Deep Security 7.5 Todd Thiemann Sr. Dir. of Datacenter Security Marketing Trend Micro Harish Agastya Director of Datacenter Security Marketing Trend Micro Classification 11/12/2010 1
Virtualization Journey Stages Stage 1: IT Production Benefit: Cost Efficiency Stage2: Business Prodn. + Quality of Service Servers Stage 3: ITaaS + Business Agility 85% Desktops 70% 30% 15% THE SECURITY INHIBITORS TO VIRTUALIZATION
Security Challenges Along the Virtualization Journey VMware and Trend Micro help customers address these issues, and accelerate the journey IT Production Business Production ITaaS Data destruction Multi-tenancy Diminished perimeter Data access & governance Data confidentiality & integrity Compliance / Lack of audit trail Resource Contention Mixed trust level VMs Instant-on gaps 11 10 9 8 7 6 5 4 3 Inter-VM attacks 2 Host controls under-deployed 1
Deep Security 7.5 Presenting a new agentless anti-malware module designed for VMware environments Classification 11/12/2010 4
Security Inhibitors to Virtualization 1 Resource contention 3:00am Scan Typical AV Console
Security Inhibitors to Virtualization 2 Instant-on gaps Active Reactivated with out-of-date Dormant security New VMs
Security Inhibitors to Virtualization 3 Complexity of Management Provisioning new VMs Reconfiguring agents Rollout patterns Patch agents
Trend Micro Deep Security Server & application protection Latest anti-malware module adds to existing set of advanced protection modules Deep Packet Inspectio n Firewall Antimalware Log Inspection Integrity Monitoring 8
Agentless Anti-malware for Vmware environments Virtual Appl. App App App SPN OS OS OS ESX Server vshield Endpoint APIs Leverages vshield Endpoint APIs (available in vsphere 4.1) Instantly protects all VMs of all guest OS s without an agent Serializes scan operations to prevent AV storms Integrates with Smart Protection Network for real-time protection & efficient pattern file footprint 9
Agentless Anti-malware Key Benefits BEFORE Agent Agent Agent AFTER Virtual Appl. vsphere vshield Endpoint Significantly improved manageability - no agents to configure, update and patch Faster performance Freedom from AV Storms Stronger security Instant ON protection + tamper-proofing Higher consolidation levels Inefficient operations removed 10
Appliance also provides agentless intrusion defense & web application protection App App App Virtual Appl. Firewall IDS / IPS Web app Anti-Virus OS OS OS ESX Server VMsafe & vshield Endpoint APIs Appliance also integrates VMsafe APIs DS 7.0 feature Inspects ALL network traffic at hypervisor layer Closes Inter-VM traffic blind spots endemic to Network IPS Modules also available in agent form coordinates with appliance 11
Trend Micro Deep Security Modules Server & application protection 5 protection modules Shields web application vulnerabilities Deep Packet Inspection IDS / IPS Web Application Protection Application Control Detects and blocks known and zero-day attacks that target vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Firewall Anti-Virus Detects and blocks malware (web threats, viruses & worms, Trojans) Optimizes the identification of important security events buried in log entries Log Inspection Integrity Monitoring Detects malicious and unauthorized changes to directories, files, registry keys 12 Protection is delivered via Agent and/or Virtual Appliance
Deep Security architecture 13
Deep Security also provides: Virtual patching for over 100 applications Deep Security rules shield vulnerabilities in these common applications Operating Systems Database servers Web app servers Mail servers FTP servers Backup servers Storage mgt servers DHCP servers Desktop applications Mail clients Web browsers Anti-virus Other applications Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11) Oracle, MySQL, Microsoft SQL Server, Ingres Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional, Ipswitch, War FTP Daemon, Allied Telesis Computer Associates, Symantec, EMC Symantec, Veritas ISC DHCPD Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client Internet Explorer, Mozilla Firefox Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 14
Deep Security also provides: Security for Payment Card Industry (PCI) Deep Security addresses multiple PCI requirements in ONE integrated solution (1.) Network Segmentation (1.x) Firewall (5.1) Anti-virus (6.1) Virtual Patching* (6.5) Web Application Firewall (10.6) Review Logs Daily (11.4) Deploy IDS / IPS (11.5) Deploy File Integrity Monitoring * Compensating control subject to QSA approval 15
Trend Micro Smart Protection Network Innovative Cloud-Client Infrastructure Datacenter Corporate Network The 4-year Smart R&D Protection investment Network Threat Difference Management Powers Trend Micro & Email Web, Gateways Enterprise file, email Security reputation Enterprise, 30 billion queries SMB, daily Consumer, Partner product integration Web Servers 4 billion threats blocked daily Automated Smart Feedback #1 in NSS Labs Rankings All data collected, analyzed, cross-correlated to provide the best, real-time protection Physical Servers The Smart Protection On-site Employees Network demonstrates great vision Most efficient and leadership signature mgt and Virtual Servers endpoint footprint Private Cloud Jon Olstik Senior Analyst, ESG Security & Systems Management Off-site Employees Threat Correlation, Feedback Loops, Analysis Email Reputation File Reputation Web Reputation Stopping threats before they reach your network EMAIL THREATS WEBSITE THREATS FILE THREATS