Security automation in virtual and cloud environments v2

SECURITY AUTOMATION IN VIRTUAL AND CLOUD ENVIRONMENTS

Richard ParkSenior Product Managerrpark@sourcefire.com@richardpark31

2

About Me

Virtualization

Cloud

3

In Virtual & Cloud Environments

Security Automation

4

The ‘fortress mentality’ is outdated – and is no longer realistic or practical… Automation will quickly become a ‘must-have’ component in the overall security strategy of every IT organization. There is simply no other way to detect threats swiftly enough, let alone to contain the damage and recover from it.

“

”- Accenture Technology Vision 2011

5

Presentation Outline

Virtualization Security Challenges

vShield Vision and Overview

Achieving the Security Automation VIsion

1 2

4

Security IntegrationUse Cases

3

6

Server Ops

Security

Networking

Dealing With Enterprise Silos

7

Today’s security is often static...

8

But we don’t live in a static world!

9

New PCI Virtualization Guidelines

www.sourcefire.com/pcivirt

10

The Niche Apps(LOB apps, Tier 2 DB,

etc.)

The Easy Apps(infrastructure, file, print)

Exchange

SQL

Oracle

SharePoint

Custom Java Apps

30% penetration

>60% penetration

SAP

Inflection Point for Virtualization

11

vShield Vision for Security

Security products work together to adjust to changes in the environment.

vShield is security middlewarebetween disparate devices.

12

vShield as security middleware is a realistic vision for virtual environments

vShield Is NOT A Silver Bullet

vShield≠

13

“Code is law.”Lawrence Lessig

14

vShield Overview

15

Our Focus Today

Application 1

VMware vSphere

X

XvShield App/Edge

FW rule changes

Policy Violations

3rd Party Vendor

16

Example of REST API GET command

GET https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ---->

<-----------------------------vShield XML Ruleset

(username, password)

17

REST API POST Command

POST https://10.1.1.1/api/2.0/app/firewall/datacenter01/config ---->

<------------------------------------Ruleset Acknowledgement

18

https://10.1.1.1/api/1.0/network/network-244/snat/rules

https://10.1.1.1/api/1.0/network/network-244/loadbalancer/action/start

https://10.1.1.1/api/1.0/zones/syslogServers

Examples of vShield REST Commands

19

vShield and Private Cloud Provisioning

User-Initiated Automated Automated Automated

User requests virtual infrastructure via Web portal Third party security

products use vShield & vCenter APIs to update security configuration

vCenter, vCloud APIs are used to provision VM(s)

Request Provision Secure Maintain Security

vShield APIs are used to provision VM firewall rulesets

20

Step 1: User requests a VM from a Web portal

Use Case: Virtual Server Deployment

Virtual Server Portal

Your Contact Information

Region

Your Org Information, Cost

Code, etc.

Server Type

Lease timeframe

More…

VM Configuration

CPU

Memory

Disk Storage

2 CPU

2 GB

40 GB

21

Use Case: Virtual Server DeploymentStep 2: vCloud Director provisions the VM

22

Step 3: Apply security group and firewall ruleset

Use Case: Virtual Server Deployment

23

Step 4: Third party products update configuration

Use Case: Virtual Server Deployment

443

Third Party Security Vendor

vShield API

24

Step 4 (optional): VM Quarantine can be used

Use Case: Virtual Server Deployment

Third Party Security Vendor

vShield API

25

vShield and Multitenant Clouds

Provision Cloud

Step 1

Weeks? Months?minutes

Secure Cloud

Step 2

Maintain Security

Step 3

26

vShield and Multitenant Clouds

Provision Cloud

Step 1

Secure Cloud

Step 2

Maintain Security

Step 3

Update firewall configuration as required

Tenant requests a datacentervCloud Director provisions a resource pool and a port group

vShield Edge is deployed on port group with appropriate firewall, NAT, and load balancing configuration

IT-Initiated Automated Automated

27

Use Case: Public Cloud Deployment

VMware vSphere + vCenter

Port Group

CPU Memory Network Storage

Resource Pool

Step 1: Tenant requests datacenter

Resource pool and port group are provisioned

28

Use Case: Public Cloud DeploymentStep 2: vShield Edge is deployed

VMware vSphere + vCenter

Virtual Datacenter

Physical Datacenter

SHARED SERVICES

Tenant A

NAT NAT

29

Virtual Datacenter

Tenant A

Use Case: Public Cloud Deployment

Step 3: Update firewall configuration as required

VMware vSphere + vCenter

30

Change control exists for a reason!

31

Virtual Environments are Dynamic

Source: Christofer Hoff, Virtualization & the End of Network Security

32

Operation Shady RAT

There are only two types of Fortune 2000 companies – those that know they’ve been compromised, and those that don’t know.

“”- Dmitri Alperovitch, McAfee Threat Research

33

In the past, IT has architected everything around the idea of ‘100 percent security’… there is no such thing as watertight IT security. This fortress mentality must now give way to a realistic and practical approach… the speed and frequency of attacks dictate that human responses must make way for automated capabilities.

“

”- Accenture Technology Vision 2011

34

Never send a man to do a machine’s job.“ ”Agent Smith

35

Applications are like fish and data is like wine. Only one gets better with age.”“James Governor, RedMonk

36

vCenter Integration Becomes Crucial

VM and Host InventoryMigration & Snapshot HistoryVM Online/Offline Status

37

Security APIs Become Important

IDS/IPS

Fire

wall

Ant

ivirus

Vuln

era

bility

Asse

ssment

Full Packet Capture

Flo

w A

naly

sis

API Data Exchange

38

So How Do I Get Started?So how do I get started with security automation?

39

Implement Security in Virtual Environments

Bridge the Enterprise Silos

Consider Open Source Vendor Integrations

1 2

4

Require vShield Integration and APIs

3

VMware vSphere

40

Security Must be Dynamic and Automated

41

vShield Has a Vision for Dynamic Security

42

Vendors Must Evolve With Better Automation and Integration