SlideShare une entreprise Scribd logo

Vmware Seminar Security & Compliance for the cloud with Trend Micro

Graeme Wood
Graeme Wood

Security and Compliance Presentation at Vmware VSS Presentation with Trend Micro

Technologie
1  sur  37
Télécharger pour lire hors ligne
Security and Compliance for the Cloud Trevor Gerdes Systems Engineer tgerdes@vmware.com © 2009 VMware Inc. All rights reserved
Disclaimer This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. “These features are representative of feature areas under development. Feature commitments are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery.” 2
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 3
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 4
Compliance vs. Security Compliance Security Conforming to a set of Implementing Technical, rules or standards. This Physical, and is generally confirmed by Administrative controls to an assessor providing an provide confidentiality, opinion based on integrity, availability, observation, inquiry, and accountability and inspection. assurance. 5
Compliance requirements affecting your customers  PCI-DSS  Government regulation  SOX  ISO  Internal 6
Why is PCI so Hard for Virtualization?  Technology changes faster than any standard (including the PCI DSS)  PCI applies to all systems “in scope”  Segmentation defines scope  The DSS is vendor agnostic  Most whitepapers are written for security, not compliance “If network segmentation is in place and will be used to reduce the scope of the PCI DSS assessment, the assessor must verify that the segmentation is adequate to reduce the scope of the assessment.” - (PCI DSS p.6) 7
What is “In-scope” All systems that Store, Process, or Transmit cardholder data, and all system components that are in or connected to the cardholder data environment (CDE). What’s unique in a virtual environment? Storage Transmission Segmentation Data that used to reside only in Data that used to physically reside in Defining system boundaries can be memory could be written to disk one location could now be transmitted more difficult, with virtual firewalls, (encryption keys, PAN) logically across the network (i.e., virtual switches, VLANs, and High VMotion, pulling images from a SAN, Availability switches. storage) The integrity of data can now be altered in several locations (i.e., a log Mixed mode environments, server that is stored as VM on the Authentication controls (how can you multi-tenancy. ESX host) ensure that authentication systems cannot be by-passed) Can all system components in the SAN – Can VM’s be altered in virtual environment meet ALL PCI storage? How will you know? What “system components” could be controls? used to sniff sensitive data? 8
Aren’t firewalls required for segmentation?  QSA’s have historically relied on stateful firewalls for network segmentation  PCI allows for “other technology” as an acceptable use of segmentation  How do firewalls impact the flow of data unique to a virtual environment (VMotion, pulling images from a SAN, taking “dirty” snapshots) “Network segmentation can be achieved through internal network firewalls, routers with strong access control lists or other technology that restricts access to a particular segment of a network.” – PCI DSS p. 6 9
Why are Virtual Environment Perceived As So Much Harder? 1. System boundaries are not as clear as their non-virtual counterparts 2. Even the simplest network is rather complicated 3. More components, more complexity, more areas for risk 4. Digital forensic risks are more complicated 5. More systems are required for logging and monitoring 6. More access control systems 7. Memory can be written to disk 8. Many applications and O/S were not designed for Virtualization 9. VM Escape? 10. Mixed Mode environments 10
“System Boundaries” are not as Clear as their Non-Virtual Counterparts Basic Web Server and Database Standard Environment Virtual Environment 11
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 12
Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Threat Mitigation - Segmentation of - Protecting the Endpoint - Perimeter security products applications and Server -AV, HIPS agent based w/ FW/ VPN/ IPS -VLAN or subnet based security - Hardware Sprawl, policies - Agent Sprawl, Expensive -VLAN Sprawl, Complex Cumbersome 13
Foundations of Virtual Security: Secure Deployment  VMware Security Hardening Guides VMkernel • Being provided for major platform vnic vnic vnic products Production Mgmt Storage • vSphere 4.x vSwitch • VMware vCloud Director • View • Important for architecture and deployment related controls vSphere Security Hardening Guide Prod Mgmt http://www.vmware.com/resources/techresources/10109 Network Network Other ESX/ESXi IP-based vCenter hosts Storage 14
Foundations of Virtual Security: Securing Virtual Machines Provide Same Protection as for Physical Servers  Guest • Anti-Virus • Patch Management • OS hardening and compliance  Network • Intrusion Detection/Prevention (IDS/IPS)  Edge • Firewalls 15
Foundations of Virtual Security: Virtual Trust Zones Firewall / IDS / IPS virtual appliance(s) Web servers Application servers Database servers VM VM VM Manage- VM VM VM VM VM VM ment interface VMkernel Internet Intranet Web Application Database ESX/ESXi Host vCenter Server system Production Management Internet LAN LAN 16
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 17
Virtualization Controls for Security  Network Controls  Change Control and Configuration Management  Access Controls & Management  Vulnerability Management 18
vShield - Comprehensive Security for Cloud Infrastructure In Guest Defense in Depth from inside the Guest to the Edge of the Cloud VMVM OrgOrg vShield Endpoint vShield App vShield Edge Accreditations and Certifications Firewall certification in progress H2/2011 19
vShield Edge Secure the Edge of the Virtual Data Center firewall Features • Multiple edge security services in one appliance Tenant A Tenant X • Stateful inspection firewall • Network Address Translation (NAT) Load balancer • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN (IPsec) • Web Load Balancer • Edge port group isolation VPN • Detailed network flow statistics for chargebacks, etc • Policy management through UI or REST APIs • Logging and auditing based on industry standard syslog format 20
vShield Edge Network Topology 21
vShield App/Zones Application Protection for Network Based Threats Features DMZ PCI HIPAA • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • IP Address protection management • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format 22
vShield Zones/App Topology 23
Customers Trust What They Know – 2 Segment Preferences “Air Gapped” Pods Mixed Trust Hosts Secure Private Cloud Network Security vShield Edge vShield App VI Architects • VI Architects who understand the power of virtualization and introspection expect to deploy vShield App but want it in Cloud environments in addition to vShield Edge • IT Security and Network Security see vShield Edge as a natural bridge from what they know and understand in the physical security world and are looking to find a fit within their existing mixed trust host and air gapped pods network designs, VLANs, etc. 24
vShield Endpoint Endpoint Security for Virtual Data Centers and Cloud Environments Improves performance and effectiveness of existing endpoint security solutions • Offload of AV functions • Hardened, security virtual machine Features • Offload file activity to Security VM • Manage AV service across VMs • Enforce Remediation using driver in VM • Partner Integrations through EPSEC API - Trend Micro, Symantec, McAfee • Policy Management: Built-in or customizable with REST APIs • Logging of AV file activity 25
Efficient Antivirus as a Service for Virtual Datacenters  Tighter collaborative effort with leading AV partners  Hypervisor-based introspection for all major AV functions • File-scanning engines and virus definitions offloaded to security VM – scheduled and SVM VM VM VM realtime APP APP APP • Thin file-virtualization driver in-guest >95%+ AV OS OS OS reduction in guest footprint (eventually fully OS Kernel Kernel Kernel agentless) Hardened BIOS BIOS BIOS  Deployable as a service Introspection • No agents to manage - thin-guest driver to VMware vSphere be bundled with VMTools • Turnkey, security-as-service delivery  Applicable to all virtualized deployment models – private clouds (virtual datacenters), public clouds (service providers), virtual desktops 26
vCenter Configuration Manager  Drive IT Compliance to lower risk • Ensure compliance with various industry and regulatory standards on a continuous basis • Quickly remediate problems  Mitigate outages through approved change processes • Detailed understanding and tracking of changes • Control change by following your Closed Loop Change Mgmt Process Harden your environment and reduce potential threats and breaches Compliance Through Unified Patching and Provisioning • Provision Linux, Windows and ESX images • Assess and Patch Windows, UNIX, MAC, etc  Control your virtual infrastructure • Fight VM Sprawl & Decommissioning Issues • Improved Virtual Troubleshooting • Single Pane of Glass 27
Manage & Measure Compliance Automated & Continuous Enterprise Compliance Posture  Deep Collection and Visibility SOX HIPAA FISMA • Virtual and Physical Machines • Desktops and Servers DISA GLBA ISO 27002 PCI • Spans a large array or OSs CIS NERC/  Built in compliance tool kits NIST PCI DSS FERC VMware • Regulatory Virtualization Hardening Guidelines • SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002 • Industry CIS Benchmarks • PCI DSS • Security • NERC/FERC  CIS Certified Benchmarks • vSphere Hardening  DISA NIST • VMware Best Practices  Security Hardening Guides • CIS Benchmark  Vendor Specific Hardening Guidelines Dashboards provide “At-a-Glance” health 28
vCenter Application Discovery Manager • Get and keep a fast and accurate data center view – across virtual and physical • Precise visibility into all application interactions via network-based approach • Eye-opening discovery of unknown, unwanted, & unexpected application behaviors and dependencies • Application-aware data center moves & consolidations, migrations, and DR plans 29
Business Application Dependency Mapping  Provides a detailed and accurate infrastructure layout of a given business application – Virtual and Physical servers – Services – Interdependencies  This is first step to understanding the business application is to map out its internal dependencies  Required for any major data center project (i.e. DR, Migration, Consolidation) DB Layer Application Layers 30
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 31
Welcome to the stage Trend Micro 32
Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 33
What Compliance Benefits are there for Virtual Environments? 1. Repeatable security 2. Scalable controls 3. Risk aggregation/concentration 4. Improve security without impacting operations 5. Stronger/quicker configuration management 6. More money can be spent on security controls 7. Quickly provision and release with minimal management 8. Faster recovery after an attack 9. Ability to quickly capture and isolate compromised VM’s 34
Security Advantages of Virtualization  Allows Automation of Many Manual Error Prone Processes  Cleaner and Easier Disaster Recovery/Business Continuity  Better Forensics Capabilities  Faster Recovery After an Attack  Patching is Safer and More Effective  Better Control Over Desktop Resources  More Cost Effective Security Devices  App Virtualization Allows de-privileging of end users  Better Lifecycle Controls  Security Through VM Introspection 35
Where to Learn More  Security • Hardening Best Practices • Implementation Guidelines • http://vmware.com/go/security  Compliance • Partner Solutions • Advice and Recommendation • http://vmware.com/go/compliance  Operations • Peer-contributed Content • http://viops.vmware.com 36
Thankyou Trevor Gerdes – tgerdes@vmware.com 37

Recommandé

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Azure Hybid
Azure HybidAzure Hybid
Azure HybidThomas Treml
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 

Recommandé

Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Azure Hybid
Azure HybidAzure Hybid
Azure HybidThomas Treml
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUMMaganathin Veeraragaloo
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaBipeen Sinha
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas TechnologyUnnikrishnan P
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloudvidhya dharmarajan
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
Third Party Cloud Management
Third Party Cloud ManagementThird Party Cloud Management
Third Party Cloud ManagementOrchestrate Mortgage and Title Solutions, LLC
 
Chalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual DesktopChalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual DesktopArticulate Marketing
 
Building a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPsBuilding a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPsCA Nimsoft
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azureMohammad Ilyas Malik
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
 
Best Practice Public Cloud Security
Best Practice Public Cloud SecurityBest Practice Public Cloud Security
Best Practice Public Cloud SecurityJason Singh
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 

Contenu connexe

Tendances

Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaBipeen Sinha
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Chalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual DesktopChalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual DesktopArticulate Marketing
 
Building a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPsBuilding a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPsCA Nimsoft
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Cloud Standards Customer Council
 
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
 
Best Practice Public Cloud Security
Best Practice Public Cloud SecurityBest Practice Public Cloud Security
Best Practice Public Cloud SecurityJason Singh
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 

Tendances (20)

Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUM
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas Technology
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Third Party Cloud Management
Third Party Cloud ManagementThird Party Cloud Management
Third Party Cloud Management
 
Chalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual DesktopChalkline Microsoft Webinar about Windows Virtual Desktop
Chalkline Microsoft Webinar about Windows Virtual Desktop
 
Building a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPsBuilding a Cloud Offering: Perspectives from Two MSPs
Building a Cloud Offering: Perspectives from Two MSPs
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
 
Best Practice Public Cloud Security
Best Practice Public Cloud SecurityBest Practice Public Cloud Security
Best Practice Public Cloud Security
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 

Similaire à Vmware Seminar Security & Compliance for the cloud with Trend Micro

040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
VMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainVMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainALAMGIR HOSSAIN
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
Seguridad en SQL Azure Windows azure
Seguridad en SQL Azure Windows azureSeguridad en SQL Azure Windows azure
Seguridad en SQL Azure Windows azureEduardo Castro
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsIBM India Smarter Computing
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newesarakaitis
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 

Similaire à Vmware Seminar Security & Compliance for the cloud with Trend Micro (20)

040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
VMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainVMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossain
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
E Vm Virtualization
E Vm VirtualizationE Vm Virtualization
E Vm Virtualization
 
Seguridad en SQL Azure Windows azure
Seguridad en SQL Azure Windows azureSeguridad en SQL Azure Windows azure
Seguridad en SQL Azure Windows azure
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Monitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring OptionsMonitoring Principles & z/VSE Monitoring Options
Monitoring Principles & z/VSE Monitoring Options
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 News
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's new
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 

Plus de Graeme Wood

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment Graeme Wood
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview Graeme Wood
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work? Graeme Wood
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service SegmentGraeme Wood
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewGraeme Wood
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Graeme Wood
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic ComputingGraeme Wood
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721Graeme Wood
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Graeme Wood
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marGraeme Wood
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 

Plus de Graeme Wood (15)

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work?
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service Segment
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive Overview
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic Computing
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 mar
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Vmware Seminar Security & Compliance for the cloud with Trend Micro

  • 1. Security and Compliance for the Cloud Trevor Gerdes Systems Engineer tgerdes@vmware.com © 2009 VMware Inc. All rights reserved
  • 2. Disclaimer This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. “These features are representative of feature areas under development. Feature commitments are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery.” 2
  • 3. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 3
  • 4. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 4
  • 5. Compliance vs. Security Compliance Security Conforming to a set of Implementing Technical, rules or standards. This Physical, and is generally confirmed by Administrative controls to an assessor providing an provide confidentiality, opinion based on integrity, availability, observation, inquiry, and accountability and inspection. assurance. 5
  • 6. Compliance requirements affecting your customers  PCI-DSS  Government regulation  SOX  ISO  Internal 6
  • 7. Why is PCI so Hard for Virtualization?  Technology changes faster than any standard (including the PCI DSS)  PCI applies to all systems “in scope”  Segmentation defines scope  The DSS is vendor agnostic  Most whitepapers are written for security, not compliance “If network segmentation is in place and will be used to reduce the scope of the PCI DSS assessment, the assessor must verify that the segmentation is adequate to reduce the scope of the assessment.” - (PCI DSS p.6) 7
  • 8. What is “In-scope” All systems that Store, Process, or Transmit cardholder data, and all system components that are in or connected to the cardholder data environment (CDE). What’s unique in a virtual environment? Storage Transmission Segmentation Data that used to reside only in Data that used to physically reside in Defining system boundaries can be memory could be written to disk one location could now be transmitted more difficult, with virtual firewalls, (encryption keys, PAN) logically across the network (i.e., virtual switches, VLANs, and High VMotion, pulling images from a SAN, Availability switches. storage) The integrity of data can now be altered in several locations (i.e., a log Mixed mode environments, server that is stored as VM on the Authentication controls (how can you multi-tenancy. ESX host) ensure that authentication systems cannot be by-passed) Can all system components in the SAN – Can VM’s be altered in virtual environment meet ALL PCI storage? How will you know? What “system components” could be controls? used to sniff sensitive data? 8
  • 9. Aren’t firewalls required for segmentation?  QSA’s have historically relied on stateful firewalls for network segmentation  PCI allows for “other technology” as an acceptable use of segmentation  How do firewalls impact the flow of data unique to a virtual environment (VMotion, pulling images from a SAN, taking “dirty” snapshots) “Network segmentation can be achieved through internal network firewalls, routers with strong access control lists or other technology that restricts access to a particular segment of a network.” – PCI DSS p. 6 9
  • 10. Why are Virtual Environment Perceived As So Much Harder? 1. System boundaries are not as clear as their non-virtual counterparts 2. Even the simplest network is rather complicated 3. More components, more complexity, more areas for risk 4. Digital forensic risks are more complicated 5. More systems are required for logging and monitoring 6. More access control systems 7. Memory can be written to disk 8. Many applications and O/S were not designed for Virtualization 9. VM Escape? 10. Mixed Mode environments 10
  • 11. “System Boundaries” are not as Clear as their Non-Virtual Counterparts Basic Web Server and Database Standard Environment Virtual Environment 11
  • 12. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 12
  • 13. Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Threat Mitigation - Segmentation of - Protecting the Endpoint - Perimeter security products applications and Server -AV, HIPS agent based w/ FW/ VPN/ IPS -VLAN or subnet based security - Hardware Sprawl, policies - Agent Sprawl, Expensive -VLAN Sprawl, Complex Cumbersome 13
  • 14. Foundations of Virtual Security: Secure Deployment  VMware Security Hardening Guides VMkernel • Being provided for major platform vnic vnic vnic products Production Mgmt Storage • vSphere 4.x vSwitch • VMware vCloud Director • View • Important for architecture and deployment related controls vSphere Security Hardening Guide Prod Mgmt http://www.vmware.com/resources/techresources/10109 Network Network Other ESX/ESXi IP-based vCenter hosts Storage 14
  • 15. Foundations of Virtual Security: Securing Virtual Machines Provide Same Protection as for Physical Servers  Guest • Anti-Virus • Patch Management • OS hardening and compliance  Network • Intrusion Detection/Prevention (IDS/IPS)  Edge • Firewalls 15
  • 16. Foundations of Virtual Security: Virtual Trust Zones Firewall / IDS / IPS virtual appliance(s) Web servers Application servers Database servers VM VM VM Manage- VM VM VM VM VM VM ment interface VMkernel Internet Intranet Web Application Database ESX/ESXi Host vCenter Server system Production Management Internet LAN LAN 16
  • 17. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 17
  • 18. Virtualization Controls for Security  Network Controls  Change Control and Configuration Management  Access Controls & Management  Vulnerability Management 18
  • 19. vShield - Comprehensive Security for Cloud Infrastructure In Guest Defense in Depth from inside the Guest to the Edge of the Cloud VMVM OrgOrg vShield Endpoint vShield App vShield Edge Accreditations and Certifications Firewall certification in progress H2/2011 19
  • 20. vShield Edge Secure the Edge of the Virtual Data Center firewall Features • Multiple edge security services in one appliance Tenant A Tenant X • Stateful inspection firewall • Network Address Translation (NAT) Load balancer • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN (IPsec) • Web Load Balancer • Edge port group isolation VPN • Detailed network flow statistics for chargebacks, etc • Policy management through UI or REST APIs • Logging and auditing based on industry standard syslog format 20
  • 21. vShield Edge Network Topology 21
  • 22. vShield App/Zones Application Protection for Network Based Threats Features DMZ PCI HIPAA • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • IP Address protection management • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format 22
  • 24. Customers Trust What They Know – 2 Segment Preferences “Air Gapped” Pods Mixed Trust Hosts Secure Private Cloud Network Security vShield Edge vShield App VI Architects • VI Architects who understand the power of virtualization and introspection expect to deploy vShield App but want it in Cloud environments in addition to vShield Edge • IT Security and Network Security see vShield Edge as a natural bridge from what they know and understand in the physical security world and are looking to find a fit within their existing mixed trust host and air gapped pods network designs, VLANs, etc. 24
  • 25. vShield Endpoint Endpoint Security for Virtual Data Centers and Cloud Environments Improves performance and effectiveness of existing endpoint security solutions • Offload of AV functions • Hardened, security virtual machine Features • Offload file activity to Security VM • Manage AV service across VMs • Enforce Remediation using driver in VM • Partner Integrations through EPSEC API - Trend Micro, Symantec, McAfee • Policy Management: Built-in or customizable with REST APIs • Logging of AV file activity 25
  • 26. Efficient Antivirus as a Service for Virtual Datacenters  Tighter collaborative effort with leading AV partners  Hypervisor-based introspection for all major AV functions • File-scanning engines and virus definitions offloaded to security VM – scheduled and SVM VM VM VM realtime APP APP APP • Thin file-virtualization driver in-guest >95%+ AV OS OS OS reduction in guest footprint (eventually fully OS Kernel Kernel Kernel agentless) Hardened BIOS BIOS BIOS  Deployable as a service Introspection • No agents to manage - thin-guest driver to VMware vSphere be bundled with VMTools • Turnkey, security-as-service delivery  Applicable to all virtualized deployment models – private clouds (virtual datacenters), public clouds (service providers), virtual desktops 26
  • 27. vCenter Configuration Manager  Drive IT Compliance to lower risk • Ensure compliance with various industry and regulatory standards on a continuous basis • Quickly remediate problems  Mitigate outages through approved change processes • Detailed understanding and tracking of changes • Control change by following your Closed Loop Change Mgmt Process Harden your environment and reduce potential threats and breaches Compliance Through Unified Patching and Provisioning • Provision Linux, Windows and ESX images • Assess and Patch Windows, UNIX, MAC, etc  Control your virtual infrastructure • Fight VM Sprawl & Decommissioning Issues • Improved Virtual Troubleshooting • Single Pane of Glass 27
  • 28. Manage & Measure Compliance Automated & Continuous Enterprise Compliance Posture  Deep Collection and Visibility SOX HIPAA FISMA • Virtual and Physical Machines • Desktops and Servers DISA GLBA ISO 27002 PCI • Spans a large array or OSs CIS NERC/  Built in compliance tool kits NIST PCI DSS FERC VMware • Regulatory Virtualization Hardening Guidelines • SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002 • Industry CIS Benchmarks • PCI DSS • Security • NERC/FERC  CIS Certified Benchmarks • vSphere Hardening  DISA NIST • VMware Best Practices  Security Hardening Guides • CIS Benchmark  Vendor Specific Hardening Guidelines Dashboards provide “At-a-Glance” health 28
  • 29. vCenter Application Discovery Manager • Get and keep a fast and accurate data center view – across virtual and physical • Precise visibility into all application interactions via network-based approach • Eye-opening discovery of unknown, unwanted, & unexpected application behaviors and dependencies • Application-aware data center moves & consolidations, migrations, and DR plans 29
  • 30. Business Application Dependency Mapping  Provides a detailed and accurate infrastructure layout of a given business application – Virtual and Physical servers – Services – Interdependencies  This is first step to understanding the business application is to map out its internal dependencies  Required for any major data center project (i.e. DR, Migration, Consolidation) DB Layer Application Layers 30
  • 31. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 31
  • 32. Welcome to the stage Trend Micro 32
  • 33. Agenda • Overview of compliance and security requirements • Foundations for virtual security • Where can VMware help? • How are our partners are helping? • Summary 33
  • 34. What Compliance Benefits are there for Virtual Environments? 1. Repeatable security 2. Scalable controls 3. Risk aggregation/concentration 4. Improve security without impacting operations 5. Stronger/quicker configuration management 6. More money can be spent on security controls 7. Quickly provision and release with minimal management 8. Faster recovery after an attack 9. Ability to quickly capture and isolate compromised VM’s 34
  • 35. Security Advantages of Virtualization  Allows Automation of Many Manual Error Prone Processes  Cleaner and Easier Disaster Recovery/Business Continuity  Better Forensics Capabilities  Faster Recovery After an Attack  Patching is Safer and More Effective  Better Control Over Desktop Resources  More Cost Effective Security Devices  App Virtualization Allows de-privileging of end users  Better Lifecycle Controls  Security Through VM Introspection 35
  • 36. Where to Learn More  Security • Hardening Best Practices • Implementation Guidelines • http://vmware.com/go/security  Compliance • Partner Solutions • Advice and Recommendation • http://vmware.com/go/compliance  Operations • Peer-contributed Content • http://viops.vmware.com 36
  • 37. Thankyou Trevor Gerdes – tgerdes@vmware.com 37