SlideShare una empresa de Scribd logo

The Goldilocks Zone: Security in the SDDC

VMworld
VMworld

The document discusses the opportunities and challenges of securing modern IT infrastructure and applications in the software-defined data center (SDDC). It outlines three key architectural issues: 1) the need for logical segmentation around application boundaries, 2) orchestrating security policies across multiple controls, and 3) providing the right context and isolation for security tools. The document argues that virtualization provides the "Goldilocks zone" to address these issues by placing security controls and services into the virtualization layer to enable micro-segmentation, advanced context sharing between tools, and policy orchestration across applications and infrastructure. It presents a case study of how one company addressed these challenges through a virtualization-based security approach.

Tecnología
1 de 23
Descargar para leer sin conexión
The Goldilocks Zone: Security and Architectural Implications of the SDDC SEC1959-S Tom Corn SVP, VMware, Inc. – Security Products
Securing the Data Center 2 NETWORK STORAGE INFRASTRUCTURE MANAGEMENT & ORCHESTRATION COMPUTE IT INFRASTRUCTURE APPLICATION INFRASTRUCTURE NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY INFRASTRUCTURE IDENTITY CONTROLS IAM, IAG, Authentication, Access Control, Federation/SSO APP/DATABASE CONTROLS App/DB Activity Mon, App/DB Encryption, Fraud Analytics
A Picture of Diminishing Returns 3 The Only Thing Outpacing Security Spend… Is Security Losses IT Spend Security Spend Security Breaches
Kill Chain: Anatomy of a Modern Attack 2 Attack Vector R&D 1 Human Recon 3 Delivery Mechanism 1 Prep 2 Intrusion 3 Recon 4 Recovery 5 Act on Intent 6 Exfiltration
5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 2. Intrusion
8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 3. Recon
9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 4. Recovery
11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup 5. Act on Intent 6. Exfiltration
Modern Attack: targeted, interactive & stealthy 9 1 Human Recon 2 Attack Vector R&D 3 Delivery Mechanism 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup Stop Infiltration Lack visibility & control to stop exfiltration shift from… •  Perimeter-centric •  In-line prevention •  Managing compliance to... •  Application & user-centric •  Analytics/Out-of-band mitigation •  Managing risk
3 Architectural Issues 10 As a ubiquitous abstraction layer between the applications and the infrastructure it provides the “Goldilocks Zone” for security. Virtualization is the Key Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry / “handles” for security controls 3. Context Common Thread: The Application
The Logical Segmentation Problem CONFIDENTIAL 11 Hyper-connected Computing Base Lateral Movement Complex/Comingled Policy Enforce segmentation around application boundaries versus the perimeter, physical zones or machines The Solution We have no mechanism that maintains the relationship between the applications & the infrastructure. The Obstacle
The Compound Policy Problem CONFIDENTIAL 12 C1 C2 C3 Right Place Right Order Share State Choke Points / Scalability A mechanism to insert and order security controls and policy around logical boundaries, and a mechanism for them to publish and share state The Solution No such mechanism exists. We can insert on physical boundaries, and share state via point integrations and correlation. The Obstacle Complex Distributed Policy ? Sharing State
The Context/Isolation Tradeoff CONFIDENTIAL 13 Policy è ç Analytics Context Isolation Endpoint Network êé ê é HTTP://192.163.8.10:8080 HTTP://192.159.2.10:8080 HTTP://192.162.5.8:8080 Poor Handles/Telemetry for Policy/Analytics 10.20.2.14 09:00:02:A3:D1:3D 10.18.3.13 08:00:03:A4:C2:4C A ubiquitous mechanism for communicating telemetry with security controls that has the isolation properties of a network control point and the context of an endpoint agent. The Solution No such mechanism exists. We are forced to make the tradeoff. The Obstacle
3 Architectural Issues CONFIDENTIAL 14 1 Common Thread: The Application Virtualization is the Goldilocks Zone for Security •  Segment along application boundaries and compliance scopes •  Provision and order controls along those boundaries •  Share context to and among controls If we could… •  Reduce our attack surface •  Simplify our policies •  Improve the effectiveness of all our controls …then we can dramatically… Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry/”handles” for security controls 3. Context
Putting Security Controls into the Virtualization Layer 15 Context Security/Telemetry Security Service Provisioning & Orchestration Built-in Controls Isolation/Segmentation/Access Virtual Infrastructure NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY CONTROLS
Micro-segmentation CONFIDENTIAL 16 Logical segmentation around application boundaries App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT App 1 App 2 App 3 Inside firewall
Micro-segmentation CONFIDENTIAL 17 Isolation Explicit Allow Comm. (Default Deny) Secure Communications Structured Secure Communications NGFW IPS IPS NGFW WAF IPS
Advanced Context 18 The hypervisor can bridge the context / isolation gap Context Isolation Endpoint Agent Virtualization êé é Network Device ê é é
Policy Orchestration 19 Advanced Malware Protection à DEFCON Security Group = DEFCON 1! Members = {Tag = ‘AdvancedMalware.Suspicious’, DEFCON Network} ! Security Group = Web Tier! Policy Definition Standard Web Policy þAdvanced Malware Protection DEFCON 1 Policy þ  Gateway Authentication 1 à 2 Factor þ  Ratchet back Access Controls þ Increase Logging
Case Study WestJet Airlines Richard Sillito Solution Architect, IT Security WestJet Airlines
The Call to Action A Once in Wave Opportunity 1st Wave Mainframe | Terminal Millions of Users Thousands of Apps 2nd Wave PC | Client/Server | LAN/Internet Hundreds of Millions of Users Tens of Thousands of Apps 3rd Wave Cloud/SDDC | Mobile | Social | Big Data Billions of Users. Millions of Apps. Trillions of Devices Security Teams Security Vendors Virtualization The Goldilocks Zone for Security
Thank You
Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate

Recomendados

Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 

Recomendados

Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityTripwire
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a servicenairshyam
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
Ngn sec
Ngn secNgn sec
Ngn secdraacon
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SecureWorks
SecureWorksSecureWorks
SecureWorksjduhaime
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 

Más contenido relacionado

La actualidad más candente

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityTripwire
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a servicenairshyam
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SecureWorks
SecureWorksSecureWorks
SecureWorksjduhaime
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 

La actualidad más candente (20)

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROI
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint Security
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a service
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
 
Ngn sec
Ngn secNgn sec
Ngn sec
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
SecureWorks
SecureWorksSecureWorks
SecureWorks
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 

Similar a The Goldilocks Zone: Security in the SDDC

Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?EMC
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2ShivamSharma909
 
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecurityElevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecuritySecurityGen1
 
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsProtecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsSecurityGen1
 
SecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen1
 
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...SecurityGen1
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 

Similar a The Goldilocks Zone: Security in the SDDC (20)

Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
 
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecurityElevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
 
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsProtecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
 
SecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security Services
 
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | Sysfore
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworks
 

Más de VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 

Más de VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 

Último

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

The Goldilocks Zone: Security in the SDDC

  • 1. The Goldilocks Zone: Security and Architectural Implications of the SDDC SEC1959-S Tom Corn SVP, VMware, Inc. – Security Products
  • 2. Securing the Data Center 2 NETWORK STORAGE INFRASTRUCTURE MANAGEMENT & ORCHESTRATION COMPUTE IT INFRASTRUCTURE APPLICATION INFRASTRUCTURE NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY INFRASTRUCTURE IDENTITY CONTROLS IAM, IAG, Authentication, Access Control, Federation/SSO APP/DATABASE CONTROLS App/DB Activity Mon, App/DB Encryption, Fraud Analytics
  • 3. A Picture of Diminishing Returns 3 The Only Thing Outpacing Security Spend… Is Security Losses IT Spend Security Spend Security Breaches
  • 4. Kill Chain: Anatomy of a Modern Attack 2 Attack Vector R&D 1 Human Recon 3 Delivery Mechanism 1 Prep 2 Intrusion 3 Recon 4 Recovery 5 Act on Intent 6 Exfiltration
  • 5. 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 2. Intrusion
  • 6. 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 3. Recon
  • 7. 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 4. Recovery
  • 8. 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup 5. Act on Intent 6. Exfiltration
  • 9. Modern Attack: targeted, interactive & stealthy 9 1 Human Recon 2 Attack Vector R&D 3 Delivery Mechanism 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup Stop Infiltration Lack visibility & control to stop exfiltration shift from… •  Perimeter-centric •  In-line prevention •  Managing compliance to... •  Application & user-centric •  Analytics/Out-of-band mitigation •  Managing risk
  • 10. 3 Architectural Issues 10 As a ubiquitous abstraction layer between the applications and the infrastructure it provides the “Goldilocks Zone” for security. Virtualization is the Key Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry / “handles” for security controls 3. Context Common Thread: The Application
  • 11. The Logical Segmentation Problem CONFIDENTIAL 11 Hyper-connected Computing Base Lateral Movement Complex/Comingled Policy Enforce segmentation around application boundaries versus the perimeter, physical zones or machines The Solution We have no mechanism that maintains the relationship between the applications & the infrastructure. The Obstacle
  • 12. The Compound Policy Problem CONFIDENTIAL 12 C1 C2 C3 Right Place Right Order Share State Choke Points / Scalability A mechanism to insert and order security controls and policy around logical boundaries, and a mechanism for them to publish and share state The Solution No such mechanism exists. We can insert on physical boundaries, and share state via point integrations and correlation. The Obstacle Complex Distributed Policy ? Sharing State
  • 13. The Context/Isolation Tradeoff CONFIDENTIAL 13 Policy è ç Analytics Context Isolation Endpoint Network êé ê é HTTP://192.163.8.10:8080 HTTP://192.159.2.10:8080 HTTP://192.162.5.8:8080 Poor Handles/Telemetry for Policy/Analytics 10.20.2.14 09:00:02:A3:D1:3D 10.18.3.13 08:00:03:A4:C2:4C A ubiquitous mechanism for communicating telemetry with security controls that has the isolation properties of a network control point and the context of an endpoint agent. The Solution No such mechanism exists. We are forced to make the tradeoff. The Obstacle
  • 14. 3 Architectural Issues CONFIDENTIAL 14 1 Common Thread: The Application Virtualization is the Goldilocks Zone for Security •  Segment along application boundaries and compliance scopes •  Provision and order controls along those boundaries •  Share context to and among controls If we could… •  Reduce our attack surface •  Simplify our policies •  Improve the effectiveness of all our controls …then we can dramatically… Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry/”handles” for security controls 3. Context
  • 15. Putting Security Controls into the Virtualization Layer 15 Context Security/Telemetry Security Service Provisioning & Orchestration Built-in Controls Isolation/Segmentation/Access Virtual Infrastructure NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY CONTROLS
  • 16. Micro-segmentation CONFIDENTIAL 16 Logical segmentation around application boundaries App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT App 1 App 2 App 3 Inside firewall
  • 17. Micro-segmentation CONFIDENTIAL 17 Isolation Explicit Allow Comm. (Default Deny) Secure Communications Structured Secure Communications NGFW IPS IPS NGFW WAF IPS
  • 18. Advanced Context 18 The hypervisor can bridge the context / isolation gap Context Isolation Endpoint Agent Virtualization êé é Network Device ê é é
  • 19. Policy Orchestration 19 Advanced Malware Protection à DEFCON Security Group = DEFCON 1! Members = {Tag = ‘AdvancedMalware.Suspicious’, DEFCON Network} ! Security Group = Web Tier! Policy Definition Standard Web Policy þAdvanced Malware Protection DEFCON 1 Policy þ  Gateway Authentication 1 à 2 Factor þ  Ratchet back Access Controls þ Increase Logging
  • 20. Case Study WestJet Airlines Richard Sillito Solution Architect, IT Security WestJet Airlines
  • 21. The Call to Action A Once in Wave Opportunity 1st Wave Mainframe | Terminal Millions of Users Thousands of Apps 2nd Wave PC | Client/Server | LAN/Internet Hundreds of Millions of Users Tens of Thousands of Apps 3rd Wave Cloud/SDDC | Mobile | Social | Big Data Billions of Users. Millions of Apps. Trillions of Devices Security Teams Security Vendors Virtualization The Goldilocks Zone for Security
  • 23. Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate