Building the next-generation data center security fortress

August 15, 2014, the 2014-year high-end CIO summit was held in Beijing with the theme of "Everything is interconnected • Yunqi Next Generation". This summit based on the future of all things interconnected network, analysis of the next generation of mobile interconnection security, the next generation of data center security needs characteristics, a comprehensive display of trend technology cloud security dynamic threat of intelligent protection Network and technology products to help users win now, the future of the power of the run-off.

Next-generation data center security: Intelligent optimization

Especially the security of data center is the most important of enterprise security. Data center is the focus of information resources, the most frequent exchange, but also a lot of security incidents, and threats to protect any omissions can lead to irreparable damage. As the data center evolves from a physical server core to virtualization and cloud computing, and is entering the next generation of software-dominated data centers, security management around its perimeter and internal changes needs to be updated.

Trend technology is going through the "adaptive, perceptual, software, platform-oriented" innovation technology and deep security products, work together with data center managers to complete the next generation of data center safety should be implemented intelligent optimization functions. The deep security for virtualization completely abandons the concept of traditional anti-virus, starting with the protection of the underlying virtualization, and its savings in resource consumption enables organizations to significantly increase the density of virtual machines, thereby reducing the capital expenditure (CAPEX) and operating expenses (OPEX) of the enterprise. Second, deep security, based on software-defined safety architecture design, is seamlessly docked with VMware NSX via SDN interface Technology, which allows security policy to move freely from the internal private cloud to the public cloud platform, allowing administrators to automatically track resources quickly and at a high level. And keep it up to date with the security status.

At the same time, security is not a problem that a manufacturer can solve, especially in the era of cloud computing, trend Technology (China) business development director pupils that: platform manufacturers and security companies must have an open mind and a coordinated attitude, clear their positioning, such as the next generation of virtualization network, VMware did a good job, Huawei will also have this option, and as a security vendor we will further provide security services to our customers under the industry's architecture.

For example, deep security, which supports multi-tenant architecture, has been associated with VMware vcenter NSX, Citrix XenServer, Amazon AWS, Huawei Fusionsphere, Microsoft Hyper-V, The integration of the Huayun Chinacloud Cloud management platform enables any organization to extend data center security policies to any cloud platform.

VMware Cloud security expert Shiji (left), Huawei Cloud computing architect Yeshei (middle), trend Technology (China) business Development Director pupils (right)

After the meeting, pupils, the business development director of the trend Technology (China region), Yesh, a VMware cloud security expert, Shiji, was interviewed to answer questions about the security of the next-generation data center. In the interview, we all think that the next generation of data center security issues, the need for various manufacturers more closely than in the past; Software definition network technology, because the control layer of flexible resource allocation, so can quickly respond to security problems; Pupils also introduces the case of trend technology using large data technology to solve security problems.

Reporter: In the next generation data center this trend next how to help companies avoid risk?

Yeshei: Cloud is a very large system, will certainly bring a lot of new challenges in security, such as cloud after the boundary blurred these things, the need for platform manufacturers and security manufacturers to cooperate to resolve. But the next generation of data center, the backend to use the experience of security manufacturers to carry out the analysis of abnormal information, the front-end is the safety of manufacturers to cooperate with the platform, the information collected from various places to the analysis center.

Shiji: First of all, from the current change in security requirements, itself we do security construction is for our applications as well as business services, we are now heading towards the cloud the biggest feature is the flexibility to upgrade, leading to our security measures to make appropriate adjustments, the previous security departments are more restrictions, Now that these restrictions are contradictory to our current development, how can we reconcile this contradiction? We need to do a lot of innovation in our safety precautions, and trend technology is already in the lead position in this area.

Previous security protection was also a systematic project, but the cooperation between manufacturers and manufacturers is not so close, many companies have specialized security personnel to coordinate the various solutions, so that they quickly work together, but in the cloud era, when your load is increasing, your hands are certainly insufficient, Collaboration must be done by automated coordination between systems, so the main thing VMware is doing now is to provide a good interface and platform for security vendors, we can build the whole secure and reliable platform together, so we rely on a good ecosystem to meet the needs of users in the cloud security.

Reporter: The trend of technology with Huawei and VMware two of cooperation, mainly in what areas?

Yeshei: We have three dimensions with the trend, the first is the traditional telecommunications sector, telecommunications equipment security, the trend is our first major supplier, from this dimension, Huawei is a trend of customers, our customers are partners, is also a holistic solution.

The second dimension, Huawei itself is also a large enterprise, the internal also heavily using the trend of security equipment for it protection.

The third dimension, we are working with trend technology to create a security solution under the cloud, but the cloud this piece of Huawei's start is certainly a little later than VMware, so this cooperation is a little bit late.

In fact, everyone in it is more cooperation than competition, we must have a certain competitive relationship with VMware, but there are also cooperation, such as some large projects are jointly taken down by the two sides.

Shiji: VMware is not a security vendor, is not able to provide users with a very comprehensive security services, must rely on the help of partners, in the process, we mainly provide a good infrastructure platform, and an embedded security services interface. On the security level, this platform has the basic access control box tenant isolation function, through the Security Service interface, can access the security manufacturer's anti-virus protection and so on. Trend technology is also the first to use this interface to work with us, such as the deepsecurity that you already know very well, and the newer TDA technology.

Reporter: In fact, in the data center of the cloud Process network virtualization is the most difficult, and the security impact may be the largest, then our current technology can be implemented in the entire Network virtualization security?

Yeshei: Network virtualization now has two basic directions in the industry, one is pure software mode, the other is Cisco and Huawei, hardware program. Huawei's strategy now is to move both legs because the choice of technology is ultimately determined by the market. Security this piece, now actually is good, after doing cloud data center, everybody has the idea is wants to make the security to do the pooling, the firewall and the security policy can be convenient quickly to deploy. People worry more should not be security itself, but later how quickly cut the past.

Pupils: After entering the network virtualization and software definition network The biggest benefit, is the network realizes the real logic control, has a logic layer in the control center to control the entire network direction. In the past, the biggest security problem is isolation, customers bought a lot of equipment placed in the net, there are anti-spam, security gateways and so on, are different vendors, the result is difficult to achieve interaction. With the software definition network, if the security manufacturer professional technical judgment this accident, you can immediately tell the network controller, the network controller can be done immediately isolation; again, for example, 10 machines are a Web site server, is doing load balancing, suddenly a machine was malicious attack, The network controller can also easily cut the machine out, reset a machine, continue to maintain the business, and these processes are automatic.

Reporter: In the security field has a very important question is the responsibility division, in the cloud security aspect three when cooperates, how divides the responsibility?

Shiji: The division of labor between manufacturers I should have talked more clearly, there is a division of labor to the user there, you end up with a complete set of solutions to users, how users see? Perhaps before the user has his organization structure, has his personnel division of labor, has his function division of labor, then to the cloud inside? Our goal now is to unify the management platform as much as possible, but keep the original structure or function of the enterprise unchanged.

Yeshei: In fact, our manufacturers are not the division of security responsibilities, but the need for the complementary security capabilities. The Division of security responsibility is usually in the public cloud scene, the private cloud does not exist, we manufacturers to provide a good or bad scheme, investment to not in place customers are their own commitment. The Division of the security responsibility in the public cloud I am the view that I would like to use the model similar to the real estate, our platform manufacturers similar to the builders, to ensure that the foundation of the building is safe, we have to provide customers with a security door, to create a security door may require a lot of safety equipment, we are with the safety of manufacturers to cooperate, As for security inside the anti-theft door, in fact, is the security between the user virtual machine, the responsibility is actually the user to bear, he can buy security manufacturers of professional security equipment, can also buy cloud platform to provide security services, such as agentless anti-virus services. So demarcation of the boundary is very clear, anti-theft door is our service provider or manufacturers to cooperate with the provision of the security door inside is a customer to solve a problem.

Pupils: In fact, the responsibility to divide this matter, in the public cloud before the emergence of a few people ask, because the customer has a word called free is exempt, such as virtualization has a lot of open source, free program, but why customers want to buy professional, such as Huawei or VMware Solutions, Part of the reason is that the responsibility can be shifted in some way.

Public cloud just came out, public cloud manufacturers they go to promote the public cloud, the customer's first problem is the past my own home against this responsibility, now I put things to you, but I can not touch your bottom of things, this responsibility how to divide? So the most famous security manufacturer has put forward the theory of responsibility Division.

But for the trend of science and technology, security is a service, as long as the customer bought my security products, I promised him my services, we have the responsibility. Regardless of customer's security problem is what reason, is who responsibility, we all must stand together with the customer, helps the customer to solve the problem.

Journalist: Is there a case for applying large data technology to security defense?

Pupils: Trends in the application of large data has been quite a long time, about the beginning of 2004 we have a very big problem, sent over the number of virus samples a day, hundreds of viruses a day, we found that more people can not solve the problem, the traditional mega-database +IBM small machine solution is not feasible. At that time Hadoop just came out, we began to trial, the beginning is very simple, is the sample processing, to determine whether the virus, later found that this matter more and more complex, so we began to use a method called association analysis.

What is correlation analysis? The logic is this, for example, I get an e-mail, this email address is in my blacklist, this IP address often send spam, he sent me the mail may be a spam, I will improve the level of processing, if he brought an attachment, no matter what the attachment, we may have to raise the level, The first one I suspect that this guy was going to send junk mail, the second one also comes with an attachment, which may be a virus, but if the attachment is run, the attachment may be a program, and he updates himself to another place to update, and the update may be his console or something. So our whole story is strung together. But how do you know these stories are like this, because the trend to collect a lot of attack information every day, we are the manual in the sample analysis of the lessons learned, realized in the large data intelligence.

In the future, we will work with the virtualization platform vendors, using the extensibility of SDN, the ability of this association analysis in the customer environment, not only can analyze the security problem from the massive database, simultaneously can expand its computation ability automatically.