Trend Micro OfficeScan 10.5 Release

Similar documents
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

IBM Endpoint Manager for Core Protection

jetnexus Accelerating Load Balancer Extreme (ALB-X) 2.0 Features Update Report

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops

When Desktops Go Virtual

How To Protect A Virtual Desktop From Attack

Virtual Machine Environments: Data Protection and Recovery Solutions

When Desktops Go Virtual

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

ENTERPRISE EPP COMPARATIVE ANALYSIS

Tips and Best Practices for Managing a Private Cloud

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Real World Considerations for Implementing Desktop Virtualization

Mobile App Containers: Product Or Feature?

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

Maximizing Your Desktop and Application Virtualization Implementation

Understanding & Improving Hypervisor Security

Best Practices in Deploying Anti-Malware for Best Performance

Eight Ways Better Software Deployment and Management Can Save You Money

How To Protect Your Cloud From Attack

Maximizing Your Desktop and Application Virtualization Implementation

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Moving Beyond Perimeter-Based Security

ENTERPRISE EPP COMPARATIVE REPORT

Proven LANDesk Solutions

Security Industry Market Share Analysis

Trend Micro OfficeScan Best Practice Guide for Malware

Beyond the Hype: Advanced Persistent Threats

Breach Found. Did It Hurt?

Replication and Recovery Management Solutions

Microsoft Windows Intune: Cloud-based solution

Intelligent, Scalable Web Security

Real World Considerations for Implementing Desktop Virtualization

Securing Endpoints without a Security Expert

Internet Advertising: Is Your Browser Putting You at Risk?

White Paper. The benefits of a cloud-based service for web security. reducing risk, adding value and cutting costs

Guardian365. Managed IT Support Services Suite

Best Practice Configurations for OfficeScan (OSCE) 10.6

SSL Performance Problems

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Server-centric client virtualization model reduces costs while improving security and flexibility.

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Protecting the Irreplacable. November 2013 Athens Ian Whiteside, F-Secure

Protecting Data with a Unified Platform

Devising a Server Protection Strategy with Trend Micro

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Server Based Desktop Virtualization with Mobile Thin Clients

Maximizing Your Desktop and Application Virtualization Implementation

Windows Embedded Security and Surveillance Solutions

VDI Security for Better Protection and Performance

Zone Labs Integrity Smarter Enterprise Security

The Evolving Threat Landscape and New Best Practices for SSL

Trend Micro OfficeScan 10 with File Reputation

CuTTIng ComplexITy simplifying security

Developing a Backup Strategy for Hybrid Physical and Virtual Infrastructures

Reducing the cost and complexity of endpoint management

Types of cyber-attacks. And how to prevent them

White paper: Unlocking the potential of load testing to maximise ROI and reduce risk.

Cloud and Data Center Security

Increasing Your VDI Project s Return on Investment Using Workspace Virtualization

INSTANT MESSAGING SECURITY

Where Do I Start With Virtual Desktops?

Controlling and Managing Security with Performance Tools

Simphony v2 Antivirus Recommendations

Evolutions in Browser Security

The Next-Generation Virtual Data Center

Maximizing Your Desktop and Application Virtualization Implementation

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost

Symantec Endpoint Protection

Achieve Deeper Network Security

ORACLE VIRTUAL DESKTOP INFRASTRUCTURE

Guideline on Safe BYOD Management

DOBUS And SBL Cloud Services Brochure

Symantec Endpoint Protection Datasheet

Streamlining Web and Security

Core Protection Module 1.6 for Mac powered by. User s Guide

Mitigating Risks and Monitoring Activity for Database Security

Securing Your Journey to the Cloud. Managing security across platforms today and for the future. Table of Contents

How To Protect Your Data From Being Hacked

Network device management solution

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Radia Cloud. User Guide. For the Windows operating systems Software Version: Document Release Date: June 2014

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

How To Make Money From Your Desktop Virtualisation

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Steps to Migrating to a Private Cloud

A number of factors contribute to the diminished regard for security:

IBM Tivoli Endpoint Manager for Lifecycle Management

IBM Security X-Force Threat Intelligence

How To Get The Most Out Of Vdi

Devising a Server Protection Strategy with Trend Micro

Mobile workforce management software solutions. Empowering the evolving workforce with an end-to-end framework

Hosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document

More effective systems management from Microsoft and Avnet Technology Solutions

The Hidden Costs of Repurposing

CORPORATE AV / EPP COMPARATIVE ANALYSIS

Transcription:

Trend Micro OfficeScan 10.5 Release A Broadband-Testing Report Update

First published June 2010 (V1.1) Published by Broadband-Testing A division of Connexio-Informatica 2007, Andorra Tel : +376 633010 E-mail : info@broadband-testing.co.uk Internet : HTTP://www.broadband-testing.co.uk 2010 Broadband-Testing All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this Report is conditioned on the following: 1. The information in this Report is subject to change by Broadband-Testing without notice. 2. The information in this Report, at publication date, is believed by Broadband-Testing to be accurate and reliable, but is not guaranteed. All use of and reliance on this Report are at your sole risk. Broadband-Testing is not liable or responsible for any damages, losses or expenses arising from any error or omission in this Report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY Broadband-Testing. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY Broadband-Testing. IN NO EVENT SHALL Broadband-Testing BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This Report does not constitute an endorsement, recommendation or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products, or that the products will meet your expectations, requirements, needs or specifications, or that they will operate without interruption. 5. This Report does not imply any endorsement, sponsorship, affiliation or verification by or with any companies mentioned in this report. 6. All trademarks, service marks, and trade names used in this Report are the trademarks, service marks, and trade names of their respective owners, and no endorsement of, sponsorship of, affiliation with, or involvement in, any of the testing, this Report or Broadband-Testing is implied, nor should it be inferred. ii Broadband-Testing 1995-2010

TABLE OF CONTENTS TABLE OF CONTENTS... III BROADBAND-TESTING... IV EXECUTIVE SUMMARY... 1 INTRODUCTION: THE VIRTUAL WORLD IS UPON US INCLUDING THE DESKTOP 2 OFFICESCAN THE BASICS... 4 OFFICESCAN 10.5... 5 SUMMARY & CONCLUSIONS... 9 TABLE OF FIGURES Figure 1 Smart Protection Network...4 Figure 2 VDI Architecture...5 Broadband-Testing 1995-2009 iii

BROADBAND-TESTING Broadband-Testing is Europe s foremost independent network testing facility and consultancy organisation for broadband and network infrastructure products. Based in Andorra, Broadband-Testing provides extensive test demo facilities. From this base, Broadband-Testing provides a range of specialist IT, networking and development services to vendors and end-user organisations throughout Europe, SEAP and the United States. Broadband-Testing is an associate of the following: NSS Labs (specialising in security product testing) Limbo Creatives (bespoke software development) Broadband-Testing Laboratories are available to vendors and end-users for fully independent testing of networking, communications and security hardware and software. Broadband-Testing Laboratories operates an Approval scheme which enables products to be short-listed for purchase by end-users, based on their successful approval. Output from the labs, including detailed research reports, articles and white papers on the latest network-related technologies, are made available free of charge on our web site at HTTP://www.broadband-testing.co.uk Broadband-Testing Consultancy Services offers a range of network consultancy services including network design, strategy planning, Internet connectivity and product development assistance. iv Broadband-Testing 1995-2010

EXECUTIVE SUMMARY With its initial OfficeScan 10 release, Trend Micro was early to take the cloud approach to AV database storage and updates. When we tested the product we found that is has executed the architecture extremely well with what it calls the Smart Protection Network. With OfficeScan 10.5, Trend Micro has addressed another key element of security in the virtual world, namely VDI or the Virtual Desktop Infrastructure. Support for Citrix, as well as VMware, is included. Trend Micro defines OfficeScan 10.5 as being VDI aware meaning that it optimises a VDI by treating virtual clients differently to physical ones, removing unnecessary task replication, ensuring availability and performance of servers and combining local and global cloud resources on a best-fit basis. Full adoption of the hugely popular Windows 7 Operation System has also been included in the update. Smart Protection Network support has been enhanced in version 10.5 with the implementation of Trend Micro s Web Reputation and File Reputation features. Key to this is that bulk of patterns in the cloud (local or global) offloads the client (pattern file) and keeps its size predictable. With OfficeScan 10.5 the cloud approach has generally been made more flexible with more choices as to what to hold in a local cloud or the global cloud. Scalability has been improved in the new version with endpoint support more than doubled to now allow up to 20,000 endpoints to be managed from a single OfficeScan Management Server. Active Directory integration has been significantly enhanced to aid with faster deployments. The enhanced, role-based administration feature now allows dedicated administration rights on domain and sub-domain levels. Broadband-Testing 1995-2010 1

Update INTRODUCTION: THE VIRTUAL WORLD IS UPON US INCLUDING THE DESKTOP There ll soon be a new cliché to rival what are the three most important things about selling a house location, location and location The new variant is in the computer world the three most important things being: virtualisation, virtualisation and virtualisation, in this case, the data centre, servers and now the desktop. According to a recent study by the Enterprise Strategy Group (ESG), 60% of enterprises have a desktop virtualisation strategy and 45% of them will have virtualised 50% of their desktops within the next three years. This is pretty aggressive change when you consider that it is very new territory for most IT/networking administrators to deal with. Not only are there issues such as application compatibility and performance to consider, but also what is seen by analysts as the key issue securing those virtual desktops. According to ESG, while desktop virtualisation is able to can help directly with issues such as basic configuration consistency and patch management, specific security problems, notably around authentication, data security, and security and compliance management remain. In other words, in order for desktop virtualisation to be successful, the securing of those desktops is paramount. This also means bridging the physical and virtual worlds within a single security policy that is manageable and scalable. This is not trivial stuff. It certainly isn t simply a case of employing the same strategies as those used when deploying virtual servers. We are talking specific Virtual Desktop Infrastructure (VDI) requirements here, a kind of supercharged Citrix/Windows Terminal Server deployment where, instead of dealing with a single thin client, server-based Operating System we are talking about multiple, virtual desktop OSs with not necessarily the same combination on each desktop. Or even where it is the same combination there is still a degree possibly major of customisation required on a per user or per group of users basis. Before we look at the security implications here, let us first consider the obvious benefits. One obvious one given the current near obsession with it is regulatory compliance. Since a VDI is centralised within the data centre, in turn that means that compliance is also centralised. Mandatory controls can thereby be enforced from a central location, efficiently and repeatedly. Backup of the client endpoints is also far more manageable in this environment. Yet another big ticket number currently data protection becomes significantly easier to manage, since the data is centralised and not randomly distributed among endpoints that could be anything from a desktop PC to a smartphone. Day to day maintenance and management also becomes far more streamlined. Rolling out patch updates and new applications becomes almost infinitely more manageable within a VDI. From an efficiency standpoint, the ability to dynamically allocate hardware resources to virtualised desktops on an as needed basis not only makes huge economic sense but also ticks the all-important green box too. 2 Broadband-Testing 1995-2010

Support also becomes far more centralised and therefore easier to manage, thereby offsetting any potential increases in support issues that moving to a VDI might initially bring. From a pure security perspective, however, the world does change and not in an immediately positive way. If we consider the risk profile of a desktop versus a server, the former encounters many more risky environments through regular interaction with numerous (often new) websites, the ease with which confidential information can be donated and emails with potentially malicious content, links or attachments. There is also the plethora of individual applications, tools and utilities that can become part of an individual desktop. In other words, protecting a virtual desktop is more complex certainly different than protecting a virtual server and systems need to be continually up to date to protect from these threats. By protection we are looking at areas such as shielding vulnerabilities from being exploited, preventing unauthorised access over the network and ensuring malwarefree data storage. The problem in protecting the desktop is that the threats are dynamic and ever-changing in nature, so there is no simple solution here. Instead we are looking at a combination of technologies being required to protect a VDI. First we need to prevent exposure to threats with cloud-based security such as detecting malicious files at the endpoint clients in real-time and shielding vulnerabilities before deploying patches and updates. But at the same time we need to avoid impacting upon system performance as much as possible by maintaining a small client footprint, despite the need to run regular full systems scans on either a scheduled or ad hoc/on demand basis to ensure that all malware is detected and removed. When we looked at Trend Micro s OfficeScan 10 product last year (full report available to download from our website: www.broadband-testing.co.uk) we were impressed with the combination of threat mitigation and low client resource that it provided. With the 10.5 update that Trend Micro has just released, the company is looking to build on that servercentric approach to the virtual world, to offer the same level of functionality at the virtual desktop. So let us now see what changes have been made in the new release, first reminding ourselves what the foundations of the OfficeScan product are. Broadband-Testing 1995-2010 3

Update OFFICESCAN THE BASICS Trend Micro has designed OfficeScan as a multi-threat prevention solution to protect networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. Architecturally, the product is based on Trend Micro s Smart Protection Network, a cloudclient infrastructure, resulting in a lighter-weight client. The aim here is twofold to reduce the reliance on conventional pattern downloads and to eliminate the delays commonly associated with desktop updates. The stated benefits include increased network bandwidth, reduced CPU utilisation and the associated cost savings that go with this approach. Figure 1 Smart Protection Network As well as being cloud-based, OfficeScan works on a true client-server architecture, either physical or virtual. The server performs two important functions installing, monitoring and managing OfficeScan clients and downloading most of the components needed by clients. From the Active Update server and then distributing them to clients, the server provides real-time, true bidirectional communication between itself and the client base. The Virus Scan Engine is at the heart of all Trend Micro products, developed originally in response to early file-based computer viruses. Nowadays it is capable of detecting different types of viruses and malware. The scan engine also detects controlled viruses that are developed and used for research. Rather than scanning every byte of every file, the engine and pattern file work together to identify tell-tale characteristics of the virus code and the precise location within a file where the virus resides. In the original OfficeScan 10 release, client focus was on the physical client, protecting the user by providing three methods of scanning - real-time scan, scheduled scan, and 4 Broadband-Testing 1995-2010

manual scan with the client reporting back to the parent server from which it was installed. The client then sends events and status information to the server in real time. Examples of events are virus/malware detection, client start-up, client shutdown, start of a scan, and completion of an update. In the 10.5 release, full support for virtual clients and a complete VDI has been added, so let us now look at what Trend Micro has provided in OfficeScan 10.5. OFFICESCAN 10.5 The big news regarding OfficeScan 10.5 is the complete support for a VDI. Figure 2 VDI Architecture As we have made clear already, virtualising the desktop is not a trivial matter. The most obvious issue is how to manage the security of those virtual desktops. Trend Micro has noted the problems that its customers foresaw in moving to a VDI and has therefore responded with OfficeScan 10.5. The company claims that this is the industry s first endpoint security solution specifically designed to secure physical and virtualised desktops and we certainly haven t seen anything of this comprehensive nature to date. Let s first define exactly what we mean by Virtual Desktop Infrastructure as shown in the diagram above. By this we mean a user operating environment with virtual machines on an central server that can be accessed from existing hardware or a thin client, and from anywhere, including, for example, a home user via a VPN or a BYOC Bring Your Own Computer individual. Broadband-Testing 1995-2010 5

Update Trend Micro specifically defines OfficeScan 10.5 as having VDI-aware endpoint security, so what exactly does it mean by this? In order to explain this we need to consider the pros and cons of VDI adoption. Why VDI? Lower operational cost than physical hardware Easier Deployment, Patching, Application Provisioning Extended desktop hardware lifecycles More secure: data never leaves the data centre Better regulatory compliance management Why Not? Malware risk potential: Identical to physical desktops Same OSs/software Same vulnerabilities Same risk of exposing sensitive, company data It is important to understand that a VDI brings with it new requirements from an administrative and security standpoint. For example, it is necessary to identify endpoint clients virtualisation status at all times. Sharing resource sounds great but that resource contention also needs to be managed. System utilisation such as processor, storage and network usage and performance need to be constantly monitored. Scalability, in other words, is a key issue here. With OfficeScan 10.5, Trend Micro has looked to avoid the kind of resource issues that can bring a VDI to its (virtual) knees, by providing specific measures to avoid this. Scanning for threats has a fundamental performance impact, whether at the client or server. In the case of a cloud-based solution, while as much of this impact is lifted from the client-server as possible, there remains some requirement for scanning at server or client level. In the case of a VDI, the impact is on the server. So imagine the consequences of what we call the 9am problem, where every virtual client is potentially receiving updates or scanning simultaneously. This problem is so rife that, in some cases, companies have been forced to turn off their security within a VDI hardly to be recommended. For this reason, OfficeScan 10.5 has scheduling options so that there is no single hit on the servers. Similarly, new pattern distribution is designed to be a background task, again removing over-utilisation of the servers. Interestingly, in tests, it is shown that serialisation of tasks such as scanning is more efficient in every sense than concurrent scanning, in that unless you have an infinite amount of CPU/memory/disk resource, which you do not it will also finish more quickly, as well as using far less resource. Techniques such as white-listing, developed from a base image, means that many elements such as those files that are unchanged - do not need to be re-scanned, again 6 Broadband-Testing 1995-2010

saving valuable resource within a VDI and reducing impact on the performance of the VDI host. Trend Micro claims that the new version of OfficeScan lets customer run more than double the number of desktop images per host without sacrificing security. Here is where the VDI awareness cuts in. OfficeScan 10.5 first detects whether a client is physical or virtual, and the applies logic appropriately with specific support for different virtual environments such as VMware View or Citrix XenDesktop. For example, it can serialise updates and cans on a per VDI-host basis and control the number of concurrent scans and updates per VDI host, thereby maintaining availability and performance levels of the VDI host. In order to maximise the cloud-based architecture of OfficeScan, with 10.5 a customer can choose between what they want in the local cloud and what stays in the global cloud. So, for any information requests, the system will interrogate the local cloud (server) first and only then, if it needs to, move to the global cloud. Again, we see clear performance benefits from this approach. The Great Trade-Off - Resolved Historically, within IT the bean counters have always seen investment in security as a trade off against the return on that investment i.e. security has been seen as a necessary evil. But within a VDI context, Trend Micro is confident that OfficeScan 10.5 actually provides a rapid ROI because of the cost savings involved in the optimisation of that environment. So the classic trade-off scenario no longer exists. The company claims that it pays for itself in less than three months with 1,000 users and in less than two months with 2,500 users. Under what Trend Micro terms as Enterprise Class Management, further scalability improvements have been made with OfficeScan 10.5, starting with unified management for physical and virtual endpoint clients. The total number of endpoints supported has also more than doubled to 20,000. Management and administration options have also been expanded so, for example, assigned roles can now be made domain specific, while individual domains can now have sub-domain trees. The database now synchronises fully with Active Directory while reporting options are also improved. OfficeScan 10.5 integrates with Active Directory for client management and compliance reports, so there is no requirement to duplicate databases. Cisco NAC support has also been further improved with tight integration on both the client and the management side. The software also optimises on a per virtual desktop OS basis. For example, the integration with Citrix Receiver means OfficeScan 10.5 deploys through Citrix Receiver, secure the endpoint client as a self-service application and enables easy provisioning of OfficeScan clients to end user devices. Broadband-Testing 1995-2010 7

Update There is no trade-off in security; the software supports consumerisation and, for example, in a BYOC scenario, that user s computer is checked and guaranteed to be protected before access is granted. With OfficeScan 10.5 Trend Micro has also moved forward significantly regarding Windows 7 certified support for both 32-bit and 64-bit environments, as well as migration between physical and virtual versions of Windows. OfficeScan 10.5 is also integrated with the Windows 7 Action Center for client status reports to the end-user. File AND Web Reputation With OfficeScan 10.5 the software now supports both File and Web Reputation services in local as well as global mode, working in both privacy and proxy modes. Providing local support again improves performance and data retrieval for the end user. File Reputation: this queries constantly updated information on the safety of a file before it is accessed, thereby eliminating the management burden commonly associated with pattern based solutions. In so doing it provides immediate protection for endpoints, on or off the corporate network and reduces the impact on the endpoint s performance and resources. With OfficeScan 10.5, it has been designed to minimise the client footprint on the virtual Machines both memory and CPU. Web Reputation: this defends against web-based malware, data theft, lost productivity, and reputation damage with a view to protecting customers and applications from accessing malicious or infected websites. The feature works directly with the Smart Protection Network to determine the safety of websites which are dynamically rated for degrees of safety. By getting to the absolute root of the threat, the software can then scan the web for other bad content emanating from this route. As such it is designed to provide real-time protection in any networking scenario, regardless of connection type. 8 Broadband-Testing 1995-2010

SUMMARY & CONCLUSIONS When we first looked at OfficeScan 10 we recognised its effective use of the cloud an area that has been much abused previously by many vendors. But with OfficeScan 10.5 the game has moved on again, with the virtual desktop now also secured. All the benefits of OfficeScan 10 that we identified are now available in a Virtual Desktop Infrastructure. What needs to be understood is that security must be tightly integrated into the VDI and Trend Micro has done exactly that here. Defining itself as the industry s first VDI-aware security solution is a big claim, but one that seems justified. Advanced support for Windows 7 and both VMware and Citrix virtual environments are significant advances, while overall management flexibility and use of local or global cloud resources has been improved. The result is that Trend Micro claims that OfficeScan 10.5 can pay for itself within two months, again a substantial claim, but one that we can believe, given the number of optimisation features the software delivers. Broadband-Testing 1995-2010 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information