Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates

1 Phone: 650-681-8100 / email: [email protected] 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040

Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates Tim Grance, Senior Computer Scientist, NIST Sushant Rao, Product Management Director, HyTrust Curtis Salinas, Systems Engineer, HyTrust

© 2012, HyTrust, Inc. www.hytrust.com

2

Security and Compliance Will Be Key to Virtualizing the Next 50% of the Data Center  

Discussion

  Growth depends on virtualizing mission critical workloads

  Virtualization platform provides basic security: OK for non-critical workloads

  Tier 1/2 workloads have higher security, compliance needs

  Purpose-built solutions needed

© 2012, HyTrust, Inc. www.hytrust.com

3

Privileged Users Can Have Huge Impact

Percentage of breached companies who lost customers as a result of the breach

Percent of all breaches that involved privileged user misuse

Percentage of companies that have experienced a data breach

— Verizon report, 2010

— IT Compliance Institute

— IT Compliance Institute

48%

74%

87% Shionogi & Co: $3.2B pharmaceutical company Laid off IT admin: •  Logged in remotely to vSphere from

local McDonald’s WIFI •  Deleted 88 virtual production servers •  Took down email, order entry, payroll,

BlackBerry, & other services •  Caused $800K damage

© 2012, HyTrust, Inc. www.hytrust.com

4

Expert Consensus on Virtualization Best Practices

4 © 2012, HyTrust, Inc. www.hytrust.com

* NIST SP 800-125: Guide to Security for Full Virtualization Technologies ** PCI-DSS 2.0 Information Supplement – Virtualization Security *** Neil MacDonald, vice president and Gartner fellow

•  “Enforce least privilege and separation of duties”

•  “It is critical that independent monitoring of all activities be enforced”

•  “Require multi-factor authentication for all administrative functions.”

•  “Administrative access to the hypervisor/VMM layer must be tightly controlled”

•  “Restrict and protect administrator access to the virtualization solution.”

•  “Secure each management interface”

•  “Monitor and analyze logs at all layers of the virtualization infrastructure”

5

Secures the administration of the hypervisor & virtual infrastructure:   Enforces consistent access and

authorization policies covering all access methods

  Provides granular, user-specific, audit-quality logs

  Enables strong, multi-factor authentication

  Verifies platform integrity, ensuring the hypervisor is hardened and the virtual infrastructure is trusted

HyTrust Appliance Provides Necessary Controls to Confidently Virtualize Mission-Critical Applications

5 © 2012, HyTrust, Inc. www.hytrust.com

Provides complete visibility into and control over who accesses the infrastructure, the integrity of the infrastructure, and the validity of the changes requested.

6

HyTrust’s Unique Role in Virtual Infrastructure Security

© 2012, HyTrust, Inc. www.hytrust.com

7

Major Partners Trust HyTrust

© 2012, HyTrust, Inc. www.hytrust.com

HyTrust is key "go to" partner for vSphere security and compliance

HyTrust is part of CA Access Control for Virtual Environments

HyTrust is the platform security solution - access control and auditing - for vBlock

HyTrust reporting and controls being integrated with Symantec CCS

HyTrust is part of Intel's trusted cloud architecture based on TXT

HyTrust event reporting and TXT integration being integrated with McAfee ePO

HyTrust provides native integration with SecurID and enVision

HyTrust provides combined reporting with Trend's Deep Security product

8

  Admin compliance and controls essential for mission critical workloads

  Capabilities not available from the virtual infrastructure   Granular, audit-quality administration logs   Granular, consistent privileged user and VM control policies   Multi-tenancy logical segmentation

  Trusted by market leaders

  Key component of major partners’ solutions

Virtualize More With HyTrust

8 © 2012, HyTrust, Inc. www.hytrust.com

9 Phone: 650-681-8100 / email: [email protected] 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040

NIST Special Publication (SP) 800-125

Guide To Security for Full Virtualization Technologies

Recommendations of the National Institute of Standards and Technology

Tim Grance Senior Computer Scientist in the Computer Security Division

10

Disclaimer

Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best

available for the purpose.

11

Agenda

 What is SP 800-125  Why virtualization  Full virtualization  Security concerns  Recommendations for Security for full virtualization technologies  Summary  Questions and answers  Resources

12

SP 800-125

 Full Virtualization technologies  Server and desktop virtualization  Security threats  Security recommendations for protecting full virtualization

13

Why Virtualization?

 Reduce hardware footprint  More efficiency  Reduce energy, operations, and maintenance costs, e.g., disaster

recovery, dynamic workload, security benefits, etc.  Consolidation

14

Forms of Virtualization

 Simulated environment  Not cover OS and application virtualization  Full virtualization – CPU, storage, network, display, etc  Hypervisor and host OS  Virtual Machine (VM) – Guest OS

 Isolated  Encapsulated  Portable

15

Full Virtualization

 Bare metal virtualization  Hosted virtualization  Server virtualization  Desktop virtualization

16

Virtualization and Security Concerns

 Additional layers of technology  Many systems on a physical system  Sharing pool of resources   Lack of visibility  Dynamic environment  May increase the attack surface

17

Recommendations for Security for Full Virtualization Technologies

 Risk based approach  Secure all elements of a full virtualization solution and perform

continuous monitoring  Restrict and protect administrator access to the virtualization solution  Ensure that the hypervisor is properly secured  Carefully plan the security for a full virtualization solution before

installing, configuring, and deploying it

18

Summary of Threats and Countermeasures

  Intra-guest vulnerabilities  Hypervisor partitioning

  Lack of visibility in the guest OS  Hypervisor instrumentation and monitoring

 Hypervisor management  Protect management interface, patch management, secure configuration

 Virtual workload security  Management of the guest OS, applications, data protection, patch

management, secure configuration, etc

 Virtualized infrastructure exposure  Manage access control to the hardware, hypervisors, network, storage,

etc.

19

Resources

  Presidential Memorandum, June 10, 2010, Disposing of Unneeded Federal Real Estate, is available on the following Web page: http://www.whitehouse.gov/the-press-office/presidential-memorandum-disposing-unneeded-federal-real-estate

  NIST publications that provide information and guidance on planning, implementing and managing information system security and protecting information include:  Federal Information Processing Standard (FIPS) 199, Standards for Security

Categorization of Federal Information and Information Systems  NIST Special Publication (SP) 800-37 Revision 1, Guide for Applying the Risk

Management Framework to Federal Information Systems: A Security Life Cycle Approach  NIST SP 800-53 Revision 3, Recommended Security Controls for Federal Information

Systems and Organizations  NIST SP 800-61 Revision 1, Computer Security Incident Handling Guide  NIST SP 800-64 Revision 2, Security Considerations in the System Development Life

Cycle  NIST SP 800-88, Guidelines for Media Sanitization  NIST SP 800-115, Technical Guide to Information Security Testing and Assessment  NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable

Information (PII)

  For information about these NIST standards and guidelines, as well as other security-related publications, see NIST’s Web page http://csrc.nist.gov/publications/index.html

20

HyTrust Fills Critical Platform Access Gaps

© 2012, HyTrust, Inc. www.hytrust.com

Virtualization Platform Gap HyTrust Solution

Multiple administrators can log into hosts anonymously by sharing a root account

Uses root password vaulting (check-in/out) to ensure admins are individually accountable

An admin can bypass vCenter access controls and logging by connecting directly to hosts

Controls and logs access via any connection method, creating accountability

An admin can access another organization’s virtualized workloads in multi-tenant environments

Ensures that admins can only access their own organization’s data and applications, enabling secure multi-tenancy

Platform allows access via default password or compromised admin password

Prevents use of default passwords and supports multi-factor authentication to stop unauthorized access

A current or terminated admin can connect to the platform undetected using a backdoor account

Controls and logs access to every admin account, preventing major security breaches

21

HyTrust Fills Critical Platform Authorization Gaps

© 2012, HyTrust, Inc. www.hytrust.com

Virtualization Platform Gap HyTrust Solution

An administrator can shut down any virtualized application or switch

Protects business continuity by controlling what resources an admin can manage

An admin can create unapproved VMs, with negative operations or compliance impacts

Prevents damaging outcomes by controlling VM creation privileges

An admin can disable security such as virtualized firewalls and antivirus

Preserves security by blocking unapproved shutdowns of virtual security measures

An admin can copy sensitive data from a VM to external storage

Keeps sensitive data confidential by applying controls to virtual resources

An admin can replace a critical VM with a compromised copy while leaving no tracks

Exposes tampering by creating a permanent, unchangeable record of every operation

An admin can move a low trust virtualized workload to a high trust server or virtual subnet, and vice versa

Mitigates security and compliance risks by preventing mixing of trust levels

22

HyTrust Fills Critical Log Data Gaps

© 2012, HyTrust, Inc. www.hytrust.com

Log Data Provider

Data for Allowed Operation (example)

Data for Denied Operation (example)

Usability and Productivity

Virtualization Platform

User: root Time/date Target resource name, URL Operation executed

none • Separate log files for vCenter and each host server

• Different log formats for vCenter vs. hosts

HyTrust All of the above, plus: • User ID • Source IP address • Resource reconfigured • Previous resource state • New resource state • Label (Production) • Required privileges • Evaluated rules/

constraints

• User ID • Date/time • Source IP address • Operation requested • Operation denial • Target resource name,

IP address, port, and protocol

• Required privileges • Missing privileges • Evaluated rules/

constraints

• Consolidated, centrally managed logs covering vCenter and all hosts

• Single, uniform format for combined vCenter and host log data

• Logs sent to central repository or SIEM via syslog

23 Phone: 650-681-8100 / email: [email protected] 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040

HyTrust In Action – Live Demo

24

Visibility

• Authentication • Logging

Control

• Role-Based Access Control

• Policy

Validation

• Configuration Assessment & Remediation

HyTrust is a Critical Component in Virtualizing Mission-Critical Applications

24 © 2012, HyTrust, Inc. www.hytrust.com

25

Thank You!

© 2012, HyTrust, Inc. www.hytrust.com

Questions and Answers