More Related Content Similar to [Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux (20) [Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux2. Agenda
• Algunas definiciones
• IBM Security Framework & Portfolio
• Personas - Enterprise Single Sign On.
• Network – VSAFE
• Storage – FastBack
2 © 2012 IBM Corporation
3. Activos Digitales
• Activo es un bien tangible o intangible que tiene una
persona o empresa, mediante el cual se obtienen
beneficios económicos.
• En todas las organizaciones, en mayor o medida de
acuerdo a su actividad, los datos son un activo (activo
digital).
• La Seguridad Informática y la Seguridad de la
Información tienen la misión de proteger este tipo de
activos intangibles, a la vez que los mantienen
accesibles para quienes deben utilizarlos.
3 © 2012 IBM Corporation
4. Para pensar .…
• Clasificar los datos (en fx continuidad del negocio).
• Amenazas y Vulnerabilidades.
• Gestión de Riesgos:
– Evitar (no instalar una fábrica en zona sísmica).
– Reducir (construcciones antisísmicas, instalaciones ignífugas, planes
de contingencia, generadores de energía).
– Retener (muy común – aceptar las consecuencias del riesgo –en
gral. por falta de alternativas, o por inconciencia => involuntario).
– Transferir (contratar un seguro).
• La seguridad es Proceso Continuo.
• Los errores se miden por sus consecuencias.
4 © 2012 IBM Corporation
6. IBM Security Framework
Security Governance,
Security Governance, SIEM (Security Intelligence,
SIEM (Security Intelligence,
Risk & Compliance
Risk & Compliance Enterprise Compliance)
Enterprise Compliance)
Identity and
Identity and Identity Management
Identity Management
Access Management
Access Management
Access Management
Access Management
Data Data Loss Prevention
Data Loss Prevention
Data
Security
Security
Encryption and Key
Encryption and Key Messaging Security
Messaging Security
Lifecycle Management
Lifecycle Management
E-mail
E-mail Database Monitoring and
Database Monitoring and
Security
Security Data Masking
Data Masking
Protection
Protection
App Vulnerability Scanning
App Vulnerability Scanning
Application Security
Application Security Web Application Firewall
Web Application Firewall
App Source Code Scanning
App Source Code Scanning
Web // URL
Web URL Access and Entitlement
Access and Entitlement SOA Security
SOA Security
Filtering
Filtering Management
Management
Vulnerability
Vulnerability
Infrastructure Security
Infrastructure Security Mainframe Security
Mainframe Security
Assessment
Assessment
Intrusion Prevention
Intrusion Prevention
Threat Assessment
Threat Assessment Web/URL Filtering
Web/URL Filtering System
System
Note: Unlike the IBM
heterogeneous security Firewall, IDS/IPS, Security Event
Security Event Virtual System Security
Virtual System Security
framework, Oracle focuses on MFS, End Point Mgmt. Management
Management
the people level and (partially)
the compliance, data, and IBM Kassel content security team
application levels only. Managed Security Services
2,000+ security engineers in 11 centers
6 © 2012 IBM Corporation
7. IBM's security portfolio…
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IBM Security Portfolio
IT Security / Compliance Analytics & Reporting
QRadar QRadar Log QRadar Risk IBM Privacy, Audit and
SIEM Manager Manager Compliance Assessment Services
IT Infrastructure – Operational Security Domains
Security
Consulting
People Data Applications Network
Infrastructure Endpoint
Identity & Access Guardium AppScan Network Endpoint
Management Suite Database Security Source Edition Intrusion Prevention Manager (BigFix)
Managed
zSecure, Server and
Federated Optim AppScan DataPower Services
Virtualization
Identity Manager Data Masking Standard Edition Security Gateway
Security
Native Server
Enterprise Key Lifecycle Security QRadar Anomaly
Security (RACF, IBM
Single Sign-On Manager Policy Manager Detection / QFlow
Systems) X-Force
Data Security Application and IBM
Identity Assessment, Assessment Service Assessment Service Managed Firewall, Research
Unified Threat and Penetration
Deployment and
AppScan OnDemand Intrusion Prevention Testing Services
Hosting Services Encryption and
Software as a Services
DLP Deployment
Service
7 © 2012 IBM Corporation
8. TAM ESSO
• > Seguridad
• > Cumplimiento
• < Costos operativos
• > Productividad
8 © 2012 IBM Corporation
12. Nuevas Amenazas/Riesgos a
partir de la Virtualización
Amenazas Tradicionales Las Amenazas tradicionales
pueden atacar VMs del mismo
Nuevas Amenazas a modo que en los sistemas físicos
entornos Virtuales
Dispersión de VMs
——————————
Dynamic relocation
——————————
Management Robo de VMs
Vulnerabilities
——————————
Secure storage of VMs
and the management
DATA
—————————— Recursos Compartidos
Requires new ——————————
skill sets Punto único de falla
Stealth rootkits
in hardware now
possible
——————————
Virtual NICs & Virtual
Hardware are targets
MAS COMPONENTES = MAYOR EXPOSICION
1212
© 2012 IBM Corporation
13. Desafíos de la Seguridad para
Entornos Virtuales
Nuevas Vulnerabilidades
259 new virtualization vulnerabilities over the last 5 years
New attack types (e.g. Hyperjacking, hypervisor escape, VM attacks)
Mayor Superficie de Ataque
Virtual endpoints have same security challenges as their physical counterparts
Virtualization management systems provide new attack vector
Hypervisor itself is an attack vector
La mayor flexibilidad puede aumentar los riesgos de seguridad
Migration of VMs for load balancing can make them more difficult to secure
Ease of addition of VMs increases likelihood that insecure systems will go online
Malicious insiders can inflict massive damage very quickly
13 © 2012 IBM Corporation
14. Desafío: Proteger el Hypervisor
Vuln
Vuln
vCenter
Admin clients
vCenter
Admin clients
Vuln
Vuln Vul
Vul
vCenter
vCenter n
servers
servers
Vuln
Vuln Service
Service
Console
Console Unprotected VM
Vul
Vul Virtual
Virtual
Privileged n
n Devices
Devices
Privileged
Access
Access
Vuln
Vuln
14 © 2012 IBM Corporation
15. Desafío: Pérdida de visibilidad
en la red virtual
Unauthorized
communication
Attacks through
authorized
communication
channels.
15 © 2012 IBM Corporation
16. Desafío: Seguridad Contínua
luego de Migraciones de VM
Physical Host Physical Host
VM
VM VM
VM VM
VM VM
VM VM
VM
vSwitch
vSwitch vSwitch
vSwitch vSwitch
vSwitch vSwitch
vSwitch
16 © 2012 IBM Corporation
17. Desafío: Dispersión de Virtual
Machines
• Dispersión de VMs: VMs obsoletas o maliciosas, proliferan en los ambientes virtualizados.
• Controlar la dispersión de VMs a través de auto-discovery
• Detectar nuevas VMs en el momento en que pretender ser activadas
VM VM mal
VM VM
descono- intencio-
Conocida Conocida
cida nada
Hypervisor Hypervisor
17 © 2012 IBM Corporation
18. IBM Security Virtual Server
Protection for VMware
Helps customers to be more secure, compliant and cost-effective by delivering integrated and
optimized security for virtual data centers.
VMsafe Integration
Firewall and Intrusion
Prevention
Rootkit Detection/Prevention
Inter-VM Traffic Analysis
Automated Protection for
Mobile VMs (VMotion)
Virtual Network Segment
Protection
Virtual Network-Level
Protection
Virtual Infrastructure
Auditing (Privileged User)
Virtual Network Access
Control
18 © 2012 IBM Corporation
19. Desafío: Proteger el Hypervisor
Hypervisor-Integrated
Security
Traditional Agent-based
Security
Vuln
Vuln
vCenter
Admin clients
vCenter
Admin clients
Vuln
Vuln Vul
Vul
VM Mgmt
VM Mgmt n
n
Servers
Servers
Vuln
Vuln
Service
Service Unprotected VM
Console
Console
Effectively Protect Virtual
Virtual Vul
Vul
Devices n
n
the Platform by Privileged
Privileged
Access
Access
Devices
Securing Common
Vul
Entry-Points Against Vul
n
n
Attackers:
– Combination of
traditional software and
physical devices
– Central management
provides single pane-of-
glass for maximum Vul
Vul
situational awareness n
n
– Coverage for
vulnerabilities arising
from software bugs and
mis-configuration
Network Security
19 © 2012 IBM Corporation
Appliance
20. Desafío: Pérdida de visibilidad
en la red virtual
Unauthorized
communication
between is prevented
Security Virtual
Machine –
Integrated with
the Hypervisor
Attacks through
authorized
communication
channels are stopped.
20 © 2012 IBM Corporation
21. Desafío: Seguridad Contínua
luego de Migraciones de VM
Maintain security posture Abstraction from underlying
regardless of the VM’s physical physical servers provides
host dynamic security optimized for
Security Admin Console mobility
Physical Host Physical Host
SVM
SVM VM VM VM VM VM SVM
SVM
VM VM VM VM VM
Network
Network
Introspection
Introspection Network
Network
API
API vSwitch
vSwitch vSwitch
vSwitch vSwitch
vSwitch vSwitch
vSwitch Introspection
Introspection
API
API
21 © 2012 IBM Corporation
22. Desafío: Dispersión de Virtual
Machines
• VM Sprawl: Obsolete or rogue VMs proliferating in the virtualized environment
• Control VM sprawl through Automatically quarantine
auto-discovery of assets from network
• Detect new VMs as they
1.Detect VMs automatically
come on-line 2.Assess security posture Apply relevant security
policy
Known Known
Known Unknown Rogue
Rogue SVM Guest Guest
SVM Guest Guest
VM
VM
VM VM
VM VM
Hypervisor Hypervisor
• Assess security
posture
• Ensure only approved
VMs gain network
access
22 © 2012 IBM Corporation
23. Tres razonables para proteger
infraestructuras virtualizadas
Necesidad Cómo ayuda IBM Virtual Server Protection for VMware®
Mitigar los nuevos Provee protección
riesgos y complejidades dinámica para cada capa
introducidas a partir de de la infraestructura virtual
la Virtualización
Mantener cumplimiento Ayuda a mantener cumplimiento
de regulaciones y aportando seguridad y reportes
estándares propios de la infraestructura virtual
Aumenta el Retorno de la
Ediciencia Operativa
Inversión (ROI) de la
infraestructura virtual
23 © 2012 IBM Corporation
24. Aumento del ROI de la
infraestructura virtualizada
• Automated Protection as each • Less management overhead eliminates
VM comes online redundant processing tasks
– Automatic Discovery – One Security Virtual Machine (SVM) per
– Automated vulnerability assessment physical server
– IBM Virtual Patch® technology – 1:many protection-to-VM ratio
• Non-intrusive – CPU-intensive processing removed from
– No reconfiguration of the virtual network the guest OS and consolidated in SVM
• Centralized Management
– No presence in the guest OS
• Improved stability – IBM Proventia® Management
SiteProtector™ system
• More CPU/memory available
– IBM Tivoli Endpoint Manager
for workloads
• Decreased attack surface
• Protection for any guest OS
– Reduction in security agents for
multiple OSs
24 © 2012 IBM Corporation
24
25. VSP vs Host Based virtualizadas
Host-Based Agent Virtual Server Protection
Firewall functions only in the
Firewall functions only in the Firewall enforces virtual
Firewall enforces virtual
Isolation
Isolation context of the VM
Isolation
Isolation network-wide policy
context of the VM network-wide policy
Secures all virtual machines
Secures all virtual machines
Attack Prevention
Attack Prevention Requires agent to be present
Requires agent to be present Attack Prevention
Attack Prevention automatically
automatically
Security is impacted by VM
Security is impacted by VM Security is not impacted by
Security is not impacted by
VM State
VM State state change
VM State
VM State VM state change
state change VM state change
Policy is enforced outside of
Policy is enforced outside of
Policy is enforced only within
Policy is enforced only within
Security Policies
Security Policies the VM
Security Policies
Security Policies the VM and irrespective of the
the VM and irrespective of the
the VM VMs location
VMs location
25 © 2012 IBM Corporation
32. “Generating Higher Value at IBM” includes selected references to certain non-GAAP financial measures that are made to facilitate a comparative
view of the company's ongoing operational performance. For information about the company's financial results related to (i) free cash flow
excluding Global Financing Receivables and (ii) operating (non-GAAP) earnings, which are in each case non-GAAP measures, see the company's
Form 8-K submitted to the SEC on January 18, 2011(Attachment II-Non-GAAP Supplementary Materials).