Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Security Models
SaaS
PaaS IaaS
Organized Crime
Nation States Hacktivists
Agile
Apps Data
Modernization
Growth in
Security Spend
Forecasted Growth in
Overall IT Spend
26%
(since 2014)
10.2%
(since 2017)
4.5%
Playroom
Study
Master
Bedroom
Courtyard
Outdoor Kitchen
Bathroom
Garage
Understanding how your family uses your home, and using that context to shrink your
security posture
Playroom
Study
Master
Bedroom
Courtyard Outdoor
Kitchen
Bathroom
Garage
Detect Threats
Family
Room
Bedroom Room
Kitchen Room
Living Room
Room
Playroom
Room
Study
Master
Room
Bedroom
Courtyard Outdoor
Room
Kitchen
Room
Bathroom
Room
Garage
Monitor
Network
For Threats
Monitor
Endpoint
For Threats
Bedrooms
Bathrooms
Living
Rooms
Kitchens
Deception
Optional Server
HIPS with Protection Strategies
Vulnerability Shielding
Server Workload EDR
Behavioral Monitoring
Important, but often provided
outside of CWPP
IaaS Data at Rest Encryption
Source: Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, March 26th 2018. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those
vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to
©2018 VMware, Inc. this research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 15
Changing the Data Center Security Model
From chasing bad to ensuring good
10010101010011001010010101010101101001
01010100110010100101010101011010010101
01001100101001010101010110100101010100
11001010010101010101101001010101001100
10100101010101011010010101010011001010
01010101010110100101010100110010100101
Processes
Processes
Processes
01010101101001010101001100101001010101
01011010010101010011001010010101010101
Chasing Bad 10100101010100110010100101010101011010 Ensuring Good
01010101001100101001010101010110100101
01010011001010010010101011010010101010
01100101001010101010110100101010100110
75,000,000 OS
01010010101010101101001010101001100101
00101010101011010010101010011001010010
200
10101010101001010101001100101001010101
0101101
Learn Protect
Manifest Manifest
Learn Protect
CI/CD Integration
Runtime Observation
App Templates/Definitions
Machine Learning
Manifest
Intended App
Scope Manifest
State Engine
Manifest
vCenter ESX
Learn Protect
Processes
Processes
Processes
Processes
Processes
Processes
Processes
Processes
Processes
OS OS OS
Protected zone
Learn Protect
Secure Integrated
infrastructure Ecosystem
Snapshot Block/Alarm
Quarantine Network Blocking
Apps Data
Cyber Hygiene
Attack Surface
Micro- Least Encryption Multi-Factor Patching
Segmentation Privilege Authentication
©2018 VMware, Inc. 23
Threat Landscape
Organized Crime
Nation States Hacktivists
Agile
Apps Data
Modernization
Control
Context
Apps Data
SDDC User Access Layer
Virtualization Mobility
Infrastructure
AppDefense TM
NSX® Workspace ONETM
Partner Partner
Guest VM
Service 1 VM Service 2 VM
Deploy Apply Automate
DFW
Provision and monitor uptime Apply and visualize security Automate workflows across
of different services, using one policies for workloads, in best-of-breed services,
method. one place. without custom integration.
Partner Traffic Redirection
Module
NSX Network Virtualization Platform
Partner
Intrusion VDS
Firewall Data Security (DLP) Antivirus DLP Firewall
Prevention
Security Policy Vulnerability Identity and Access
Management Management Mgmt
Server Activity Monitoring VPN (IPSEC, SSL)
…and more in progress
External Network
Perimeter Perimeter
firewall firewall
Mission-A
DB DB
Services Mgmt
DB VLAN
Mission-B
Mission-B Mission-A
Services Mgmt
Services/Management
Group
CONFIDENTIAL
VMware Security Capabilities
Deeper Introspection & Strengthened Ecosystem
vCenter
OpenStack
Cloud File / Binary Proc / Exe Socket L4/5-tuple AppID-UserID
Container
VMware AppDefense
Private Cloud
Apps Data
SaaS
Public Cloud
Sec
Dev Ops
Plan Prevent
Create Continuous Continuous Detect
Improvement Configuration
Adapt
Continuous Monitoring Monitoring Continuous
Integration and Analytics and Analytics Monitoring
Release
Continuous Continuous
Deployment Learning
Verify Respond
Preprod Predict
Continuous Delivery
Source: Gartner,10 Things to Get Right for Successful DevSecOps, Neil MacDonald, October 03 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors
with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this
©2018 VMware, Inc. research, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. 33
Security “Agility” in the view of VMware
Control
Context
Apps Data
SDDC User Access Layer