It’s timely that I author this one from Las Vegas for a multitude of reasons. The obvious one is Casino’s. In a way, they were the originators of finding ways to detect and prevent hackers. But the real reason it’s timely is that I am at the Nutanix Sales Kickoff “Xcelerate FY2019”.
While we feature Splunk in our infographic for this particular layer, there is so much that is inherent in Nutanix that is built around security, so I believe that it is important to start there.
The Acropolis Security Development LifeCycle
Nutanix uses a unique Security Development Lifecycle (SecDL) to incorporate security into every step of the software development process. This ranges from design and development to testing and hardening. The Nutanix solution is certified across a broad set of evaluation programs, including government, financial services, and healthcare, to ensure compliance. Additionally, fully automated testing and threat modeling goes into every code change/release.
System Level Security
Let’s start with the simple one, which is the two factor authentication included for admin access. That’s a given here, as is Encryption of data at rest. Frankly, Nutanix was a bit late to the game with SW based encryption, but now this is standard with most levels of Acropolis. For clients that need the added layer of hardware based encryption, they offer this as well, though self encrypting drives. Key management, power failure safeguards, and cluster lockdown are also included in the Acropolis stack to add additional layers of access and erasure control.
I talked about Flow in our Virtual Layer segment, but it plays a big role in security as well. The session I just came from was a well done breakout by Mike Wronski from Nutanix. While I would hesitate to call Flow a complete software defined networking solution, I would say that this toolset simplifies network security and management via a sw led approach. The first is done through microsegmentation. This simply means restricting traffic virtually rather than by actual network interfaces. For example, this VM never talks to that VM. Secondly, setting up network policies once rather than doing so individually is key to this software based approach. Imagine deploying network policies individually for your 200 remote branch offices. No, use Flow, establish the policy, and as they like to say at Nutanix…ONE CLICK.
Flow does have one very big challenge right now. You must be an Acropolis HyperVisor (AHV) shop. So with only 30% of Nutanix nodes running AHV, this is a big limitation for now. As you start to watch Nutanix evolve from HCI to all things infrastructure, they now call out (12) unique products. Watching how they all work together from the Acropolis stack is where the magic happens. So I would encourage companies not to get into a ESX vs AHV comparison feature. Look at the whole stack and how they integrate and provide simplification. Oh, and get your calculator out as well and compare costs, ELA’s, etc., while you are at it.
The Complete SIEM
Finally, I get to Splunk. Splunk is the leader in Gartners Magic Quadrant for Security. While it is much more than security, or a logging tool, Splunk’s core value is taking Machine Data from all sorts of disparate systems, collecting and indexing, so you can build correlations from the data. We have some very interesting Splunk projects right now in and out of security. It is amazing what you can do with Splunk. Some of my previous blogs talked about use cases in education just to touch on a few.
Splunk fits nicely into our SW Defined Ecosystem to provide a complete security information and event management system that goes beyond the infrastructure, as well as beyond the network. However, the infrastructure does matter. Splunk virtualizes nicely in a Nutanix platform, which offers the perfect scalability options and management, and at an affordable price. Think of building a “Splunk Appliance” in this aspect that adapts as your data and needs do. Additionally, go to the Splunkbase and search Nutanix. There are some really cool things that Splunkers are doing to integrate the two products, such as ingesting Prism data or simply building out Splunk dashboard within Prism.