Intro to Big Data and Apache Hadoop by Dr. Amr Awadallah at CLOUD WEEKEND '13...
Cw13 securing your journey to the cloud by rami naccache-trend micro
1. Securing Your Journey to the Cloud
Rami Naccache – Sr. Presales Engineer
Trend Micro Middle East
Data Center Evolution:
Physical. Virtual. Cloud.
1
15/13/2013 Copyright 2013 Trend Micro Inc.
3. Copyright 2013 Trend Micro Inc.
Empower the business:
Improve business agility by providing quick and
intuitive access to the right information, tools
and applications
Mitigate the risk:
Protect sensitive information to maintain brand
and comply with regulations,
while controlling costs
CIO
5. Virtual CloudPhysical
Cross-platform Security
One Security Model is Possible
across Physical, Virtual, and Cloud Environments
• New platforms don’t change the threat landscape
• Each platform has unique security risks
• Integrated security is needed across all platforms
55/13/2013 Copyright 2013 Trend Micro Inc.
6. Platform-specific Security Risks
One Security Model is Possible
across Physical, Virtual, and Cloud Environments
Visibility & Threats
• Less visibility
• More external risks
Performance & Threats
• Security degrades
performance
• New VM-based threats
Manageability
• Glut of security products
• Less security
• Higher TCO
Virtual CloudPhysical
Increase Efficiency Deliver AgilityReduce Complexity
Integrated Security
Single Management Console
65/13/2013 Copyright 2013 Trend Micro Inc.
10. Typical AV
Console
3:00am Scan
Antivirus Storm
Automatic security scans overburden the system
Virtualization Security
Challenge: Resource Contention
105/13/2013 Copyright 2013 Trend Micro Inc.
11. Reactivated and cloned VMs can have out-of-date security
Dormant
Virtualization Security
Challenge: Instant-on Gaps
Active
Reactivated with
out dated security Cloned
115/13/2013 Copyright 2013 Trend Micro Inc.
12. Attacks can spread across VMs
Virtualization Security
Challenge: Inter-VM Attacks / Blind Spots
125/13/2013 Copyright 2013 Trend Micro Inc.
13. Virtualization Security
VM sprawl inhibits compliance
Challenge: Complexity of Management
Patch
agents
Rollout
patterns
Provisioning
new VMs
Reconfiguring
agents
135/13/2013 Copyright 2013 Trend Micro Inc.
14. • Antivirus
• Integrity Monitoring
Agentless Security for VMware — Antivirus and more
VM VM VM
The Old Way
Security
Virtual
Appliance
VM VM VM
With Agentless Security
VM
• Intrusion Prevention
• Virtual Patching
• Firewall
• Web Application Protection
Virtualization Security
What is the Solution?
A Dedicated Security Virtual Appliance
VM VM VM VMVM VM
Maximizes Performance and ROI
145/13/2013 Copyright 2013 Trend Micro Inc.
15. Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011;
Saving estimate based on VMware ROI calculations
0 10 20 30 40 50 60 70 80
TraditionalAV
AgentlessAV
VM’s per host
75
25 3X higher VDI VM consolidation ratios
3-year Savings on 1000 VDI VMs = $539,600
Virtualization Security
Increased ROI with Agentless Security
Example: Agentless Antivirus
155/13/2013 Copyright 2013 Trend Micro Inc.
16. Security
Virtual
Appliance
VM VM VM
With Agentless Security
VM
Virtualization Security
What is the Solution?
Layered, Virtualization-Aware Security in One Platform
VM VM VM VMVM VM
Protect your efforts to consolidate servers,
enable VDI, and support consumerization
Integrated Modules:
• Antivirus
• Integrity Monitoring
• Intrusion Prevention
• Web Application Protection
• Application Control
• Firewall
• Log Inspection
Simplified
Management
Higher
Density
Optimized
Resources
Stronger
Security
165/13/2013 Copyright 2013 Trend Micro Inc.
17. vShield
Endpoint
Security
Virtual
Appliance
Other
VMware
APIs
Security agent
on individual VMs
Integrates
with
vCenter
Antivirus
Agentless
Agentless
IDS / IPS
Web Application Protection
Application Control
Firewall
Log Inspection
Agent-based
Virtualization Security
Integrity Monitoring
vSphere
Virtual
Environment
Virtualization Security
Fitting into the VMware Ecosystem
175/13/2013 Copyright 2013 Trend Micro Inc.
18. Hypervisor-integrated agentless antivirus released in Nov. 2010
1000 agentless security customers in the first year
Over 250,000 VMs are licensed for agentless antivirus
Agentless FIM released in 2012
Multiple agentless security modules now available
Largest customer purchase is 8,000 VMs
Most dense deployment is 300 VMs/host
“Deep Security provides a robust set of tools to add to your toolbox.
The realized performance improvement is visible to the naked eye.”
- Ed Haletky, Virtualization Practice (www.virtualizationpractice.com)
Virtualization Security
Trend Micro Market Momentum
Agentless Security
185/13/2013 Copyright 2013 Trend Micro Inc.
19. AM Scan Performance
5/13/2013 19Copyright 2013 Trend Micro Inc.
1st AM
scan
2nd AM
scan
(cached)
Scan time ~ 20x faster
Significant DSVA CPU
Reduction
Huge IO Volume
Reduction
21. Additional Resources
• Scalability
• Cost savings
Provides
business agility
Data Access
• Anytime, anywhere
• Device flexibility
Supports BYOD and
consumerization
Security is the
#1 cloud adoption inhibitor
Sources: 1) Security Catalyst. Barometer Assessment: Final Report, Oct 14, 2011; 2) Trend Micro Survey, May 2011
Cloud Security
Why Companies Turn to the Cloud
215/13/2013 Copyright 2013 Trend Micro Inc.
22. Who is responsible for security?
• With IaaS the customer is responsible for VM-level security
• With SaaS or PaaS the service provider is responsible for security
Public Cloud
PaaS
Public Cloud
IaaS
Servers Virtualization &
Private Cloud
End-User (Enterprise) Service Provider
Public Cloud
SaaS
Cloud Security
Cloud Models: Who Has Control?
22Copyright 2013 Trend Micro Inc.5/13/2013
24. Cloud Security
Challenge: Data Access and Governance
Cloud data can provide less visibility and control
10010011
01101100
245/13/2013 Copyright 2013 Trend Micro Inc.
26. Patient Medical Records
Credit Card Payment
Information
Sensitive Research ResultsSocial Security Numbers
• Unreadable for
unauthorized users
• Control of when and
where data is accessed
• Server validation
• Custody of keys
Encryption
with Policy-based
Key Management
Cloud Security
Modular Protection
• Self-defending VM security
• Agentless and agent-based
• One management portal for
all modules, all deployments
vSphere & vCloud
Cloud Security
What is the Solution? Workload and Data Protection
Integration ensures servers have up-to-date
security before encryption keys are released
27. VM VM VM VMVM VM VM VMVM VM VM VM
Data Center Private Cloud Public Cloud
VMware vCloud
VMware
vSphere
Encryption throughout your cloud journey—
data protection for physical, virtual & cloud
1 Cloud Security
Fitting Encryption into a VMware Ecosystem
Enterprise Key
Key Service
Console
Encryption
Solution
275/13/2013 Copyright 2013 Trend Micro Inc.
29. VM
VMware Virtualization
Security
Virtual
Appliance
VM VM VM VM
• Agentless security
• Layered server security
• Encryption for vSphere
Private Cloud
• Agentless security
• Layered server security
Security
Virtual
Appliance
VM VM VM
Public Cloud
Server security console
• Shared policy profile
• Virtual patching
VM
VM VM VMVM
• Encryption for vCloud
• Compliance support
(FIM, Encryption, etc.)
Encryption console
• Shared policy profile
• Key ownership
• Agent-based security
• Layered server security
• Encryption for leading cloud providers
• Compliance support
(FIM, Encryption, etc.)
VM
Virtualization and Cloud Security
One Security Model
295/13/2013 Copyright 2013 Trend Micro Inc.
30. Trend Micro Confidential-NDA Required
Extending to cloud scale
• Resource-pooling – independent tenant policies/data for
shared, multi-tenant clouds
• Elasticity – Automated deployment of components to cloud scale
• Self-service – Policies can be delegated by cloud admin to tenants
through self-service GUI
Same architecture can be deployed as security-as-a-service by IaaS
public cloud providers, or within enterprise ITaaS for private clouds.
―Cloud Workloads Security‖ as a Service
Support for Multi-Tenant clouds
31. 5/13/2013 31Copyright 2013 Trend Micro Inc.
Virtualization and Cloud Security
Leading Industry Success Stories
32. Trend
Micro
Worldwide Endpoint Security
Revenue Share by Vendor, 2010
Source: IDC, 2011
Trend Micro
Source: 2011 Technavio – Global Virtualization
Security Management Solutions
Source: 2012 Technavio – Global
Cloud Security Software Market
Trend Micro is No.1 in Server, Virtualization, & Cloud Security
Why is Trend Micro an Expert?
#1 in Cloud Security
#1 in Virtualization
Security
#1 in Server
Security
Trend
Micro
Trend
Micro
33. Virtual CloudPhysical
Virtualization and Cloud Security
One Security Model is Possible
• Reduce Your Cost of Operations
• Reduce Your Investment in Management
• Increase Application Stability and Performance
• Achieve Compliance in Virtual and Cloud Environments
• Get Higher Virtualization and Cloud ROI
• Safely Use Private, Public, and Hybrid Clouds
335/13/2013 Copyright 2013 Trend Micro Inc.