How to Enable Secure Cloud Transformation · Cloud tools e.g. Chef, Puppet. § Efficient security management keeps operational expenses under control. § Security smart enough to

How to Enable Secure Cloud Transformation

Tamas Barna CISSP, CISM, CCSP, Security+

Enterprise Technology Specialist, EMEA

Cloud Infrastructure Security

2

Today’s Enterprise Landscape TransformationsApplications and Infrastructures

Cloud IaaS/PaaS

Offices | Remote Sites

Private Cloud

On-Prem / Hosted

SaaS Providers

Business Acceleration

3

Hybrid Cloud: Data Centers and Service Transformation

Physical Server Public Cloud Container and PaaS

Monolithic Fixed

Virtual ServerPrivate Cloud

Serverless

Loosely Coupled

4

Hybrid Cloud: Resulting Challenges

Physical Server Public Cloud Container and PaaS

Monolithic Fixed

Virtual ServerPrivate Cloud

Serverless

Complexity, Speed & Shared Responsibilities

Loosely CoupledComplete Visibility, Protection & Provisioning

Shadow IT, Efficient Management & Compliance

5

IaaS Fastest Growing Segment of Cloud

Source: Gartner Forecasts Worldwide Public Cloud Revenue press release April 12, 2018

IaaS 35.9% CAGR

SaaS 22.2% CAGR

6

Data Classification & Accountability

Client & End-Point Protection

Identity & Access Management

Application Level Controls

Network Control

Host Infrastructure

Physical Security

SaaSPaaSIaaS

The Cloud (First) Enterprise Challenges

Service Provider Responsibility

Customer Responsibility

Customer’s responsibilityin securing IaaS is much

greater than in SaaS.

7

Data Classification & Accountability

Client & End-Point Protection

Identity & Access Management

Application Level Controls

Network Control

Host Infrastructure

Physical Security

SaaSPaaSIaaS

The Cloud (First) Enterprise Challenges

Service Provider Responsibility

Customer Responsibility

Customer’s responsibilityin securing IaaS is much

greater than in SaaS.

8

IaaS Security Layers

Infrastructure1Detect and correct security misconfigurations

2Detect and secureWorkloads and Containers

Workloads and Containers

3 Protect the data in the apps Apps

IaaS

9

IaaS—Securing Infrastructure and Apps


2Detect and SecureWorkloads and Containers


3 Protect the data in the apps Apps

IaaS

10

Data Exfiltration Vectors—IaaS Infrastructure and Apps

Compromised AccountsMisconfiguration

Rogue User

Confidential Data Leaks

Rogue IaaS Accounts

IaaS

11



Rogue User


Rogue IaaS Accounts

12



Rogue User


Rogue IaaS Accounts

Security ConfigurationControl

13

1. Security Configuration AuditPrevent regulated/high-value data being stored in the cloud.

§ Continuously monitor IaaS security settings for misconfiguration.

14

1. Security Configuration AuditPrevent regulated/high-value data being stored in the cloud.

§ As IaaS admins correct misconfigured settings, McAfee automatically resolves the incident.

15



Rogue User


Rogue IaaS Accounts

Shadow IaaS Control

16

2. Managing Rogue IaaS Instances

Discover shadow AWS usage and reclaim control of risky IaaS usage.

§ Identify risky or unsanctioned IaaS platforms in use.

17

2. Managing Rogue IaaS Instances

Discover shadow AWS usage and reclaim control of risky IaaS usage.

§ Enforce governance policies and coach users to approved IaaS platform.

18



Rogue User


Rogue IaaS Accounts

Visibility of Confidential Data Inside PaaS Storage

19

3. Visibility of Confidential Data

Gain visibility of regulated/high-value data stored in AWS S3 and Azure Storage.

§ Perform on-demand scans to identify sensitive or protected data stored in IaaS storage services.

20



Rogue User


Rogue IaaS Accounts

User Behavior Analytics

Forensics

21

4. Advanced Threat Protection

Detect compromised accounts, insider threats, and malware.

§ Threat funnel correlates multiple anomalies, minimizing false positives.

22

4. Advanced Threat Protection

Detect compromised accounts, insider threats, and malware.

§ No pre-defined policies or thresholds, automatic models based on activity.

23

5. Activity Monitoring and Forensics

Capture and categorize an audit trail of activity for forensic investigations.

§ Categorizes 100s of activities into 13 categories for easy filtering/navigation.

24



§ Expand the scope of an investigation and browse a geo-location map.

25



§ Investigate activities for a specific user centered around an incident.

26



§ IP reputation to identify access by a malicious IP such as a TOR network.

27

IaaS—Securing Infrastructure and Apps


2Detect and SecureWorkloads and Containers


3 Protect the data in the Apps Apps

IaaS

28

McAfee Cloud Workload Security (CWS)

Defend Against Advanced AttackAutomate Discovery & Deployment

Correct Anomalies

Segment patient zero agentlessly using Security Groups

McAfee ePOSingle Management & Protection

Visualize & Detect Network Threats

Virtual NSP Network Flow Logs

29

IaaS Workload and Containers Challenges

Malware and Viruses

Difficulty Detecting Breaches

Lack of Network Traffic Visibility

FragmentedPolicy

Management

IaaSLack of Workload and Container

Visibility

30

Lack of Workload and Container

Visibility


Malware and Viruses



FragmentedPolicy

Management

31


Malware and Viruses



FragmentedPolicy

Management


Visibility

32

Uninterrupted visibility across physical, virtual, and cloud server workloads.

Detect Shadow IT activities.

Discover all virtual datacenters, all public cloud accounts and more.

Visibility and compliance of cloud workloads in McAfee ePolicy Orchestrator® (McAfee ePO™) within 5 minutes.

Discover

Discover all IaaS computing resources, including shadow IT

33

Discover and Manage Multiple Public Cloud Accounts Security Controls

Live Status with details

Views:

§ Workload

§ Events

§ VPC

Issue Details

Workload Count

Take Action

34


Visibility


Malware and Viruses



FragmentedPolicy

ManagementWorkload/Container Inventory

35


Visibility


Malware and Viruses



FragmentedPolicy

ManagementNetwork Flow and Threat Protection

36

Visualize

§ Faster time-to-detect malicious network traffic occurring on any of your cloud workloads.

§ Visualize* traffic to any unprotected or unmanaged workloads.

§ Detect any network misconfigurations via the traffic flow.

§ Container visibility and management within McAfee ePO.

* Cloud Workload Security Essentials and Cloud Workload Security Advanced customers.

Extreme insight and control over data, applications, network traffic, containers, and workloads.

37

Traffic & Network VisibilityGraphical traffic analysis for both E-W & N-S traffic (traffic moving to, from, and between workloads)

Correction• Shutdown• Update

\Firewall rules in AWS/Azure Security Groups

Threat Events• Workload

threats• Network threats

Detection• GTI IP

Reputation• Heuristics

(Blocked E-W connections, Activity on high-risk ports)

• Alerts from vNSP

38


Visibility


Malware and Viruses



FragmentedPolicy

ManagementAgent Installation & Security Configuration

Single-Click Quarantine

39

Protect

§ Integrated and advanced security for hybrid environments.

§ Protect critical assets against advanced threats while maintaining compliance.

§ Quarantine infected workloads & containers.

§ Comprehensive security across all compute, storage, and network resources, no matter the location of the workloads, the data, and the user.

§ New Import and synch tag information between AWS or Azure and McAfee ePO.

§ Protect against advance network threats* with integrated Virtual NSP.

§ Block network attack using micro-segmentation (agentless security).

§ New Auto-remediation based on defined McAfee ePO policies.

* Cloud Workload Security Essentials and Cloud Workload Security Advanced customers.

Complete protection of critical assets against advanced attacks.

40

Safeguard WorkloadsQuarantine Infected Workloads and Containers

Identify malicious connections

Reduce misconfiguration risk and increase initial remediation efficiency by nearly 90%

Isolate workloads or containers

41

Discovery to Complete Protection in Just a Few ClicksCloud Workload Security (CWS) and Virtual Network Security Platform (vNSP)

Threat Prevention

Behavioral Detection

IntrusionPrevention

ApplicationWhitelisting

IntegrityMonitoring

Shared Threat Intelligence

Quarantine Workloads

Micro & Nano-segmentation

IntegrityMonitoring

Advanced Memory Protection

42


Visibility


Malware and Viruses



FragmentedPolicy

ManagementUnified Policy Management

and Reporting

43

Simplify

§ Single security policy, single pane of glass console management across data center and public and private clouds with McAfee ePO.

§ Automated policy management across all on-premise and off-premise infrastructure.

§ APIs, automation and integration with Cloud tools e.g. Chef, Puppet.

§ Efficient security management keeps operational expenses under control.

§ Security smart enough to scale up and scale down with the load.

Efficiently manage all security policies across on-premise and public, private and hybrid cloud environments.

McAfee ePO

Device Security | Data ProtectionSecurity Operations Center

Network & Web Security | Cloud Workloads Security

Native Security

McAFEE

McAfee, the McAfee logo are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries.Other names and brands may be claimed as the property of others. Copyright © 2017 McAfee LLC.

How to Enable Secure Cloud Transformation · Cloud tools e.g. Chef, Puppet. § Efficient security management keeps operational expenses under control. § Security smart enough to

Documents