Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013 Copyright 2012 Trend Micro Inc. 2 2
SPAM? Cloud! Death? Taxes?
Chance or Risk?
What s Holding Back IaaS Deployment? In 2012, over ½ said apprehension over security is holding back their cloud adoption Top two risks / barriers to adopting the cloud: 50% - performance / availability of cloud 54% - security of data or cloud infrastructure 3/26/2013 5 Copyright 2012 Trend Micro Inc.
Securing workloads Copyright 2011 Trend Micro Inc.
Security Requirements do not change! Firewall HIPS / Virtual Patching Web Application Protection Antivirus File Integrity Monitoring Log Inspection Single Management Console Advanced Reporting Module
Trend Micro Deep Security System, application and data security across: 5 protection modules Shields web application vulnerabilities Deep Packet Inspection IDS / IPS Web Application Protection Application Control Detects and blocks known and zero-day attacks that target vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Firewall Anti-Virus Detects and blocks malware (web threats, viruses & worms, Trojans) Optimizes the identification of important security events buried in log entries Log Inspection Integrity Monitoring Detects malicious and unauthorized changes to directories, files, registry keys Protection is delivered via Agent 8 and/or Virtual Appliance
Virtual Patching Rules are developed and delivered automatically to protect Before patches are available Unsupported OSs and apps Legacy web applications Devices that are difficult to patch ATM kiosk, point of sale, medical devices, etc. Prevent business disruption and data breach. Keep systems, applications, and data secure 3/26/2013 9 Copyright 2012 Trend Micro Inc. 9
Virtual Patching with Deep Security Raw Traffic Over 100 applications shielded including: Operating Systems 1 Stateful Firewall Allow known good Database servers Web app servers Deep packet inspection Filtered Traffic 2 3 4 Exploit Rules Stop known bad Vulnerability Rules Shield known vulnerabilities Smart Rules Shield unknown vulnerabilities and protect specific applications Mail servers FTP servers Backup servers Storage mgt servers DHCP servers Desktop applications Mail clients Web browsers Anti-virus Other applications 10
Deep Security Integration with VMware APIs Integrates with vcenter Integrates with vcloud Integrates with Intel TPM/TXT Trend Micro Deep Security Antivirus Web reputation Log inspection Agentless Intrusion prevention Firewall Agentless Agentless Integrity monitoring Agent-based 1 2 3 4 VMsafe APIs vshield Endpoint vshield Endpoint Security agent on individual VMs Security Virtual Machine v S p h e r e v C l o u d 5 years of collaboration and joint product innovation First and only agentless security platform First and only security that extends from datacenter to cloud Hypervisor Integrity Monitoring
Efficient Security for VMware environemnts With Agentless Security The Old Way Security Virtual Appliance VM VM VM VM VM VM VM VM VM VM VM VM VM Agentless Security for VMware Antivirus and more Antivirus Integrity Monitoring Intrusion Prevention Virtual Patching Firewall Web Application Protection Maximizes Performance and ROI
Deep Security Architecture Single Pane Scalable Redundant Deep Security Manager 1 Reports 2 Deep Security Agent 3 4 SecureCloud Deep Security Agent Modules: DPI & FW Anti-malware Integrity Monitoring Log Inspection Deep Security Virtual Appliance Modules: DPI & FW Anti-malware Integrity Monitoring CSP Integration Modules: Data Protection
Deep Security Summary of highlights A fully integrated server security platform Only solution to offer specialized protection for physical virtual and hosted First and only agentless security platform (anti-malware, web reputation, firewall, intrusion prevention, VM & hypervisor integrity monitoring) for VMware environment First and only datacenter security solution that extends to public/hybrid cloud Only solution in its category to be certified EAL 4+ Trend Micro 22.9% Trend Micro 13% Trend Micro All Others 77.1% All Others Combined 87%
Deep Security for xsps Copyright 2011 Trend Micro Inc.
Deep Security for xsps SaaIS Security as a Infrastructure Service Agentless Security on VMWare Additional modules/plans Guarentee SLAs by minimizing Admin interference Hosted Deep Security Manager Multitenant setup Manage local, on-premise and remote systems 3/26/2013 16 Confidential Copyright 2012 Trend Micro Inc.
Securing data Copyright 2011 Trend Micro Inc.
The cloud eraser!
SecureCloud Enterprise Datacenter or SaaS Offering Service Provider VM Corporate App VM VM VM Hypervisor Trend Micro SecureCloud Console Shared Storage Enterprise Key My Data
SecureCloud for xsps Copyright 2011 Trend Micro Inc.
SecureCloud for xsps Customer uses on-premise/saas KMS Plausible deniability - No access to sensitive data Backup/Restore Maintenance xsp offers hosted KMS as a services Experience with 24x7 sensitive services High-margin service (compared to IaaS) 3/26/2013 23 Confidential Copyright 2012 Trend Micro Inc.
Total Cloud Protection with Deep Security 9 and SecureCloud 3 System, application and data security in the cloud Deep Security 9 Context Aware Credit Card Payment Sensitive Social Patient SecureCloud Security Medical Research Numbers Records Results 3 Information Modular protection for servers and applications Self-Defending VM Security in the Cloud Agent on VM allows travel between cloud solutions One management portal for all modules Encryption with Policy-based Key Management Data is unreadable to unauthorized users Policy-based key management controls and automates key delivery Server validation authenticates servers requesting keys
Trend Ready Programm Copyright 2011 Trend Micro Inc.
Trend Ready Program for Cloud Service Providers A technology partnership initiative aimed at facilitating enterprise adoption of public and hybrid IaaS cloud computing by reducing security adoption barriers Provides end user education on cloud security and governance risks; describes methods to mitigate them Delivers cloud security tools relevant to reducing cloud risk Deep Security and SecureCloud offer integrated application, server and data threat mitigation Verifies through testing that Trend Micro security products are interoperable and effective in partner clouds Directs enterprises towards Trend Ready CSPs for rapid and secure cloud deployment Value: End user: gain additional knowledge about cloud risk factors; ability to safely access efficiencies and economics offered by public IaaS CSP: offer additional security components that help increase user base, add revenue and differentiate cloud service from peer CSPs
Thank You! 3/26/2013 28 Confidential Copyright 2012 Trend Micro Inc.