deep security 9 - dell emc · 15/10/2012 · and integration with broader cloud management...
TRANSCRIPT
Copyright 2011 Trend Micro Inc.
Deep Security 9
A Server Security Platform for Physical, Virtual, Cloud
Available Aug 30, 2011Marko Djordjevic,
Territory Sales Manager SEE, Trend Micro
Deep Security 9 Exec Summary
Market Trends
Copyright 2011 Trend Micro Inc.10/15/2012 2
Deep Security: A Server Security Platform
What’s New in Deep Security 9
Why You Need Deep Security
#1 in server, virtualization and cloud security
Trend Micro – Leader in Datacenter Security
Copyright 2011 Trend Micro Inc.
3
#1 in server, virtualization and cloud security
First and only agentless security suite built for virtualization
First company to offer security for the cloud
2011 VMware Technology Alliance Partner of the Year
Cloud Security Alliance Award for Innovation in 2011
Executive Summary: Deep Security 9
PHYSICAL VIRTUAL CLOUD
IntegrityMonitoring
LogInspection
Anti-malware
WebReputation
IntrusionPrevention
Firewall
Copyright 2011 Trend Micro Inc.
1. Agentless platform for VMware environments goes wider and deeper• Latest VMware platform support• Hypervisor integrity monitoring• Improved performance & tuning
2. Extending datacenter security to public and hybrid clouds• vCloud and AWS integration enables single pane of glass and unified
policies across all workloads
3. Multi-tenant architecture for software-defined datacenters & providers• Delegation and self-service for tenants• Automated deployments of components for elastic scaling
Deep Security 9 Exec Summary
Market Trends
Copyright 2011 Trend Micro Inc.10/15/2012 5
Deep Security: A Server Security Platform
Virtualization & Cloud Security with Deep Security
Why You Need Deep Security
Virtual
Desktops
Physical Virtual Cloud
Physical
Servers
VirtualServers
Private & PublicCloud Servers
1. Legacy Security Hinders Datacenter Consolidation
Copyright 2011 Trend Micro Inc.
ReducedVirtualization Density & ROI
Reduced Cloud Adoption
SECURITY INHIBITORS
2095Critical ““““Software Flaw””””
Vulnerabilities in 2010• Common Vulnerabilities &
Exposures (““““CVE””””): Score 7-10
NVD Statistical Data
Year # Vulns % Total
1997 145 57.54
1998 134 54.47
1999 424 47.43
2000 452 44.31
2001 773 46.09
2002 1,004 46.57
2003 678 44.40
2004 969 39.53
2. Organizations Struggle With Keeping Servers Patched
Copyright 2011 Trend Micro Inc.
Exposures (““““CVE””””): Score 7-10 2004 969 39.53
2005 2,038 41.32
2006 2,760 41.77
2007 3,159 48.50
2008 2,841 50.44
2009 2,722 47.48
2010 2,095 45.16
2011* 1,658 43.87
2095 per year =
8 critical alerts everyday!
• More Sophisticated
• More Targeted
• More Frequent
3. Advanced threats are breaching existing defenses
Copyright 2011 Trend Micro Inc.
Advanced Persistent
Threats• More Profitable
Basic perimeter and host defenses not adequate anymore
De-Perimeterization
4. Compliance Mandates Driving Costs UpSolutions Need to Achieve Broader Coverage with Lower TCO
More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
More specific security requirements• Virtualization, Web applications, EHR, PII…
More penalties & fines
Copyright 2011 Trend Micro Inc. 9
• HITECH, Breach notifications, civil litigation
DMZ consolidation using virtualization will be a "hot spot” for
auditors, given the greater risk of mis-configuration and
lower visibility of DMZ policy violation. Through year-end
2011, auditors will challenge virtualized deployments in the
DMZ more than non-virtualized DMZ solutions.
-- Neil MacDonald, Gartner ”
“
Deep Security 9 Exec Summary
Market Trends
Copyright 2011 Trend Micro Inc.10/15/2012 10
Deep Security: A Server Security Platform
What’s New in Deep Security 9
Why You Need Deep Security
PHYSICAL VIRTUAL CLOUD
Trend Micro Deep Security A server security platform for:
Copyright 2011 Trend Micro Inc.
IntegrityMonitoring
LogInspection
Anti –
MalwareFirewall
VMware vShield enabled Agent-less
Web Reputation
IntrusionPrevention
Deep Security Architecture
Deep SecurityManager
Reports
Single Pane
Scalable Redundant
SecureCloud
ThreatIntelligence
Manager
Copyright 2011 Trend Micro Inc.
Deep Security Agent
Modules:• Intrusion Prevention• Firewall• Integrity Monitoring• Log Inspection• Anti-malware• Web Reputation
Classification 10/15/2012 12
Deep Security Virtual Appliance
Includes:• Intrusion Prevention• Firewall• Anti-malware • Web Reputation• Integrity Monitoring• Hypervisor Integrity
Monitoring
Anti-Virus
Detects and blocks known and zero-day attacks that target vulnerabilities
Tracks credibility of websites and safeguardsusers from malicious urls
Reduces attack surface. Prevents DoS & detects reconnaissance scans
Detects and blocks malware (web threats, viruses & worms, Trojans)
Deep Security Agent/Virtual ApplianceSystem, application and data security for servers
6 protection modules
Intrusion Prevention
Firewall
WebReputation
Copyright 2011 Trend Micro Inc.
13
Log Inspection
users from malicious urls
Detects malicious and unauthorized changes to directories, files, registry keys…
Optimizes the identification of important security events buried in log entries
worms, Trojans)
Protection is delivered via Agent and/or Virtual Appliance* Log Inspection is only available in agent form today
IntegrityMonitoring
Reputation
Deep Security Manager
• Web-based, customizable console
• Multiple & delegated admin
• Ecosystem integration
• Scalable
Copyright 2011 Trend Micro Inc.
14
Deep Security Virtual Appliance• Intrusion prevention
• Firewall
Virtualization Security with Deep SecurityAgentless Security Platform for Virtual Environments
• Anti-malware
• Web reputation
• Integrity monitoring
The Old Way With Deep SecurityMore VMs
Copyright 2011 Trend Micro Inc. 15
VM VM VMSecurity Virtual Appliance
VM VM VM VM
EasierManageability
HigherDensity
FewerResources
StrongerSecurity
VM
Traditional AV
Agentless AV
VM servers per host
75-100
25 3-10X higher VDI VM consolidation ratios
Agentless Architecture = CAPEX + OPEX Savings
Copyright 2011 Trend Micro Inc.Trend Micro Confidential 10/15/2012 16
Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations
0 10 20 30 40 50 60 70 80
Traditional AV 25 3-10X higher VDI VM consolidation ratios
3-year Savings on 1000 VDI VMs = $539,600
Virtual Patching with Deep Security
Allow known good
Raw Traffic
Stop known bad
Stateful Firewall
Exploit Rules
1
2
De
ep
pa
ck
et
ins
pe
cti
on
Over 100 applications shielded including:
Operating Systems
Database servers
Web app servers
Mail servers
FTP servers
Backup servers
��������
Copyright 2011 Trend Micro Inc.17
Filtered Traffic
Shield knownvulnerabilities
Shield unknownvulnerabilities and protectspecific applications
Vulnerability Rules
Smart Rules
3
4
De
ep
pa
ck
et
ins
pe
cti
on
Backup servers
Storage mgt servers
DHCP servers
Desktop applications
Mail clients
Web browsers
Anti-virus
Other applications
Example: Microsoft Critical Vulnerability MS12-020 Remote Desktop Protocol Vulnerability
Details
• Tuesday March 13 (Patch Tuesday): Microsoft Releases Security Update MS12-020
• Vulnerability is rated as Critical and affects all versions of Windows where RDP service is ON
• Could allow an attacker to install programs; view, change, or delete
Copyright 2011 Trend Micro Inc.
• Could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights
• The vulnerability is potentially wormable due to it being an unauthenticated, network-based vulnerability
• Microsoft sees a high likelihood of attempts to exploit the vulnerability in the next 30 days
18
Deep Security for Defense-in-Depth & Compliance
Addressing 7 PCI Regulations
and 20+ Sub-Controls Including:
� (1.) Network Segmentation
� (1.x) Firewall
� (5.x) Anti-virus
� (6.1) Virtual Patching*Anti-Virus
Intrusion Prevention
Firewall
WebReputation
Copyright 2011 Trend Micro Inc.
� (6.1) Virtual Patching*
� (6.6) Web App. Protection
� (10.6) Daily Log Review
� (11.4) IDS / IPS
� (11.5) File Integrity Monitoring
* Compensating Control
PhysicalServers
VirtualServers
CloudComputing
Endpoints & Devices
Log Inspection
IntegrityMonitoring
Reputation
Deep Security 9 Exec Summary
Market Trends
Copyright 2011 Trend Micro Inc.10/15/2012 20
Deep Security: A Server Security Platform
What’s New in Deep Security 9
Why You Need Deep Security
Cloud Security Challenges
• Securing Private Cloud – Lack of physical to virtual security policy controls
– Difficulties in delegating security controls to internal teams
• Securing Hybrid Cloud – Securing assets on the move
Copyright 2011 Trend Micro Inc.
– Securing assets on the move
– Visibility in to vulnerability and changes
• Security as a Service (xSP)– Provide differentiated service
– Delegate security management tasks
10/15/2012 21
Deep Security 9 – Key Features1. Deeper Integration with VMware Platform
• Support for latest vSphere and vShield platform capabilities– 4th-generation enhancements across broadest agentless security suite
• Improved performance– Antivirus and integrity scan caching/de-dupe across VMs
• Significant storage I/O benefits for further VDI consolidation
– Tuning of IPS policies to guest application
Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required
• Stronger protection– Hypervisor boot integrity – chain of
trust from VM file integrity to H/W
– Application-aware targeting of IPSpolicies (agentless recommendation)
vShield
EndpointAntivirus
Web reputation
Agentless2
Security
Virtual
Machine
v
S
Agentless
VMsafe
APIs
1
Integrates
with
vCenter
Trend Micro Deep Security
Agentless
Deep Security Integration with VMware APIs
v
C
l
o
u
Integrates with
vCloud
Intrusion prevention
Firewall
Copyright 2011 Trend Micro Inc.
S
p
h
e
r
eSecurity agent on individual VMs
Log inspection
4Agent-based
Integrity monitoring vShield
Endpoint
3Agentless
Integrates
with Intel
TPM/TXT
u
d
• 5 years of collaboration and joint product innovation• First and only agentless security platform• First and only security that extends from datacenter to cloud• Hypervisor Integrity Monitoring
Deep Security 9 – Key Features 2. Extending Datacenter Security to Hybrid Cloud
• AWS and vCloud API integration– Single management pane-of-glass between VM’s in internal VMware datacenters,
VPC’s, and public clouds
• Hierarchical policy management– Inheritance enables customized policies for different VM’s or datacenters, while central
IT can mandate compliant baseline settings
Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required
Deep Security 9 – Key Features 3. Agile Security Management for the Cloud
Multi-tenant Deep Security Manager architected for key attributes of cloud computing*:
• Resource-pooling – independent tenant policies/data for shared, multi-tenant clouds
• Elasticity - Automated deployment of components to cloud scale
• Self-service – Policies can be delegated by cloud admin to tenants through self-service GUI
• Broad network access – Web-based console built on RESTful APIs for extensibility and integration with broader cloud management frameworks
Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required
Extending to cloud scale
and integration with broader cloud management frameworks
Same architecture can be deployed as security-as-a-service by IaaS public cloud providers, or within enterprise ITaaS for private clouds
*e.g. NIST definition of Cloud Computing
Patient Medical RecordsCredit Card Payment
InformationSensitive Research ResultsSocial Security NumbersSecureCloud
Data Protection in the CloudSystem, application and data security in the cloud
Deep Security 9Context Aware
Copyright 2011 Trend Micro Inc.
Encryption with Policy-based Key Management
• Data is unreadable to unauthorized users
• Policy-based key management controls and automates key delivery
• Server validation authenticates servers requesting keys
Modular protection for
servers and applications
• Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
Deep Security 9 Exec Summary
Market Trends
Copyright 2011 Trend Micro Inc.10/15/2012 27
Deep Security: A Server Security Platform
What’s New in Deep Security 9
Why You Need Deep Security
Large Enterprise Case Study
CompanyCompany
American multi-national insurance company. A global 2000 company offering a wide range of insurance
services. (including CDS insurance)
ProductProduct
Deep Security anti-malware, firewall,
Key Buying Drivers Key Buying Drivers
Building next gen datacenter on top of vSphere 5.0 with the goal of
maximizing server density leveraging the latest and greatest security
technology from Trend Micro and VMware
Copyright 2011 Trend Micro Inc.Classification 10/15/2012
Deep Security anti-malware, firewall, IDS/IPS and integrity monitoring
DeploymentDeployment
Employee: 96,000+ Virtualization Rate: 100% at the new
datacentreServer – 2,000+ and growing
Key Customer Benefits Key Customer Benefits
VMware
Saw Trend as the only solution in the market that offers agent-less
protection for the new datacentre. Phase 1 will be AV, firewall and
IDS/IPS while second phase will focus on FIM deployment
vCloud Provider (XSP) Case Study
CompanyCompany
Multiple vCloud-based Service Providers
ProductProduct
Deep Security for public cloud
Key Buying Drivers Key Buying Drivers
Security-as-service for IaaS offerings based on vCloud/vSphere
Automation, elasticity, agility fordynamic cloud environments
Copyright 2011 Trend Micro Inc.
Deep Security for public cloudSecureCloud
DeploymentDeployment
Virtualization Rate: 100% (Hosting) Capacity to hundreds of thousands of
VM’s
Key Customer Benefits Key Customer Benefits
Multi-tenancy and self-service
On-demand protection and compliance provides assurance to
enterprise tenants
Lowest TCO for cloud-scale
Trend Ready Program for Cloud Service Providers
• A technology partnership initiative aimed at facilitating enterprise adoption of public and hybrid IaaS cloud computing by reducing security adoption barriers
– Provides end user education on cloud security and governance risks; describes methods to mitigate them
– Delivers cloud security tools relevant to reducing cloud risk
• Deep Security and SecureCloud offer integrated application, server and data threat mitigation
Copyright 2011 Trend Micro Inc.
– Verifies through testing that Trend Micro security products are interoperable and effective in partner clouds
– Directs enterprises towards “Trend Ready” CSPs for rapid and secure cloud deployment
• Value:
– End user: gain additional knowledge about cloud risk factors; ability to safely access efficiencies and economics offered by public IaaS
– CSP: offer additional security components that help increase user base, add revenue and differentiate cloud service from peer CSPs
Virtual CloudPhysical
Deep SecurityKey Solution Differentiators
• Comprehensive protection for systems, applications and data
� Firewall� IDS / IPS� Web application protection� Antimalware� Web Threat Protection� Integrity monitoring (including hypervisor)
��������
Copyright 2011 Trend Micro Inc.
• Greater operational efficiency
• Superior platform support
• Tighter integration with eco-system
� Integrity monitoring (including hypervisor)� Log inspection
� Integrated security platform
� Single pane of glass across datacenter and clouds
� Agentless architecture
� Task automation with recommendation scans, security profiles, trusted sources, etc.
� Full functionality across more PVC platforms
� Quick support for current versions
� Hypervisor and cloud platforms
� Enterprise directories, SIEM and other apps
��������
��������
��������
Deep Security Summary of highlights
• A fully integrated server security platform
• Only solution to offer specialized protection for physical virtual and cloud
• First and only agentless security platform (anti-malware, web reputation, firewall, intrusion prevention, VM & hypervisor integrity monitoring) for VMware environment
• First and only datacenter security solution that extends to public/hybrid cloud
• Only solution in its category to be certified EAL 4+
Copyright 2011 Trend Micro Inc.
• Only solution in its category to be certified EAL 4+
All Others
77.1%
Trend Micro
22.9%
Trend Micro
13%
All OthersCombined
87%
TrendMicro
Deep Security Deployment Services
Remote Onsite
Key Features: -Provides onsite staff augmentation to deliver a complete Deep Security installation
- Design and deployment development- Structured, staged deployment process
Key Features: Provides guided walk through to get your deployment started; including: - Discuss deployment architecture and deploy one Deep Security module
Deployment Services get your Deep Security project off the ground and empowers your team with greater advanced server and virtualization security knowledge.
Copyright 2011 Trend Micro Inc.
- Initial assessment base-lining and fine-tuning- In-depth transfer of knowledge
• 4 modules (Super Bundle);up to 25 endpoints
• 7 WebEx sessions, up to 4 hrs ea.
• Up to 9 endpoints or 1 Host
• 10 -100 endpoints or up to 5 hosts
• 101 to 1000 endpoints or 6-20 Hosts
• 1,001+ endpoints or 20 Hosts
one Deep Security module- Configure and demo Deep Security Manager- Guided GUI walk through and best practices discussion
- Deploy 2 – 3 agents to demonstrate deployment
• Custom Scoped Deployment Projects
• 1 module; up to 25 endpoints
• 3 WebEx sessions, up to 4 hrs ea.
Options:
Options:
Deep Security Project Consulting Services
Build Services
Design and Deployment Services help expedite a successful Deep Security implementation
Deep Security Services provide the piece of mind to know that you are protected as your environment changes and as you grow with your Deep Security platform.
Assessment Services
Data Center Security Assessment analyzes the security of your virtualized environments
Copyright 2011 Trend Micro Inc.
Design and Deployment Services help expedite a successful Deep Security implementationSolution Upgrade Services provide smooth Deep Security upgrades to leverage the latest innovations
Manage Services
Best Practices Implementation brings your solution to industry best practices levelsSolution Optimization and Tuning Services tailors Deep Security to meet your organization’sspecific security strategy
Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year
Improves Security
by providing the most secure virtualization infrastructure,
with APIs, and certification programs
Improves Virtualization
by providing security solutions architected to fully exploit
the VMware platform
Copyright 2011 Trend Micro Inc.
2011201020092008
Feb: Join VMsafe program
RSA: Trend Micro announces Coordinated approach & Virtual pricingAnd shows Vmsafe demo
VMworld: Trend Micro virtsec customer
May: Trend acquires Third Brigade
RSA: Trend Micro announces virtual appliance
July:CPVMGA
Nov: Deep Security 7with virtual appliance
Q4: Joined EPSEC vShield Program
Dec: Deep Security 7.5w/ Agentless AntiVirus
2010:>100 customers >$1M revenue
Q1: VMware buys Deep Security for Internal VDI Use
RSA: Other vendors “announce” Agentless
RSA: Trend Micro Demos Agentless
Sale of DS 7.5 Before GA
VMworld: AnnounceDeep Security 7.5
Vmworld: Announce Deep Security 8w/ Agentless FIM
Securing workloads: physical, private and public cloud
• Simultaeously manage physical,
virtual, cloud
• Enforce consistent
security policy
• Asset visibility across networks
into the cloud
Copyright 2011 Trend Micro Inc.
Corporate Network
Physical Physical
Database
Storage
Virtual
Web Server
Mail Server
Cloud ProvidersCloud Providers
Web
Configure delegation for tenant self-service
Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required
Administration as tenant or cloud provider
Administer as tenant (T1, T2) or cloud provider (T0)
Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required
� Scanning de-duplication for increases scan performance and resource efficiency
� vCloud Director & Amazon Web Services integration automatically securespublic/hybrid clouds
� Multi-tenancy support
Prevents Data Prevents Data
BreachBreach
& Business & Business
DisruptionsDisruptions
Maximizes Maximizes
Virtualization and Virtualization and
Cloud ROICloud ROI
Deep Security: Overall benefits
� Provides layered defense against advanced attacks
� Shields against known &unknown vulnerabilities � Monitors integrity of
VMware hypervisor� Web reputation prevents malicious
website access
NEW
NEW
NEW
� Agentless security platformincreases resource efficiency &
VM density with zero guest footprint
Copyright 2011 Trend Micro Inc.
� Multi-tenancy supportenables providersto offer secure clouds Enables Enables
CostCost--effectiveeffective
ComplianceCompliance
SupportsSupports
Operational CostOperational Cost
ReductionsReductions
40
� Supports PCI DSS 2.0, NIST, HIPAA &
other regulations� Detailed reports
document prevented attacks & compliance
status
� Integrated security managed by single pane of glass
� Supports task automation with recommendation scans, trusted sources and event whitelisting
� Virtual patching reduces need for emergency patching enables prioritization of secure
coding efforts
NEW