data protection and server security challenges of pci dss2...apr 27, 2013 · joseph lee . 9. th....
TRANSCRIPT
![Page 1: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/1.jpg)
Joseph Lee
9th Apr. 2013
Data protection and Server security challenges of PCI DSS2.0
![Page 2: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/2.jpg)
Source: Trend Micro
![Page 3: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/3.jpg)
Source: Trend Micro, openclipart.org
Zero-day / APT Advanced Persistence Threat
![Page 4: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/4.jpg)
Source: Trend Micro
CLOUD
VIRTUAL / CLOUD New Architecture
![Page 5: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/5.jpg)
Physical 》 Virtual 》 Cloud
Virtual Server 50% - 71% Virtual Desktop 40% - 64%
Private Cloud 39% - 57% Public Cloud 38% - 53%
Source: Trend Micro, Gartner
72 % Servers will all be virtualized at 2014.
![Page 6: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/6.jpg)
2011 Data Breach
96% of victims NOT PCI DSS compliant
• PCI DSS 2.0
84% of victim had Log of breach evidence
• Data Protection
94% of victim data comprised with Servers • Server Security
![Page 7: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/7.jpg)
Compliant ? High Cost
Today’s Challenges -
High Risks
• Separate Data • Keep Arming • One Policy Fits All
Source: Trend Micro, PCI
![Page 8: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/8.jpg)
• PCI DSS 2.0
–96% of victims NOT PCI DSS compliant
• Data Protection
• Server Security
![Page 9: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/9.jpg)
PCI DSS Data Security Standard
Source: PCI, iStockPhoto
![Page 10: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/10.jpg)
PCI DSS Data Security Standard
My company
Affiliates
Service Providers
Outsourcers
High Risk!
Source: PCI, iStockPhoto
![Page 11: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/11.jpg)
PCI DSS 2.0 Requirement
1. Build & Maintain Secure Network
1) Install and maintain a Firewall configuration to protect cardholder data
2) Do not use vendor-supplied Defaults for system passwords and other security parameters
2. Protect Cardholder Data
3) Protect Stored cardholder data 4) Encrypt Transmission of cardholder data across open,
public networks 3. Maintain
Vulnerability mgmt. Program
5) Use and regularly Update Anti-Virus software or Programs
6) Develop and maintain Secure systems and applications
4. Implement Strong Access Control Measures
7) Restrict Access to cardholder data by business need to know
8) Assign a Unique ID to each person with computer access 9) Restrict Physical Access to cardholder data
5. Regular Monitor & Test Networks
10) Track and Monitor all access to network resources and cardholder data
11) Regularly Test security systems and processes 6. Maintain Info.
Security Policy 12) Maintain a Policy that addresses information security for
All Personnel
Source: Requirements and Security Assessment Procedures
![Page 12: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/12.jpg)
PCI DSS 2.0 Requiremen
t Requirements Data Protection
(Data Life-Cycle) Server Security
(Virtual/Cloud) 1. Build & Maintain Secure Network Firewall, No default password/setting
1.2*, 1.4, 2.2, 2.4 1.x, 2.2.1, 2.2.2, 2.4,A.1*
2. Protect Cardholder Data Protect storage, Encrypt transmission
3.1, 3.2, 3.4, 3.5, 3.6, 4.1, 4.2
3. Maintain Vulnerability Management Program Patching for Anti-virus, System, and Apps
5.1, 5.2, 6.1, 6.2, 6.3*, 6.5*, 6.6
5.1*, 5.2*, 6.1*, 6.2*, 6.5*, 6.6
4. Implement Strong Access Control Measures Restrict (physical) access, Unique ID
9.7*, 9.9*
5. Regular Monitor & Test Networks Audit trial, File integrity
11.2 10.2*, 10.3*, 10.5, 10.6*, 11.2*, 11.4, 11.5
6. Maintain Information Security Policy Policy control, Intrusion
12.6, 12.9 12.6, 12.9*
* compensating controls http://apac.trendmicro.com/apac/solutions/enterprise/security-solutions/server-security/payment-card/requirements/index.html
Trend Micro Enterprise Security
![Page 13: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/13.jpg)
PCI DSS 2.0 Requiremen
t Requirements Data Protection
(Data Life-Cycle) Server Security
(Virtual/Cloud) 1. Build & Maintain Secure Network Firewall, No default password/setting
1.2*, 1.4, 2.2, 2.4 1.x, 2.2.1, 2.2.2, 2.4,A.1*
2. Protect Cardholder Data Protect storage, Encrypt transmission
3.1, 3.2, 3.4, 3.5, 3.6, 4.1, 4.2
3. Maintain Vulnerability Management Program Patching for Anti-virus, System, and Apps
5.1, 5.2, 6.1, 6.2, 6.3*, 6.5*, 6.6
5.1*, 5.2*, 6.1*, 6.2*, 6.5*, 6.6
4. Implement Strong Access Control Measures Restrict (physical) access, Unique ID
9.7*, 9.9*
5. Regular Monitor & Test Networks Audit trial, File integrity
11.2 10.2*, 10.3*, 10.5, 10.6*, 11.2*, 11.4, 11.5
6. Maintain Information Security Policy Policy control, Intrusion
12.6, 12.9 12.6, 12.9*
http://apac.trendmicro.com/apac/solutions/enterprise/security-solutions/server-security/payment-card/requirements/index.html
Trend Micro Enterprise Security
Trend Micro 27%
Worldwide Corporate Endpoint Server Security Revenue Share by Vendor, 2011 Source: IDC,
2012
![Page 14: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/14.jpg)
PCI Compliant Low Cost
Our Mission -
Low Risks
• Separate Data • Keep Arming • One Policy Fits All
X X
Source: Trend Micro, PCI
![Page 15: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/15.jpg)
PCI DSS 2.0
• Data Protection
–84% of victim had Log of breach evidence
• Server Security
![Page 16: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/16.jpg)
PCI DSS 2.0 Requirement Challenge - Keep Arming
1. Build & Maintain Secure Network
1) Install and maintain a firewall configuration to protect cardholder data 2) Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data
3) Protect stored cardholder data 4) Encrypt transmission of cardholder data across open, public networks
3. Maintain Vulnerability mgmt. Program
5) Use and regularly update anti-virus software
or programs 6) Develop and maintain secure systems & applications
4. Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need to know 8) Assign a unique ID to each person with computer access 9) Restrict physical access to cardholder data
5. Regular Monitor & Test Networks
10) Track and monitor all access to network resources and cardholder data
11) Regularly test security systems and processes
6. Maintain Info. Security Policy
12) Maintain a policy that addresses information security for all personnel
Source: Requirements and Security Assessment Procedures
![Page 17: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/17.jpg)
http://apac.trendmicro.com/apac/about/news/pr/
Data Protection on Cloud
Trend Micro Great 2012 win!
77M users
800M users
10M users
94M users
Customers 》 Their Customers
Global Threat Intelligence
• Smart Protection Network™
• Web Security Service
• Mobile App Reputation
Data Encryption
• SecureCloud™
• SafeSync™
![Page 18: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/18.jpg)
Trend Micro Smart Protection Network™
http://cloudsecurity.trendmicro.com/us/technology-innovation/our-technology/smart-protection-network/index.html http://www.trendmicro.com/cloud-content/us/pdfs/business/case-studies/cs_dubex_officescan-mobile-security-dlp.pdf
Cloud Security 》
6 TB / day threat data analyzed
16 B / day URL, Email, & File queries correlated
200 M / day threats blocked
![Page 19: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/19.jpg)
Trend Micro Smart Protection Network™
http://cloudsecurity.trendmicro.com/us/technology-innovation/our-technology/smart-protection-network/index.html http://www.trendmicro.com/cloud-content/us/pdfs/business/case-studies/cs_dubex_officescan-mobile-security-dlp.pdf
New patterns Previous: 24 hrs Now: 20 min
![Page 20: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/20.jpg)
Trend Micro Smart Protection Network™
•40% Management Cost Saved (by Osterman Research, Inc.)
• Self-Learning
http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_tmes_cc_impact.pdf http://cloudsecurity.trendmicro.com/us/technology-innovation/our-technology/smart-protection-network/index.html
http://www.trendmicro.com/cloud-content/us/pdfs/business/case-studies/cs_dubex_officescan-mobile-security-dlp.pdf
![Page 21: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/21.jpg)
PCI DSS 2.0 Requirement Challenge - Separate Data
1. Build & Maintain Secure Network
1) Install and maintain a firewall configuration to protect cardholder data 2) Do not use vendor-supplied defaults for system passwords and other security
parameters
2. Protect Cardholder Data
3) Protect stored cardholder data
4) Encrypt transmission of cardholder data across open, public networks
3. Maintain Vulnerability mgmt. Program
5) Use and regularly update anti-virus software or programs 6) Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need to know
8) Assign a unique ID to each person with computer access
9) Restrict physical access to cardholder data
5. Regular Monitor & Test Networks
10) Track and monitor all access to network resources and cardholder data
11) Regularly test security systems and processes
6. Maintain Info. Security Policy
12) Maintain a policy that addresses information security for all personnel
Source: Requirements and Security Assessment Procedures
![Page 22: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/22.jpg)
Separate Data?
http://cloud.trendmicro.com/building-a-truly-secure-cloud-with-dell-and-trend-micro/
Dell Cloud Service
![Page 23: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/23.jpg)
http://cloud.trendmicro.com/building-a-truly-secure-cloud-with-dell-and-trend-micro/
AES 256 Encryption
Secure Key Exchange
Offsite Key Storage
Encrypted Data
Customer Support +
SecureCloud
Dell Cloud Service
![Page 24: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/24.jpg)
Trend Micro SecureCloud
Separate Cardholder Data
Source: Trend Micro
vCloud®
Enterprise Key
Cloud Service Provider
Trend Micro SecureCloud
Console
Shared Storage
VM Corporate
App VM VM VM
Hypervisor
My Data
ESX, vSphere
![Page 25: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/25.jpg)
Trend Micro SecureCloud Security Policies
1. Access Management
2. Device for Encryption
3. Running Instances
4. Policies & Rules: for Access & Protection
Source: Trend Micro
![Page 26: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/26.jpg)
PCI DSS 2.0 Requirement Challenge - One Policy Fits All
1. Build & Maintain Secure Network
1) Install and maintain a firewall configuration to protect cardholder data 2) Do not use vendor-supplied defaults for system passwords and other security
parameters
2. Protect Cardholder Data
3) Protect stored cardholder data
4) Encrypt transmission of cardholder data across open, public networks
3. Maintain Vulnerability mgmt. Program
5) Use and regularly update anti-virus software or programs
6) Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need to know 8) Assign a unique ID to each person with computer access
9) Restrict physical access to cardholder data
5. Regular Monitor & Test Networks
10) Track and monitor all access to network resources and cardholder data
11) Regularly test security systems and processes
6. Maintain Info. Security Policy
12) Maintain a policy that addresses information security
for all personnel Source: Requirements and Security Assessment Procedures
![Page 27: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/27.jpg)
Data Life-Cycle
Data Protection on Cloud
Encryption Device Control DLP
Source: Trend Micro
![Page 28: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/28.jpg)
Gateway & Server DLP
Gateway Encryption
• DLP Network Monitor • Interscan Messaging Security
• ScanMail for Exchange/Lotus Domino • Threat Management Services
• Worry-Free Business Security Adv*
• Email Encryption Gateway • Interscan Messaging Security
• Hosted Email Encryption
Source: Trend Micro
Transmit Data
Life-Cycle of Data Protection
![Page 29: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/29.jpg)
Secure Cloud
Gateway & Server DLP
Gateway Encryption
• DLP Network Monitor • Interscan Messaging Security
• ScanMail for Exchange/Lotus Domino • Threat Management Services
• Worry-Free Business Security Adv*
• Email Encryption Gateway • Interscan Messaging Security
• Hosted Email Encryption
• Deep Security – Deep Packet Inspection
• Vulnerability Management Services
Data Discovery
Web Site Protection
DLP
Integrity Monitoring
DLP Endpoint PortalProtect
Deep Security – Integrity Monitoring
SecureCloud™ SafeSync™
Source: Trend Micro
Transmit Data Store Data
Store Data
Life-Cycle of Data Protection
![Page 30: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/30.jpg)
Secure Cloud
Gateway & Server DLP
Gateway Encryption
• DLP Network Monitor • Interscan Messaging Security
• ScanMail for Exchange/Lotus Domino • Threat Management Services
• Worry-Free Business Security Adv*
• Email Encryption Gateway • Interscan Messaging Security
• Hosted Email Encryption
• DLP Endpoint • OfficeScan
• Worry-Free Business Security Adv*
Media Encryption (File/Folder, Disk, Email,
Removable Media)
DLP & Device Control
• Endpoint Encryption • Email Encryption Client
• Deep Security – Deep Packet Inspection
• Vulnerability Management Services
Data Discovery
Web Site Protection
DLP
Integrity Monitoring
DLP Endpoint PortalProtect
Deep Security – Integrity Monitoring
SecureCloud™ SafeSync™
Source: Trend Micro
Process Data (Endpoint) Transmit Data Store Data
Store Data
Life-Cycle of Data Protection
![Page 31: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/31.jpg)
Secure Cloud
Process Data (Endpoint) Transmit Data
Gateway & Server DLP
Gateway Encryption
• DLP Network Monitor • Interscan Messaging Security
• ScanMail for Exchange/Lotus Domino • Threat Management Services
• Worry-Free Business Security Adv*
• Email Encryption Gateway • Interscan Messaging Security
• Hosted Email Encryption
Store Data
Store Data
• DLP Endpoint • OfficeScan
• Worry-Free Business Security Adv*
Media Encryption (File/Folder, Disk, Email,
Removable Media)
DLP & Device Control
• Endpoint Encryption • Email Encryption Client
• Deep Security – Deep Packet Inspection
• Vulnerability Management Services
Data Discovery
Web Site Protection
DLP
Integrity Monitoring
DLP Endpoint PortalProtect
Deep Security – Integrity Monitoring
Threat Information, Policy Management
SIEM • SNMP • SYSLOG
Enterprise Security Manager
SecureCloud™ SafeSync™
Source: Trend Micro
Life-Cycle of Data Protection
![Page 32: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/32.jpg)
ROI of Data Protection
http://www.trendmicro.com/us/marketing/roi-calculator/virtual-appliance/roi-calculator/index.html http://go.trendmicro.com/tco-calculator/
http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_tmes_cc_impact.pdf http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_osterman-virtualization.pdf
![Page 33: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/33.jpg)
Benefits of Data Protection
Low Cost Centralized Administration
Performance Savings by Cloud Integration
Low Risks Persistent Data Protection
Latest Updated
PCI Compliant Separate Data
Maintain a Policy for all
![Page 34: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/34.jpg)
PCI DSS 2.0
• Data Protection
• Server Security
–94% of victim data comprised with Servers
![Page 35: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/35.jpg)
PCI DSS 2.0 Virtualization Guidelines
Source: PCI
![Page 36: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/36.jpg)
PCI DSS 2.0 Virtualization Guidelines
Area of Responsibility Type of Cloud Service
IaaS PaaS SaaS
Data
Software, User applications
O/S, Databases Virtual Infrastructure
(hypervisor, virtual appliances, VMs, virtual networks etc)
Computer and Network Hardware (processor, memory, storage, cabling, etc.)
Data Center (physical facility)
Example of how scope and responsibility may differ by type of cloud service:
Cloud Service Provider
Cloud Customer
Source: PCI
![Page 37: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/37.jpg)
Amazon Web Services™ Customer Agreement
4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own
steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to
protect Your Content from unauthorized access and routine archiving Your Content.
http://aws.amazon.com/agreement/#4 (30 March 2011)
The cloud Customer has responsibility for Security and needs to plan for Protection.
Source: Amazon
![Page 38: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/38.jpg)
PCI DSS 2.0 Requirement Challenge - One Policy Fits All
1. Build & Maintain Secure Network
1) Install and maintain a firewall configuration to protect cardholder data 2) Do not use vendor-supplied defaults for system passwords and other security
parameters
2. Protect Cardholder Data
3) Protect stored cardholder data 4) Encrypt transmission of cardholder data across open, public networks
3. Maintain Vulnerability mgmt. Program
5) Use and regularly update anti-virus software or programs
6) Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need to know 8) Assign a unique ID to each person with computer access 9) Restrict physical access to cardholder data
5. Regular Monitor & Test Networks
10) Track and monitor all access to network resources and cardholder data
11) Regularly test security systems and processes
6. Maintain Info. Security Policy
12) Maintain a policy that addresses information security
for all personnel
Source: Requirements and Security Assessment Procedures
![Page 39: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/39.jpg)
Physical + Virtual + Cloud
Trend Micro Deep Security
Deep Packet Inspection
IDS / IPS Web App. Protection
Application Control
Firewall Integrity Monitoring
Anti- malware
Log Inspection
Source: Trend Micro
![Page 40: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/40.jpg)
7 PCI Regulations, 20+ Sub-Controls
(1.) Network Segmentation
(1.x) Firewall
(5.x) Anti-virus
(6.1) Virtual Patching*
(6.6) Web App. Protection
(10.5) Daily Log Review
(11.4) IDS / IPS
(11.5) File Integrity Monitoring * Compensating Control
Source: Trend Micro
Deep Security for PCI compliance High Security & Low Management Cost
Source: Trend Micro
![Page 41: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/41.jpg)
PCI DSS 2.0 Requirement Challenge - Keep Arming
1. Build & Maintain Secure Network
1) Install and maintain a firewall configuration to protect cardholder data 2) Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data
3) Protect stored cardholder data 4) Encrypt transmission of cardholder data across open, public networks
3. Maintain Vulnerability mgmt. Program
5) Use and regularly update anti-virus software or programs
6) Develop and maintain secure systems & applications
4. Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need to know 8) Assign a unique ID to each person with computer access 9) Restrict physical access to cardholder data
5. Regular Monitor & Test Networks
10) Track and monitor all access to network resources and cardholder data 11) Regularly test security systems and processes
6. Maintain Info. Security Policy
12) Maintain a policy that addresses information security
for all personnel
Source: Requirements and Security Assessment Procedures
![Page 42: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/42.jpg)
09 AUG 2011… 7 important updates… 13.2MB… REBOOT REQUIRED
23 AUG 2011… 1 important update… 3.6MB… NO REBOOT
13 SEP 2011… 3 important updates… 65.4MB… NO REBOOT
11 OCT 2011… 4 important updates… 34.6MB… REBOOT REQUIRED
25 OCT 2011… 1 important update… 36K… NO REBOOT
08 NOV 2011… 2 important updates… 2.4MB… REBOOT REQUIRED
13 DEC 2011… 5 important updates… 26.1MB… REBOOT REQUIRED
29 DEC 2011… 3 important updates… 14.3MB… NO REBOOT
10 JAN 2012… 5 important updates… 19.1MB… REBOOT REQUIRED
![Page 43: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/43.jpg)
Virtual Patching
DPI Rules
![Page 44: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/44.jpg)
Addressing 7 PCI Regulations and 20+ Sub-Controls Including:
(1.) Network Segmentation
(1.x) Firewall
(5.x) Anti-virus
(6.1) Virtual Patching*
* Compensating Control
Source: Trend Micro, IT-Harvest, IDC, http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/virtual-patching-roi-calculator/index.html http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/virtual-patching-roi-calculator/index.html
Virtual Patching for PCI compliance High Productivity & Low Management Cost
Emergency patch Desktops Emergency patch Servers
Loss of Productivity
USD 2,340 USD 39,000 USD 65,000
USD 65 USD 65 USD 0
2,000 desktops, 150 servers, multiple apps. from vendors and self-development * Compensating Control
![Page 45: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/45.jpg)
Agentless Protection
Virtual Patching Protection
![Page 46: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/46.jpg)
Deep Security
VM VM VM
Previously - Agent
VM VM VM
Now - Agentless
VM
Source: Trend Micro
VM VM VM
Out-of-date
Secure Virtual
Appliance
![Page 47: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/47.jpg)
Copyright 2009 Trend Micro Inc.
• SYMC/MFE consume 3x –12x more resources in sch. scans & could not handle more than 25 desktop VMs/host • DS supports 2-3 times no. of desktop VMs/host than traditional AV
• DS supports 40-60% more server VMs/host than traditional AV
Scheduled scan resource usage over baseline – 50 VMs per host
300% VM densities enabled by Deep Security
Source: Trend Micro, Tolly
273%
81%
307%
SYMC Trend MFE
MFE
2143%
692%
2053%
SYMC Trend MFE
MFE CPU IOPS
SYMC Trend SYMC Trend
![Page 48: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/48.jpg)
Deep Security All-in-one Dashboard
Secure Virtual
Appliance VM VM
SVA & Protected Guests
VM VM VM
Antivirus
Trend Micro Deep Security
Integrity Monitoring
Log Inspection
Deep Packet Inspection
Agentless
Source: Trend Micro
Source: Trend Micro
![Page 49: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/49.jpg)
ROI of Deep Security
Procedure Cost Savings Benefit
Initial Install/Setup 71% Faster deployment on new VMs. Very fast: as little as 2-3 minutes per VM
Ongoing Management 87% Patching is significantly easier. Very fast: can be accomplished with no downtime.
VM Density Improvement for VDI Efforts 35% Improved VM
density
http://www.computerlinks.co.uk/FMS/20685.new_research_from_osterman_research.pdf http://www.techdata.com/(S(i1afov45rbaolgu4ictxt5y5))/trendmicro/files/TREND%20MICRO_TCO%20WP03_DSAM_110302US.pdf
![Page 50: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/50.jpg)
Benefits of Server Security
Low Cost Simplified Administration & Deployment
Higher VM Density & Performance Savings
Low Risks All-in-One
Latest Updated
PCI Compliant Maintain a Policy for all
Keep Arming
![Page 51: Data protection and Server security challenges of PCI DSS2...Apr 27, 2013 · Joseph Lee . 9. th. Apr. 2013. Data protection and Server security challenges of PCI DSS2.0](https://reader036.vdocuments.site/reader036/viewer/2022081613/5fbb199b1c279311802159d6/html5/thumbnails/51.jpg)
“Choosing solutions from a vendor like Trend Micro that understands cloud computing and helps us take advantage of it
— that just makes sense.”
Taylor Simpson, Co-owner, Good Harbor Vineyards
Source: Trend Micro