SlideShare una empresa de Scribd logo

VMworld 2014: The Goldilocks Zone

VMworld
VMworld

The document discusses the opportunities and challenges of securing modern IT infrastructure and applications in the software-defined data center (SDDC). It outlines three key architectural issues: 1) the need for logical segmentation around application boundaries, 2) orchestrating security policies across multiple controls, and 3) providing the right context and isolation for security tools. The document argues that virtualization provides the "Goldilocks zone" to address these issues by placing security controls and services into the virtualization layer to enable micro-segmentation, advanced context sharing between tools, and policy orchestration across applications and infrastructure. It presents a case study of how one company addressed these challenges through a virtualization-based security approach.

Tecnología
1 de 23
Descargar para leer sin conexión
The Goldilocks Zone: Security and Architectural Implications of the SDDC SEC1959-S Tom Corn SVP, VMware, Inc. – Security Products
Securing the Data Center 2 NETWORK STORAGE INFRASTRUCTURE MANAGEMENT & ORCHESTRATION COMPUTE IT INFRASTRUCTURE APPLICATION INFRASTRUCTURE NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY INFRASTRUCTURE IDENTITY CONTROLS IAM, IAG, Authentication, Access Control, Federation/SSO APP/DATABASE CONTROLS App/DB Activity Mon, App/DB Encryption, Fraud Analytics
A Picture of Diminishing Returns 3 The Only Thing Outpacing Security Spend… Is Security Losses IT Spend Security Spend Security Breaches
Kill Chain: Anatomy of a Modern Attack 2 Attack Vector R&D 1 Human Recon 3 Delivery Mechanism 1 Prep 2 Intrusion 3 Recon 4 Recovery 5 Act on Intent 6 Exfiltration
5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 2. Intrusion
8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 3. Recon
9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 4. Recovery
11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup 5. Act on Intent 6. Exfiltration
Modern Attack: targeted, interactive & stealthy 9 1 Human Recon 2 Attack Vector R&D 3 Delivery Mechanism 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup Stop Infiltration Lack visibility & control to stop exfiltration shift from… •  Perimeter-centric •  In-line prevention •  Managing compliance to... •  Application & user-centric •  Analytics/Out-of-band mitigation •  Managing risk
3 Architectural Issues 10 As a ubiquitous abstraction layer between the applications and the infrastructure it provides the “Goldilocks Zone” for security. Virtualization is the Key Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry / “handles” for security controls 3. Context Common Thread: The Application
The Logical Segmentation Problem CONFIDENTIAL 11 Hyper-connected Computing Base Lateral Movement Complex/Comingled Policy Enforce segmentation around application boundaries versus the perimeter, physical zones or machines The Solution We have no mechanism that maintains the relationship between the applications & the infrastructure. The Obstacle
The Compound Policy Problem CONFIDENTIAL 12 C1 C2 C3 Right Place Right Order Share State Choke Points / Scalability A mechanism to insert and order security controls and policy around logical boundaries, and a mechanism for them to publish and share state The Solution No such mechanism exists. We can insert on physical boundaries, and share state via point integrations and correlation. The Obstacle Complex Distributed Policy ? Sharing State
The Context/Isolation Tradeoff CONFIDENTIAL 13 Policy è ç Analytics Context Isolation Endpoint Network êé ê é HTTP://192.163.8.10:8080 HTTP://192.159.2.10:8080 HTTP://192.162.5.8:8080 Poor Handles/Telemetry for Policy/Analytics 10.20.2.14 09:00:02:A3:D1:3D 10.18.3.13 08:00:03:A4:C2:4C A ubiquitous mechanism for communicating telemetry with security controls that has the isolation properties of a network control point and the context of an endpoint agent. The Solution No such mechanism exists. We are forced to make the tradeoff. The Obstacle
3 Architectural Issues CONFIDENTIAL 14 1 Common Thread: The Application Virtualization is the Goldilocks Zone for Security •  Segment along application boundaries and compliance scopes •  Provision and order controls along those boundaries •  Share context to and among controls If we could… •  Reduce our attack surface •  Simplify our policies •  Improve the effectiveness of all our controls …then we can dramatically… Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry/”handles” for security controls 3. Context
Putting Security Controls into the Virtualization Layer 15 Context Security/Telemetry Security Service Provisioning & Orchestration Built-in Controls Isolation/Segmentation/Access Virtual Infrastructure NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY CONTROLS
Micro-segmentation CONFIDENTIAL 16 Logical segmentation around application boundaries App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT App 1 App 2 App 3 Inside firewall
Micro-segmentation CONFIDENTIAL 17 Isolation Explicit Allow Comm. (Default Deny) Secure Communications Structured Secure Communications NGFW IPS IPS NGFW WAF IPS
Advanced Context 18 The hypervisor can bridge the context / isolation gap Context Isolation Endpoint Agent Virtualization êé é Network Device ê é é
Policy Orchestration 19 Advanced Malware Protection à DEFCON Security Group = DEFCON 1! Members = {Tag = ‘AdvancedMalware.Suspicious’, DEFCON Network} ! Security Group = Web Tier! Policy Definition Standard Web Policy þAdvanced Malware Protection DEFCON 1 Policy þ  Gateway Authentication 1 à 2 Factor þ  Ratchet back Access Controls þ Increase Logging
Case Study WestJet Airlines Richard Sillito Solution Architect, IT Security WestJet Airlines
The Call to Action A Once in Wave Opportunity 1st Wave Mainframe | Terminal Millions of Users Thousands of Apps 2nd Wave PC | Client/Server | LAN/Internet Hundreds of Millions of Users Tens of Thousands of Apps 3rd Wave Cloud/SDDC | Mobile | Social | Big Data Billions of Users. Millions of Apps. Trillions of Devices Security Teams Security Vendors Virtualization The Goldilocks Zone for Security
Thank You
Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate

Recomendados

Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 

Recomendados

Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityTripwire
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a servicenairshyam
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
Ngn sec
Ngn secNgn sec
Ngn secdraacon
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SecureWorks
SecureWorksSecureWorks
SecureWorksjduhaime
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 

Más contenido relacionado

La actualidad más candente

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROISiemplify
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityTripwire
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a servicenairshyam
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SecureWorks
SecureWorksSecureWorks
SecureWorksjduhaime
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guidelarry1401
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 

La actualidad más candente (20)

Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
CyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROICyberSecurity Strategy For Defendable ROI
CyberSecurity Strategy For Defendable ROI
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009
 
Adapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint SecurityAdapt or Die: The Evolution of Endpoint Security
Adapt or Die: The Evolution of Endpoint Security
 
Intelligence soc as a service
Intelligence soc as a serviceIntelligence soc as a service
Intelligence soc as a service
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanPCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
 
Ngn sec
Ngn secNgn sec
Ngn sec
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
SecureWorks
SecureWorksSecureWorks
SecureWorks
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 

Similar a VMworld 2014: The Goldilocks Zone

Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control SystemHemanth M
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?EMC
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2ShivamSharma909
 
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecurityElevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecuritySecurityGen1
 
SecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen1
 
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsProtecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsSecurityGen1
 
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...SecurityGen1
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simpleSameer Paradia
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 

Similar a VMworld 2014: The Goldilocks Zone (20)

Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Securing Industrial Control System
Securing Industrial Control SystemSecuring Industrial Control System
Securing Industrial Control System
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
 
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecurityElevate Safety with Security Gen: Unraveling the Power of Signaling Security
Elevate Safety with Security Gen: Unraveling the Power of Signaling Security
 
SecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen's Pioneering Approach to 5G Security Services
SecurityGen's Pioneering Approach to 5G Security Services
 
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsProtecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection Solutions
 
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | Sysfore
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworks
 

Más de VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 

Más de VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 

Último

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 

Último (20)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 

VMworld 2014: The Goldilocks Zone

  • 1. The Goldilocks Zone: Security and Architectural Implications of the SDDC SEC1959-S Tom Corn SVP, VMware, Inc. – Security Products
  • 2. Securing the Data Center 2 NETWORK STORAGE INFRASTRUCTURE MANAGEMENT & ORCHESTRATION COMPUTE IT INFRASTRUCTURE APPLICATION INFRASTRUCTURE NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY INFRASTRUCTURE IDENTITY CONTROLS IAM, IAG, Authentication, Access Control, Federation/SSO APP/DATABASE CONTROLS App/DB Activity Mon, App/DB Encryption, Fraud Analytics
  • 3. A Picture of Diminishing Returns 3 The Only Thing Outpacing Security Spend… Is Security Losses IT Spend Security Spend Security Breaches
  • 4. Kill Chain: Anatomy of a Modern Attack 2 Attack Vector R&D 1 Human Recon 3 Delivery Mechanism 1 Prep 2 Intrusion 3 Recon 4 Recovery 5 Act on Intent 6 Exfiltration
  • 5. 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 2. Intrusion
  • 6. 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 3. Recon
  • 7. 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 4. Recovery
  • 8. 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup 5. Act on Intent 6. Exfiltration
  • 9. Modern Attack: targeted, interactive & stealthy 9 1 Human Recon 2 Attack Vector R&D 3 Delivery Mechanism 5 Install Command & Control I/F 4 Compromise Primary Entry Point Strain B Dormant Strain A Active 8 Install C2 I/F Wipe Tracks Escalate Priv 7 Lateral Movement 6 Escalate Privileges on Primary Entry Point 8 8 Strain A Active 9 Wake Up & Modify Next Dormant Strain Attack Identified Response Strain B Active Strain A Active Strain C Dormant Strain D Dormant 11 Parcel & Obfuscate 10 Break into Data Stores 12 Exfiltration 13 Cleanup Stop Infiltration Lack visibility & control to stop exfiltration shift from… •  Perimeter-centric •  In-line prevention •  Managing compliance to... •  Application & user-centric •  Analytics/Out-of-band mitigation •  Managing risk
  • 10. 3 Architectural Issues 10 As a ubiquitous abstraction layer between the applications and the infrastructure it provides the “Goldilocks Zone” for security. Virtualization is the Key Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry / “handles” for security controls 3. Context Common Thread: The Application
  • 11. The Logical Segmentation Problem CONFIDENTIAL 11 Hyper-connected Computing Base Lateral Movement Complex/Comingled Policy Enforce segmentation around application boundaries versus the perimeter, physical zones or machines The Solution We have no mechanism that maintains the relationship between the applications & the infrastructure. The Obstacle
  • 12. The Compound Policy Problem CONFIDENTIAL 12 C1 C2 C3 Right Place Right Order Share State Choke Points / Scalability A mechanism to insert and order security controls and policy around logical boundaries, and a mechanism for them to publish and share state The Solution No such mechanism exists. We can insert on physical boundaries, and share state via point integrations and correlation. The Obstacle Complex Distributed Policy ? Sharing State
  • 13. The Context/Isolation Tradeoff CONFIDENTIAL 13 Policy è ç Analytics Context Isolation Endpoint Network êé ê é HTTP://192.163.8.10:8080 HTTP://192.159.2.10:8080 HTTP://192.162.5.8:8080 Poor Handles/Telemetry for Policy/Analytics 10.20.2.14 09:00:02:A3:D1:3D 10.18.3.13 08:00:03:A4:C2:4C A ubiquitous mechanism for communicating telemetry with security controls that has the isolation properties of a network control point and the context of an endpoint agent. The Solution No such mechanism exists. We are forced to make the tradeoff. The Obstacle
  • 14. 3 Architectural Issues CONFIDENTIAL 14 1 Common Thread: The Application Virtualization is the Goldilocks Zone for Security •  Segment along application boundaries and compliance scopes •  Provision and order controls along those boundaries •  Share context to and among controls If we could… •  Reduce our attack surface •  Simplify our policies •  Improve the effectiveness of all our controls …then we can dramatically… Logical Segmentation Problem Lack ability to segment around application boundaries 1. Segmentation Compound Policy Problem Lack mechanisms to orchestrate policy across controls 2. Policy Context/Isolation Tradeoff Lack the right telemetry/”handles” for security controls 3. Context
  • 15. Putting Security Controls into the Virtualization Layer 15 Context Security/Telemetry Security Service Provisioning & Orchestration Built-in Controls Isolation/Segmentation/Access Virtual Infrastructure NETWORK DFW, IDS/IPS, NGFW, WAF, AMP, SWG, DDoS STORAGE Encryption, Key Management, Tokenization GOVERNANCE/COMPLIANCE Vulnerability Mgmt, Log Mgmt, GRC, PUAM, Security Posture Management, DLP COMPUTE AV, HIPS, AMP, Encryption, Execution & Device Control SOC SIEM, Security Analytics, Forensics SECURITY CONTROLS
  • 16. Micro-segmentation CONFIDENTIAL 16 Logical segmentation around application boundaries App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT App 1 App 2 App 3 Inside firewall
  • 17. Micro-segmentation CONFIDENTIAL 17 Isolation Explicit Allow Comm. (Default Deny) Secure Communications Structured Secure Communications NGFW IPS IPS NGFW WAF IPS
  • 18. Advanced Context 18 The hypervisor can bridge the context / isolation gap Context Isolation Endpoint Agent Virtualization êé é Network Device ê é é
  • 19. Policy Orchestration 19 Advanced Malware Protection à DEFCON Security Group = DEFCON 1! Members = {Tag = ‘AdvancedMalware.Suspicious’, DEFCON Network} ! Security Group = Web Tier! Policy Definition Standard Web Policy þAdvanced Malware Protection DEFCON 1 Policy þ  Gateway Authentication 1 à 2 Factor þ  Ratchet back Access Controls þ Increase Logging
  • 20. Case Study WestJet Airlines Richard Sillito Solution Architect, IT Security WestJet Airlines
  • 21. The Call to Action A Once in Wave Opportunity 1st Wave Mainframe | Terminal Millions of Users Thousands of Apps 2nd Wave PC | Client/Server | LAN/Internet Hundreds of Millions of Users Tens of Thousands of Apps 3rd Wave Cloud/SDDC | Mobile | Social | Big Data Billions of Users. Millions of Apps. Trillions of Devices Security Teams Security Vendors Virtualization The Goldilocks Zone for Security
  • 23. Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate