29
1 McAfee MOVE / Endpoint Security Marco Schultes 02.06.2011 Marco Schultes - netlogix Hausmesse LIVE/11

McAfee MOVE & Endpoint Security

Embed Size (px)

Citation preview

Page 1: McAfee MOVE & Endpoint Security

1

McAfee MOVE / Endpoint SecurityMarco Schultes

02.06.2011Marco Schultes - netlogix Hausmesse LIVE/11

Page 2: McAfee MOVE & Endpoint Security

2

Was IST eigentlich McAfee MOVE?

Management for

Optimized Virtual

Environments

2

Page 3: McAfee MOVE & Endpoint Security

3

Aber warum optimiert?

Heutige (AntiVirus)-Applikationen sind nicht für virtuelle Umgebungen programmiert, nicht „hypervisor aware“ und deshalb sehr verschwenderisch im Umgang mit Ressourcen.

Page 4: McAfee MOVE & Endpoint Security

4

MOVE - die neue Plattform zur

Absicherung virtueller Umgebungen„MOVE is a new strategic Platform and NOT a single Product“

McAfeeMOVE

Platform

AV for ServerPlug-in

AV for VDI‘sPlug-in

HIPSPlug-in

FileEncryptionPlug-in

SiteAdivsorPlug-in

DeviceControlPlug-in

SIAPartnerPlug-in

Page 5: McAfee MOVE & Endpoint Security

5

AntiVirus OptimierungDie Probleme des Administrators

Page 6: McAfee MOVE & Endpoint Security

6

Problem #1 - Virtuelle Server

“KlassischesAV frisst CPU-Leistung”

CPU & I/O Utilization

IndividuelleServer

KonsolidierteServer

On-Access Scans 3-5% CPU-Last auf individuellen Maschinen

30% mit 10 virtuellen Maschinen

On-Demand Scans 50-70% Last auf individuellenMaschinen

Drei gleichzeitige Scans können den Host in die Knie

zwingen

Page 7: McAfee MOVE & Endpoint Security

7

Problem #2 - Virtuelle Server

“READ-ONLY Images”

• READ-ONLY & Offline Images können nicht gepatchedwerden und keine DAT-Updates erhalten

Hypervisor

Apps

OS

Virtual Machine

Apps

OS

Virtual Machine

Apps

OS

OfflineVirtual Image

Page 8: McAfee MOVE & Endpoint Security

8

Problem #3 - VirtuelleDesktops

“AV-Storming”

OrganisatorischeProbleme

• Kapazitätsplanung

• Zeitplanung

• VM-Dichte auf demHypervisor

• VerschiedeneManagement-Oberflächen

Page 9: McAfee MOVE & Endpoint Security

9

Client

Virtual Desktop

McAfee MOVE-AV für Server und VDI

ePO

Client

Virtual Desktop

Hypervisor

VM

OS

Applications

MOVE

MOVE Virtual Appliance

Off-load Processing

McAfee ePO

VM

OS

Applications

MOVE

MOVE AV for VDI’s•On-Access Scanning (OAS)•On-Demand Scanning (ODS) (angekündigt)•Updates nur auf MOVE Virtual Appliance nötig

MOVE AV for Virtual Servers• Scan basierend auf Hypervisor-Auslastung•On-Demand Scanning (ODS)•Offline Scanning (OVI)•On-Access Scanning (OAS) (angekündigt)

Page 10: McAfee MOVE & Endpoint Security

10

Features

Effizientes Security-Management

– Volle ePO-Integration

– Hypervisor-unabhängig (VmwareESX / Citrix XenServer / MS HyperV(angekündigt)

– Offline Virenscan

– Hypervisor-lastabhängig

– Security Dashboards/Reports per Hypervisor

Page 11: McAfee MOVE & Endpoint Security

11

McAfee MOVEEin technischer Überblick

Page 12: McAfee MOVE & Endpoint Security

12

Optimiertes File Scanning

1. Lokaler Scan Cache

2. Globaler Scan Cache

3. File scannen

4. Artemis Anbindung

Hypervisor

Artemis

Scan Engine

abc

def

g i

abc

def

g i

abc

def

g i

ac

def

g i

1

2

3

4

Page 13: McAfee MOVE & Endpoint Security

13

Advanced File Caching

• Reduziert den Scan Overhead

– Durch effizienten Einsatz von Caches

– Lokaler Scan Cache auf der VM

– Globaler Scan Cache auf der Scan Engine

Hypervisor

MOVE Server

ePO Server

Cache Synchronization Protocol

Scan Engine

abc

def

g i

abc

def

g i

abc

def

g i

abc

def

g i

Page 14: McAfee MOVE & Endpoint Security

14

Traditionelles AV vs. MOVE AV

Page 15: McAfee MOVE & Endpoint Security

15

McAfee Plattform-Test auf Citrix XenServer

A/V within the guest Offloading A/V with MOVE

Memory Consumption (per VM)

60-120MB+ ~20MB

Peak CPU Usage (per hypervisor)

80-100% <10%

VM Density X 3X

Scanning Resource Utilization

YES NO (Offloaded to Virtual Appliance)

DAT Update Resource Utilization

YES NO (Offloaded to Virtual Appliance)

The product plans, specifications and descriptions herein are provided for information only, subject to change without notice, results may vary and without warranty of any kind, express or implied

Page 16: McAfee MOVE & Endpoint Security

16

MOVE Agent in Action

Page 17: McAfee MOVE & Endpoint Security

17

MOVE Konfiguration

Bis zu 2 Scan-Server können angegeben werden(virtuelle oder physikalische Server)

Page 18: McAfee MOVE & Endpoint Security

18

Security Dashboards / Reports

Page 19: McAfee MOVE & Endpoint Security

19

Hypervisor-aware Scheduler

Page 20: McAfee MOVE & Endpoint Security

20

Verhindert „AV Storming“

Scan wird verhindert, da die Hypervisor-Auslastung zu hoch ist

Page 21: McAfee MOVE & Endpoint Security

21

Zusammenfassung

• Erhöhen der virtuellen Server Security mitminimalen Performance-Auswirkungen

• Aktivieren von VDI Security bei gleichzeitighoher VM Dichte pro Hypervisor

• (Zeit-)Einsparungen durch vereinfachteszentrales Management über ePO

• Unabhängig vomHypervisor

– ESX / XenServer / Hyper-V

Page 22: McAfee MOVE & Endpoint Security

22

McAfee Data Protection

Page 23: McAfee MOVE & Endpoint Security

23

McAfee Data Protection

Data Loss

Prevention

Data Loss

Prevention

Device

Control

Device

Control

Encrypted

USB

Encrypted

USB

Endpoint

Encryption

Endpoint

Encryption

McAfee Endpoint EncryptionFull disk, mobile device, and file and folder encryption coupled with strong authentication

McAfee Data Loss PreventionFull control and absolute visibility over user behavior

McAfee Encrypted USBSecure, portable external storage devices

McAfee Device ControlPrevent unauthorized use of removable media devices

McAfee Total Protection™for Data

Integrated technologies for total data protection

Page 24: McAfee MOVE & Endpoint Security

24

SC Magazine

Data Breaches Don’t Discriminate

“DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor…”

“Royal London Mutual Insurance Society loses eight laptops and the personal details of 2,135 people”

“The FSA has fined Nationwide £980,000 for a stolen laptop”

“Personal data of 600,000 on lost laptop”

“ChoicePoint to pay $15 million over data breach—Data broker soldinfo on 163,000 people”

Page 25: McAfee MOVE & Endpoint Security

25

Challenge

How best to protect confidential corporate data on mobile devices from loss, theft, or exposure to unauthorized parties?

– Laptops lost or stolen in airports, taxis and hotels cost companies an average of $49,2461

– 36% of data breaches were due to lost or stolen laptop computers

• Average cost is $6.75 million per breach2

– Best practices: “Ensure that portable data-bearing devices…are encrypted”2

– “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if encrypted or destroyed”3

– Staying out of the news

1 Ponemon2 Ponemon, 2009 Cost of a Data Breach3HIPAA DHHS Guidance 2009

Page 26: McAfee MOVE & Endpoint Security

26

McAfee Endpoint Encryption

You need

• Encryption for laptops, desktops, and mobile devices with the flexibility to choose full disk or file and folder encryption

• Confidence in integrity of sensitive data when a device is lost or stolen

• Safe Harbor protection

McAfee offers

• Broad support for laptops, desktops, and mobile devices

• Full audit trails for compliance & auditing needs

• Support for multiple strong authentication methods

• Certifications: FIPS 140-2, Common Criteria Level 4 (highest level for software products), BITS, CSIA, etc.

Data Loss PreventionData Loss Prevention

DeviceControlDeviceControl

Encrypted USBEncrypted USB

EndpointEncryptionEndpointEncryption

Page 27: McAfee MOVE & Endpoint Security

27

Solution: Full Disk Encryption

Why encrypt?

– Every disk drive in an organization eventually leaves said organization

• Natural retirement/replacement

• Loss

• Theft

– Knowing what sensitive information is on a given drive is difficult

• Avoids having to classify data to decide what to protect

– Applications use a myriad of “hidden” temp files that contain your data

Data protection made easy

– Simple to deploy

– Nearly transparent user experience

Page 28: McAfee MOVE & Endpoint Security

28

Solution: Full Disk Encryption

Full Disk Encryption

• No data access without proper authentication

• Complete, proven protection against loss and theft

• Extensible complement to other data protection technologieslike file encryption, encrypted USB drives, and DLP

How does it work?

• Disk drive is fully encrypted, sector A through sector Z

• As new information is created, it is encrypted on-the-fly

• A unique, per-device recovery token is used tohandle normal “lost password” situations

Page 29: McAfee MOVE & Endpoint Security

29

Security Details Matter

CC EAL 4 and FIPS 140-2 Level 2 validation

– Proves the security level by an independent body

AES 256-bit encryption

– Encryption on-the-fly using strong algorithms

Up to three-factor authentication

– McAfee Endpoint Encryption offers a strong pre-boot authentication

– Support for various smart cards, USB tokensand biometric devices

ePO compliance reporting and deployment

– Identify non-encrypted machines

– Deploy using McAfee ePO

Business continuity

– McAfee Endpoint Encryption offers offline challenge-response recovery

– Reduce costs using our local user self-recovery (questions + answers)