Security at the Speed of Need- Symantec Data Center Security @ RSAC

Security at the speed of need.

Imagine that. Let’s come back to that thought in a moment.

The modern data center has come a long way from the “server room” of twenty-plus years ago. Today, data centers might be hiding inside large, football-field-sized industrial areas, protected by fences and secure physical access. With that size and utilization, companies are working to run their data centers as efficiently as possible: power consumption and cooling come to mind, but virtualization is incredibly important. The widespread use of virtualization is taking us into the era of the software-defined data center (or SDDC).

The software-defined data center introduces many new possibilities for businesses, the key being the ability to power up new workloads supporting their business processes very quickly and easily. Adding new capabilities or capacity is now quite easy and the expectation has changed, from it taking weeks or months to setup and provision new environments to hours or even minutes.

And that brings us back to our original thought. Security at the speed of need.

Security has long been a speed bump in the race to deploy, be it the historical server room up to the modern SDDC. In today’s SDDC, it’s common practice that an application administrator can request an application from a self-service portal and, in a matter of minutes, multiple virtual machines (VMs) could easily be provisioned, deployed, and made available for use. However, security provisioning practices can inhibit that speed. Why is that? Well, let’s consider what happens once an application administrator submits their request for an application: (see Figure 1)

1. The security and server teams must assess the application’s requirements, taking into consideration details such as:
   
   1. Will this workload be public-facing or internal only?
   2. What type of data is involved, e.g. credit card information, healthcare information, etc.?
   3. Are there any compliance issues to factor in?
2. The server team creates the VMs and delivers them to the security team.
3. The security team now sets up policies for each security product such as anti-malware, server hardening, compliance, encryption, firewall settings, etc. based upon the requirements from step 1.

At that point, the application is ready to be deployed to productive use, but depending upon the processes in place to get through those steps above, that deployment might take days or weeks. How do we solve this?

The recently released Symantec’s Data Center Security 6.5 suite of products includes a feature: Operations Director (or OD). Operations Director addresses the security provisioning dilemma by enabling customers to automate and orchestrate security provisioning of anti-malware, hardening, firewall, and network intrusion prevention services at the application-level across VMware environments. Here’s how it works: (Figure 2)

1. When the application request is submitted, OD will determine the security requirements of the application by asking the application requestor a series of questions about the nature of the data in use and the overall service level requirements for the application.
2. Based upon the responses to those questions, OD will determine the required security policies that will sufficiently protect the application. These policies (and the corresponding questions in step (1) are setup ahead of time by the security team in accordance with the organizations security and compliance best practices.  This approach enables the automation of policy-based security settings, thus allowing security to bypass the need to query the application owner for the details they need to determine the appropriate level of security.
3. With the policies determined, once the workload is started, Operations Director will detect the application and apply the appropriate policies on the virtual application by orchestrating the security products required by the workload.
4. Once the security policies are applied, the security and server teams are notified that the application is ready to be added to the production network.

With Operations Director, the request-to-deployment process that previously required manual processes and time spent in meetings or exchanging e-mails can now be accomplished in a matter of minutes – Truly, security at the speed of need.

With the March 2015 release of Symantec’s Data Center Security 6.5, Operations Director can deliver security orchestration for three types of security policies:

1. Anti-malware policies delivered by Symantec Data Center Security : Server
2. Server hardening and host-based intrusion prevention/intrusion detection policies delivered by Data Center Security: Server Advanced
3. Firewall policies using Palo Alto Networks VM series firewall appliances

Operations Director delivers orchestration through REST API based connections with security products and the list of integrated security products and virtualization platforms is growing. However, Operations Director also has built-in integration with VMware NSX, VMware’s SDDC platform. As more security products are certified NSX-compatible, the breadth of security controls Operations Director can orchestrate will automatically expand.

Does the idea of security at the need of speed sound interesting to you?  Let’s talk.

Symantec is a Platinum Sponsor at the RSA Conference, being held April 20 - 24, 2015 at the Moscone Center in San Francisco.

• Attend the “Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain” session (#2067) on Tues, April 21 @ 2:20pm PST at Moscone West 2009
• Stop by the Symantec Booth (#3811) at Moscone North Hall at the RSA Conference Expo. Here, our product management team will demo the new features available in Data Center Security 6.5, including Operations Director,   hardening of Openstack Keystone, and security configuration assessments for Cisco iOS networks.
• Contact your account rep or certified Symantec partner to schedule a demo and learn more.

On April 22nd, we’ll also be presenting a deep dive into the new Data Center Security 6.5 and a sneak preview of the next version. This is available to anyone in the San Francisco area at that time, even if you aren’t attending the RSA Conference.  Register for this session now.