VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

VMworld
VMworldVMworld
Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889
2 Objective • Identify specific use cases that highlight the value of advanced visibility with simplified workflows • Showcase why user and application visibility is essential to have a secure datacenter policy • Demonstrate how to use NSX Activity Monitoring provides advanced visibility
4 Security Teams Care About Policy and Compliance Security Architect Regulations, Standards, Best Practices • Access Control • Segmentation • Automation • Audit Infrastructure Requirements Common Control Frameworks
5 Think About Your Last Interaction With The Security Team VI Admin / Cloud Operator Do we have this malicious software running? PCI Auditors in the house… are we compliant? High severity vulnerabilities on critical business systems… must patch!
6 The Cloud Operator Has to Make This All Work…But How? VI Admin / Cloud Operator Yikes. Security Policy ≠ Security Operations Security team asks operator to implement policies that are specified at user and application level I need this. Security Architect
7 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
8 Visibility Tools Are Required To Implement Security Policy DEFINE Security Architect MONITOR VI Admin / Cloud Operator ENFORCE VI Admin / Cloud Operator
9 Get Advanced Visibility Into Users and Applications VI Admin / Cloud Operator No problem. Allow THIS user can access THAT application Security Architect Step 1. Security team defines policy for who is allowed access to what applications. Then they ask the data center operator to make it happen.
10 VI Admin / Cloud Operator Easy. Step 2. Operator monitors the system to identify right level of application protection. Then they tune the enforcement rules to ensure adherence to expected policy. Security Architect Compliant. ✔ Get Advanced Visibility Into Users and Applications
11 Step 3. Operator identifies non compliant activity and informs the security team to remediate/ tune security policies. Gets approval and applies to workloads. I found something fishy. VI Admin / Cloud Operator Yup. Can you block this Security Architect Sure, No problem Get Advanced Visibility Into Users and Applications
12 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Provides Tools for Advanced Visibility  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
13 NSX Provides Tools To Define and Enforce Policy MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Service Composer NSX Firewall
14 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads VMware NSX Service Composer Provides Policy Framework Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
15 NSX Provides Advanced Visibility Into Users and Applications MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Activity Monitoring NSX Service Composer NSX Firewall
16 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads NSX Activity Monitoring Provides Advanced Visibility Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
17 NSX Activity Monitoring Provides Advanced VIsibility AD Group AD Group Security Group Security Group Desktop Pool NSX Activity Monitoring provides visibility into group, application and destination activity in the virtual environment User: Joe • Users accessing assets • Applications running on virtual machines • Server access by AD Group, Security group or Desktop Pool • Interactions between groups ( AD, SG or DP)
18 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
19 Sample Security Policy Allow only approved users access specific applications on corporate assets. Have a policy on WHO is allowed access to WHAT from WHERE is critical to secure assets. In other words.. 1. Allow only authorized users to access critical business applications 2. Allow only authorized applications on corporate servers 3. Allow access to only required ports from specific networks MONITOR ENFORCE DEFINE
20 Challenge: Do You Trust All Your Users? Monitor Enforce Define Policy Category  Regulatory / HIPAA: Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Challenges • Threats are not just outside organizational boundaries • Network level access control is not sufficient for cloud environments • Controlled access for insiders based on user identity is required to safeguard corporate assets
21 EPIC Servers NursesDoctors ✔✔ Requirement: Allow only authorized users to access critical applications Requirements  Find which user group needs access to which asset  Ability to generate reports on: Which users are connecting to the set of applications? What applications are the non trusted users connecting to?  Option to limit access based on user identity Monitor Enforce Define Financ e ✔ Accounting Servers
22 Demo UI Introduction
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
24 Demo Verify EPIC Access
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
26 Demo Block Finance access to EPIC Servers
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
28 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
29 Challenge: Do you know what’s running on your servers? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Corporate Governance of IT: Define how technology is used and managed to support business needs Challenges • Visibility into all data center applications • Identify Rogue Applications that either capture confidential information or siphon sensitive data to external sources • Identify Vulnerable Applications to reduce the scope of attack
30 Requirement: Allow only authorized applications corporate servers DB Administrators ✔ HR Requirements  Identify all applications running on corporate servers  Create a list of acceptable, grey listed and non permitted applications for servers  Monitor, restrict and report violations of all acceptable use policies Monitor Enforce Define HTTP WEB APP DATABASE ✔ ODBC ODBC
31 Demo User Access to Applications
32
33 Demo Inbound Application Access
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
35 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
36 Challenge: Are you protected from malware? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Single use systems: for protection of critical services Challenges • Identify and prevent further spread of malware in the network • Regular Monitoring for rogue or vulnerable applications to avoid compromise
37 Requirement: Allow only required ports to be open based on expected use HTTPS WEB APP DATABASE Requirements  Find all user and application activity on critical servers  Ensure that only allowed applications are running  Monitor applicable controls regularly ✔ Monitor Enforce Define HR ✔
38 Demo VM Activity
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
41 How Do You Deploy? Active Directory Eric Frost Today Source Destination 172.16.254.1 172.16.112.2 With Activity Monitoring VM Tools User AD Group App Name Originating VM Name Destination VM Name Source IP Destination IP Eric Engineering iexplorer.exe Windows 7 Apache Server 192.168.10.75 192.168.10.78 NSX Mgr SVM Compute Management Gateway
42 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
43 Back At The Office… VI Admin / Cloud Operator Security Architect 1. Point your security team to VMware NSX. 2. Partner with security team to evaluate NSX Activity Monitoring to implement security policy I just learned about VMware NSX Activity Monitoring and we could simplify a lot of this! No kidding. Prove it! I will. ✔
THANK YOU
45 Related Sessions  NET5847 - NSX: Introducing the World to VMware NSX  SEC5749 - Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC  SEC5820 - NSX PCI Reference Architecture Workshop Session 2 - Privileged User Control
VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies
Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889
1 de 46

VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

Descargar para leer sin conexión
Tecnología

VMworld 2013 Shubha Bheemarao, VMware Mitchell Christensen, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

VMworld
VMworldVMworld

Recomendados

VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt... por
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
4.3K vistas33 diapositivas
VMworld Europe 2014: Advanced Network Services with NSX por
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
975 vistas38 diapositivas
VMworld 2013: Deploying VMware NSX Network Virtualization por
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
926 vistas38 diapositivas
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu... por
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...VMworld
2.3K vistas49 diapositivas
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX por
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
1.5K vistas32 diapositivas
VMworld 2014: Virtualize your Network with VMware NSX por
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
1.5K vistas38 diapositivas

Más contenido relacionado

La actualidad más candente

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In... por
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
3.6K vistas28 diapositivas
VMworld 2013: Advanced VMware NSX Architecture por
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
4.4K vistas29 diapositivas
Nsx security deep dive por
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
4.2K vistas61 diapositivas
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf... por
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
1.6K vistas28 diapositivas
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure por
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
17.5K vistas47 diapositivas
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad por
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
674 vistas30 diapositivas

La actualidad más candente(20)

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In... por Anthony Burke
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Anthony Burke3.6K vistas
VMworld 2013: Advanced VMware NSX Architecture por VMworld
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
VMworld4.4K vistas
Nsx security deep dive por solarisyougood
Nsx security deep diveNsx security deep dive
Nsx security deep dive
solarisyougood4.2K vistas
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf... por VMworld
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld1.6K vistas
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure por VMworld
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld17.5K vistas
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad por shezy22
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
shezy22674 vistas
VMworld 2015: The Future of Network Virtualization with VMware NSX por VMworld
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld843 vistas
NSX for vSphere Logical Routing Deep Dive por Pooja Patel
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep Dive
Pooja Patel4.8K vistas
VMware NSX primer 2014 por Sanjay Basu
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
Sanjay Basu2.6K vistas
nsx overview with use cases 1.0 por Ploynatcha Akkaraputtipat
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat834 vistas
VMworld 2014: Introduction to NSX por VMworld
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
VMworld2.4K vistas
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D... por VMworld
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld2.7K vistas
VMworld 2015: VMware NSX Deep Dive por VMworld
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
VMworld7.2K vistas
IaaS with Software Defined Networking por Prasenjit Sarkar
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
Prasenjit Sarkar952 vistas
The Future of Cloud Networking is VMware NSX por Scott Lowe
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
Scott Lowe5.1K vistas
VMworld 2013: VMware NSX Integration with OpenStack por VMworld
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
VMworld2.7K vistas
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015 por Dmitri Kalintsev
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
Dmitri Kalintsev8.6K vistas
VMworld 2013: Virtualized Network Services Model with VMware NSX por VMworld
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld1.9K vistas
VMworld 2016: Advanced Network Services with NSX por VMworld
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
VMworld4K vistas
VMware NSX - Lessons Learned from real project por David Pasek
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
David Pasek4K vistas

Destacado

VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv... por
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld
909 vistas17 diapositivas
The Age of Network Operations Management in Software Defined Data Centers por
The Age of Network Operations Management in Software Defined Data CentersThe Age of Network Operations Management in Software Defined Data Centers
The Age of Network Operations Management in Software Defined Data CentersVirtualization and Cloud Management Solutions
3.3K vistas39 diapositivas
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc... por
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld
2.4K vistas36 diapositivas
The Vision for the Future of Network Virtualization with VMware NSX por
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
2.6K vistas30 diapositivas
NSX-MH por
NSX-MHNSX-MH
NSX-MHsethuraman ramanathan
783 vistas59 diapositivas

Destacado(8)

Interface Definition Language por Institut supérieur des études technologiques de Radès
Interface Definition Language Interface Definition Language
Interface Definition Language
Institut supérieur des études technologiques de Radès1.2K vistas
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv... por VMworld
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld909 vistas
The Age of Network Operations Management in Software Defined Data Centers por Virtualization and Cloud Management Solutions
The Age of Network Operations Management in Software Defined Data CentersThe Age of Network Operations Management in Software Defined Data Centers
The Age of Network Operations Management in Software Defined Data Centers
Virtualization and Cloud Management Solutions3.3K vistas
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc... por VMworld
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld2.4K vistas
The Vision for the Future of Network Virtualization with VMware NSX por Scott Lowe
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSX
Scott Lowe2.6K vistas
NSX-MH por sethuraman ramanathan
NSX-MHNSX-MH
NSX-MH
sethuraman ramanathan783 vistas
VMware NSX + Cumulus Networks: Software Defined Networking por Cumulus Networks
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined Networking
Cumulus Networks5.7K vistas
An Introduction to VMware NSX por Scott Lowe
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
Scott Lowe22.1K vistas

Similar a VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

Un enfoque práctico para implementar confianza cero en el trabajo híbrido por
Un enfoque práctico para implementar confianza cero en el trabajo híbridoUn enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbridoCristian Garcia G.
68 vistas30 diapositivas
How to Overcome Network Access Control Limitations for Better Network Security por
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
2.3K vistas49 diapositivas
Performing One Audit Using Zero Trust Principles por
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
375 vistas33 diapositivas
Secure Cloud Hosting: Real Requirements to Protect your Data por
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
380 vistas22 diapositivas
AFAC session 2 - September 8, 2014 por
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
725 vistas25 diapositivas
Cloud Security Standards: What to Expect and What to Negotiate V2.0 por
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
1.9K vistas21 diapositivas

Similar a VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies (20)

Un enfoque práctico para implementar confianza cero en el trabajo híbrido por Cristian Garcia G.
Un enfoque práctico para implementar confianza cero en el trabajo híbridoUn enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
Cristian Garcia G.68 vistas
How to Overcome Network Access Control Limitations for Better Network Security por Cryptzone
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone2.3K vistas
Performing One Audit Using Zero Trust Principles por ControlCase
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
ControlCase375 vistas
Secure Cloud Hosting: Real Requirements to Protect your Data por Great Wide Open
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
Great Wide Open380 vistas
AFAC session 2 - September 8, 2014 por KBIZEAU
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU725 vistas
Cloud Security Standards: What to Expect and What to Negotiate V2.0 por Cloud Standards Customer Council
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council1.9K vistas
FixNix vCISO CyberSecurity Network Security for Covid91 por Shanmugavel Sankaran
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91
Shanmugavel Sankaran54 vistas
Cloud App Security Customer Presentation.pdf por ErikHof4
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
ErikHof421 vistas
Embracing secure, scalable BYOD with Sencha and Centrify por Sumana Mehta
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta1.1K vistas
Latest Developments in Cloud Security Standards and Privacy por Cloud Standards Customer Council
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council782 vistas
Security On The Cloud por Tu Pham
Security On The CloudSecurity On The Cloud
Security On The Cloud
Tu Pham1.5K vistas
Threat Exposure Management - Reduce your Risk of a Breach por Rahul Neel Mani
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani1.3K vistas
Scenario Overview Now that you’re super knowledgeable about se.docx por todd331
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
todd33182 vistas
PCI and Vulnerability Assessments - What’s Missing por Black Duck by Synopsys
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys944 vistas
Application visibility across the security estate the value and the vision ... por AlgoSec
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
AlgoSec897 vistas
Chapter_5_Security_CC.pptx por LokNathRegmi1
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
LokNathRegmi115 vistas
Demystifying PCI Software Security Framework: All You Need to Know for Your A... por SBWebinars
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars247 vistas
Check Point vSEC for Microsoft Azure Webinar por Check Point Software Technologies
Check Point vSEC for Microsoft Azure WebinarCheck Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure Webinar
Check Point Software Technologies 2.3K vistas
Key Policy Considerations When Implementing Next-Generation Firewalls por AlgoSec
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
AlgoSec3.5K vistas
Aplication data security compliances por Ahmadi Madi
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
Ahmadi Madi265 vistas

Más de VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive por
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
8.5K vistas57 diapositivas
VMworld 2016: Troubleshooting 101 for Horizon por
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
3.4K vistas65 diapositivas
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation por
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
1.1K vistas46 diapositivas
VMworld 2016: What's New with Horizon 7 por
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
2.4K vistas36 diapositivas
VMworld 2016: Virtual Volumes Technical Deep Dive por
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
1.2K vistas45 diapositivas
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas... por
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
2K vistas46 diapositivas

Más de VMworld(20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive por VMworld
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld8.5K vistas
VMworld 2016: Troubleshooting 101 for Horizon por VMworld
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
VMworld3.4K vistas
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation por VMworld
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld1.1K vistas
VMworld 2016: What's New with Horizon 7 por VMworld
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
VMworld2.4K vistas
VMworld 2016: Virtual Volumes Technical Deep Dive por VMworld
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld1.2K vistas
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas... por VMworld
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld2K vistas
VMworld 2016: The KISS of vRealize Operations! por VMworld
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
VMworld896 vistas
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En... por VMworld
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld812 vistas
VMworld 2016: Ask the vCenter Server Exerts Panel por VMworld
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld438 vistas
VMworld 2016: Virtualize Active Directory, the Right Way! por VMworld
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld4.2K vistas
VMworld 2015: Troubleshooting for vSphere 6 por VMworld
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
VMworld3.7K vistas
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6... por VMworld
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld836 vistas
VMworld 2015: Advanced SQL Server on vSphere por VMworld
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
VMworld1.5K vistas
VMworld 2015: Virtualize Active Directory, the Right Way! por VMworld
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld1.2K vistas
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine... por VMworld
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld1K vistas
VMworld 2015: Building a Business Case for Virtual SAN por VMworld
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
VMworld877 vistas
VMworld 2015: Explaining Advanced Virtual Volumes Configurations por VMworld
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld486 vistas
VMworld 2015: Virtual Volumes Technical Deep Dive por VMworld
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld539 vistas
VMworld 2015: Networking Virtual SAN's Backbone por VMworld
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's Backbone
VMworld873 vistas
VMworld 2015: The Best SDDC! por VMworld
VMworld 2015: The Best SDDC!VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!
VMworld404 vistas

Último

How to reduce cold starts for Java Serverless applications in AWS at JCON Wor... por
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...Vadym Kazulkin
75 vistas64 diapositivas
Attacking IoT Devices from a Web Perspective - Linux Day por
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Simone Onofri
15 vistas68 diapositivas
Roadmap to Become Experts.pptx por
Roadmap to Become Experts.pptxRoadmap to Become Experts.pptx
Roadmap to Become Experts.pptxdscwidyatamanew
11 vistas45 diapositivas
The details of description: Techniques, tips, and tangents on alternative tex... por
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...BookNet Canada
121 vistas24 diapositivas
.conf Go 2023 - Data analysis as a routine por
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
93 vistas12 diapositivas
AMAZON PRODUCT RESEARCH.pdf por
AMAZON PRODUCT RESEARCH.pdfAMAZON PRODUCT RESEARCH.pdf
AMAZON PRODUCT RESEARCH.pdfJerikkLaureta
15 vistas13 diapositivas

Último(20)

How to reduce cold starts for Java Serverless applications in AWS at JCON Wor... por Vadym Kazulkin
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
Vadym Kazulkin75 vistas
Attacking IoT Devices from a Web Perspective - Linux Day por Simone Onofri
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
Simone Onofri15 vistas
Roadmap to Become Experts.pptx por dscwidyatamanew
Roadmap to Become Experts.pptxRoadmap to Become Experts.pptx
Roadmap to Become Experts.pptx
dscwidyatamanew11 vistas
The details of description: Techniques, tips, and tangents on alternative tex... por BookNet Canada
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada121 vistas
.conf Go 2023 - Data analysis as a routine por Splunk
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk93 vistas
AMAZON PRODUCT RESEARCH.pdf por JerikkLaureta
AMAZON PRODUCT RESEARCH.pdfAMAZON PRODUCT RESEARCH.pdf
AMAZON PRODUCT RESEARCH.pdf
JerikkLaureta15 vistas
handbook for web 3 adoption.pdf por Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 vistas
Transcript: The Details of Description Techniques tips and tangents on altern... por BookNet Canada
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada130 vistas
Perth MeetUp November 2023 por Michael Price
Perth MeetUp November 2023 Perth MeetUp November 2023
Perth MeetUp November 2023
Michael Price15 vistas
The Importance of Cybersecurity for Digital Transformation por NUS-ISS
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS27 vistas
Special_edition_innovator_2023.pdf por WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2216 vistas
Black and White Modern Science Presentation.pptx por maryamkhalid2916
Black and White Modern Science Presentation.pptxBlack and White Modern Science Presentation.pptx
Black and White Modern Science Presentation.pptx
maryamkhalid291614 vistas
Top 10 Strategic Technologies in 2024: AI and Automation por AutomationEdge Technologies
Top 10 Strategic Technologies in 2024: AI and AutomationTop 10 Strategic Technologies in 2024: AI and Automation
Top 10 Strategic Technologies in 2024: AI and Automation
AutomationEdge Technologies14 vistas
Understanding GenAI/LLM and What is Google Offering - Felix Goh por NUS-ISS
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix Goh
NUS-ISS41 vistas
Five Things You SHOULD Know About Postman por Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman27 vistas
Tunable Laser (1).pptx por Hajira Mahmood
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptx
Hajira Mahmood23 vistas
Empathic Computing: Delivering the Potential of the Metaverse por Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst470 vistas
Business Analyst Series 2023 - Week 3 Session 5 por DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10209 vistas
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica... por NUS-ISS
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS16 vistas
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze por NUS-ISS
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS19 vistas

VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

  • 1. Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889
  • 2. 2 Objective • Identify specific use cases that highlight the value of advanced visibility with simplified workflows • Showcase why user and application visibility is essential to have a secure datacenter policy • Demonstrate how to use NSX Activity Monitoring provides advanced visibility
  • 3. 4 Security Teams Care About Policy and Compliance Security Architect Regulations, Standards, Best Practices • Access Control • Segmentation • Automation • Audit Infrastructure Requirements Common Control Frameworks
  • 4. 5 Think About Your Last Interaction With The Security Team VI Admin / Cloud Operator Do we have this malicious software running? PCI Auditors in the house… are we compliant? High severity vulnerabilities on critical business systems… must patch!
  • 5. 6 The Cloud Operator Has to Make This All Work…But How? VI Admin / Cloud Operator Yikes. Security Policy ≠ Security Operations Security team asks operator to implement policies that are specified at user and application level I need this. Security Architect
  • 6. 7 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 7. 8 Visibility Tools Are Required To Implement Security Policy DEFINE Security Architect MONITOR VI Admin / Cloud Operator ENFORCE VI Admin / Cloud Operator
  • 8. 9 Get Advanced Visibility Into Users and Applications VI Admin / Cloud Operator No problem. Allow THIS user can access THAT application Security Architect Step 1. Security team defines policy for who is allowed access to what applications. Then they ask the data center operator to make it happen.
  • 9. 10 VI Admin / Cloud Operator Easy. Step 2. Operator monitors the system to identify right level of application protection. Then they tune the enforcement rules to ensure adherence to expected policy. Security Architect Compliant. ✔ Get Advanced Visibility Into Users and Applications
  • 10. 11 Step 3. Operator identifies non compliant activity and informs the security team to remediate/ tune security policies. Gets approval and applies to workloads. I found something fishy. VI Admin / Cloud Operator Yup. Can you block this Security Architect Sure, No problem Get Advanced Visibility Into Users and Applications
  • 11. 12 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Provides Tools for Advanced Visibility  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 12. 13 NSX Provides Tools To Define and Enforce Policy MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Service Composer NSX Firewall
  • 13. 14 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads VMware NSX Service Composer Provides Policy Framework Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
  • 14. 15 NSX Provides Advanced Visibility Into Users and Applications MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Activity Monitoring NSX Service Composer NSX Firewall
  • 15. 16 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads NSX Activity Monitoring Provides Advanced Visibility Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
  • 16. 17 NSX Activity Monitoring Provides Advanced VIsibility AD Group AD Group Security Group Security Group Desktop Pool NSX Activity Monitoring provides visibility into group, application and destination activity in the virtual environment User: Joe • Users accessing assets • Applications running on virtual machines • Server access by AD Group, Security group or Desktop Pool • Interactions between groups ( AD, SG or DP)
  • 17. 18 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 18. 19 Sample Security Policy Allow only approved users access specific applications on corporate assets. Have a policy on WHO is allowed access to WHAT from WHERE is critical to secure assets. In other words.. 1. Allow only authorized users to access critical business applications 2. Allow only authorized applications on corporate servers 3. Allow access to only required ports from specific networks MONITOR ENFORCE DEFINE
  • 19. 20 Challenge: Do You Trust All Your Users? Monitor Enforce Define Policy Category  Regulatory / HIPAA: Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Challenges • Threats are not just outside organizational boundaries • Network level access control is not sufficient for cloud environments • Controlled access for insiders based on user identity is required to safeguard corporate assets
  • 20. 21 EPIC Servers NursesDoctors ✔✔ Requirement: Allow only authorized users to access critical applications Requirements  Find which user group needs access to which asset  Ability to generate reports on: Which users are connecting to the set of applications? What applications are the non trusted users connecting to?  Option to limit access based on user identity Monitor Enforce Define Financ e ✔ Accounting Servers
  • 25. 26 Demo Block Finance access to EPIC Servers
  • 27. 28 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 28. 29 Challenge: Do you know what’s running on your servers? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Corporate Governance of IT: Define how technology is used and managed to support business needs Challenges • Visibility into all data center applications • Identify Rogue Applications that either capture confidential information or siphon sensitive data to external sources • Identify Vulnerable Applications to reduce the scope of attack
  • 29. 30 Requirement: Allow only authorized applications corporate servers DB Administrators ✔ HR Requirements  Identify all applications running on corporate servers  Create a list of acceptable, grey listed and non permitted applications for servers  Monitor, restrict and report violations of all acceptable use policies Monitor Enforce Define HTTP WEB APP DATABASE ✔ ODBC ODBC
  • 30. 31 Demo User Access to Applications
  • 31. 32
  • 34. 35 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 35. 36 Challenge: Are you protected from malware? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Single use systems: for protection of critical services Challenges • Identify and prevent further spread of malware in the network • Regular Monitoring for rogue or vulnerable applications to avoid compromise
  • 36. 37 Requirement: Allow only required ports to be open based on expected use HTTPS WEB APP DATABASE Requirements  Find all user and application activity on critical servers  Ensure that only allowed applications are running  Monitor applicable controls regularly ✔ Monitor Enforce Define HR ✔
  • 40. 41 How Do You Deploy? Active Directory Eric Frost Today Source Destination 172.16.254.1 172.16.112.2 With Activity Monitoring VM Tools User AD Group App Name Originating VM Name Destination VM Name Source IP Destination IP Eric Engineering iexplorer.exe Windows 7 Apache Server 192.168.10.75 192.168.10.78 NSX Mgr SVM Compute Management Gateway
  • 41. 42 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 42. 43 Back At The Office… VI Admin / Cloud Operator Security Architect 1. Point your security team to VMware NSX. 2. Partner with security team to evaluate NSX Activity Monitoring to implement security policy I just learned about VMware NSX Activity Monitoring and we could simplify a lot of this! No kidding. Prove it! I will. ✔
  • 44. 45 Related Sessions  NET5847 - NSX: Introducing the World to VMware NSX  SEC5749 - Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC  SEC5820 - NSX PCI Reference Architecture Workshop Session 2 - Privileged User Control
  • 46. Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889