Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security
•
3 likes•4,172 views
This document discusses how integrating security solutions like Trend Micro Deep Security with VMware NSX can automate security and make it part of the infrastructure fabric. It provides an example of how Plexus Corp uses this approach to automatically assess risk, protect new systems from exploits, and maintain consistency across environments. The business benefits of automated virtual patching over traditional patching methods are also outlined.
![Copyright 2017 Trend Micro Inc.2
Welcome to:
AUTOMATED SECURITY FOR THE REAL-TIME ENTERPRISE WITH VMWARE NSX
AND TREND MICRO DEEP SECURITY [SAI3313BUS]
Presenter: Chris Van den Abbeele, Global Solutions Architect, Trend Micro
Presenter: Kelly McBrair, IT Infrastructure Architect, Plexus Corp
Join us Wednesday at 11 am for:
SKIP THE SECURITY SLOW LANE WITH VMWARE ON AWS [SAI3316BUS]
Presenter: Bryan Webster, Principal Architect, Trend Micro
Presenter: Dharmesh Chovatia, Lead Architect, Global CTO Office, Capgemini US
Visit the VMware Solution Exchange for a 30 Day Trial of Trend Micro™ Deep Security
https://www.trendmicro.com/product_trials/download/index/us/123
Visit trendmicro.com/vmware
Follow us @trendmicro](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security
Similar to Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security (20)
More from Trend Micro
More from Trend Micro (20)
Recently uploaded
Recently uploaded (20)
Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security
- 1. Chris Van den Abbeele Kelly McBrair SAI3313BUS #VMworld #SAI3313BUS Automated Security for the Real-Time Enterprise with VMware NSX and Trend Micro Deep Security
- 6. Copyright 2017 Trend Micro Inc.6 Trend Micro § 28 years focused on security software § Headquartered in Japan, Tokyo Exchange Nikkei Index (4704) § Annual sales over $1B US § Customers include 45 of top 50 global corporations § 5500+ employees in over 50 countries 500k commercial customers & 155M endpoints protected Small Business Midsize Business Enterprise Consume r Consumers
- 7. Copyright 2017 Trend Micro Inc.7 Agenda • Introductions • Automated security: From “bolted on” to “part of the fabric” • The Business Case for Automated Virtual Patching • Solve new problems • Integration with vRealize Operations • Deployment lessons learned
- 9. Copyright 2017 Trend Micro Inc.9 Visibility Risk assessment Protect MoneyMaintainContextVisibility
- 10. Copyright 2017 Trend Micro Inc.10 What’s the problem with “bolted on” security ? • With the introduction of virtualization, we made a quantum leap in Operations. The same is happening with NW virtualization. But in many cases, Security, remained stuck in the Dark Ages. Security is still something that is applied afterwards. • We need to “shift left” security and integrate it in the automation • In today’s real-time enterprise, the Operations team has to do more with less, every day. They create more new workloads than ever before. • Manually adding the security controls, takes a lot of time and it is often postponed (and/or finally... “forgotten”) • Many Security Dashboards only show workloads which had been brought under the control of the Security Solution (and have a security agent installed on them). • Shadow IT can remain completely under the RADAR
- 21. Copyright 2017 Trend Micro Inc.21 8 layers of security: - Anti-Malware - Web Reputation - Firewall - Intrusion Prevention - Integrity Monitoring - Log Inspection - Application Control - Protection for SAP systems (NW-VSI) Full, multi-layered security
- 28. Copyright 2017 Trend Micro Inc.28 High-impact zero days require immediate attention 2 – Are we vulnerable? (risk?) – Who can provide a patch? – When can we have the patch? – When can we test it? – Who can test it (team?) – Where can we test it ? (test environment) – When can we have a maintenance window to Patch and Reboot our servers?
- 33. Why VMware with NSX and Trend Micro Deep Security? Table Stakes • Performance • Security • Cost Next Play • Integration and Choice • Flexibility and Innovation
- 34. NIST Cybersecurity Framework Identify Protect Detect Respond Recover • Asset Management • Business Environment • Governance • Risk Assessment • Risk Management Strategy • Access Control • Awareness and Training • Data Security • Information Protection Processes and Procedures • Maintenance • Protective Technology • Anomalies and Events • Security Continuous Monitoring • Detection Processes • Response Planning • Communications • Analysis • Mitigation • Improvements • Recovery Planning • Improvements • Communications Security Dashboard Firewall Antivirus IPS Vulnerability Scanning IDS SIEM Monitoring Data Recovery Disaster Recovery Disconnection Management Security Incident Response
- 35. • Leverage Syslog, SNMP, Email and/or vRealize Suite for Better Integration with Existing Monitoring/Alerting Tools • Isolate VM Tagged by Deep Security with Native NSX Firewalling • Behavior-based firewalling, block internet phone home, prevent RGE • Take Action on VM Tagged by Deep Security with VMware Orchestrator • Snapshots and clones, prepare restores, perform additional scanning Example video of automated VM snapshot and Wireshark tap (with code): http://www.storagegumbo.com/2014/09/automation-multi-action-security.html • See the Trend Threat Encyclopedia for examples of High, Medium and Low threats: http://trendmicro.com/vinfo • Find sample code at Trend’s DS Github repo: https://github.com/deep-security Automated Response to Improve Protection
- 37. Copyright 2017 Trend Micro Inc.37 User call - VM slow to respond … or … Administrator receives a security alert Log Ticket Log Ticket Admin logs in to vRealize Operations Admin logs in to Deep Security Manager • Attempt to vMotion • Reboot the VM • Recycle the VM • Change rules to block specific ports • Quarantine and scan Root Cause Analysis Root Cause Analysis Close Ticket Close Ticket Virtual Infrastructure Administrator Security Administrator Isolated worlds...
- 41. Read Trend’s Best Practices Guide (Note sizing, testing, recommendations) : https://help.deepsecurity.trendmicro.com/best-practice-guide.html Consider Additional Distribution Points and/or Managers over WAN Troubleshoot Deep Security Virtual Appliances as Cattle Plan Your Rules: Firewall, Affinity, Restart, etc. Agents are still needed (today) for: • Server 2016 and *nix VMs • Some advanced features • (recommendation) Windows-based VMware Components and Supporting Systems that may start up before Trend Deep Security Manager (i.e. its DB) Tips and Things You Should Know
- 42. Guest Introspection Drivers and Troubleshooting: https://kb.vmware.com/kb/2094261 VMware Tools Versions and Upgrades https://packages.vmware.com/tools/index.html (Beware of v10.0.0-10.0.7) https://kb.vmware.com/kb/1014508 (Correlate versions file to ESXi Build) Automate the Upgrade with: /v “/qn ADDLOCAL=ALL REMOVE=Hgfs,NetworkIntrospection” Note: NetworkIntrospection removal optional Add REBOOT=ReallySuppress to prevent any reboots Get to Know VMware Tools