Edward L. Haletky, TVP Strategy Principal Analyst Mike Foley, VMware vSphere Technical Marketing SER1361BU #VMworld #SER1361BU Security Operations for VMware vSphere with VMware vRealize Log Insight VMworld 2017 Content: Not for publication or distribution
21
Embed
SER1361BU Security Operations for VMware vSphere with or ......1 Introduction –The Why! 2 Users (Admin vs. Root vs. Service Accounts) 3 Shell commands 4 RBAC changes 5 Reconfiguration
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Edward L. Haletky, TVP Strategy Principal AnalystMike Foley, VMware vSphere Technical Marketing
SER1361BU
#VMworld #SER1361BU
Security Operations for VMware vSphere with VMware vRealize Log Insight
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#SER1361BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
4
1 Introduction – The Why!
2 Users (Admin vs. Root vs. Service Accounts)
3 Shell commands
4 RBAC changes
5 Reconfiguration Events
6 Stump the Chump
7 Something Special!
8 Q&A
#SER1361BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The Why!Enact the guidance
VMworld 2017 Content: Not fo
r publication or distri
bution
Mike’s “Why Did We Do This?”
• IT needs have changed
– Need more information to make better decisions
• Security is now on EVERYONES radar
– Need more information to
• avoid security incidents
• analyze them after the fact
• Existing tools have been inadequate
– Logs “sucked”
– SIEM tools are only as good as what you put in them
• But they have no focus on virtualization
6#SER1361BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Edward’s “Why Did We Do This?”
• Existing tools have been inadequate
– …
• Best Practices are difficult to show
– SOC was to show off best practices
• Logs are difficult to read
– Visualization is better
• Bridge between Administrators, Ops, and Security
– We can show security what is happening
– Start of more discussions, everyone on the same page
7#SER1361BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere 6.5 Enhanced Logging
VMworld 2017 Content: Not fo
r publication or distri
bution
Logs Transform in vSphere 6.5
Pre-6.5: Logs used for GSS/Troubleshooting
9
6.5: Logs include VC Events – Audit Quality and Actionable