1 Trend Micro Sicherheit in den Tiefen des Hypervisors Richard Javet und Gabriel Kälin Trend Micro (Schweiz)
2 Lösungsausrichtung von Trend Micro Aktuelle Herausforderungen Deep Security: Sicherheit für Recheninfrastrukturen Entwicklungsrichtung Fazit
3 Cyber Threats Attacker Consumerization Employees Copyright 2013 Trend Micro Inc. Cloud & Virtualization IT
4 Cyber Threats Attacker Cloud & Virtualization IT Copyright 2013 Trend Micro Inc.
5 Data Center Physical Virtual Private Cloud Public Cloud Intrusion Integrity Log Anti-Malware Firewall Encryption Prevention Monitoring Inspection Cloud and Data Center Security Security Data Center Ops Copyright 2013 Trend Micro Inc.
6 Lösungsausrichtung von Trend Micro Aktuelle Herausforderungen Deep Security: Sicherheit für Recheninfrastrukturen Entwicklungsrichtung Fazit
8 2. Organizations Struggle With Keeping Servers Patched per year = Critical Software Flaw Vulnerabilities in 2010 Common Vulnerabilities & Exposures ( CVE ): Score critical alerts everyday! NVD Statistical Data Year # Vulns % Total , , , , , , , * 1,
9 3. Advanced threats are breaching existing defenses More Sophisticated More Targeted More Frequent More Profitable Advanced Persistent Threats Basic perimeter and host defenses not adequate anymore De-Perimeterization
10 4. Compliance Mandates Driving Costs Up Solutions Need to Achieve Broader Coverage with Lower TCO More standards: PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST , MITS More specific security requirements Virtualization, Web applications, EHR, PII More penalties & fines HITECH, Breach notifications, civil litigation DMZ consolidation using virtualization will be a "hot spot for auditors, given the greater risk of mis-configuration and lower visibility of DMZ policy violation. Through year-end 2011, auditors will challenge virtualized deployments in the DMZ more than non-virtualized DMZ solutions. -- Neil MacDonald, Gartner
11 Lösungsausrichtung von Trend Micro Aktuelle Herausforderungen Deep Security: Sicherheit für Recheninfrastrukturen Entwicklungsrichtung Fazit
12 Trend Micro Deep Security A server security platform for: PHYSICAL VIRTUAL CLOUD Intrusion Prevention Firewall Anti Malware Web Reputation Integrity Monitoring Log Inspection VMware vshield enabled Agent-less
13 Trend Micro Deep Security 5-in-1 Security Solution (HIDS/HIPS + Anti-Malware) 5 protection modules Shields web application vulnerabilities Reduces attack surface. Prevents DoS & detects reconnaissance scans Optimizes the identification of important security events buried in log entries Intrusion Prevention IDS / IPS Web Application Protection Firewall Log Inspection Application Control Anti-Malware and Web Reputation Integrity Monitoring Detects and blocks known and zero-day attacks that target vulnerabilities Provides increased visibility into, or control over, applications accessing the network Detects and blocks malware (web threats, viruses & worms, Trojans). Detects malicious and unauthorized changes to directories, files, registry keys Protection is delivered via Agent (Agent-based) and/or Virtual Appliance (Agentless)
14 Intrusion Prevention Rules Intrusion Prevention Rules Raw Traffic Over 100 applications shielded including: Operating Systems 1 2 Stateful Firewall Allow known good Exploit Rules Stop known bad Database servers Web app servers Mail servers FTP servers Backup servers 3 Vulnerability Rules Shield known vulnerabilities Storage mgt servers DHCP servers Desktop applications Filtered Traffic 4 Smart Rules Shield unknown vulnerabilities and protect specific applications Mail clients Web browsers Anti-virus Other applications 14
15 Recommendation Scan
16 Microsoft Security Advisory IE Vulnerability Could Allow Remote Code Execution Details Monday Sep17, 2012 (A week after an unusually quiet Patch Tuesday): Microsoft Releases Security Advisory Vulnerability, related to object handling by IE, was unpatched and under active attack according to Microsoft Impacts most PCs (Windows XP, Vista, 7 with Office 2003/7) and servers (Windows 2003 and 2008) Could allow attackers to gain control of systems following a drive-by download when users browse a compromised site An earlier (August) component from this same attacker group leveraged a java zero-day vulnerability with no patch available It also follows the out-of-band, June 2012 Security Advisory for which no patch was available 16
17 Trend Micro Customers are Already Shielded The Power of Virtual Patching As a member of Microsoft Active Protections Program, Trend Micro received advance information about vulnerability Sept 17, 2012 (just hours after the advisory): Trend Micro releases rule # for Deep Security and Intrusion Defense Firewall (IDF). These updates provide immediate vulnerability shielding for Deep Security and OfficeScan customers Trend Micro customers can roll out the actual Windows patch, which has not been released, during a regularly scheduled maintenance update and not worry about the current Microsoft work-around 17
19 Deep Security Architecture Single Pane Scalable Redundant Deep Security Manager Threat Intelligence Manager SecureCloud Reports Deep Security Agent Modules: Intrusion Prevention Firewall Integrity Monitoring Log Inspection Anti-malware Web Reputation Deep Security Virtual Appliance Includes: Intrusion Prevention Firewall Anti-malware Web Reputation Integrity Monitoring Hypervisor Integrity Monitoring
20 Deep Security Virtual Appliance (DSVA) Deep Security Virtual Appliance implements agentless protection for virtual machines (as of now, only VMware vsphere virtualization is supported). Deep Security Virtual Appliance and Deep Security Agent can work together in a coordinated implementation. Higher Density Fewer Resources Easier Manageability Stronger Security
21 Lösungsausrichtung von Trend Micro Aktuelle Herausforderungen Deep Security: Sicherheit für Recheninfrastrukturen Entwicklungsrichtung Fazit 11/8/
22 Cloud Security Challenges Securing Private Cloud Lack of physical to virtual security policy controls Difficulties in delegating security controls to internal teams Securing Hybrid Cloud Securing assets on the move Visibility in to vulnerability and changes Security as a Service (xsp) Provide differentiated service Delegate security management tasks 11/8/
23 VMware Integration Support for vsphere and vshield platform capabilities 4 th -generation enhancements across broadest agentless security suite Improved performance Antivirus and integrity scan caching across VMs Significant storage I/O benefits for further VDI consolidation Tuning of IPS policies to guest application Stronger protection Hypervisor boot integrity chain of trust from VM file integrity to H/W Application-aware targeting of IPS policies (agentless recommendation) Will support vcns and NSX technologies (spring 2014) Trend Micro Confidential-NDA Required
24 Deep Security Integration with VMware APIs Integrates with vcenter Integrates with vcloud Integrates with Intel TPM/TXT Trend Micro Deep Security Antivirus Web reputation Log inspection Agentless Intrusion prevention Firewall Agentless Agentless Integrity monitoring Agent-based VMsafe APIs vshield Endpoint vshield Endpoint Security agent on individual VMs Security Virtual Machine v S p h e r e v C l o u d 5 years of collaboration and joint product innovation First and only agentless security platform First and only security that extends from datacenter to cloud Hypervisor Integrity Monitoring
25 Running Safely Locally and in the Cloud AWS and vcloud API integration Single management pane-of-glass between VM s in internal VMware datacenters, virtual private clouds, and public clouds Hierarchical policy management Combine central IT baseline settings with local optimizations Trend Micro Confidential-NDA Required
26 Lösungsausrichtung von Trend Micro Aktuelle Herausforderungen Deep Security: Sicherheit für Recheninfrastrukturen Entwicklungsrichtung Fazit 11/8/
27 Deep Security Key Solution Differentiators Physical Virtual Cloud Comprehensive rotection for systems, applications and data Greater operational efficiency Superior platform support Tighter integration with eco-system All Others 77.1% Trend Micro 22.9% EAL 4+ Certified Trend Micro 13% Trend Micro All Others Combined 87%
28 Thank you! Copyright 2011 Trend Micro Inc.
29 Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year Improves Security Improves Virtualization by providing the most secure virtualization infrastructure, with APIs, and certification programs by providing security solutions architected to fully exploit the VMware platform Feb: Join VMsafe program VMworld: Trend Micro virtsec customer May: Trend acquires Third Brigade Nov: Deep Security 7 with virtual appliance RSA: Trend Micro Demos Agentless Sale of DS 7.5 Before GA Dec: Deep Security 7.5 w/ Agentless AntiVirus Vmworld: Announce Deep Security 8 w/ Agentless FIM RSA: Other vendors announce Agentless RSA: Trend Micro announces Coordinated approach & Virtual pricing And shows Vmsafe demo July: CPVM GA RSA: Trend Micro announces virtual appliance VMworld: Announce Deep Security 7.5 Q4: Joined EPSEC vshield Program 2010: >100 customers >$1M revenue Q1: VMware buys Deep Security for Internal VDI Use
30 Trend Micro Security Solution: Deep Security Protection Modules
A COALFIRE WHITE PAPER Using s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance Implementing s Deep Security Platform in a Payment Card Environment April 2015 Page 1 Executive Summary...
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
vshield Manager 5.0.1 vshield App 5.0.1 vshield Edge 5.0.1 vshield Endpoint 5.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
1 Cisco: Addressing the Full Attack Continuum A New Security Model for Before, During, and After an Attack 2 3 9 12 Issue 1 Welcome Addressing the Full Attack Continuum: A New Security Model for Before,
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
Continuous Cyber Situational Awareness Continuous monitoring of security controls and comprehensive cyber situational awareness represent the building blocks of proactive network security. A publication
Payment Card Industry (PCI) Data Security Standard Approved Scanning Vendors Program Guide Version 2.0 May 2013 Document Changes Date Version Description February 11, 2010 1.0 May 2013 2.0 Approved Scanning
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Special Publication 800-125 Guide to Security for Full Virtualization Technologies Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul Hoffman NIST
Special Publication 800-41 Revision 1 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology Karen Scarfone Paul Hoffman NIST Special Publication
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
Enterprise Anti-Virus Protection APRIL - JUNE 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware
VMware vsphere with Operations Management and VMware vsphere Licensing, Pricing and Packaging WHITE PAPER Table of Contents Executive Summary.... 3 VMware vsphere with Operations Management Overview....