Around 60% of viewings can happen on-demand much of which occur during the first 24 hours after a live event. To help get the most viewings make sure you have switched on all the emails in the channel.
2. Brian Heili
2 | Confidential
PRESENTERS
Network Security Solution
Engineer and Ambassador for
the Office of the CTO
Jeremiah Cornelius
Technical Leader,
Alliances and Partner
3. AGENDA
VMware NSX and the Service-Defined Firewall
2
3
4
5
AlgoSec and Intelligent Automation for Security
Visibility, Compliance and Change Management
Joint Value - AlgoSec and VMware
Questions … and Answers!
3 | Confidential
5. Traditional approach
SECURING THE MODERN DATA CENTER REQUIRES A NEW APPROACH
Realities
Built for the User Perimeter, not
the Data Center
Complex to insert into the
network
Unable to dynamically scale
Blind spots and Lack of Controls
for East West traffic
Inconsistent and Unmanageable
Policy
Expensive (HW, SW, Maintenance,
Power, Cooling, Cabling, Rack
Space)
IDS/IPS
FIREWALL
5 | Confidential
6. Solves Traditional Challenges
NSX SERVICE-DEFINED FIREWALL
Solution
Hypervisor Based L4-7 FW with
Advanced Threat Prevention
Distributed architecture
eliminates hair pinning of traffic
Easy to Deploy: No Physical
Network Changes Required
Automatic Policy Provisioning and
Deprovisioning
Consistent policy across critical
workloads
More Cost Effective (Typically 50%
Less)
FIREWALL
IDS/IPS
6 | Confidential
7. Web_tier
Automated and Dynamic Policies
MASSIVELY SIMPLIFY OPERATIONS
DB_tier
X
New workloads
inherit policies
+
App_tier
X
X
Policy is retired with
the workload
Policy moves
with workload,
no dropped
connections
7 | Confidential
8. SECURING THE MODERN DATA CENTER
Create zones in software
with no network changes
Quickly deploy compliance
& audit requirements
Threat detection and
response beyond the
perimeter
Automatically correlate,
validate and defend
against advanced threats
Policy deployment and
lifecycle management
Security infrastructure as
code
Maintain consistent
security across workloads
in private data centers and
the cloud
Threat Prevention Security Policy Automation Consistent Security
Segmentation
8 | Confidential
11. Operational
Framework Layer
Security Layer
Firewalls Routers Web
Proxies
Load
Balancers
Security
Groups
Physical Networks Private Cloud/SDN Public Cloud
Implementation Integration
AppChange
ALGOSEC INTELLIGENT AUTOMATION FRAMEWORK
Application
Framework Layer
Implementation Integration
Ticketing
Systems
GRC
Systems SIEM/SOAR
Systems
Orchestration
AppViz Syslog &
Traffic Data
Authentication
Authorization
CMDB Data Vulnerability
Scanners
12. Security Layer
Firewalls Routers Web
Proxies
Load
Balancers
Security
Groups
Physical Networks Private Cloud/SDN Public Cloud
ALGOSEC INTELLIGENT AUTOMATION FRAMEWORK
Application
Framework Layer
Implementation Integration
AppViz
Operational
Framework Layer
Implementation Integration
AppChange
Analyze, Monitor
& Visualize
Automate, Integrate
& Manage
Discover &
Understand
Operational Efficiency and Accuracy
Ticketing
Systems
GRC
Systems SIEM/SOAR
Systems
Orchestration
Syslog &
Traffic Data
Authentication
Authorization
CMDB Data Vulnerability
Scanners
13. TRANSFORMATION OF NETWORK SECURITY MANAGEMENT
Visibility into the
Entire Network
Agile and Secure
Change Management
Risk and
Compliance
Effective Collaboration between all stakeholders
13 | Confidential
Digital Transformation – Intrinsic Security with Intelligent Automation
15. CHALLENGE: VISIBILITY INTO THE ENTIRE NETWORK
15 | Confidential
Multiple Environments:
On-prem, public clouds and private clouds
Multiple security Vendors
Difficult to understand the network structures and flow paths
Lack of association between business applications and their
related rules and connectivity flows
Intrinsic Security and the Hybrid Legacy
16. FULL NETWORK AND APPLICATION VISIBILITY
• Visibility and analysis of complex network security policies across technologies, vendors and operational systems
• Automated discovery and mapping of business applications
• Understand the impact of network flows and security controls on application-network connectivity
• Correlate risks and vulnerabilities to firewall policies
16 | Confidential
18. CHALLENGE: RISK AND COMPLIANCE
18 | Confidential
Keeping up with internal and changing regulatory standards
Audit preparation is timely and effort-extensive
Maintaining ongoing documentation and audit trail
Identifying risk across the entire network
Understanding the business impact of vulnerabilities
19. AUTOMATE & ENSURE A CONTINUOUS STATE OF COMPLIANCE
Automatically Document
Network Changes
Analyze Existing Risks
and Flag Any New
Changes for New Risks
Get Audit-ready
Compliance Reports
Tie Vulnerabilities to
Business Applications
and Firewall Rules
Digital Transformation – Intrinsic Security with Intelligent Automation
21. CHALLENGE: AGILE AND SECURE CHANGE MANAGEMENT
21 | Confidential
Handling multiple vendors and technologies via various platforms
Lack of skilled personnel
Enforcing security policy consistency
Identifying and mitigating risks
22. CHANGE MANAGEMENT
AND AUTOMATION
22
Automatic design
• End-to-end: multi-
vendor, multi-platform
• Optimized changes,
eliminate human error
Zero-Touch policy push
automation
Full documentation and
audit trail
What-if security check
DevOps friendly
Consistency across the
entire network, including
multiple clouds and
hybrid environments
22 | Confidential
23. JOINT VALUE - ALGOSEC AND VMWARE
MITIGATE RISK
Strengthen your cybersecurity
posture by reducing your attack
surface and prevent lateral
movement
ENSURE COMPLIANCE
Eliminate visibility and
security blind-spots you get
from misaligned controls
with traditional approaches
SIMPLIFIED SECURITY
ARCHITECTURE
Radically simplified deployment and
architecture eliminates the need for
complex network changes
ACCELERATE OPERATIONS
Security policy that moves at the
speed of development — align
heterogenous controls with
VMware’s service-defined firewall
23 | Confidential
Transformation – Intrinsic Security with Intelligent Automation