SAAM1146BES Best Practices for Securing Hybrid … Greenberg | Head of Cloud Security BU SAAM1146BES #VMworld #SAAM1146BES Best Practices for Securing Hybrid Clouds with VMware, AWS

Itai Greenberg | Head of Cloud Security BU

SAAM1146BES

#VMworld #SAAM1146BES

Best Practices for Securing Hybrid Clouds with VMware, AWS and Check Point

VMworld 2017 Content: Not fo

r publication or distri

bution

2©2017 Check Point Software Technologies Ltd.

WELCOME TO THE CLOUD



bution

3©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content

FROM DATA CENTER TO CLOUD

DATA CENTER

WHAT USED TO TAKE WEEKS TAKES MINUTES WITH CLOUD

CLOUD



bution


CLOUD FUNDAMENTALS

Cloud is a shared environment

Cloud is a connected environment

Cloud is a dynamic environment

Therefore, cloud is vulnerable and exposed…



bution


CLOUD SECURITY MUST BE ADAPTIVE

Legacy Security Cloud Security

Adding new applicationAdd rule is a SHOWSTOPPER

Adaptive policy is an ENABLER

Security inside the cloudNetwork change is COMPLEX

SDN integration isAUTOMATIC

Application growthReplacing appliances is EXPENSIVE

Auto-Scale isEFFORTLESSVMworld 2017 Content: N

ot for publicatio

n or distribution


4 STEPS TO SECURE YOUR CLOUD

BUCKLE UP



bution


STEP #1: CONTROL THE CLOUD PERIMETER

•Use advanced threat prevention at the cloud perimeter

•Securely connect your cloud with your on-premise environment

CLOUD

ON-PREMISE



bution


STEP #2: SECURE THE CLOUD FROM THE INSIDE

•Micro-segment your cloud to control inside communication

•Prevent lateral threats movement between applications

App App

App App



bution


STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS

• Deploy unified security management for your hybrid cloud (On-Premise and Cloud)

• Ensure policy consistency

• Reduce operation cost

CLOUD

ON-PREMISE



bution


STEP #4: AUTOMATE YOUR SECURITY

Security should be as elastic and dynamic as your cloud

• Auto-provisioned

• Auto-scaled

• Adaptive to changes VMworld 2017 Content: Not fo


bution


TRAVEL TO THE CLOUD IN FIRST CLASS

[Protected] Non-confidential content 11©2017 Check Point Software Technologies Ltd.



bution


CHECK POINT CLOUD SECURITY PRINCIPLES

Utmost protection

Adaptive Security

Hybrid Infrastracture



bution


THE vSEC FAMILY

[Protected] Non-confidential content

ACI

Consistent security policy and control across ALLPrivate and Public Clouds



bution


vSEC ADVANCED PROTECTION

Access Rule

vSEC PROTECTS YOUR DATA AND APPLICATIONS WITH THE INDUSTRY’S BEST THREATS CATCH-RATE

Next Generation Firewall

Application and Data Security

Advanced Threat Prevention

Forensic Analysis

SDN or CloudVendor



bution


ADAPTIVE SECURITY

vSEC Adaptive Security instantly protects new applications and keeps them secure as they evolve.

•Security that learns about application changes

•Auto-scaled virtual security

•Pay-as-you-grow for private and public cloud

Telefonica: “vSEC adaptive security is a game changer.”



bution




Utmost Protection, Adaptive Security , Hybrid Infrastructure

+



bution


SECURITY INSIDE YOUR CLOUD

Securing the datacenter from the inside is simple with NSX

Micro segment the datacenter with advanced protection between applications

App App

App App



bution


VIRTUL PATCHING

Prevent malware like “WannaCry” from propagating inside your network



bution


SECURITY SERVICE CHAINING

NSX Manager Policy

From To Send To

VM “A” VM “B” Check Point vSEC

VM “C” VM “B” Check Point vSEC



bution


SECURITY INSIDE THE DATACENTER

VS.Legacy Datacenter

VLANs-based security

vSEC with NSX

Micro-Segmentation security

Complex network topology changes Simple & agile network topology

Threat can spread within the VLAN Secure each application individually

Security appliance is a choking point Auto-scale virtual security



bution


SECURITY FOR VMWare Cloud on AWS (VMC)

Ultimate protection for VMware on AWS

Single pane of glass for managing

security on VMware hybrid cloud

Seamless integration with vCenterVMworld 2017 Content: N

ot for publicatio

n or distribution

22©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content 22©2017 Check Point Software Technologies Ltd.

HYBRID CLOUD SECURITY

BEST PRACTICES



bution


HYBRID CLOUD SECURITY

SDDC AWS

ESX / NSX

VPC

vSEC GWVM

VM VM



bution


UNIFIED & ADAPTIVE POLICY

Check Point Access Policy

Rule From To Application Action

3 Web_VM DB_Group MSSQL Allow

4 ERP_Group CRM_VPC CRM Allow

Eliminate tickets

Security is no longer a showstopper



bution


STEP #4: DEMO



bution


SUCCESSMore than 4,000 customers purchased vSEC




bution

27©2017 Check Point Software Technologies Ltd. [Protected] Non-confidential content©2017 Check Point Software Technologies Ltd.

Allegiant makes leisure travel affordable

vSEC secures theirHybrid cloud

with NSX & AWS

Helvetia, a European Insurance Company

Growing their vSEC NSX deployment

Using vSEC & NSX to automate application

deployments

27

Different Car manufactures VMworld 2017 Content: N

ot for publicatio

n or distribution




Utmost Protection, Adaptive Security , Hybrid Infrastructure VMworld 2017 Content: Not fo


bution


MORE of CHECK POINT in VMWORLD

Check Point BoothMeet the Check Point experts and see real demos

Track Session Cloud Security Automation in the speed of DevOps Wednesday: Wednesday, 2:00-3:00 p.m. | Hall 8.0, Room 32

Hands-On-Lab (HOL)VMware NSX and Checkpoint vSEC

• Tuesday 10:30 - 18:30• Wednesday 10:30 - 18:00• Thursday 9:00 - 16:00



bution



bution

31©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.

THANK YOU

[Internal Use] for Check Point employees

Itai Greenberg | Head of Cloud Security BU



bution

Documents

SAAM1146BES Best Practices for Securing Hybrid … Greenberg | Head of Cloud Security BU SAAM1146BES #VMworld #SAAM1146BES Best Practices for Securing Hybrid Clouds with VMware, AWS