3. 3
Hybrid Cloud: Data Centers and Service Transformation
Physical Server Public Cloud Container and PaaS
Monolithic
Fixed
Virtual Server
Private Cloud
Serverless
Loosely
Coupled
4. 4
Hybrid Cloud: Resulting Challenges
Physical Server Public Cloud Container and PaaS
Monolithic
Fixed
Virtual Server
Private Cloud
Serverless
Complexity, Speed & Shared Responsibilities
Loosely
CoupledComplete Visibility, Protection & Provisioning
Shadow IT, Efficient Management & Compliance
5. 5
Understanding Shared Responsibility
Application Platform, Identity and Access Management
Customer Data
Provider Global Infrastructure
(Regions, Availability Zones, Edge Locations)
Storage
Operating System, Network and Firewall Configuration
Client side Data Encryption,
Data Integrity Authentication
Server-side Encryption
(File System and/or data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Compute NetworkingDatabase
Customer
(Responsible for
security ‘in’ the
cloud)
IaaS
Provider
(Responsible for
security ‘of’ the
cloud)
PaaS
Provider
SaaS
Provider
6. 6
IaaS Fastest Growing Segment of Cloud
Source: Gartner Forecasts Worldwide Public Cloud Revenue press release April 12, 2019
IaaS 35.9% CAGR
SaaS 22.2% CAGR
7. 7
IaaS—Securing Infrastructure and Apps
Infrastructure
1
Detect and correct security
misconfigurations
2
Detect and Secure
Workloads and Containers
Workloads and Containers
3 Protect the data in the apps
Apps
IaaS
8. 8
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
IaaS
9. 9
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
10. 10
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
Security Configuration
Control
11. 11
1. Security Configuration Audit
Prevent regulated/high-value data being stored in the cloud.
▪ Continuously monitor IaaS
security settings for
misconfiguration.
12. 12
1. Security Configuration Audit
Prevent regulated/high-value data being stored in the cloud.
▪ As IaaS admins correct
misconfigured settings,
McAfee automatically
resolves the incident.
13. 13
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
Shadow IaaS Control
14. 14
2. Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
▪ Identify risky or
unsanctioned IaaS platforms
in use.
15. 15
2. Managing Rogue IaaS Instances
Discover shadow AWS usage and reclaim control of risky IaaS usage.
▪ Enforce governance policies
and coach users to approved
IaaS platform.
16. 16
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
Visibility of Confidential
Data Inside PaaS Storage
17. 17
3. Visibility of Confidential Data
Gain visibility of regulated/high-value data stored in AWS S3 and Azure Storage.
▪ Perform on-demand scans to
identify sensitive or
protected data stored in IaaS
storage services.
18. 18
Data Exfiltration Vectors—IaaS Infrastructure and Apps
Compromised
AccountsMisconfiguration
Rogue User
Confidential Data
Leaks
Rogue IaaS
Accounts
User Behavior Analytics
Forensics
20. 20
4. Advanced Threat Protection
Detect compromised accounts, insider threats, and malware.
▪ No pre-defined policies or
thresholds, automatic models
based on activity.
21. 21
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ Categorizes 100s of activities
into 13 categories for easy
filtering/navigation.
22. 22
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ Expand the scope of an
investigation and browse a
geo-location map.
23. 23
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ Investigate activities for a
specific user centered around
an incident.
24. 24
5. Activity Monitoring and Forensics
Capture and categorize an audit trail of activity for forensic investigations.
▪ IP reputation to identify
access by a malicious IP such
as a TOR network.
26. 26
IaaS Workload and Containers Challenges
Malware and
Viruses
Difficulty Detecting
Breaches
Lack of Network
Traffic Visibility
Fragmented
Policy
Management
IaaSLack of Workload
and Container
Visibility
27. 27
Discover and Manage Multiple Public Cloud Accounts Security Controls
Live Status
with details
Views:
▪ Workload
▪ Events
▪ VPC
Issue
Details
Workload Count
Take Action
28. 28
Lack of Workload
and Container
Visibility
IaaS Workload and Containers Challenges
Malware and
Viruses
Difficulty Detecting
Breaches
Lack of Network
Traffic Visibility
Fragmented
Policy
ManagementWorkload/Container Inventory
29. 29
Traffic & Network Visibility
Graphical traffic analysis for both E-W & N-S traffic (traffic moving to, from, and between workloads)
Correction
• Shutdown
• Update Firewall
rules in
AWS/Azure
Security Groups
Threat Events
• Workload
threats
• Network threats
Detection
• GTI IP
Reputation
• Heuristics
(Blocked E-W
connections,
Activity on
high-risk ports)
• Alerts from vNSP
30. 30
Lack of Workload
and Container
Visibility
IaaS Workload and Containers Challenges
Malware and
Viruses
Difficulty Detecting
Breaches
Lack of Network
Traffic Visibility
Fragmented
Policy
ManagementAgent Installation &
Security Configuration
Single-Click Quarantine
31. 31
Safeguard Workloads
Quarantine Infected Workloads and Containers
Identify malicious connections
Reduce misconfiguration risk and increase initial remediation efficiency by nearly 90%
Isolate workloads or containers
32. 32
Auditing of Security best practices and Compliance checks
Security assessment
▪ Industry standard
security
benchmarks like
CIS
Regulatory
Compliance
assessment
▪ Auditing of
governance
policies like PCI
DSS, SOX, GLBA,
HIPAA, FISMA.
33. 33
Lack of Workload
and Container
Visibility
IaaS Workload and Containers Challenges
Malware and
Viruses
Difficulty Detecting
Breaches
Lack of Network
Traffic Visibility
Fragmented
Policy
Management
Unified Policy Management
and Reporting
34. 34
Simplify
▪ Single security policy, single pane of glass
console management across data center and
public and private clouds with McAfee ePO.
▪ Automated policy management across all
on-premise and off-premise infrastructure.
▪ APIs, automation and integration with Cloud
tools e.g. Chef, Puppet.
▪ Efficient security management keeps
operational expenses under control.
▪ Security smart enough to scale up and
scale down with the load.
Efficiently manage all security policies across on-premise and public, private and hybrid cloud environments.
McAfee ePO
Device Security | Data Protection
Security Operations Center
Network & Web Security | Cloud
Workloads Security
Native Security
McAFEE
35. 35
Secure Containers with CWS
There are three ways to apply security for containers as of today in the market space:
- Agent based (inside the container itself)
- Ephemeral Proxy
- Additional container as FW
36. 36
Securing Containers using agentless approach
• Repository Image vulnerability & antimalware scanning
• Discovery Pods and Services within Kubernetes
environment
• Container Runtime Security
• Continuous monitoring
• Vulnerability Assessment
• Access Protection
• Application Control
• Log management
• CIS Benchmark Scanning – misconfiguration
• Network Security – Container Firewall with Micro
segmentation support
• Compliance - AV as service, Access Protection, File
Integrity Monitoring, Vulnerability Assessment
• Host security (if supported OS is used)
• Management– Monitoring, threat anomaly detection,
Policy enforcement, Dashboards
Kubernetes Node
Dock
er
kubel
et
kube-
proxy
fluent
d
CNI
Networ
k
Plugin
Pod Pod
API
Scheduler
Controller
etcd
A
P
I
McAfee Security Pod
Persisten
t Storage
(Policy &
Events)
Rule
Enforcer
(Network
Policy)
K8s API
client
API
Server
CWS - ePO
Kubernetes Master
DevOps
38. 38
3 Phases In a Common Cloud Breach
1. Land
▪ Gain first foothold into a 3rd parties VPC, and IaaS/PaaS real estate
2. Expand
▪ Find ways to move beyond the node on which the hacker landed in order to extract
maximum value out of the breach
3. Exfiltrate
▪ Find ways to exfiltrate GBs of data while staying under the radar
39. 39
Layered Container Security
Validate Container
Orchestration System
Config (CSPM)
Vulnerability Assessment
for container components
(Vulnerability Mgmt)
App Level Visibility and Control
(Zero Trust Security Model)
Detect and remove known
vulnerabilities
Block Land
Prevent Bad East West Traffic
Block Exfiltrate
Audit and monitor changes
to infrastructure
Block Expand
40. 40
Layered Container Security
Deep Visibility and Context
• Rapid inventory of current applications, components and processes
• Visual mapping of all traffic between applications and dependencies
• Blast maps and capabilities to playback traffic for forensics
Threat Detection
• Modeling behavior of any app to detect Anomalies
• Identification of backdoors in components
• Identifying unknown processes with elevated privileges
Seamless protection
• Seamlessly operates across all platforms, with controls at app level
• One click Security Policy generation – protect once, run anywhere
• Light-weight operation and services
-------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
41. 41
MVISION ePO
Data / Web Protection “Nirvana for Cloud”
McAfee Web
Gateway / WGCS
MVISION
Cloud
Cloud Workload
Security (ePO)
A solution built
with CASB, DLP
and Web
components
DLP
CASB
SWG
A solution
combining
CWPP, CSPM and
Micro-
Segmentation
0-Trust
CASB - IaaS
CWS /
Container