More Related Content
What's hot (14)
Similar to Fadi El Moussa Secure Cloud 2012 V2 (20)
Fadi El Moussa Secure Cloud 2012 V2
- 1. Protecting systems and applications on virtual data centres and in the cloud: challenges, emerging solutions and lessons learnt Dr Fadi El-Moussa - Senior Researcher – Malware Detection and prevention Specialist Dr Theo Dimitrakos – Chief Security Researcher – Head of Security Architectures Research ºÝºÝߣ 1
- 2. Cyber Security: More Important than Ever COMPROMISES THAT CAN BE STOPPED THROUGH PROPER CONFIGURATION AND PATCH MANAGEMENT 90% © British Telecommunications plc ºÝºÝߣ 2
- 3. Cyber Security: More Important than Ever SONY PLAYSTATION –100M CUSTOMERS EXPOSED –20K CREDIT CARDS EXPOSED © British Telecommunications plc ºÝºÝߣ 3
- 4. A different perspective on solving security problems Hypervisor + Security API Better Context Mgmt Issues with traditional protection methods • Protection by running outside OS • Isolated from most malware • Dependent on smaller, trustable codebase of hypervisor Context intermingling • Of protection engines that run in Superior Visibility the same context as the malware they are protecting against • New interactions: CPU, Memory • Real-time interception Limited Visibility • view / modify / aggregate • network / storage / memory • Of OS and application by network- • Context aggregation includes hosted protection solutions • code in memory • Of other contexts by protection • network traffic engines running in a safe context © British Telecommunications plc • process calls ºÝºÝߣ 4
- 5. Intelligent Protection overview Round-trip of protection intelligence Virtual Firewall Core strengths & innovative features Intrusion Prevention • Intercept interactions between the Guest OS and application processes and the physical server • Intercept traffic between the Guest OS and the network Intelligent Protection (Beta) • Detect and stop malware and rootkit at the hypervisor level before they infect the system • Detection system outside the context of the attack: stealthy and more reliable detection Virtual Patching © British Telecommunications plc Anti-malware ºÝºÝߣ 5
- 6. Forthcoming extensions Anti-Malware: • Experimentation with integration of multiple AV virtual appliances and hypervisors • Exploit benefits of context of operation to improve effectiveness of detection • Performance against different obfuscation techniques: combinations of poly/paramorphism, encryption, memory injection, etc. • Performance against different forms of advanced evasion techniques 2 BT patents including extensions of virtual patching to BIOS for devices © British Telecommunications plc ºÝºÝߣ 6
- 7. Forthcoming extensions Beyond the cloud: • Extend applicability to hybrid environments under the same security management offered via a Security Operations Management Portal as a SaaS: • Virtual Data Centre • Cloud • Corporate Servers • Mobile devices (laptops, smart-phones, etc.) 2 BT patents including extensions of virtual patching to BIOS for devices © British Telecommunications plc ºÝºÝߣ 7
- 8. Forthcoming extensions Mega-Honeypot • Information about possible / actual attacks collected even if attacks are blocked • Filter, analyse, correlate information • about frequency / origin / form of attacks • about stability of security patches to OS/Application builds © British Telecommunications plc ºÝºÝߣ 8
- 9. General Considerations and take-away points Strong points: • Hypervisor embedded security controls provide a improvement to the security of servers and applications that run on protected virtual machines. ‘Defence in depth’: Provided at the Hypervisor level • IDS • Firewall • Anti-Malware • Data Leakage prevention • Potential to enhance intrusion prevention within multi-tenancy Cloud architecture. • Flexible (agent-based/-less deployment) allows patches either Server or Hypervisor • Extremely efficient security patch application / removal (almost zero downtime) © British Telecommunications plc ºÝºÝߣ 9
- 10. General Considerations and take-away points Remaining weaknesses: • Does not cover all possible security patches (e.g. Patches relating to internal OS modules or some aspects of application code) • Vulnerability/Patch Mapping / Frequency of updates depend upon effectiveness of Vendor Patch to vulnerability ‘accuracy’. • New security technologies will become target for the ‘next emerging threats’ – Attackers will be targeting hypervisor/security functionality. • May be dependent upon Hypervisor configuration and security management (Cloud Service Provide Administration teams). © British Telecommunications plc ºÝºÝߣ 10
- 11. © British Telecommunications plc ºÝºÝߣ 11
Editor's Notes
- #6: This diagram illustates the use of Vmware Vmsafe API’s – in essence methods for enforcing security functionality at the hypervisor - note the security virtual machine – has policy, firewall, AV and IP engines - Vmsafe enforces this functionallity.Change diagram to provide vShield agents – which communicate with the hypervisor to create closed user group – enforcing security policies for the group or Zone
- #10: Apply patch at VM or Hypervisor – right place but need to decide which part of the system to apply the patch (add a caution note to this point).
- #11: Apply patch at VM or Hypervisor – right place but need to decide which part of the system to apply the patch (add a caution note to this point).