Trust in the Cloud Zajištění bezpečnosti virtuálního datacentra a jeho souladu s předpisy a zákony
Ivan Svoboda RSA, The Security Division of EMC
© Copyright 2011 EMC Corporation. All rights reserved.
1
© Copyright 2013 EMC Corporation. All rights reserved.
2
New Threat Vectors
© Copyright 2011 EMC Corporation. All rights reserved.
3
Cloud threats: examples
© Copyright 2011 EMC Corporation. All rights reserved.
4
Careers @ Risk
© Copyright 2013 EMC Corporation. All rights reserved.
5
Cloud a Důvěra
© Copyright 2012 EMC Corporation. All rights reserved.
6
Hlavní změny na cestě ke cloudu Enterprise IT Trusted Controlled Reliable Secure
Private Cloud
Virtualizace
Public Cloud Simple Low Cost Flexible Dynamic
Důvěra
Infrastructure
Availabilit y
Security Private CloudPerforman ce
99.99% © Copyright 2012 EMC Corporation. All rights reserved.
High
0.2ms
Cost
$500K 7
Hlavní změny na cestě ke cloudu: krok 1 Bezpečnost virtualizace / privátní cloud
DOHLED (SIEM, DLP, GRC, …)
Virtual Datacenter 1 DMZ
Síťová bezpečnost Fyzická bezpečnost
Firma A
DMZ
PCI
HIPAA
Virtual Datacenter 2 Test
Dev
FW, AV, IDS, IPS, VPN, AAA, …
ERP
HR
© Copyright 2012 EMC Corporation. All rights reserved.
8
Hlavní změny na cestě ke cloudu: krok 2 Bezpečnost cloudu
DŮVĚRA (Trust = Visibility + Control)
Bezpečnost virtualizace / privátní cloud
DOHLED SIEM, DLP, GRC, …
Virtual Datacenter 1 DMZ
Síťová bezpečnost Firma A
Fyzická bezpečnost
DMZ
PCI
HIPAA
Virtual Datacenter 2 Test
Dev
FW, AV, IDS, IPS, VPN, AAA, …
ERP
HR
© Copyright 2012 EMC Corporation. All rights reserved.
9
Bezpečnost v cloudu Řízení (GRC) Pravidla
Rizika
Soulad
Uživatelé (Identity)
Infrastruktura
Data (Procesy)
Dohled (Detection, Visibility, Analysis) Omezení (Controls)
© Copyright 2012 EMC Corporation. All rights reserved.
10
© Copyright 2012 EMC Corporation. All rights reserved.
11
Je to bezpečné ? A je to v souladu ? • Jednoduchá odpověď provozovatele: ANO! – – – –
Na bezpečnost velmi dbáme … Máme implementovánu spoustu firewallů, … Dodržujeme zákony …. Prošli jsme auditem …
„Vidíte dovnitř“? Poznáte útok?
•
Kde jsou Vaše data, kdo k nim přistoupil, co se stalo …
Můžete vynutit pravidla a „změřit compliance“?
• •
Jaká je aktuální realita (technická konfigurace) ? Co přesně je/není splněno ?
Můžete to dokázat/reportovat?
© Copyright 2012 EMC Corporation. All rights reserved.
12
RSA – Sada řešení (nejen) pro virtuální prostředí • Ochrana identit, řízení přístupu, detekce fraudu – Silná dvoufaktorová a multifaktorová autentizace, risk-based – Ochrana proti fraudu
• Ochrana citlivých dat před jejich únikem (DLP) – Na úložištích, na síti, na virtuálních desktopech, BYOD, ...
• Důkladný bezpečnostní monitoring a detekce – Kompletní SIEM 2. generace: Security Analytics: Logy, Pakety, Intelligence
• Archer GRC, zajištění shody s legislativou a interními předpisy – „měření/prokazování compliance“: • VMware (virtuální i fyzická infrastruktura, privátní cloud) • Cloud (compliance podle CSA)
© Copyright 2012 EMC Corporation. All rights reserved.
13
RSA DLP for Virtual Desktops & Applications New Threat Vectors Covered: 1) Copying sensitive data from virtual apps & VDI to physical device 2) Saving files from virtual apps & VDI to physical device
© Copyright 2011 EMC Corporation. All rights reserved.
Key Benefits:
•
No agent on endpoints
•
Freedom & flexibility to BYOD
14
RSA DLP: Enhanced Support for Social Media
Avoid Unauthorized Sharing • Advanced monitoring for posts to popular social media sites • Prevent company confidential information from being leaked RSA DLP monitors & blocks posts to social media sites
Corporate Network
Public Network
© Copyright 2011 EMC Corporation. All rights reserved.
15
Monitor • Log all datacenter actions • Network monitoring • Alerting • Fine grained auditing of activity in the virtual
environment
© Copyright 2011 EMC Corporation. All rights reserved.
16
prevention
detection
© Copyright 2012 EMC Corporation. All rights reserved.
17
How Fast To Detect & Act
99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time
85% of breaches took “weeks” or more to discover
Source: Verizon 2012 Data Breach Investigations Report
© Copyright 2012 EMC Corporation. All rights reserved.
18
RSA Security Analytics: Changing The Security Management Status Quo Unified platform for security monitoring, incident investigations and compliance reporting
SIEM Compliance Reports Device XMLs Log Parsing
RSA Security Analytics
Network Security Monitoring
Fast & Powerful Analytics Logs & Packets High Powered Analytics Intel, Business & IT ContextBig Data Infrastructure Analytics Warehouse Integrated Intelligence
SEE DATA YOU DIDN’T SEE BEFORE, UNDERSTAND DATA YOU DIDN’T EVEN CONSIDER BEFORE
© Copyright 2012 EMC Corporation. All rights reserved.
19
RSA Security Management Compliance Vision Delivering Visibility, Intelligence and Governance
© Copyright 2012 EMC Corporation. All rights reserved.
20
Compliance Dashboard
© Copyright 2012 EMC Corporation. All rights reserved.
22
Use Case: Assessing Cloud Service Providers RISK: Choosing the wrong service provider
Results: Benchmarking vendors based on CSA standards
© Copyright 2012 EMC Corporation. All rights reserved.
23
RSA řešení pro bezpečnost a compliance
„Vidíte dovnitř“? Poznáte útok?
•
Kde jsou Vaše data, kdo k nim přistoupil, co se stalo …
Můžete vynutit pravidla a „změřit compliance“?
• •
Jaká je aktuální realita (technická konfigurace) ? Co přesně je/není splněno ?
Můžete to dokázat/reportovat?
© Copyright 2012 EMC Corporation. All rights reserved.
24
RSA Approach GOVERNANCE
Manage Business Risk, Policies and Workflows
ADVANCED VISIBILITY AND ANALYTICS
Collect, Retain and Analyze Internal and External Intelligence
INTELLIGENT CONTROLS
Rapid Response and Containment
Cloud
© Copyright 2012 EMC Corporation. All rights reserved.
Network
Mobility
25
RSA Approach GOVERNANCE
• RSA Archer eGRC Suite
ADVANCED VISIBILITY AND ANALYTICS
• • • •
INTELLIGENT CONTROLS
Cloud
© Copyright 2012 EMC Corporation. All rights reserved.
RSA RSA RSA RSA
Security Analytics • Spectrum • DLP Suite • SilverTail •
• RSA Adaptive Authentication • RSA Access Manager • RSA SecurID • RSA Transaction Monitoring
Network
RSA RSA RSA RSA
FraudAction CCI eFraud Network NetWitness Live
• RSA Federated Identity Manager • RSA Data Protection • RSA DLP Suite • RSA BSAFE
Mobility
26
RSA Approach Risk-based: Common, flexible platform to manage risk throughout entire enterprise Contextual: Fusion of high-speed analytics and advanced visibility
Agile: Controls that can be quickly adjusted based on changing risk posture
© Copyright 2012 EMC Corporation. All rights reserved.
27
Otázky?
Ivan Svoboda
[email protected] + 420 604 293 394
© Copyright 2012 EMC Corporation. All rights reserved.
28
rsa.com/rsavirtualization
© Copyright 2011 EMC Corporation. All rights reserved.
29
Before: Controlled Network Environment Corporate Users
Managed Devices
Inside the Network
Controlled Access Points
Information on a Network
Network or VPN
Employees Server Applications Remote Managed Device
© Copyright 2012 EMC Corporation. All rights reserved.
30
Today: Any User, Any Device, Anywhere External and Temporary Users
Unmanaged Devices
Employees
Inside the Network
Uncontrolled Access Points
Network VPN Virtual Desktop Mobile Apps Web Browser
Information in Public Cloud and Hosted Applications
Cloud Applications
Contractors Remote Managed Device Partners Server Applications Customers
© Copyright 2012 EMC Corporation. All rights reserved.
BYOD
31
Compliance Cycle with Archer for VMware Control Procedure Knowledge base
Authoritative Source (Regulations , the “why”)
Enterprise Management Device / Manager Import
Control Standard (The generalized “what” i.e. strong authentication)
STANDARDY: CO ?
Control Procedure (The specific “how” for a given technology)
PROCEDURY: JAK ?
Task Distribution Notifications To Device Owners
HyTrust Ionix vShield
DLP enVision
Automated measurement agent Config Status
Events
Feedback Loop
REGULACE: PROČ ?
Notification Of Non Compliance
Deployment and Measurement Cycle Control Procedure Knowledge base
Authoritative Source (Regulations , the “why”) Control Standard (The generalized “what” i.e. strong authentication) Control Procedure (The specific “how” for a given technology)
Enterprise Management Device / Manager Import
Task Distribution Notifications To Device Owners
Security / VI team begins deployment project plan Device data imported and mapped to CP’s Distributes deployment tasks to device owners and receives feedback Measurement ecosystem gathers status and events Device owners notified of any remediation tasks needed Measurement ecosystem feedback confirms / denies “fix”
HyTrust Ionix vShield
DLP enVision
Automated measurement agent Config Status
Events
Feedback Loop
Notification Of Non Compliance
Overall compliance status constantly updated
RSA Archer: Mapping VMware security controls to regulations and standards Authoritative Sources PCI, HIPAA, SOX, CSA, VMware Hardening Guide, etc. “10.10.04 Administrator and Operator Logs”
CxO
Control Standard Generalized security controls “CS-179 Activity Logs – system start/stop/config changes etc.”
Control Procedure Technology-specific control “CP-108324 Persistent logging on ESXi Server”
VI Admin
© Copyright 2011 EMC Corporation. All rights reserved.
34
Integrating RSA Archer & EMC/VMware Measure
Pass the audit
IT INFRASTRUCTURE
ENTERPRISE COMPLIANCE
Standards
IT Assets
Automated Scans
Reports
Database
Data Feed Manager
RSA Archer
CSV
Scan critical IT assets automatically
Import results automatically
Check compliance status
Map to other solutions or policies
Return assessment results
Show relevant reports in dashboard
© Copyright 2011 EMC Corporation. All rights reserved.
35