Beruflich Dokumente
Kultur Dokumente
Disclaimer
This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these
been determined.
CONFIDENTIAL
Modern SaaS
Data Center
Any Application
Custom Application
L2/L3 or
Proprietary Network
Opex/Capex = $$$$
Innovation = HW design cycle
Security
Fault Isolation
Service Chaining
Discovery
Load balancing
Security
Fault Isolation
Service Chaining
Discovery
Load balancing
IP Network
Opex/Capex = $
Innovation = SW design cycle
CONFIDENTIAL
Internet
CONFIDENTIAL
CONFIDENTIAL
Internet
CONFIDENTIAL
Internet
CONFIDENTIAL
Internet
CONFIDENTIAL
4 of 5
Leading global
CONFIDENTIAL
CONFIDENTIAL
10
2010
2011
IT Spend
Security Spend
2012
2013
Security Breaches
CONFIDENTIAL
12
A Modern Attack
Malware/attack vectors tested against known signatures & are often VM-aware
1 PREP
1
Human Recon
2
Attack Vector R&D
3
Primary Attack
CONFIDENTIAL
13
2 INTRUSION
Strain B
Dormant
4
Compromise
Primary Entry Point
(Phishing, Waterholes, etc.)
Strain A
Active
Install Command
& Control I/F
CONFIDENTIAL
14
Leverage hyper-connected computing base, accessible topology info & shared components
3 RECON
8
Install C2 I/F
Wipe Tracks
Escalate Priv
Strain A
Active
6
Escalate Privileges on
Primary Entry Point
Lateral
Movement
8
CONFIDENTIAL
15
4 RECOVERY
Strain C
Dormant
Strain B
Active
Strain A
Active
Attack
Identified
Response
CONFIDENTIAL
16
5 ACT ON INTENT
10
Break into
Data Stores
11
Parcel &
Obfuscate
6 EXFILTRATION
12
13
Exfiltrate
Cleanup
CONFIDENTIAL
17
13
Cleanup
CONFIDENTIAL
18
3RECON
4 RECOVERY
5 ACT ON INTENT
6EXFILTRATION
1
Recon
2
Attack Vector R&D
3
Primary Attack
4
Compromise
Primary Entry
Point
Strain A
Active
Strain C
Dormant
Install C2 I/F
Wipe Tracks
Escalate Priv.
Strain B
Dormant
6
Escalate Privileges on
Primary Entry Point
Lateral Movement
Strain B
Active
10
11
12
Exfiltrate
13
Cleanup
Attack
Response
Identified
CONFIDENTIAL
19
CONFIDENTIAL
21
Internet
Internet
Little or no
lateral controls
inside perimeter
Insufficient
Operationally
Infeasible CONFIDENTIAL
22
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
23
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
24
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
25
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
26
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
27
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
28
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
29
Cloud
Management
Platform
Internet
Perimeter
Firewalls
CONFIDENTIAL
30
Too Hot
Too Cold
CONFIDENTIAL
32
High Context
Low Isolation
Any Application
SDDC Platform
Data Center Virtualization
Any x86
No Ubiquitous Enforcement
Any Storage
Any IP network
High Isolation
Low Context
CONFIDENTIAL
33
Any Application
SDDC Platform
Data Center Virtualization
High Context
High Isolation
Ubiquitous Enforcement
Any x86
Any Storage
Any IP network
CONFIDENTIAL
34
Vulnerability Management
Malware Protection
Network Protection
35
Thank You
NET3305-S