Embed Size (px)
Citation preview
.
McAfee ConfidentialSpeaker Name | Title
McAfee Server Security for physical, virtual, and cloud servers
.
McAfee Confidential
ContentOverview• Data center transformation• Customer challenges
Intel Security Solutions for servers• Discover all workloads• Protect from unknown threats• Minimize performance impact but be secure• Security Management to reduce complexity• How to Buy Summary• Customer case studies
2
.
McAfee Confidential3
Overview
.
McAfee Confidential
Importance of Comprehensive SecurityIf you had a compromise and someone is stealing data, how would you know?
4
Attackers Motives Targets Goals Malicious Insiders / Ex-EmployeesUnscrupulous CompetitorsNation StatesTerrorist / Activists Organizations
Political – maintain internal stabilityEconomic – stealing intellectual propertyTechnical – access to source codeMilitary – identify weaknesses to defeat superior military forces
Establish network footholdStealth intrusion, backdoorsEx-filtrate sensitive dataLeave no traces
Organizations w/ critical IPCritical InfrastructureFederal Government DoD contractors
.
McAfee Confidential
The Data Center Is Transforming
5
80%of servers will be virtualized by 20161
40%of data will be stored or processed by the cloud by 20203
$5.4BSize of the software-defined data center market by 20182
61%of businesses will use a hybrid cloud environment by end of 20144
10010100
10110001
01100110
00101011
01101001
10101
.
McAfee Confidential
Data Center Transformation:What does that mean for security?
6
236 new threats arise every minute4
(almost 4 per second)
Mean cost of data breaches per minute: $7900—up 41% since 20105
80%+ of businesses use cloud apps without corporate IT’s knowledge
40% of attacks are targeting servers3
Only 50% of data that needs protection, is protected1
Increased attack surface
.
McAfee Confidential
A Comprehensive, Connected Portfolio
7
Security Management
Security Intelligence
Software-Defined Data Center
Network Security
Data Protection
Server & Storage Security
Application Security
Intel® Hardware Security Foundation
on-premises | private cloud | public cloud | hybrid
World Leading Chip MakerFounded in 1968Mission: Utilize the power of Moore’s Law to bring smart, connected devices to every person on earth.
World’s largest dedicated security vendorFounded in 1987Acquired by Intel in 2010Mission: Keep our customers safe
Combining the security expertise of McAfee with the innovation,
performance, and trust of Intel.
.
McAfee Confidential
Customer ChallengesDiscover all server workloads Discover all workloads across physical, virtual and cloud deployments and then be able to apply proper security policy across this hybrid environment.
Protect from unknown threatsCustomers lack the visibility and sufficient insights to understand how to prevent unwanted applications from executing.
Minimize performance impact but be secureEnsure comprehensive security for physical and virtualized servers while placing minimal impact on system resources.
Management complexity Siloes security, compliance tools, and processes lead to low visibility of IT security posture which can slow remediation and reporting times
8
.
McAfee Confidential9
Discover all workloads
.
McAfee Confidential
You cannot secure
what you cannot see
DiscoverComplete security visibility of workloads
• Automatically discover your virtual & physical machineso Insight into virtual machine environment for enhanced security
controlo Show VM-to-Host relationshipo Show location of VM (which data center or cloud)
o Data Center Connectors for vSphere, Amazon AWS, OpenStack, Microsoft Azure
• Simplified management with new scan reports o Find unprotected endpointso Determine security compliance
• Visibility of OS memory protectiono Visibility into enabled operating system memory protection
10
.
McAfee Confidential
1 2 3
Data Center Connectors – AWS Example
Enter AWS account details EC2 instances discovered and imported into ePO
Monitor/Manage security for EC2 instances
.
McAfee Confidential
Extending Security Policy & Posture to Cloud
12
McAfee ePO
Extended Security Policy
PUBLIC CLOUDPRIVATE CLOUD
Discover & secure cloud instances automatically –private and public clouds
Ensures identical security posture between on premise and cloud-based data center
McAfee Server Security Suite EssentialsMcAfee Server Security Suite AdvancedMcAfee Public Cloud Server Security Suite
.
McAfee Confidential13
Protect from unknown threats
.
McAfee Confidential
McAfee Application Control for ServersIntelligent Whitelisting for Servers
Prevents whitelisted apps from being exploited via buffer overflow attacks
RAM
Prevents all unauthorized code from running
File Reputation Integrates with GTI and TIE to classify binaries as Good, Bad and Unknown
Dynamic Whitelisting
Memory Protection
Containment Coordinates with ADT to assess unknown behavior and immunize endpoints
.
McAfee Confidential
Efficient Security with McAfee Application Control
15
• Added protection for valuable data on servers against zero-day and APTs without signature updates resulting in quicker time-to-protection
• Dynamic whitelisting requires lower operational overhead compared to legacy whitelisting techniques
• Complete and fast protection using innovative security features such as local and global reputation intelligence, real-time behavioral analytics and auto-immunization of endpoints
• Extend legacy systems and ease migration knowing that McAfee Application Control can help protect these environments
.
McAfee Confidential
Provides continuous detection of system-level changes across distributed and remote locations
End-to-end compliance with McAfee Change ControlVisibility and Enforcement
16
• Selectively prevents out-of-policy changes
• Logs any attempted out-of-policy change
Change Prevention
• Alerts to critical and unauthorized changes
Integrity Monitoring
.
McAfee Confidential
Maintain compliance and control for your servers
17
• Prevents tampering by blocking unauthorized changes to critical system files, directories, and configurations
• Saving time for administrators in troubleshooting security breaches
• Tracks and validates every attempted change in real time on the server,
• Enforcing change policy by a time window, source, or approved work ticket
• Continuous control minimizes the impact from ad hoc or unauthorized changes
.
McAfee Confidential
Linux Firewall
HIPS for Servers • Includes a host-based firewall for Linux and
Windows systems• Prevents malware and botnets from entering
and propagating throughout servers by blocking unauthorized network traffic
Host Intrusion Protection – now for Linux
.
McAfee Confidential
What Antimalware to Choose?
19
ATM
POS
Fixed Function Systems Servers COE Desktops Dynamic Desktops
S T A T I C D Y N A M I C
Primary AntimalwareSecondaryAntimalware
AVODS
MAC MAC MAC AV
Kiosk
.
McAfee Confidential20
Minimize performance impact but be secure
.
McAfee Confidential
MOVE AVSecurity Optimized for Virtualization
21
V i r t u a l I n f r a s t r u c t u r e
D a t a c e n t e r
Optimized AntiVirusMcAfee ePO
Virtual Infrastructure
Manager
Virtual Servers
Virtual Desktops
Intelligent AV Scans
.
McAfee Confidential
Advantages of McAfee MOVE AV
22
• Supports ALL hypervisors, including vSphere, Hyper-V, KVM and XenServer
• Reduces resources required for security• Improves VM consolidation ratios• Prevents antivirus scan storms • Eliminates DAT updates from each VM• Avoids unnecessary scanning • Agentless deployment through VMware NSX
and VMware vCNS• SVAs are secured from vulnerabilities: certified
using Dept. of Defense DISA tools• MOVE License Usage report for agentless
deployment
Common Criteria EAL2+ certified
.
McAfee Confidential23
• Proactive notification of long scans• Notifies user of slow scans due to large file size
• Detailed diagnostics for AV performance tuning • SVA diagnostics can be run from ePO
• Diagnostics in ePO provide visibility into SVA bottlenecks• Statistics on most-frequently scanned files and processes per SVA
• Flexible tuning policies for AV performance tuning, available for multiplatform deployment • Ability to scan ‘default files types’ or ‘all file types’
Great Performance with McAfee MOVE AV
.
McAfee Confidential
MOVE AV – VMware agentless deployment
24
McAfee ePO
VMware vShield EndpointVMware ESX
Key Features • VMs with VMtools protected instantly• Intelligent, scheduled file scanning• vMotion-aware protection• Automatic SVA deployment on each hypervisor via integration with NSX• Simplified Agentless installation experience
VM VM MOVE Security
Appliance
OS OS
VMtools VMtools
MOVEMOVE
MOVE
Scans guest VMs over VMCI channel
No agents to manage in VMs
.
McAfee Confidential25
Security Management to reduce complexity
.
McAfee Confidential
Single pane managementePolicy Orchestrator
• Be aware of protection status of all workloads, on-premise and off-premise
• Manage security from a single ePO dashboard
• Monitor protection status of all Data Center components
• Security and power status• Applications categorized into Known Good, Known
Bad, Grey List• Vmware vShield Endpoint status• Historical security data
• Customizable dashboards such as executive overviews
26
.
McAfee Confidential
ePO Deployment makes installation easy for large agentless configuration1000+ or 5 installation steps – what do you prefer?
27
• With McAfee’s easy installation tool for agentless deployment
• Updating 1000 virtual machines means at least 1000 manual installation steps
• VMtool versions installed in each VM must be compatible
Today: Many installation steps Now: 5 installation steps
Available with server
suites
.
McAfee Confidential28
How To Buy
.
McAfee Confidential
Intel Security Portfolio for ServersMcAfee Server Security Suite Essentials• Core anti-malware for physical & virtual servers even
those in the cloud• Host Intrusion Prevention including a Linux host firewall• McAfee Agentless FirewallMcAfee Server Security Suite Advanced• Superset of the Essentials Suites which adds:
• Application Control (whitelisting) to prevent unwanted applications from executing
• Change Control for continuous detection of system-level changes
Add-on Server Security Products• McAfee Public Cloud Server Security Suite• Protection for Sharepoints, Email Servers, Storage,
Databases, and VDI environments
29
.
McAfee Confidential
Protect: McAfee Server Security SuitesComprehensive Protection
30
W H I T E L I S T I N GMcAfee Application Control
B L A C K L I S T I N GMcAfee Host Intrusion
PreventionMcAfee VirusScan
Enterprise McAfee VirusScan
Enterprise for Linux
V I R T U A L I Z A T I O N
C O M P L I A N C EChange Control
D A T A C E N T E R C O N N E C T O R SVMware vSphere Microsoft AzureAmazon AWS OpenStack
McAfee MOVE AntiVirus McAfee Agentless Firewall
.
McAfee Confidential
McAfee Server Security Suite Essentials
McAfee Server Security Suite Advanced
Additional Server Security Products
August 16, 201631
McAfee VirusScan Enterprise for Storage
McAfee Database Security Suite (Database Activity Monitoring, Vulnerability Manager for Databases, and Virtual Patching for
Databases)
McAfee Security for Microsoft SharePoint
McAfee Security for Email Servers
McAfee Security Suite for VDI
McAfee Public Cloud Server Security Suite
.
McAfee Confidential32
Summary
.
McAfee Confidential
Why Customer Like the Intel Security Solution
33
Intel Security solves customer challenges with security the hybrid datacenter
• Discover all physical and virtual servers including those in the cloud and then apply proper security policies
• Performance-optimized server security across physical, virtualized and cloud deployments.
• Comprehensive protection including dynamic whitelisting which protects from unknown threats.
• Manage security from an executive dashboard, providing security visibility with single-pane manageability.
.
McAfee Confidential
Use Case: Large Global Retailer
34
What was the company/industry• Global membership-style warehouse retailer with hundreds of
locations worldwide.
What was the problem• Protect virtualized enterprise without hampering business: • Ensure that the company’s virtual computing environment can grow
without being compromised by malware attacks.• Current environment: Over 25,000 virtual desktops, 5000 virtual servers, and 50
VMW hosts in 3 vCenters.
How did we uniquely help• McAfee MOVE AV protects 98% of virtualized desktops and servers
against sophisticated threats. • ePO delivers efficiencies through centralized management and
provides global visibility to support compliance and protect customers
GlobalWarehouse
Retailer
.
McAfee Confidential
McAfee MOVE AV provides McKesson with comprehensive and consistent malicious code protection for our virtual environment.
As we continue to adopt emerging technologies… implementing McAfee MOVE AV
provides us with additional security in our virtual environment.
The solution makes sizing and deployment simpler and ensures that every system is deployed with the same level of protection.
-Patrick EnyartSenior Director
McKesson Information Security, Security Operations
35
.
McAfee Confidential
Use Case: Boston Scientific
36
What was the company/industry• Fortune 500 developer, manufacturer, and marketer of medical
devices. Healthcare industry.
What was the problem• Detect threats without compromising performance• Security of its cutting-edge manufacturing lines which were using
legacy security hardware which couldn’t support updated antivirus software.
How did we uniquely help• McAfee Application Control helps Boston Scientific block unauthorized
or unknown applications and code. • Boston Scientific is also in the proof-of-concept stage with McAfee
MOVE AntiVirus. McAfee MOVE AntiVirus optimizes security, flexibility, and management for virtual environments, increasing the options for companies investing in virtualization
DCS – Direct and Channel Sales
McAfee Server Security Suites
Detect – Illuminate low-threshold maneuvering through advanced intelligence and analytics.
Protect – Stop pervasive attack vectors while also disrupting never-before-seen techniques and payloads.
Adapt – Apply insights immediately throughout an integrated security system.
Correct – Improve triage and prioritize response as part of a fluid investigation.
37 37
Addressing the Threat Defense Lifecycle
.
McAfee Confidential
For More Information
Web
Solution BriefsWhitepapers
.
Datasheets
Aberdeen eBookInfographic
http://www.mcafee.com/us/products/data-center-security/server-security.aspx
.
McAfee Confidential39
Backups
39
.
McAfee Confidential
ePolicy Orchestrator McAfee ePolicy Orchestrator (McAfee ePO) Security Management Platform for unified management of endpoint, network, and data security.
• End-to-end visibility• An open, extensible architecture• Proven efficiencies
• Personalized Command Center
• Drag-and-Drop Dashboards and Actionable Reports
• Role-based Access Control• Powerful Workflows• Enterprise-ready • Extensible Framework
Complete Management
40
.
McAfee Confidential
McAfee VirusScan Enterprise proactively stops and removes threats, extends coverage for new security risks, and reduces the cost of managing responses.
• Unbeatable malware detection and removal
• Proactive protection from zero-day attacks
• Integrates with McAfee GTI for real-time defense
• Managed by ePO for deployment, configuration, enforcement and reporting
• Optimized for fast performance and educed system impact
McAfee VirusScan Enterprise
NSS Labs Protection & Evasion Test 2013: (VSE/HIPS/SAE)
• Protect your files from viruses, worms, rootkits, Trojans, and other threats
• Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications
• Easily configure policies to manage and remove quarantined items
• Supports users who are using both Microsoft Outlook and Lotus Notes
• Supports Windows desktop OS (2000, XP, Vista, 7, 8) and Windows Server OS (2000, 2003, 2008, 2012)
Complete Endpoint Security
.
McAfee Confidential
McAfee VirusScan Enterprise for LinuxMcAfee VirusScan Enterprise for Linux delivers always-on, real-time anti-virus protection for Linux environments. Its unique, Linux-based on-access scanner constantly monitors the system for potential attacks.
• Secure your enterprise with always-on protection– Heuristic scanning– Archive scanning– Cross-platform protection
• Save time with automatic updates• Make management easy with McAfee ePolicy
Orchestrator (ePO)• Deploy new kernels quickly and easily
• Supports various Linux distributions
• SuSE Linux 9, 10, 11• Novell Open Enterprise Server 1, 2• Red Hat Enterprise 4.x; 5.x; 6.x• CentOS 4.x, 5.x, 6.x• Fedora Core 10, 11, and 12• Ubuntu 8.04, 9.04, 9.10, 10.04, 10.10,
and 11.04
Complete Endpoint Security
42
.
McAfee Confidential
McAfee Host IPSMcAfee Host Intrusion Prevention for Desktop delivers unprecedented levels of protection from known and unknown zero-day threats by combining signature and behavioral intrusion prevention system (IPS)
• Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and system execution
• Advanced threat protection through dynamic, stateful desktop firewall
• Single, unified management by ePO• Patch endpoints less frequently and with less urgency• Location aware policies provide specific protection
based on location• Behavioral Analysis - zero-day attack
protection• Mitigates patch deployment
urgency• Ensure applications only
perform legal operation• Vulnerability shielding capabilities for up
to 100% MS vulnerability coverage
Complete Endpoint Security
43
.
McAfee Confidential
McAfee Host Intrusion Prevention
August 16, 201644
Behavioral AnalysisZero-day Attack Protection Looks for malicious behavior patterns
Most effective way to stop zero day attacks without updates
Mitigates patch install urgency
Ensure applications only perform legal operations
Signature AnalysisKnown Attack Protection Vulnerability Shielding capabilities for up to
100% MS vulnerability coverage
Stop known attacks with zero service interruption
Significantly reduces false positives
Protects laptops during startup
Better protection from known malicious attacks
More time to test patches before deploying
Improved business continuity & security
+ =
Dynamic FirewallAdvanced Threat Protection Stateful firewall
Protects from advanced threats such as botnets before attacks can occur
.
McAfee Confidential
McAfee Application ControlMcAfee Application Control software provides complete protection from unwanted applications and code—blocking threats without requiring signature updates.
• Protect against zero-day and APTs without signature updates
• Strengthen security and lower ownership costs with dynamic whitelisting
• Automatically accept new software added through your authorized processes
• Provide flexibility to desktop users by optionally allowing them to approve new applications
• Block known and unknown threats
• Use whitelisting to only allow approved applications to run
• Integrates with McAfee ePO console for centralized IT management
• Easily protect unsupported legacy systems, such as Microsoft Windows NT and 2000
Complete Endpoint Security
45
.
McAfee Confidential
PerformanceMcAfee Application Control = Low Performance Impact
50%
60%
40%
30%
20%
10%
Endpoint Resource Usage(for illustration only)
Utilization
70%
80%
90%
100%McAfee App Control
AV + HIPs
.
McAfee Confidential47
.
McAfee Confidential48
Multi-platform features:• Quarantine restore from ePO
• Ability to restore quarantined files from within ePO
• Instantly run on-demand scan• Run ODS ‘now’• On a VM or a group of VMs
Agentless features:• Automatic SVA deployment on each hypervisor
• Enabled via integration with VMware NSX Service Composer
McAfee MOVE AV Features
.
McAfee Confidential49
• Optimized for large, dynamic virtual environments• Automated assignment of clients to available offload servers
• New SVA Manager for scan server load balancing• Display scan server load and status in Data Center Dashboard• Locate unprotected endpoints via scan reports
• Visibility to OS memory protection status• Agentless Host Firewall
• Manages multiple vCNS firewalls in data centers• Visibility into all virtual network isolations via ePO reports• Integration with vCNS App Firewall and NSX Distributed
Firewall: enables to control and isolate VMs and data
Advanced Features with McAfee Server Suites 3.5
.
McAfee Confidential
McAfee is a Leader in Endpoint Security
50
• Superior Manageability with ePO• Next Generation Endpoint Platform Vision• Security Connected Vision • Advancing Protection Rankings• Comprehensive Solution Strength• Intel / McAfee Together
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request
Six Year Gartner Magic Quadrant Leadership
Niche Players Visionaries
Challengers Leaders
McAfee
Sophas
Microsoft
Completeness of vision
Abilit
y to
exe
cute
Kaspersky Lab
Symantec
Trend Micro
Eset
Panda SecurityBitdefender
F-Secure
ThreatTrackSecurity
BeyondTrust
Check Point Software Technologies
Webroot IBM
LANDesk
Lumension Security
Arkoon Network Security
.
McAfee Confidential
Complete Protection—Proven by Independent Testing
51
Day Zero Rootkit Protection
Collection Missed Detected Total Detected (%) Missed (%)Anti-Malware Desktop 0 4634 4634 100.000 0.000
Spyware 0 1773 1773 100.000 0.000
Trojan 0 910 910 100.000 0.000
Overall 0 7317 7317 100.000 0.000
VSE On-Access, HIPS, and Dynamic Application Control
Source: Westcoast Labs 2012
Exploit Evasion Combined
McAfee 97% 100% 99%
Symantec 91% 100% 96%
Sophos 88% 97% 93%
Kaspersky 92% 92% 92%
F-Secure 79% 88% 84%
Microsoft 65% 100% 83%
AVG 76% 88% 82%
ESET 71% 92% 82%
Trend 73% 53% 63%
Norman 47% 75% 61%
Panda 41% 75% 58%
Combined Detection Rates
Source: NSS Labs 2013Source: AV-Test 2013
McAfee DeepDefender
Microsoft System Center 2012 Endpoint Protection
Symantec Endpoint Protection
48 of 48
100% 40 of 48
83% 32 of 48
67%
.
McAfee Confidential
Complete Protection—Proven by Independent Testing
Figure shows: Average block rate over a period of seven days.
Average Block Rate on Download for Socially Engineered Malware
Source: NSS Labs Apr. 2014
.
McAfee Confidential
DiscoverePolicy Orchestrator Dashboard
53
