SlideShare una empresa de Scribd logo
1 de 28
Descargar para leer sin conexión
© 2014 VMware Inc. All rights reserved.
Paul Penn - ppenn@vmware.com
Sales Director Western US
Garrett Kray- krayg@vmware.com
Security Specialist
Network and Security Business Unit
VMware NSX
Transforming Security
VMware – Who we are…
 Headquartered in Palo Alto
• Campus the size of Disneyland
 Over $25 billion in revenues
 17 years old
 Over 55,000 partners worldwide
 ~17,800 employees worldwide
 Fastest Software Company in
history to grow to $5 billion in
sales (and did it with one
product)
 Corporate Mascot: Turtle
VMware Software Defined Enterprise
3
Policy-based
Management &
Automation
Cloud Automation Cloud Operations Cloud Business
Software-Defined Data Center
Private
Clouds
Public
Clouds
vCHS
Virtualized Infrastructure
Abstract & Pool
Applications
End User
Computing
Desktop Mobile
Virtual Workspace
Modern SaaSTraditional
Compute Network Security Storage Availability
vSphere NSX vSAN SRM
vCenter Server
vCenter Automation Center (VCAC)
vCenter Operations
(vCOPS)
ITBM
Horizon Workspace
Horizon View
Horizon Mirage
Agenda
1 SDDC/NSX Overview
2 The Killer Use Case // Micro-segmentation
3 Current Customers and Benchmarks
4 VMware AppDefense
4Confidential
IT’S TIME FOR A NEW IT APPROACH
SLOW TECHNOLOGY
ADOPTION RATES
HIGH USER
EXPECTATIONS
SLOW
REPONSES
PRIVACY
ISSUES
INTEGRATION
PROBLEMS
SERVICE
OUTAGES
SHORTAGE
OF RIGHT
SKILLS
DECLINING BUDGET
DIFFERENT
APPLICATIONS AGING INFRASTRUCTURE
SECURITY
PROLIFERATION
OF DEVICES
FRAGMENTED
DATA CENTER
LIMITED
RESOURCES
CLOUD SILOS
SECURITY
PROLIFERATION
OF DEVICES
FRAGMENTED
DATA CENTER
CLOUD SILOS
We are in the 3rd fundamental structural transition in the history of IT
Client Server Cloud/MDM/SDDC
We are here
Mainframe
Mainframe
PC Revolution
Client/Server
Cloud
Cloud
• Mobile Devices & Clouds
(public & private)
• Software Defined
• Local Applications
• Minor role for networking
• Desktops & Servers
• Campus Networks
• Data Centers
What Is a Software-Defined Data Center (SDDC)?
7
Hardware
Software
Data center virtualization layer
Pooled compute, network, and storage capacity
Vendor independent, best price/performance/service
Simplified configuration and management
Intelligence in software
Operational model of VM for data center
Automated provisioning and configuration
CONFIDENTIAL
NSX value proposition
Network virtualization is at
the core of the software-
defined data center
approach
Network, storage, compute
Virtualization layer
8CONFIDENTIAL
Network and
security services
now in the
hypervisor
Switching
Routing Firewalling/ACLs
Load balancing
East-west firewalling
High throughput rates
Hardware independent
The Next-generation Networking Model
9CONFIDENTIAL
NSX value proposition
Network, storage, compute
Virtualization layer
“Network platform”
Virtual networks
10CONFIDENTIAL
11
SECURITY
Architecting security as an inherent part of the
data center infrastructure
Network Virtualization
How is it being used today?
AUTOMATION
Automating IT processes to deliver IT at the
speed of business
APPLICATION CONTINUITY
Enabling applications and data to reside and
be accessible anywhere
CONFIDENTIAL
CONFIDENTIAL 12
Transforming Security with Micro-segmentation
Increased Security Spending Has Not Decreased Breaches
CONFIDENTIAL 13
IT Spend Security Spend Security Breaches
Annual Cost of Security
Breaches: $445B
(Source: Center for Strategic and
International Studies)
Security as a
Percentage of IT Spend:
2012: 11%
2015: 21 %
(Source: Forrester)
Projected Growth Rate in
IT Spend from 2014-2019:
Zero (Flat)
(Source: Gartner)
Digital makes reliance on data lucrative for thieves
Security investments are increasing, yet the cost of breaches are rising faster
14
Underfunding security
isn’t the problem.
Improved Data Center Network Security
Perimeter-centric network security has proven insufficient, and HW micro-segmentation is operationally infeasible
Little or no
lateral controls
inside perimeter
Internet Internet
Traditional Edge FW NSX dFW
16
Web App DB
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
Security
Micro-segmentation | Secure End User | DMZ Anywhere
Granular Policy Enforcement
Enables zero trust security model with
policy enforced at every workload
CONFIDENTIAL 17
3rd Party Service Insertion with NSX
Advanced Services Insertion – Example: Palo Alto Networks NGFW
Internet
Security Policy
Security Admin
Traffic
Steering
Public Cloud Provider
Your Data Center
Your IT Governance
VMware on AWS powered by NSX
Coalfire Benchmark Report
CONFIDENTIAL 20
• Does VMware NSX functionally
satisfy NIST recommendations?
• Are the precepts of micro-
segmentation, as defined in the
complete definition, satisfied
conceptually and in testing by NSX?
• Can real-world threats be stopped by
NSX in E-W and N-S, using industry-
standard Penetration Testing tools?
Expanding Security to Scale with
the Business
Columbia Sportswear continues to stay ahead
of competitors and threats by combining
advanced, automated security inside the data
center.
“There just wasn’t a great
way to insert security in order
to address east-west traffic
between VMs, nor have the
security tied to the
applications as they moved
around dynamically.”
John Spiegel
Network Manager
Columbia Sportswear
CONFIDENTIAL 22
VMware AppDefense
Abstraction layer between infrastructure and apps
23
We call this the
“Goldilocks Zone”
We can use this zone
to transform endpoint
detection and response
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense
Hypervisor
IT
provisions a
new app
1
Visibility and context into application lifecycle
24
Automated collection
of intended state
across app lifecycle
IT provisions a
change to the app
3
AppDefense
notes the change
4
AppDefense
collects intended
state of the app
2
AppDefense
NSX
Insert security into
DevOps process
VMware AppDefense
Hypervisor
Automated detection & response
25
Compare intended state
against run-time state
to detect deviations
Automate response
through vSphere
and NSX:
• Quarantine
• Modify security policy
• Increase logging
AppDefense
NSX
Attacker
compromise
s an app
1
AppDefense
automatically
responds
2
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense
Hypervisor
AppDefense
NSX
Isolation from attack surface
26
Isolated environment
to monitor and control
all endpoints
AppDefense itself is
protected from attacks
Attacker
compromise
s an app
1
AppDefense is
protected from the
attack surface
2
Hypervisor
AppDefense
NSX
Hypervisor
AppDefense
NSX
VMware AppDefense
“Simple works, especially in
InfoSec…I can sleep easy at night
knowing that when AppDefense
detects a problem, it will respond
automatically.”
Brad Doctor
Senior Director, Information Security
VMware
VMware’s Information
Security team uses
AppDefense in our SOC to
protect the critical security
systems that secure our
business applications.
VMware Information Security – Case Study
Thank you

Más contenido relacionado

La actualidad más candente

Machine Learning in the Enterprise 2019
Machine Learning in the Enterprise 2019   Machine Learning in the Enterprise 2019
Machine Learning in the Enterprise 2019 Timothy Spann
 
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18   asher bartchBig data journey to the cloud 5.30.18   asher bartch
Big data journey to the cloud 5.30.18 asher bartchCloudera, Inc.
 
Get started with Cloudera's cyber solution
Get started with Cloudera's cyber solutionGet started with Cloudera's cyber solution
Get started with Cloudera's cyber solutionCloudera, Inc.
 
Introduction to ibm cloud paks concept license and minimum config public
Introduction to ibm cloud paks concept license and minimum config publicIntroduction to ibm cloud paks concept license and minimum config public
Introduction to ibm cloud paks concept license and minimum config publicPetchpaitoon Krungwong
 
Big data journey to the cloud rohit pujari 5.30.18
Big data journey to the cloud   rohit pujari 5.30.18Big data journey to the cloud   rohit pujari 5.30.18
Big data journey to the cloud rohit pujari 5.30.18Cloudera, Inc.
 
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017Andrew Miller
 
RapidScale CloudApps
RapidScale CloudAppsRapidScale CloudApps
RapidScale CloudAppsRapidScale
 
WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8Rajagopal Vaideeswaran
 
Predictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web ServicesPredictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web ServicesVeritas Technologies LLC
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
Blockchain and Apache NiFi
Blockchain and Apache NiFiBlockchain and Apache NiFi
Blockchain and Apache NiFiTimothy Spann
 
Cloudian and Rubrik - Hybrid Cloud based Disaster Recovery
Cloudian and Rubrik - Hybrid Cloud based Disaster RecoveryCloudian and Rubrik - Hybrid Cloud based Disaster Recovery
Cloudian and Rubrik - Hybrid Cloud based Disaster RecoveryCloudian
 
Cloudera - The Modern Platform for Analytics
Cloudera - The Modern Platform for AnalyticsCloudera - The Modern Platform for Analytics
Cloudera - The Modern Platform for AnalyticsCloudera, Inc.
 
Cloud and azure and rock and roll
Cloud and azure and rock and rollCloud and azure and rock and roll
Cloud and azure and rock and rollDavid Giard
 
How Data Drives Business at Choice Hotels
How Data Drives Business at Choice HotelsHow Data Drives Business at Choice Hotels
How Data Drives Business at Choice HotelsCloudera, Inc.
 
Introducing Cloudera DataFlow (CDF) 2.13.19
Introducing Cloudera DataFlow (CDF) 2.13.19Introducing Cloudera DataFlow (CDF) 2.13.19
Introducing Cloudera DataFlow (CDF) 2.13.19Cloudera, Inc.
 
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...DataWorks Summit
 
Modern big data and machine learning in the era of cloud, docker and kubernetes
Modern big data and machine learning in the era of cloud, docker and kubernetesModern big data and machine learning in the era of cloud, docker and kubernetes
Modern big data and machine learning in the era of cloud, docker and kubernetesSlim Baltagi
 
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype   An Executive Guide (1.00 Slideshare)Cloud Computing Without The Hype   An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Lustratus REPAMA
 

La actualidad más candente (20)

Machine Learning in the Enterprise 2019
Machine Learning in the Enterprise 2019   Machine Learning in the Enterprise 2019
Machine Learning in the Enterprise 2019
 
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18   asher bartchBig data journey to the cloud 5.30.18   asher bartch
Big data journey to the cloud 5.30.18 asher bartch
 
Get started with Cloudera's cyber solution
Get started with Cloudera's cyber solutionGet started with Cloudera's cyber solution
Get started with Cloudera's cyber solution
 
Introduction to ibm cloud paks concept license and minimum config public
Introduction to ibm cloud paks concept license and minimum config publicIntroduction to ibm cloud paks concept license and minimum config public
Introduction to ibm cloud paks concept license and minimum config public
 
Big data journey to the cloud rohit pujari 5.30.18
Big data journey to the cloud   rohit pujari 5.30.18Big data journey to the cloud   rohit pujari 5.30.18
Big data journey to the cloud rohit pujari 5.30.18
 
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017
 
Cloud analytics for dummies
Cloud analytics for dummiesCloud analytics for dummies
Cloud analytics for dummies
 
RapidScale CloudApps
RapidScale CloudAppsRapidScale CloudApps
RapidScale CloudApps
 
WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8
 
Predictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web ServicesPredictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Blockchain and Apache NiFi
Blockchain and Apache NiFiBlockchain and Apache NiFi
Blockchain and Apache NiFi
 
Cloudian and Rubrik - Hybrid Cloud based Disaster Recovery
Cloudian and Rubrik - Hybrid Cloud based Disaster RecoveryCloudian and Rubrik - Hybrid Cloud based Disaster Recovery
Cloudian and Rubrik - Hybrid Cloud based Disaster Recovery
 
Cloudera - The Modern Platform for Analytics
Cloudera - The Modern Platform for AnalyticsCloudera - The Modern Platform for Analytics
Cloudera - The Modern Platform for Analytics
 
Cloud and azure and rock and roll
Cloud and azure and rock and rollCloud and azure and rock and roll
Cloud and azure and rock and roll
 
How Data Drives Business at Choice Hotels
How Data Drives Business at Choice HotelsHow Data Drives Business at Choice Hotels
How Data Drives Business at Choice Hotels
 
Introducing Cloudera DataFlow (CDF) 2.13.19
Introducing Cloudera DataFlow (CDF) 2.13.19Introducing Cloudera DataFlow (CDF) 2.13.19
Introducing Cloudera DataFlow (CDF) 2.13.19
 
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...
A Journey to a Serverless Business Intelligence, Machine Learning and Big Dat...
 
Modern big data and machine learning in the era of cloud, docker and kubernetes
Modern big data and machine learning in the era of cloud, docker and kubernetesModern big data and machine learning in the era of cloud, docker and kubernetes
Modern big data and machine learning in the era of cloud, docker and kubernetes
 
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype   An Executive Guide (1.00 Slideshare)Cloud Computing Without The Hype   An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
 

Similar a #PCMVision: VMware NSX - Transforming Security

VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Infographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationInfographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationVMware
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation   cloud infrastructure and management – from v sphere to vcloud ...Presentation   cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...solarisyourep
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation   cloud infrastructure and management – from v sphere to vcloud ...Presentation   cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...xKinAnx
 
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXComment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXColloqueRISQ
 
CDW Presents the Future of IT - Software-Defined Enterprise
CDW Presents the Future of IT - Software-Defined EnterpriseCDW Presents the Future of IT - Software-Defined Enterprise
CDW Presents the Future of IT - Software-Defined EnterpriseCDW
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureCloudflare
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
What's New at VMware?
What's New at VMware?What's New at VMware?
What's New at VMware?Vmwareir
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Lucy Huh Kerner
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Cloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary TechnologyCloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary Technologyrosswilks1
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 

Similar a #PCMVision: VMware NSX - Transforming Security (20)

VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
Infographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationInfographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network Virtualization
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation   cloud infrastructure and management – from v sphere to vcloud ...Presentation   cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation   cloud infrastructure and management – from v sphere to vcloud ...Presentation   cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...
 
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSXComment sécuriser les centres de données virtuels ou infonuagiques avec NSX
Comment sécuriser les centres de données virtuels ou infonuagiques avec NSX
 
NSX on VMware Data Center
NSX on VMware Data CenterNSX on VMware Data Center
NSX on VMware Data Center
 
CDW Presents the Future of IT - Software-Defined Enterprise
CDW Presents the Future of IT - Software-Defined EnterpriseCDW Presents the Future of IT - Software-Defined Enterprise
CDW Presents the Future of IT - Software-Defined Enterprise
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking InfrastructureGoing Beyond the Cloud to Modernize Your Banking Infrastructure
Going Beyond the Cloud to Modernize Your Banking Infrastructure
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
What's New at VMware?
What's New at VMware?What's New at VMware?
What's New at VMware?
 
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
 
Value Journal - September 2020
Value Journal - September 2020Value Journal - September 2020
Value Journal - September 2020
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdapt
 
Cloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary TechnologyCloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary Technology
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 

Más de PCM

PCM Vision 2019 Breakout: HPI
PCM Vision 2019 Breakout: HPIPCM Vision 2019 Breakout: HPI
PCM Vision 2019 Breakout: HPIPCM
 
PCM Vision 2019 Breakout: Dell
PCM Vision 2019 Breakout: DellPCM Vision 2019 Breakout: Dell
PCM Vision 2019 Breakout: DellPCM
 
PCM Vision 2019 Breakout: Cisco
PCM Vision 2019 Breakout: CiscoPCM Vision 2019 Breakout: Cisco
PCM Vision 2019 Breakout: CiscoPCM
 
PCM Vision 2019 Keynote: Todd Pekats
PCM Vision 2019 Keynote: Todd PekatsPCM Vision 2019 Keynote: Todd Pekats
PCM Vision 2019 Keynote: Todd PekatsPCM
 
PCM Vision 2019 Keynote: Jeff Crume
PCM Vision 2019 Keynote: Jeff CrumePCM Vision 2019 Keynote: Jeff Crume
PCM Vision 2019 Keynote: Jeff CrumePCM
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 
PCM Vision 2019 Breakout: Veritas
PCM Vision 2019 Breakout: VeritasPCM Vision 2019 Breakout: Veritas
PCM Vision 2019 Breakout: VeritasPCM
 
PCM Vision 2019 Keynote: Elliot Baretz
PCM Vision 2019 Keynote: Elliot BaretzPCM Vision 2019 Keynote: Elliot Baretz
PCM Vision 2019 Keynote: Elliot BaretzPCM
 
PCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM
 
PCM Vision 2019 Breakout: Samsung
PCM Vision 2019 Breakout: SamsungPCM Vision 2019 Breakout: Samsung
PCM Vision 2019 Breakout: SamsungPCM
 
PCM Vision 2019 Breakout: Symantec
PCM Vision 2019 Breakout: SymantecPCM Vision 2019 Breakout: Symantec
PCM Vision 2019 Breakout: SymantecPCM
 
PCM Vision 2019 Keynote: Gary Miglicco
PCM Vision 2019 Keynote: Gary MigliccoPCM Vision 2019 Keynote: Gary Miglicco
PCM Vision 2019 Keynote: Gary MigliccoPCM
 
PCM Vision 2019 Keynote: Phil Mogavero | Jim Warman
PCM Vision 2019 Keynote: Phil Mogavero | Jim WarmanPCM Vision 2019 Keynote: Phil Mogavero | Jim Warman
PCM Vision 2019 Keynote: Phil Mogavero | Jim WarmanPCM
 
PCM Vision 2019 Breakout: VMWare
PCM Vision 2019 Breakout: VMWarePCM Vision 2019 Breakout: VMWare
PCM Vision 2019 Breakout: VMWarePCM
 
PCM Vision 2019 Breakout: Zebra
PCM Vision 2019 Breakout: ZebraPCM Vision 2019 Breakout: Zebra
PCM Vision 2019 Breakout: ZebraPCM
 
#PCMVision: Real-Time Collaboration: Intel Unite
#PCMVision: Real-Time Collaboration: Intel Unite#PCMVision: Real-Time Collaboration: Intel Unite
#PCMVision: Real-Time Collaboration: Intel UnitePCM
 
#PCMVision: Oracle Hybrid Cloud Solutions
#PCMVision: Oracle Hybrid Cloud Solutions#PCMVision: Oracle Hybrid Cloud Solutions
#PCMVision: Oracle Hybrid Cloud SolutionsPCM
 
#PCMVision: HPE Family: Numble Storage and SimpliVity
#PCMVision: HPE Family: Numble Storage and SimpliVity#PCMVision: HPE Family: Numble Storage and SimpliVity
#PCMVision: HPE Family: Numble Storage and SimpliVityPCM
 
#PCMVision Customer Day Presentation Slides
#PCMVision Customer Day Presentation Slides#PCMVision Customer Day Presentation Slides
#PCMVision Customer Day Presentation SlidesPCM
 

Más de PCM (19)

PCM Vision 2019 Breakout: HPI
PCM Vision 2019 Breakout: HPIPCM Vision 2019 Breakout: HPI
PCM Vision 2019 Breakout: HPI
 
PCM Vision 2019 Breakout: Dell
PCM Vision 2019 Breakout: DellPCM Vision 2019 Breakout: Dell
PCM Vision 2019 Breakout: Dell
 
PCM Vision 2019 Breakout: Cisco
PCM Vision 2019 Breakout: CiscoPCM Vision 2019 Breakout: Cisco
PCM Vision 2019 Breakout: Cisco
 
PCM Vision 2019 Keynote: Todd Pekats
PCM Vision 2019 Keynote: Todd PekatsPCM Vision 2019 Keynote: Todd Pekats
PCM Vision 2019 Keynote: Todd Pekats
 
PCM Vision 2019 Keynote: Jeff Crume
PCM Vision 2019 Keynote: Jeff CrumePCM Vision 2019 Keynote: Jeff Crume
PCM Vision 2019 Keynote: Jeff Crume
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 
PCM Vision 2019 Breakout: Veritas
PCM Vision 2019 Breakout: VeritasPCM Vision 2019 Breakout: Veritas
PCM Vision 2019 Breakout: Veritas
 
PCM Vision 2019 Keynote: Elliot Baretz
PCM Vision 2019 Keynote: Elliot BaretzPCM Vision 2019 Keynote: Elliot Baretz
PCM Vision 2019 Keynote: Elliot Baretz
 
PCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest Software
 
PCM Vision 2019 Breakout: Samsung
PCM Vision 2019 Breakout: SamsungPCM Vision 2019 Breakout: Samsung
PCM Vision 2019 Breakout: Samsung
 
PCM Vision 2019 Breakout: Symantec
PCM Vision 2019 Breakout: SymantecPCM Vision 2019 Breakout: Symantec
PCM Vision 2019 Breakout: Symantec
 
PCM Vision 2019 Keynote: Gary Miglicco
PCM Vision 2019 Keynote: Gary MigliccoPCM Vision 2019 Keynote: Gary Miglicco
PCM Vision 2019 Keynote: Gary Miglicco
 
PCM Vision 2019 Keynote: Phil Mogavero | Jim Warman
PCM Vision 2019 Keynote: Phil Mogavero | Jim WarmanPCM Vision 2019 Keynote: Phil Mogavero | Jim Warman
PCM Vision 2019 Keynote: Phil Mogavero | Jim Warman
 
PCM Vision 2019 Breakout: VMWare
PCM Vision 2019 Breakout: VMWarePCM Vision 2019 Breakout: VMWare
PCM Vision 2019 Breakout: VMWare
 
PCM Vision 2019 Breakout: Zebra
PCM Vision 2019 Breakout: ZebraPCM Vision 2019 Breakout: Zebra
PCM Vision 2019 Breakout: Zebra
 
#PCMVision: Real-Time Collaboration: Intel Unite
#PCMVision: Real-Time Collaboration: Intel Unite#PCMVision: Real-Time Collaboration: Intel Unite
#PCMVision: Real-Time Collaboration: Intel Unite
 
#PCMVision: Oracle Hybrid Cloud Solutions
#PCMVision: Oracle Hybrid Cloud Solutions#PCMVision: Oracle Hybrid Cloud Solutions
#PCMVision: Oracle Hybrid Cloud Solutions
 
#PCMVision: HPE Family: Numble Storage and SimpliVity
#PCMVision: HPE Family: Numble Storage and SimpliVity#PCMVision: HPE Family: Numble Storage and SimpliVity
#PCMVision: HPE Family: Numble Storage and SimpliVity
 
#PCMVision Customer Day Presentation Slides
#PCMVision Customer Day Presentation Slides#PCMVision Customer Day Presentation Slides
#PCMVision Customer Day Presentation Slides
 

Último

Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54ZhazgulNurdinova
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024eCommerce Institute
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!Loay Mohamed Ibrahim Aly
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8Access Innovations, Inc.
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdfravleel42
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Gokulks007
 

Último (8)

Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
 

#PCMVision: VMware NSX - Transforming Security

  • 1. © 2014 VMware Inc. All rights reserved. Paul Penn - ppenn@vmware.com Sales Director Western US Garrett Kray- krayg@vmware.com Security Specialist Network and Security Business Unit VMware NSX Transforming Security
  • 2. VMware – Who we are…  Headquartered in Palo Alto • Campus the size of Disneyland  Over $25 billion in revenues  17 years old  Over 55,000 partners worldwide  ~17,800 employees worldwide  Fastest Software Company in history to grow to $5 billion in sales (and did it with one product)  Corporate Mascot: Turtle
  • 3. VMware Software Defined Enterprise 3 Policy-based Management & Automation Cloud Automation Cloud Operations Cloud Business Software-Defined Data Center Private Clouds Public Clouds vCHS Virtualized Infrastructure Abstract & Pool Applications End User Computing Desktop Mobile Virtual Workspace Modern SaaSTraditional Compute Network Security Storage Availability vSphere NSX vSAN SRM vCenter Server vCenter Automation Center (VCAC) vCenter Operations (vCOPS) ITBM Horizon Workspace Horizon View Horizon Mirage
  • 4. Agenda 1 SDDC/NSX Overview 2 The Killer Use Case // Micro-segmentation 3 Current Customers and Benchmarks 4 VMware AppDefense 4Confidential
  • 5. IT’S TIME FOR A NEW IT APPROACH SLOW TECHNOLOGY ADOPTION RATES HIGH USER EXPECTATIONS SLOW REPONSES PRIVACY ISSUES INTEGRATION PROBLEMS SERVICE OUTAGES SHORTAGE OF RIGHT SKILLS DECLINING BUDGET DIFFERENT APPLICATIONS AGING INFRASTRUCTURE SECURITY PROLIFERATION OF DEVICES FRAGMENTED DATA CENTER LIMITED RESOURCES CLOUD SILOS SECURITY PROLIFERATION OF DEVICES FRAGMENTED DATA CENTER CLOUD SILOS
  • 6. We are in the 3rd fundamental structural transition in the history of IT Client Server Cloud/MDM/SDDC We are here Mainframe Mainframe PC Revolution Client/Server Cloud Cloud • Mobile Devices & Clouds (public & private) • Software Defined • Local Applications • Minor role for networking • Desktops & Servers • Campus Networks • Data Centers
  • 7. What Is a Software-Defined Data Center (SDDC)? 7 Hardware Software Data center virtualization layer Pooled compute, network, and storage capacity Vendor independent, best price/performance/service Simplified configuration and management Intelligence in software Operational model of VM for data center Automated provisioning and configuration CONFIDENTIAL
  • 8. NSX value proposition Network virtualization is at the core of the software- defined data center approach Network, storage, compute Virtualization layer 8CONFIDENTIAL
  • 9. Network and security services now in the hypervisor Switching Routing Firewalling/ACLs Load balancing East-west firewalling High throughput rates Hardware independent The Next-generation Networking Model 9CONFIDENTIAL
  • 10. NSX value proposition Network, storage, compute Virtualization layer “Network platform” Virtual networks 10CONFIDENTIAL
  • 11. 11 SECURITY Architecting security as an inherent part of the data center infrastructure Network Virtualization How is it being used today? AUTOMATION Automating IT processes to deliver IT at the speed of business APPLICATION CONTINUITY Enabling applications and data to reside and be accessible anywhere CONFIDENTIAL
  • 12. CONFIDENTIAL 12 Transforming Security with Micro-segmentation
  • 13. Increased Security Spending Has Not Decreased Breaches CONFIDENTIAL 13 IT Spend Security Spend Security Breaches Annual Cost of Security Breaches: $445B (Source: Center for Strategic and International Studies) Security as a Percentage of IT Spend: 2012: 11% 2015: 21 % (Source: Forrester) Projected Growth Rate in IT Spend from 2014-2019: Zero (Flat) (Source: Gartner)
  • 14. Digital makes reliance on data lucrative for thieves Security investments are increasing, yet the cost of breaches are rising faster 14 Underfunding security isn’t the problem.
  • 15. Improved Data Center Network Security Perimeter-centric network security has proven insufficient, and HW micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Traditional Edge FW NSX dFW
  • 16. 16 Web App DB VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM Security Micro-segmentation | Secure End User | DMZ Anywhere Granular Policy Enforcement Enables zero trust security model with policy enforced at every workload
  • 17. CONFIDENTIAL 17 3rd Party Service Insertion with NSX
  • 18. Advanced Services Insertion – Example: Palo Alto Networks NGFW Internet Security Policy Security Admin Traffic Steering
  • 19. Public Cloud Provider Your Data Center Your IT Governance VMware on AWS powered by NSX
  • 20. Coalfire Benchmark Report CONFIDENTIAL 20 • Does VMware NSX functionally satisfy NIST recommendations? • Are the precepts of micro- segmentation, as defined in the complete definition, satisfied conceptually and in testing by NSX? • Can real-world threats be stopped by NSX in E-W and N-S, using industry- standard Penetration Testing tools?
  • 21. Expanding Security to Scale with the Business Columbia Sportswear continues to stay ahead of competitors and threats by combining advanced, automated security inside the data center. “There just wasn’t a great way to insert security in order to address east-west traffic between VMs, nor have the security tied to the applications as they moved around dynamically.” John Spiegel Network Manager Columbia Sportswear
  • 23. Abstraction layer between infrastructure and apps 23 We call this the “Goldilocks Zone” We can use this zone to transform endpoint detection and response Hypervisor AppDefense NSX Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  • 24. Hypervisor IT provisions a new app 1 Visibility and context into application lifecycle 24 Automated collection of intended state across app lifecycle IT provisions a change to the app 3 AppDefense notes the change 4 AppDefense collects intended state of the app 2 AppDefense NSX Insert security into DevOps process VMware AppDefense
  • 25. Hypervisor Automated detection & response 25 Compare intended state against run-time state to detect deviations Automate response through vSphere and NSX: • Quarantine • Modify security policy • Increase logging AppDefense NSX Attacker compromise s an app 1 AppDefense automatically responds 2 Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  • 26. Hypervisor AppDefense NSX Isolation from attack surface 26 Isolated environment to monitor and control all endpoints AppDefense itself is protected from attacks Attacker compromise s an app 1 AppDefense is protected from the attack surface 2 Hypervisor AppDefense NSX Hypervisor AppDefense NSX VMware AppDefense
  • 27. “Simple works, especially in InfoSec…I can sleep easy at night knowing that when AppDefense detects a problem, it will respond automatically.” Brad Doctor Senior Director, Information Security VMware VMware’s Information Security team uses AppDefense in our SOC to protect the critical security systems that secure our business applications. VMware Information Security – Case Study

Notas del editor

  1. Fulfilling our vision to empower people and organizations has made VMware the industry-leading virtualization software company. More than 500,000 customers, from small and midsize companies to large enterprises—including 99 percent of Fortune 500 and 100 percent of Fortune Global 100 companies—use VMware technologies and services. More than 55,000 partners, including technology and consulting partners, top distributors and resellers, and system vendors and integrators, help provide customers with freedom and choice. Through the broadest set of cloud service provider partners—more than 10,000 of them—VMware is making the hybrid cloud a reality. VMware stays close to customers with offices in more than 100 countries. Innovation begins with the more than 13,000 VMware employees.
  2. Let’s quickly look at how this advanced insertion works, using Palo Alto Networks as an example… Panorama, the Palo Alto Network management console, registers with the NSX Controller. The Controller then distributes the Palo Alto Networks VM Series application to each hypervisor in the SDDC virtualization layer. Then, security policies are created and connected to the NSX firewall policies and VMs are provisioned, If the workloads policy requires the advanced feature set and deep packet inspection offered by the Palo Alto next gen firewall the NSX firewalling steers traffic into the Palo Alto Networks VM. And, if the VMs move, the NSX platform automates moving the security policies with it.
  3. OBJECTIVES OF THIS COALFIRE NSX MICRO-AUDIT VMware NSX-based micro-segmentation purports to meet all four of these recommendations. Coalfire Systems’ testing of the NSX product during this “micro-audit” intends to examine the form and function of NSX to determine the following: 􏰀  Does VMware NSX functionally satisfy NIST SP 800-125B recommendations VM-FW-R1, VM- FW-R2, VM-FW-R3 and VM-FW-R4? 􏰀  Are the precepts of micro-segmentation, as defined in the complete definition, satisfied conceptually and in testing by NSX? 􏰀  Can real-world threats be stopped by NSX in E-W (peer transits on the L2 network) and N-S (network to network transits via L3), using industry-standard Penetration Testing tools? Based on the determination of these three objectives, Coalfire will also render an opinion on the potential suitability of the VMware NSX product to deliver effective security controls to real-world legacy and emerging virtualized software-defined data centers.
  4. Q&A