Tnd Micro Deep Security for wa Horizon Mobile Secu Workplace Tnd Micro Optimizes and Secus the wa Horizon Mobile Secu Workplace Across Devices and Locations SECURING THE NEW MOBILE WORKFORCE Today s employees a incasingly mobile, thanks to high-powed consumer laptops, desktops, tablets, and smartphones that enable workers to be productive most anywhe at home, in the office, and on the move. This tnd, the consumerization of IT, is forcing many IT departments to scramble to balance consumer tnds and needs with IT quiments to protect corporate assets. To addss the new mobile workforce challenge, wa has worked with key partners such as Tnd Micro to develop a solution the wa Horizon Mobile Secu Workplace. With the Mobile Secu Workplace, wa and Tnd Micro a transforming stationary workstations into secu, stateless mobile workspaces leading to incased employee productivity and satisfaction, enhanced security and compliance, and lower total cost of ownership. Mobile Secu Workplace holds the promise of a new way to work, enabling bring-your-own-device (BYOD) programs and delivering a seamless experience for virtual desktop users. Securing this new way to work demands a new approach as well, and as a sult, Tnd Micro and wa have partned to deliver agentless security for virtualized datacenters and desktop virtual machines. Traditional agent-based security solutions that a not designed for virtualization can sult in a number of significant operational security issues. wa and Tnd Micro s agentless security solve these challenges. KEY BENEFITS Together Tnd Micro Deep Security and wa protect Mobile Secu Workplace environments from the latest thats, while delivering: Higher Density by offloading security scans from individual virtual machines to a single security virtual appliance on each wa vsphe host Optimized Resources by eliminating antivirus storms and source contention from multiple security agents Simplified Management by eliminating agents and the need to configu and update each one Stronger Security by providing instant-on protection for new virtual machines and tamperproof security coordinated by the dedicated security appliance UNIQUE CHALLENGES IN VIRTUAL DESKTO ENVIRONMENTS Both physical and virtual desktops need malwa protection, but virtual desktop anti-malwa security must be designed for a shad source environment. If traditional physical security is deployed, simultaneous anti-malwa scans and scheduled updates across all of the individual virtual desktop instances can cate performance degradation on the host sabotaging the improved age 1 of 5 SOLUTION BRIEF TREND MICRO DEE SECURITY
efficiencies that can be achieved with virtual desktops. And the ease of virtual desktop provisioning can make it difficult to keep virtual desktop security curnt. Only virtualization-awa security can combat these virtual desktop security challenges: Resource Contention In virtual desktop deployments, numerous desktops sha the host s hardwa sources, often at a ratio of 60-to-1 or higher. Simultaneous security updates and full-system scans can sult in a dramatic loss of desktop performance limiting availability or ducing virtual machine consolidation ratios. Instant-On Gaps Virtual desktops can quickly be provisioned, cloned, verted to pvious instances, paused, and started, all latively easily. Vulnerabilities or configuration errors may be unknowingly propagated, and dormant desktop images can be activated with out-of-date security. Antivirus (AV) Storms When traditional AV solutions simultaneously initiate scans or scheduled security updates on all virtual machines on a single physical host, an AV storm can sult, cating an extme load on the system and ducing performance. Compliance and Data rivacy With the ease of provisioning and mobility of virtual desktops, it can be difficult to maintain an auditable cord of the security state of a virtual desktop at any given point in time. Yet, many gulations qui proof of curnt antimalwa protection. SECURING THE MOBILE SECURE WORKLACE The wa Horizon Mobile Secu Workplace solution enables IT to support device diversity and BYOD initiatives by improving user access and mobility, stamlining application updates, enhancing data security and delivering the highest-fidelity user experience. As the security component of the Horizon Mobile Secu Workplace solution, wa vshield and products, together with Tnd Micro Deep Security, allow IT to offload AV to secu virtual machines. This provides high levels of isolation between source pools and networks, allowing IT to apply policies across virtual machines and pools of users. Within a Mobile Secu Workplace Environment, Deep Security components a located on Virtual Desktop ESX hosts as the Deep Security Virtual Appliance and on the Management Cluster as the Deep Security Manager. The Deep Security Virtual Appliances provide the agentless security services to the hypervisor while the Deep Security Manager manages these Deep Security Virtual Appliances and stos all configuration settings and events. Deep Security Virtual Appliance Transpantly enforces security policies on wa vsphe virtual machines for agentless anti-malwa, IDS/IS, integrity monitoring, web application protection, application control, and fiwall protection coordinating with Deep Security Agent, if desid, for log inspection and defense in depth. Deep Security Manager owerful, centralized management enables administrators to cate security profiles and apply them to servers, monitor both alerts and pventive actions taken in sponse to thats, distribute security updates to servers, and generate ports. Event tagging functionality stamlines the management of high-volume events. SOLUTION ELEMENTS Tnd Micro Deep Security with maximizes virtual desktop protection and performance. Key solution elements include: WARE HORIZON VIEW wa modernizes desktops and applications by moving them into the cloud and delivering them as a managed service. From the end user s perspective, with persona management makes it possible to work from virtually any location using any qualified device to access their personal desktops including corporate and personally owned Cs, thin clients, zero clients, iads, and other tablets. age 2 of 5 SOLUTION BRIEF TREND MICRO DEE SECURITY
Android Tablet iad DA Zero Windows Thin Macintosh Windows with Local Mode Horizon View Devices Internal Network External Network Layer 7 Load Balancer for Security and Connection Servers DMZ Security Servers Virtual Desktops Connection Servers Active Dictory rint Server Certificate Authority RADIUS SSO Management Deep Security Agent Deep Security Virtual Appliance vcenter Antivirus vcm vcops vshield Deep Security Manager wa Local SSD Datastos for Composer Linked Clone Storage wa wa Management vsphe Shad Storage for ersona, User Data, ThinApp Applications and Master Images Virtual Desktop vsphe Figu 1: Deep Security Components within the Mobile Secu Workplace Environment age 3 of 5 SOLUTION BRIEF TREND MICRO DEE SECURITY
Included in wa is wa vshield Endpoint, a unique solution that optimizes host and endpoint security for use in vsphe and Horizon View environments. vshield Endpoint provides the intermediary for anti-malwa and deep packet inspection. This allows IT to enhance endpoint performance across the desktop environment by offloading virus scanning to secu virtual machines effectively eliminating the need to install complex antivirus agents inside each individual virtual machine. This advanced solution fes up system sources, improves performance, and eliminates the risk of security storms (overloaded sources during scheduled scans and signatu updates). TREND MICRO DEE SECURITY Tnd Micro Deep Security provides a comphensive server security platform integrated with the Mobile Secu Workplace solution. Tnd Micro was the first security vendor to integrate with wa vshield Is to provide better protection, duce administrative complexity, and incase performance through cuttingedge agentless technology. Built to handle the rigors of virtual desktop environments, wa and Tnd Micro solutions maximize protection and security while pserving performance and incasing ROI. Tightly integrated modules easily expand the platform to ensu server, application, and data security across physical, virtual, and cloud servers, as well as virtual desktops. Deep Security provides a wide range of security options for wa virtual machines: ANTI-MALWARE Integrates new wa vshield Endpoint Is to provide agentless anti-malwa protection for wa virtual machines with zero in-guest footprint Helps avoid security brown-outs commonly seen in full system scans and pattern updates vents users from accessing malicious websites and downloading malwa based on up-to-the-minute web putation INTRUSION DETECTION AND REVENTION Shields known vulnerabilities from unlimited exploits until they can be patched Helps achieve timely protection against known and zero-day attacks Uses vulnerability rules to shield a known vulnerability for example those disclosed monthly by Microsoft from an unlimited number of exploits Offers out-of-the-box vulnerability protection for over 100 applications, including database, web, email, and FT servers Automatically delivers rules that shield newly discoved vulnerabilities within hours and can be pushed out to thousands of servers in minutes, without a system boot INTEGRITY MONITORING Detects malicious and unexpected changes Leverages an agentless configuration to add gater security to virtual machines without additional footprint Reduces the complexity of administrative operations with event tagging and cloud-based whitelisting Includes al-time, on-demand, or scheduled detection of change and provides auditable ports LICATION CONTROL Incases visibility and control of applications accessing the network Identifies malicious softwa accessing the network and duces the server vulnerability exposu age 4 of 5 SOLUTION BRIEF TREND MICRO DEE SECURITY
FIREWALL Centralizes management of server fiwall policy using a bi-dictional stateful fiwall Supports virtual machine zoning and pvents denialof-service attacks rovides broad coverage for all I-based protocols and frame types as well as fine-grained filtering for ports and I and MAC addsses LOG INSECTION Collects and analyzes operating and application logs for suspicious behavior, security events, and administrative events across the datacenter. WEB LICATION ROTECTION Enables compliance with CI Requiment 6.6 for the protection of web applications and the data that they process Defends against SQL injections attacks, crosssite scripting attacks, and other web application vulnerabilities Shields vulnerabilities until code fixes can be completed SUMMARY wa Horizon Mobile Secu Workplace is a managed solution that integrates technology from wa and Tnd Micro to ensu a secu and seamless experience for virtual desktops, allowing IT to provide the new mobile workforce access to their desktops, applications, and data anywhe, any time, on any device. LEARN MORE ABOUT MOBILE SECURE WORKLACE For additional information about Tnd Micro Deep Security for wa including the Mobile Secu Workplace solution, please visit www.tndmicro. com/deepsecurity or for contact phone numbers, see http://www.tndmicro.com/us/about-us/locations/index. html. 2013 by Tnd Micro Incorporated. All rights served. Tnd Micro, the Tnd Micro t-ball logo, and Deep Security a trademarks or gisted trademarks of Tnd Micro Incorporated. All other company and/or product names may be trademarks or gisted trademarks of their owners. Information contained in this document is subject to change without notice. [ S B 0 1 _ D S _ M S W _ 1 3 0 4 0 1 U S ] age 5 of 5 SOLUTION BRIEF TREND MICRO DEE SECURITY www.tndmicro.com