1. Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed Symon PerrimanAlex Karavanov VP, Business DevelopmentDirector of Sales Engineering Symon@5nine.comAMK@5nine.com 5nine Software, Inc. www.5nine.com Twitter @5nine_Software

2. Hyper-V Security Tips Introduction Firewall Antivirus & Antimalware Intrusion Detection Management Summary

3. Introduction Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

4. Meet the Speakers Symon Perriman is 5nine Software’s VP of Business Development and Marketing. Previously he was Microsoft's Senior Technical Evangelist and worldwide technical lead covering Hyper-V, Windows Server, and System Center. He has trained millions of IT Professionals, holds several patents and dozens of industry certifications, and in 2013 he co-authored "Introduction to System Center 2012 R2 for IT Professionals" (Microsoft Press). Contact Symon@5nine.com or Twitter @SymonPerriman Alex Karavanov manages 5nine Software’s Sales Engineering team. He has been in information security field for more than 10 years. Alex leads major 5nine Software management and security projects worldwide and aims to deliver the best efficiency and protection of the virtual infrastructures, to achieve the highest system performance and security level. He also holds multiple industry certifications. Contact AMK@5nine.com or Twitter @5nine_Software

5. Meet 5nine Software Founded in 2009 Headquartered in Chicago with offices worldwide More than 50,000 customers globally, representing companies and datacenters of all sizes The #1 leading solutions provider of security & management applications for Hyper-V environments –5nine Cloud Security - Agentless security for Hyper-V, System Center and Azure Pack5nine Cloud Security –5nine Manager - Integrated Hyper-V and Cluster Management for SMB5nine Manager –5nine V2V Easy Converter - Free VMware to Hyper-V virtual machine migration tool5nine V2V Easy Converter www.5nine.com

6. Traditional endpoint security fails –Installing agents inside every VM is impractical –Securing every VM will affect the performance of the host and other VMs Virtual machines, networks and storage are dynamic –Users can rapidly create and destroy virtualized resources –Protection needs to be automatic and immediate Fabric admins lack full control over all resources –Tenant VMs are often private and protected from fabric admins Security & compliance is critical to the business & reputation –Many security and compliance regulations now consider virtualization & clouds –Many threats target virtualized environments & clouds –A security breach can ruin the reputation of a company Security Design for a Virtualized Environment

7. 5nine Cloud Security Hyper-V Hosts SQL Server 5nine Cloud Security Management Server / VM Hyper-V Cluster 5nine Cloud Security Management 5nine Console | PowerShell | Azure Pack Extension | SCVMM - Architecture

8. Firewall Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

9. Firewall Challenges Windows Firewall not possible for all Hyper-V VMs –Different requirements for Linux, VDI & Windows Server workloads Physical firewalls do not monitor private (internal) virtual networks –Does not analyze private VM networks (“blind spots”) as the VM’s traffic does not leave the host –Allows for security breaches to spread within a host

10. Firewall Best Practices Use a central point of management –Use templates and apply global policies –Use a database with reporting capabilities (such as SQL Server) Protect private virtual networks –Physical firewalls are ineffective or complex –Prevent threats from spreading across a host Protect at the host level –Secure every supported Hyper-V guest OS –Use the Hyper-V extensible switch in kernel mode used to inspect, drop, modify, or insert packets

11. Hyper-V Extensible Switch

12. 5nine Cloud Security Filtering Extension

13. Virtual Networks –External –Internal –Private Agentless Firewall Protection Across all Networks

14. DEMO 5nine Cloud Security Virtual Firewall

15. Antivirus & Antimalware Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

16. Antivirus & Antimalware Challenges Admin may not have access to VM guest OS –Tenant may remove or disable the agent Full scan on every VM is not recommended –During scanning could have a massive performance hit –Very dense VM hosts may be overwhelmed by a “scanning storm” –Could decrease VM performance due to high memory paging –Could trigger live migration storms and other network disruptions

17. Warning! AV Scanning can cause VM Corruption Host scanning tools not designed for Hyper-V can cause corruption KB 961804 – Microsoft recommended to not scan folders with VM configuration files, VHDs, replicated disks, snapshots and executables

18. Antivirus & Antimalware Best Practices Protect at the host level –Secure every supported Hyper-V guest OS –Admin may not have access to VM guest OS –Tenant may remove or disable the agent Use a solution designed for Hyper-V to avoid “blind spots” or VM corruption (KB 961804) Use industry-standard signatures Do not scan every VM –Hosts may be overwhelmed by a “scanning storm” –Use an agentless solution with Change Block Tracking (CBT) and staggered scans

19. Hyper-V Virtual Hard Disk Storage VHD on traditional SAN or Cluster Shared Volumes (CSV) disk C:\ClusterStorage\Volume1\VM3 VHD on DAS F:\VM1 VHD on SMB File Server \\FileServer\VM4

20. VM Network Protection Prevent new infections

21. VM Storage Protection Incremental scans with Change Block Tracking

22. VM Storage Protection Staggered full scans for newly classified issues

23. DEMO 5nine Cloud Security Antivirus & Antimalware

24. Intrusion Detection Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

25. Intrusion Detection Systems Challenges Hardware IDS monitors only internal and external network connections –Does not analyze threats on private VM networks (“blind spots”) –Allows for security breaches to spread within a host Cloud scaling challenges –Slower detection –Slower response

26. Intrusion Detection Systems Best Practices Use a software-based IDS solution designed for Hyper-V –Dynamically scales with virtualization –Does not analyze traffic on private virtual networks –Secure every supported Hyper-V guest OS Use a central point of management –Fast reporting, tracking, and consistent heuristics Protect against inbound and outbound threats Use industry-standard signatures (Cisco Snort)

27. IDS Reporting Hyper-V Hosts Database or SQL Server 5nine Cloud Security Management Server / VM On-Premises Analytics (Syslog) Cloud-Based Analytics Public Internet

28. IDS Reporting Hyper-V Hosts Database or SQL Server 5nine Cloud Security Management Server / VM Public Internet On-Premises Analytics (Syslog) Cloud-Based Analytics

29. DEMO 5nine Cloud Security Intrusion Detection System

30. Management Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

31. Management Challenges New regulations for virtualization & cloud computing increase complexity –Hosters and service providers must support their customer’s requirements Public clouds are not available to everyone –Growing demand for Hyper-V hosting & service providers worldwide Self-service users must receive immediate protection without slowing deployment or adding complexity

32. Management Best Practices Protect at the host level –Instantly protect a VM as soon as it is deployed Use supported software (Windows Server 2003 support ends in July, 2015) Use industry-standard policies, rules, filters, and log analytics Centralized management for an easy security and compliance audit –Store in SQL and use SQL Server Reporting Services, or third-party analysis services and security analytics

33. 5nine Cloud Security Hyper-V Hosts SQL Server 5nine Cloud Security Management Server / VM Hyper-V Cluster Redundant Management Group SQL Server SQL Cluster Branch Office SQL Server 5nine Cloud Security Management 5nine Console | PowerShell | Azure Pack Extension | SCVMM - Enterprise Architecture 5nine Sync

34. DEMO 5nine Cloud Security SCVMM Plugin & Azure Pack Extension

35. Summary Hyper-V Security Tips: Protect yourself from vulnerabilities that you never knew existed

36. Summary Virtualized infrastructure has special security considerations Protect your datacenter with a virtual firewall, antivirus, antimalware, and intrusion detection system 5nine Cloud Security offers the only agentless solution for Hyper-V, System Center Virtual Machine Manager and Azure Pack Use centralized management and reporting with industry standard signatures from Kaspersky, ThreatTrack Vipre, and Cisco Snort

37. www.5nine.com or Sales@5nine.comwww.5nine.comSales@5nine.com Cloud Security: http://www.5nine.com/CloudSecurityhttp://www.5nine.com/CloudSecurity Licensing options –Licensed per 2 CPUs –Flexible pricing based on VM density –Service provider licenses and volume discounts available Sales direct, online, or through resellers & solution integrators How to Acquire 5nine Cloud Security

38. Than k You

39. Sales: Phone US: +1 630-288-4700 Phone Europe: +44 (20) 7048-2021 Email: sales@5nine.com Technical Support: Phone US/Canada Toll Free: +1 877-275-5232 Email: techsupport@5nine.com Fax: +1 732-203-1665 Mailing Address: 1385 Highway 35, STE 133, Middletown, NJ 07748 USA 5nine Software, Inc Oak Brooke Pointe, 700 Commerce Drive Ste 500, Oak Brook, IL 60523 Copyright © 2015 | 5nine Software, Inc. | All Rights Reserved