Tuesday, August 29, 2017

NSX & App Defence: Transform Network Security with MilinDesai @virtualmilin posted by @podoherty

This session will focus on transforming network and security. Christopher Frenz from Interfaith Medical Center starts with the message that healthcare is a target because healthcare records can be used for identity theft. Combine this possibility with an environment that has a lot of legacy applications and you have a very difficult environment to protect. In addition, Medical tends to keep their devices for an extended period of time. For example, wannacry infected a large number of medical devices in the healthcare industry in the US.

One of the misconceptions is that compliance equals security when it should not. Often compliance requirements are dated and should really be viewed as a lowest common denominator. In looking at the challenges in Interfaith's environment they realized that a lot of attacks happened through lateral movement. By leveraging NSX they were able to move to a zero trust environment. Currently VMware has 2,900 customers using NSX.

In adopting NSX, they started with their core network services like DNS because the protocols were understood and easy to configure policies on. From the general widespread services, they went up the food chain to more specialized systems. They are now looking at AppDefense to add an additional level of security beyond creating a zero trust environment. This is part of a more comprehensive defence in depth strategy that they are applying.

AppDefense captures the behaviour of the application as the hypervisor sees all activity related to the virtual machine. In addition, provisioning and application frameworks are queried to understand additional information. Then the virtual machine is profiled to ensure there is a complete understanding of the behaviour of the VM. What you wind up with is a very small number of components that need to be validated. These become the manifest that determines purpose of the VM and what applications are served from it.

AppDefense monitors the guest in realtime against the manifest. This is the AppDefense monitor. If we get a signal of that what is running is not intended you have the option of determining what you want to do. This is done through a response policy.

Centene is invited on stage to delivery there story. In order to make forward progress the customer created a separate Cloud team. While they new the technology they were interested in they could not make progress in the old model. They dedicated a team of four "4" architects and one engineer to be fully focused on Cloud services. There mantra was to ensure everything they delivered to the business was completely automated. To achieve their goals they deployed vRealize Automation along with NSX with a heavy focus on security policies. 

No comments:

Post a Comment