9670 greg brown presentation v1[1]

8/3/2019 9670 Greg Brown Presentation v1[1]

http://slidepdf.com/reader/full/9670-greg-brown-presentation-v11 1/21

Real Network Security for

Virtual Data Centers

Greg Brown, VP Network

Security, McAfee



Virtualization Trends

2

Organizations planning to or are engagedin data center upgrades.

-Network World, 2011

Organizations planning to virtualize over40% of their servers this year.


Organizations concerned about moving virtualmachines causing operational complexity.




Virtualization Challenges

Traditional Security• Flat network designs eliminate the ‘single egress point’

• Elimination of physical boundaries can cause blind spots

• VM portability challenges port/IP-based security policies• Disparate management tools for physical and virtual



Top Security Concerns



New Requirements for Network

Security• Eliminate blind spots with inspection of inter-VM traffic

• Port-agile security policies that move with virtual assets

• Common management across physical and virtual

• Integrated Network and Security controls



NETWORK SECURITY FORVIRTUAL ENVIRONMENTS

6



Did You Know?

• Average default IPS accuracy is 62%

• Average tuned IPS accuracy is 83%

• Minimum accuracy 30%

• Vendors underperformed 25-75% relative to claims

Souce: NSS Labs, 2010



Vulnerability AssessmentNetwork DLP

Advanced Malware

Network Forensics

Network Behavior

Virtual Agent

Network Security Management

Next-gen hardware architecture

Advanced Analysis

policy definition reporting & alerts network visibility

reputationanalysis

behavioranalysis

Enforcement

protocolanalysis

quarantine

rate limit

block

access controlalert

virtual patch

10 Gig connections max port density

Centralized Policy & Risk Mgmt

7-10 yearlifecycle

botdetection

Analysis Extensions Visibility Extensions

Outstanding Threat Prevention

Requires More than IPS



Impact of Networks Flattening

However, Aggregation Points Disappear

and Machines Go on the Mo

Greater ResilienceBetter Performance

Simpler Design



Providing Outstanding Threat

Prevention…

for Virtual Environments• Benefits:

– Real-time visibility and threat detection for inter-VM traffic

– Common management across physical and virtual

– Quarantine of infected VMs

– No additional load on virtual servers

10

Physical Environment Physical Environment

Source Destination

Hypervisor-based Agent

Virtual machines



The Importance of Threat Intelligence

.

ThreatReputation

NetworkIPS

Firewall WebGateway Host AVMail

Gateway Host IPS 3rd PartyFeed

300M IPSAttacks/Mo.

300M IPSAttacks/Mo.

2B BotnetC&C IP

Reputation

Queries/Mo.

20B MessageReputation

Queries/Mo.

2.5B MalwareReputation

Queries/Mo.

300M IPSAttacks/Mo.

Geo LocationFeeds



Moving Beyond Conventional SecurityTicket Oriented Resolution Protection Focused on

Identifying Attack Packets

Configuration Focused on Features Multi-Vendor Strategies

How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire

How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’dproducts.



The Maturity Model of Enterprise Security

SECURITY OPTIMIZATION

OPTIMIZED(~4% of IT Budget on Security)REACTIVE(~3% of IT Budget on Security) COMPLIANT/PROACTIVE(~8% of IT Budget on Security)

TCO

SecurityPosture



New Requirements for Optimized Network Security

Turn days of process into clicks Characterize future threats today

Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities

Proactive Management Predictive Threat Protection

Policy-Based Control Extensible Architecture



When OptimizedLow Effort, Low Risk

Not OptimizedHigh Effort, High Risk

Protecting Critical Data Center from ZeuS Malware

Malware infects, McAfee Labs IDs,updates website reputations…

…Threat dissected,analyzed…

…Predictive action stopsthreat

A. Malware infects websites

Malware hits network

Wait on signature

Apply signature, updatesignature

Future variants covered

Benefit: Protection meets (and beats) hacker’s timelines, reducesalerts

Predictive Threat Protection with NSP + GTI



Policy Enforcement Based on Application

(versus port number)

User directory auto-imports groups…

Firewall sees similar rule.1 click to add. Avoid

duplicate

Hours or days to review,deploy

A. Identify M&A team

Map users to network address

Create new rule (duplicate?)

Weeks to review, test,

deploy. Repeat?

New M&A members

automatically added

Next-GenerationLow Effort, Low Risk

TraditionalHigh Effort, High Risk



Application ID Categories• Mobile software

• Peer to Peer (P2P)

• Photo-Video sharing

• Remote administration

• Remote desktop / Terminal services

• Social networking

• Software / System updates• Storage

• Streaming media

• Toolbars and PC utilities

• Voice over IP (VOIP)

• VPN

• Webmail

• Web browsing

• Web conferencing

• Anonymizers / Proxies

• Authentication services

• Business web applications

• Content management

• Commercial monitoring

• Database

• Directory services• Email

• Encrypted tunnels

• ERP/CRM

• Filesharing

• Gaming

• Instant messaging

• Infrastructure services

• IT utilities



Replacing IP Address with Identity

• Seamlessly acquire identity

without authentication

• Maintains user to network layer

mapping

• Integrates w/ Active Directory.

• Enforce policy based on group

membership

Just like in the physical world, your identity should

follow you through different

security gates / locations.



Provide Common Controls Across

Physical and Virtual

19

Physical Virtual

Enterprise Firewall & IPS P P Malware detection P P Common management P P Identity-based controls P P Application identity & control P P Advanced botnet detection P P Cloud-based threat feeds P P

9670 greg brown presentation v1[1]

Documents