo.
2.5B MalwareReputation
Queries/Mo.
300M IPSAttacks/Mo.
Geo LocationFeeds
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 12/21
Moving Beyond Conventional SecurityTicket Oriented Resolution Protection Focused on
Identifying Attack Packets
Configuration Focused on Features Multi-Vendor Strategies
How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire
How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’dproducts.
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 13/21
The Maturity Model of Enterprise Security
SECURITY OPTIMIZATION
OPTIMIZED(~4% of IT Budget on Security)REACTIVE(~3% of IT Budget on Security) COMPLIANT/PROACTIVE(~8% of IT Budget on Security)
TCO
SecurityPosture
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 14/21
New Requirements for Optimized Network Security
Turn days of process into clicks Characterize future threats today
Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities
Proactive Management Predictive Threat Protection
Policy-Based Control Extensible Architecture
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 15/21
When OptimizedLow Effort, Low Risk
Not OptimizedHigh Effort, High Risk
Protecting Critical Data Center from ZeuS Malware
Malware infects, McAfee Labs IDs,updates website reputations…
…Threat dissected,analyzed…
…Predictive action stopsthreat
A. Malware infects websites
Malware hits network
Wait on signature
Apply signature, updatesignature
Future variants covered
Benefit: Protection meets (and beats) hacker’s timelines, reducesalerts
Predictive Threat Protection with NSP + GTI
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 16/21
Policy Enforcement Based on Application
(versus port number)
User directory auto-imports groups…
Firewall sees similar rule.1 click to add. Avoid
duplicate
Hours or days to review,deploy
A. Identify M&A team
Map users to network address
Create new rule (duplicate?)
Weeks to review, test,
deploy. Repeat?
New M&A members
automatically added
Next-GenerationLow Effort, Low Risk
TraditionalHigh Effort, High Risk
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 17/21
Application ID Categories• Mobile software
• Peer to Peer (P2P)
• Photo-Video sharing
• Remote administration
• Remote desktop / Terminal services
• Social networking
• Software / System updates• Storage
• Streaming media
• Toolbars and PC utilities
• Voice over IP (VOIP)
• VPN
• Webmail
• Web browsing
• Web conferencing
• Anonymizers / Proxies
• Authentication services
• Business web applications
• Content management
• Commercial monitoring
• Database
• Directory services• Email
• Encrypted tunnels
• ERP/CRM
• Filesharing
• Gaming
• Instant messaging
• Infrastructure services
• IT utilities
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 18/21
Replacing IP Address with Identity
• Seamlessly acquire identity
without authentication
• Maintains user to network layer
mapping
• Integrates w/ Active Directory.
• Enforce policy based on group
membership
Just like in the physical world, your identity should
follow you through different
security gates / locations.
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 19/21
Provide Common Controls Across
Physical and Virtual
19
Physical Virtual
Enterprise Firewall & IPS P P Malware detection P P Common management P P Identity-based controls P P Application identity & control P P Advanced botnet detection P P Cloud-based threat feeds P P
8/3/2019 9670 Greg Brown Presentation v1[1]
http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 20/21
Recommended Reading
May 23, 2011 20