Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Kurt Van Etten / Joe Bertnick Product Management, Data Center Security
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
1
Agenda
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
the evolution of the data center
the growing security challenge
Symantec Data Center Security
product strategy and roadmap
1
2
3
4
2
the evolution of the data center
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
1
3
the bar is set high…
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
I I I I I I I I I I I I I I I I I I I I I I I
The bar
“AWS is who we are
measured against. We
need to deliver that agility
with the same security and
management we have today.”
- Vice President IT Infrastructure,
Retail
“For security to keep up – we need a simpler way to manage security from our
Firewalls to the Workload. With the rate of change in our data center, a gap
between products or process is where a breach is likely to occur.”
- Director, IT Security Financial Services
• solutions integrated with the SDDC infrastructures
• automation across network and server security
policies
• better protection with more
tightly integrated solutions
Security needs to evolve
• many organizations protyping SDDC
infrasturcutres (NSX, OpenStack)
• focus on auotmation for lower TCO
• security automation is the bottleneck
AWS is the new benchmark
4
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
security is here
adoption is here
this is a problem
the adoption curve Virtualization is being stalled due to concerns around Security and Compliance.
5
the vision
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Drivers
Cost
Speed
Flexibility
Inhibitors
Security Tax
Compliance
Complexity
The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC.
Data
Cente
r S
ecurity
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are
-De
fin
ed
Da
ta C
en
ter
Applications and Policies
Auto
mation a
nd M
anagem
ent
6
Da
ta C
en
ter
Se
cu
rity
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are
-De
fin
ed
Da
ta C
en
ter Applications
and Policies
Auto
mation a
nd M
anagem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
compute and storage virtualization
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs dynamic, application-centric security.
1. Drive down hardware and power costs
2. Abstract workload from
hardware
3. Provision and monitor services
Hypervisor
7
virtualization Little “v”- Consolidation of Identical Apps
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Hypervisor
8
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Driver: Reduce Hardware and Power Costs Security Concerns: New Threat Surfaces
• Cloud Admin • Hypervisor • Management Plane
Network Security Zones remain unchanged
Hypervisor
little “v”- virtualization Consolidation of Identical Apps
9
big “V”- virtualization full abstraction of application from hardware
App A App A App A App B App B
Server A Server B Server C Server D
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 10
big “V”- virtualization full abstraction of application from hardware
Driver: Agility, Speed , and Utilization Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede
value
App A App A App A App B App B
Server A Server B Server C Server D
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 11
Da
ta C
en
ter
Se
cu
rity
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are
-De
fin
ed
Da
ta C
en
ter Applications
and Policies
Auto
mation a
nd M
anagem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
network virtualization
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
1. Agility and Speed
2. Abstract workload from
hardware
3. Drive down hardware costs
SDN
A dynamic, application-centric data center needs dynamic, application-centric security.
12
small “sdn”- Software Defined Networking mimic hardware security zones with software
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
DMZ PCI HIPAA
13
small “sdn”- Software Defined Networking mimic hardware security zones with software
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
DMZ PCI HIPAA
Driver: Agility, Speed Security Concerns: Motioning • Security stays with workload • Demonstrate Compliance Network Security Zones • Static Network Zones can impede
value
14
big “SDN”- Software Defined Networking micro segmentation by application
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Software Defined Networks
Sharepoint Order Processing HR Onboarding
15
big “SDN”- Software Defined Networking micro segmentation by application
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Software Defined Networks
Sharepoint Order Processing HR Onboarding
Driver: Agility, Speed Security Impacts: Motioning • Firewall rules follows application Network Security Zones • Large number of security zones • No need to group apps by zones
16
the players
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Clear leaders are emerging within layers and across the stack.
17
the growing security challenge
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 18
2
Da
ta C
en
ter
Se
cu
rity
Compute/Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are
-De
fin
ed
Da
ta C
en
ter Applications
and Policies
Auto
mation a
nd M
anagem
ent
Support for key standards for private clouds e.g. Openstack and partner with vendors delivering those standards e.g. Amazon, VMWare, Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-centric security
benefits of data center virtualization
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
“By 2015, 40% of security controls used in Enterprise data centers will be virtualized, up from less than 5% in 2010”
– Neil MacDonald
VM
1. Centrally apply and attach policies to workloads
2. Automate workflows across
services
3. Provision and monitor services
19
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
what customers are still concerned about…
VM
1. Centrally apply and attach policies to workloads
2. Automate workflows across
services
3. Provision and monitor services
✓ • Threats– how do I continuously combine updated threat and vulnerability intelligence with workload context to optimize security response?
• Security Consistency – how do I ensure consistent security across my virtual and physical infrastructure so I can move workloads from to physical to virtual.
• Compliance – how do I make sure adequate controls are in place at all times to ensure and demonstrate regulatory compliance?
• Policy – how do I make sure I have the right menu of policies available for orchestration and how do I continuously adapt these across multiple products in response to the changing threat environment?
• Segregation of Duties – how do I ensure the integrity of my data center security in the face of converging admin roles?
• Security Tax – how do I optimize security to minimize the performance and operational cost to my data center?
?
20
Symantec Data Center Security
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 21
3
Symantec SDDC vision
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Embed Security into the platform
Integrate across point technologies
Automate and orchestrate security 1 2 3
Security Orchestration Platform
Serv
er S
ecu
rity
Un
ifie
d
Ass
essm
ent
Dat
e St
ore
Se
curi
ty
VD
I Sec
uri
ty
22
Embed security into the platform
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
• Integration with SDN/SDDC
Platform
• Security via the Hypervisor
• Frictionless agents to deploy
higher controls
Integrate across point technologies
• Bring together multiple controls
into a single offering
• Integrate across policy and
deployment
• Easily allow security to “scale
up” based on the policy of the
workload
VSM PGP
DLP
Threat Protection
Hypervisor Hardening/SOD
Encryption
Data Protection
Data Store Security
1 2
DSS
UA PAN
CSP/ SEP
CSP
Server Hardening
23
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Automate and Orchestrate Security • Automate key processes to
ensure workloads stay secure
- Deployment and
Provisioning
- Updating security baselines
to respond to external threats
- Implementing new security
profiles as workloads change
- Remediating workloads
through their lifecycle
• Ongoing validation and
continuous monitoring
SDN/SDDC Platform
Software Defined Security Service
3
Server Security
Data Store
Security Firewall
24
product strategy and roadmap
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 25
4
protecting the data center at each layer…
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Infrastructure Protection • Backplane Hardening • SDN Integration
3 Information Protection Focus Designed for key applications in the data center
Application/Data Plane
Data Store Security
2 Workload
Threat Protection Focus Workload Server Centric
Server Security
VDI Security
Security Orchestration Platform • Operations Director • Security Service • Assessment / Discovery
1 Infrastructure
VM Backplane vCenter (Management) AWS Infrastructure Software Defined Networks
SVA SVA
26
Data Center Security: Server the first of the ‘new offerings’ to ship from Symantec!
Symantec™ Data Center Security: Server
• Hypervisor-based security virtual appliance
• Low OPEX – Fully integrated with VMware NSX
• Always On – Anywhere Protection
• Utilizing Symantec Best in Class AV and Insight Reputation
• What’s Next: Guest Network Threat Protection
Frictionless AV Protection
• Scale up to Full Lock Down
• Wizard Driven Simplified Hardening
• Protected Application Whitelisting and Control
• What’s Next: Application Centric Protection
Integrated with “CSP”
Data Center Security
Service for VMWare NSX
Security Response Insight Reputation
Virtual Data Center
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 27
VDI Security Appliance
Data Center Security : VDI
Non-Disclosure Commercial in Confidence
2
8
Citrix XenApp VMware View/Horizon
Thin Client
• Hypervisor-based security virtual appliance
• Low OPEX – Fully integrated with VMware NSX
• Always On – Anywhere Protection
• Utilizing Symantec Best in Class AV and Insight Reputation
AV Protection with Insight Reputation
Thin Client
Citrix XenApp
VMware Horizon
Security Response Insight Reputation
Data Center Security: Data Store
Symantec™ Data Center Security: DataStore
• Threat Protection -Content Filtering
• DLP Integration
• Data Insight – Encryption
• Unified Policy and Administration
Unified Protection
• Messaging (Exchange)
• NAS – Filers
• NetApp
• SharePoint
• Cloud Apps
Across Critical Applications & Data
DSS Deployed across
Virtual & Cloud
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
Security Response Insight Reputation
28
“Any information regarding pre-release Symantec
offerings, future updates or other planned
modifications is subject to ongoing evaluation by
Symantec and therefore subject to change. This
information is provided without warranty of any kind,
express or implied. Customers who purchase Symantec
offerings should make their purchase decision based
upon features that are currently available.”
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 29
High-level product roadmap
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640
DC Protection: Integrated security for agile workloads, networks, and data intensive/strategic applications
Anti-Malware DCS: Server (HyperVisor AV
Server Hardening - CSP)
DCS: Server (Application Centric Security
Enhanced IPS)
DCS: Server (DLP Endpoint,
Multi HyperVisors) Server Hardening
VDI Protection Symantec Endpoint Protection Symantec Endpoint Protection DCS: VDI
(Frictionless Protection for VDI)
HyperVisor Hardening Symantec Virtual Security Manager
Symantec Virtual Security Manager
DCS: Virtual Security Manager
Data Store Protection (Exchange, Sharepoint, NAS, Cloud) Symantec Protection Engine
Symantec Mail Security
DCS: Data Store (Threat Protection
Exchange / SharePoint Security Content Filtering DLP Integration)
DCS: Data Store (DLP Engine, Encryption
App / SAN Security)
DC Security Orchestration: Automated evaluation and application of security to virtual environments
Security Orchestration DCS: Operations Director
Security settings for New Workloads
DCS: Operations Director
Security settings in response
Asset Discovery Risk Management Secure Configuration Vulnerability Scanning
CCS SM, RM, SM, VM
CCS SM, RM, SM, VM
DCS: Unified Assessment (Secure Configuration, VM, Risk
Management) Public/Private cloud assessment
Current Phase II Phase III
30
Thank you!
YOUR FEEDBACK IS VALUABLE TO US!
Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.
To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 31
Transition With Background Picture
Roadmap: The Evolution of Data Center Security, Risk and Compliance - 1640 32