deep security 9 - dell emc · 15/10/2012 · and integration with broader cloud management...

Copyright 2011 Trend Micro Inc.

Deep Security 9

A Server Security Platform for Physical, Virtual, Cloud

Available Aug 30, 2011Marko Djordjevic,

Territory Sales Manager SEE, Trend Micro

Deep Security 9 Exec Summary

Market Trends

Copyright 2011 Trend Micro Inc.10/15/2012 2

Deep Security: A Server Security Platform

What’s New in Deep Security 9

Why You Need Deep Security

#1 in server, virtualization and cloud security

Trend Micro – Leader in Datacenter Security


3

#1 in server, virtualization and cloud security

First and only agentless security suite built for virtualization

First company to offer security for the cloud

2011 VMware Technology Alliance Partner of the Year

Cloud Security Alliance Award for Innovation in 2011

Executive Summary: Deep Security 9

PHYSICAL VIRTUAL CLOUD

IntegrityMonitoring

LogInspection

Anti-malware

WebReputation

IntrusionPrevention

Firewall


1. Agentless platform for VMware environments goes wider and deeper• Latest VMware platform support• Hypervisor integrity monitoring• Improved performance & tuning

2. Extending datacenter security to public and hybrid clouds• vCloud and AWS integration enables single pane of glass and unified

policies across all workloads

3. Multi-tenant architecture for software-defined datacenters & providers• Delegation and self-service for tenants• Automated deployments of components for elastic scaling


Market Trends



Virtualization & Cloud Security with Deep Security


Virtual

Desktops

Physical Virtual Cloud

Physical

Servers

VirtualServers

Private & PublicCloud Servers

1. Legacy Security Hinders Datacenter Consolidation


ReducedVirtualization Density & ROI

Reduced Cloud Adoption

SECURITY INHIBITORS

2095Critical ““““Software Flaw””””

Vulnerabilities in 2010• Common Vulnerabilities &

Exposures (““““CVE””””): Score 7-10

NVD Statistical Data

Year # Vulns % Total

1997 145 57.54

1998 134 54.47

1999 424 47.43

2000 452 44.31

2001 773 46.09

2002 1,004 46.57

2003 678 44.40

2004 969 39.53

2. Organizations Struggle With Keeping Servers Patched


Exposures (““““CVE””””): Score 7-10 2004 969 39.53

2005 2,038 41.32

2006 2,760 41.77

2007 3,159 48.50

2008 2,841 50.44

2009 2,722 47.48

2010 2,095 45.16

2011* 1,658 43.87

2095 per year =

8 critical alerts everyday!

• More Sophisticated

• More Targeted

• More Frequent

3. Advanced threats are breaching existing defenses


Advanced Persistent

Threats• More Profitable

Basic perimeter and host defenses not adequate anymore

De-Perimeterization

4. Compliance Mandates Driving Costs UpSolutions Need to Achieve Broader Coverage with Lower TCO

More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…

More specific security requirements• Virtualization, Web applications, EHR, PII…

More penalties & fines

Copyright 2011 Trend Micro Inc. 9

• HITECH, Breach notifications, civil litigation

DMZ consolidation using virtualization will be a "hot spot” for

auditors, given the greater risk of mis-configuration and

lower visibility of DMZ policy violation. Through year-end

2011, auditors will challenge virtualized deployments in the

DMZ more than non-virtualized DMZ solutions.

-- Neil MacDonald, Gartner ”

“


Market Trends





PHYSICAL VIRTUAL CLOUD

Trend Micro Deep Security A server security platform for:


IntegrityMonitoring

LogInspection

Anti –

MalwareFirewall

VMware vShield enabled Agent-less

Web Reputation

IntrusionPrevention

Deep Security Architecture

Deep SecurityManager

Reports

Single Pane

Scalable Redundant

SecureCloud

ThreatIntelligence

Manager


Deep Security Agent

Modules:• Intrusion Prevention• Firewall• Integrity Monitoring• Log Inspection• Anti-malware• Web Reputation

Classification 10/15/2012 12

Deep Security Virtual Appliance

Includes:• Intrusion Prevention• Firewall• Anti-malware • Web Reputation• Integrity Monitoring• Hypervisor Integrity

Monitoring

Anti-Virus

Detects and blocks known and zero-day attacks that target vulnerabilities

Tracks credibility of websites and safeguardsusers from malicious urls

Reduces attack surface. Prevents DoS & detects reconnaissance scans

Detects and blocks malware (web threats, viruses & worms, Trojans)

Deep Security Agent/Virtual ApplianceSystem, application and data security for servers

6 protection modules

Intrusion Prevention

Firewall

WebReputation


13

Log Inspection

users from malicious urls

Detects malicious and unauthorized changes to directories, files, registry keys…

Optimizes the identification of important security events buried in log entries

worms, Trojans)

Protection is delivered via Agent and/or Virtual Appliance* Log Inspection is only available in agent form today

IntegrityMonitoring

Reputation

Deep Security Manager

• Web-based, customizable console

• Multiple & delegated admin

• Ecosystem integration

• Scalable


14

Deep Security Virtual Appliance• Intrusion prevention

• Firewall

Virtualization Security with Deep SecurityAgentless Security Platform for Virtual Environments

• Anti-malware

• Web reputation

• Integrity monitoring

The Old Way With Deep SecurityMore VMs

Copyright 2011 Trend Micro Inc. 15

VM VM VMSecurity Virtual Appliance

VM VM VM VM

EasierManageability

HigherDensity

FewerResources

StrongerSecurity

VM

Traditional AV

Agentless AV

VM servers per host

75-100

25 3-10X higher VDI VM consolidation ratios

Agentless Architecture = CAPEX + OPEX Savings

Copyright 2011 Trend Micro Inc.Trend Micro Confidential 10/15/2012 16

Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations

0 10 20 30 40 50 60 70 80

Traditional AV 25 3-10X higher VDI VM consolidation ratios

3-year Savings on 1000 VDI VMs = $539,600

Virtual Patching with Deep Security

Allow known good

Raw Traffic

Stop known bad

Stateful Firewall

Exploit Rules

1

2

De

ep

pa

ck

et

ins

pe

cti

on

Over 100 applications shielded including:

Operating Systems

Database servers

Web app servers

Mail servers

FTP servers

Backup servers

��

Copyright 2011 Trend Micro Inc.17

Filtered Traffic

Shield knownvulnerabilities

Shield unknownvulnerabilities and protectspecific applications

Vulnerability Rules

Smart Rules

3

4

De

ep

pa

ck

et

ins

pe

cti

on

Backup servers

Storage mgt servers

DHCP servers

Desktop applications

Mail clients

Web browsers

Anti-virus

Other applications

Example: Microsoft Critical Vulnerability MS12-020 Remote Desktop Protocol Vulnerability

Details

• Tuesday March 13 (Patch Tuesday): Microsoft Releases Security Update MS12-020

• Vulnerability is rated as Critical and affects all versions of Windows where RDP service is ON

• Could allow an attacker to install programs; view, change, or delete


• Could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights

• The vulnerability is potentially wormable due to it being an unauthenticated, network-based vulnerability

• Microsoft sees a high likelihood of attempts to exploit the vulnerability in the next 30 days

18

Deep Security for Defense-in-Depth & Compliance

Addressing 7 PCI Regulations

and 20+ Sub-Controls Including:

� (1.) Network Segmentation

� (1.x) Firewall

� (5.x) Anti-virus

� (6.1) Virtual Patching*Anti-Virus

Intrusion Prevention

Firewall

WebReputation


� (6.1) Virtual Patching*

� (6.6) Web App. Protection

� (10.6) Daily Log Review

� (11.4) IDS / IPS

� (11.5) File Integrity Monitoring

* Compensating Control

PhysicalServers

VirtualServers

CloudComputing

Endpoints & Devices

Log Inspection

IntegrityMonitoring

Reputation


Market Trends





Cloud Security Challenges

• Securing Private Cloud – Lack of physical to virtual security policy controls

– Difficulties in delegating security controls to internal teams

• Securing Hybrid Cloud – Securing assets on the move


– Securing assets on the move

– Visibility in to vulnerability and changes

• Security as a Service (xSP)– Provide differentiated service

– Delegate security management tasks

10/15/2012 21

Deep Security 9 – Key Features1. Deeper Integration with VMware Platform

• Support for latest vSphere and vShield platform capabilities– 4th-generation enhancements across broadest agentless security suite

• Improved performance– Antivirus and integrity scan caching/de-dupe across VMs

• Significant storage I/O benefits for further VDI consolidation

– Tuning of IPS policies to guest application

Copyright 2011 Trend Micro Inc.Trend Micro Confidential-NDA Required

• Stronger protection– Hypervisor boot integrity – chain of

trust from VM file integrity to H/W

– Application-aware targeting of IPSpolicies (agentless recommendation)

vShield

EndpointAntivirus

Web reputation

Agentless2

Security

Virtual

Machine

v

S

Agentless

VMsafe

APIs

1

Integrates

with

vCenter

Trend Micro Deep Security

Agentless

Deep Security Integration with VMware APIs

v

C

l

o

u

Integrates with

vCloud

Intrusion prevention

Firewall


S

p

h

e

r

eSecurity agent on individual VMs

Log inspection

4Agent-based

Integrity monitoring vShield

Endpoint

3Agentless

Integrates

with Intel

TPM/TXT

u

d

• 5 years of collaboration and joint product innovation• First and only agentless security platform• First and only security that extends from datacenter to cloud• Hypervisor Integrity Monitoring

Deep Security 9 – Key Features 2. Extending Datacenter Security to Hybrid Cloud

• AWS and vCloud API integration– Single management pane-of-glass between VM’s in internal VMware datacenters,

VPC’s, and public clouds

• Hierarchical policy management– Inheritance enables customized policies for different VM’s or datacenters, while central

IT can mandate compliant baseline settings


Deep Security 9 – Key Features 3. Agile Security Management for the Cloud

Multi-tenant Deep Security Manager architected for key attributes of cloud computing*:

• Resource-pooling – independent tenant policies/data for shared, multi-tenant clouds

• Elasticity - Automated deployment of components to cloud scale

• Self-service – Policies can be delegated by cloud admin to tenants through self-service GUI

• Broad network access – Web-based console built on RESTful APIs for extensibility and integration with broader cloud management frameworks


Extending to cloud scale

and integration with broader cloud management frameworks

Same architecture can be deployed as security-as-a-service by IaaS public cloud providers, or within enterprise ITaaS for private clouds

*e.g. NIST definition of Cloud Computing

Patient Medical RecordsCredit Card Payment

InformationSensitive Research ResultsSocial Security NumbersSecureCloud

Data Protection in the CloudSystem, application and data security in the cloud

Deep Security 9Context Aware


Encryption with Policy-based Key Management

• Data is unreadable to unauthorized users

• Policy-based key management controls and automates key delivery

• Server validation authenticates servers requesting keys

Modular protection for

servers and applications

• Self-Defending VM Security in the Cloud

• Agent on VM allows travel between cloud solutions

• One management portal for all modules


Market Trends





Large Enterprise Case Study

CompanyCompany

American multi-national insurance company. A global 2000 company offering a wide range of insurance

services. (including CDS insurance)

ProductProduct

Deep Security anti-malware, firewall,

Key Buying Drivers Key Buying Drivers

Building next gen datacenter on top of vSphere 5.0 with the goal of

maximizing server density leveraging the latest and greatest security

technology from Trend Micro and VMware

Copyright 2011 Trend Micro Inc.Classification 10/15/2012

Deep Security anti-malware, firewall, IDS/IPS and integrity monitoring

DeploymentDeployment

Employee: 96,000+ Virtualization Rate: 100% at the new

datacentreServer – 2,000+ and growing

Key Customer Benefits Key Customer Benefits

VMware

Saw Trend as the only solution in the market that offers agent-less

protection for the new datacentre. Phase 1 will be AV, firewall and

IDS/IPS while second phase will focus on FIM deployment

vCloud Provider (XSP) Case Study

CompanyCompany

Multiple vCloud-based Service Providers

ProductProduct

Deep Security for public cloud

Key Buying Drivers Key Buying Drivers

Security-as-service for IaaS offerings based on vCloud/vSphere

Automation, elasticity, agility fordynamic cloud environments


Deep Security for public cloudSecureCloud

DeploymentDeployment

Virtualization Rate: 100% (Hosting) Capacity to hundreds of thousands of

VM’s

Key Customer Benefits Key Customer Benefits

Multi-tenancy and self-service

On-demand protection and compliance provides assurance to

enterprise tenants

Lowest TCO for cloud-scale

Trend Ready Program for Cloud Service Providers

• A technology partnership initiative aimed at facilitating enterprise adoption of public and hybrid IaaS cloud computing by reducing security adoption barriers

– Provides end user education on cloud security and governance risks; describes methods to mitigate them

– Delivers cloud security tools relevant to reducing cloud risk

• Deep Security and SecureCloud offer integrated application, server and data threat mitigation


– Verifies through testing that Trend Micro security products are interoperable and effective in partner clouds

– Directs enterprises towards “Trend Ready” CSPs for rapid and secure cloud deployment

• Value:

– End user: gain additional knowledge about cloud risk factors; ability to safely access efficiencies and economics offered by public IaaS

– CSP: offer additional security components that help increase user base, add revenue and differentiate cloud service from peer CSPs

Virtual CloudPhysical

Deep SecurityKey Solution Differentiators

• Comprehensive protection for systems, applications and data

� Firewall� IDS / IPS� Web application protection� Antimalware� Web Threat Protection� Integrity monitoring (including hypervisor)

��


• Greater operational efficiency

• Superior platform support

• Tighter integration with eco-system

� Integrity monitoring (including hypervisor)� Log inspection

� Integrated security platform

� Single pane of glass across datacenter and clouds

� Agentless architecture

� Task automation with recommendation scans, security profiles, trusted sources, etc.

� Full functionality across more PVC platforms

� Quick support for current versions

� Hypervisor and cloud platforms

� Enterprise directories, SIEM and other apps

��

��

��

Deep Security Summary of highlights

• A fully integrated server security platform

• Only solution to offer specialized protection for physical virtual and cloud

• First and only agentless security platform (anti-malware, web reputation, firewall, intrusion prevention, VM & hypervisor integrity monitoring) for VMware environment

• First and only datacenter security solution that extends to public/hybrid cloud

• Only solution in its category to be certified EAL 4+


• Only solution in its category to be certified EAL 4+

All Others

77.1%

Trend Micro

22.9%

Trend Micro

13%

All OthersCombined

87%

TrendMicro


Thank you!

Deep Security Deployment Services

Remote Onsite

Key Features: -Provides onsite staff augmentation to deliver a complete Deep Security installation

- Design and deployment development- Structured, staged deployment process

Key Features: Provides guided walk through to get your deployment started; including: - Discuss deployment architecture and deploy one Deep Security module

Deployment Services get your Deep Security project off the ground and empowers your team with greater advanced server and virtualization security knowledge.


- Initial assessment base-lining and fine-tuning- In-depth transfer of knowledge

• 4 modules (Super Bundle);up to 25 endpoints

• 7 WebEx sessions, up to 4 hrs ea.

• Up to 9 endpoints or 1 Host

• 10 -100 endpoints or up to 5 hosts

• 101 to 1000 endpoints or 6-20 Hosts

• 1,001+ endpoints or 20 Hosts

one Deep Security module- Configure and demo Deep Security Manager- Guided GUI walk through and best practices discussion

- Deploy 2 – 3 agents to demonstrate deployment

• Custom Scoped Deployment Projects

• 1 module; up to 25 endpoints

• 3 WebEx sessions, up to 4 hrs ea.

Options:

Options:

Deep Security Project Consulting Services

Build Services

Design and Deployment Services help expedite a successful Deep Security implementation

Deep Security Services provide the piece of mind to know that you are protected as your environment changes and as you grow with your Deep Security platform.

Assessment Services

Data Center Security Assessment analyzes the security of your virtualized environments


Design and Deployment Services help expedite a successful Deep Security implementationSolution Upgrade Services provide smooth Deep Security upgrades to leverage the latest innovations

Manage Services

Best Practices Implementation brings your solution to industry best practices levelsSolution Optimization and Tuning Services tailors Deep Security to meet your organization’sspecific security strategy

Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year

Improves Security

by providing the most secure virtualization infrastructure,

with APIs, and certification programs

Improves Virtualization

by providing security solutions architected to fully exploit

the VMware platform


2011201020092008

Feb: Join VMsafe program

RSA: Trend Micro announces Coordinated approach & Virtual pricingAnd shows Vmsafe demo

VMworld: Trend Micro virtsec customer

May: Trend acquires Third Brigade

RSA: Trend Micro announces virtual appliance

July:CPVMGA

Nov: Deep Security 7with virtual appliance

Q4: Joined EPSEC vShield Program

Dec: Deep Security 7.5w/ Agentless AntiVirus

2010:>100 customers >$1M revenue

Q1: VMware buys Deep Security for Internal VDI Use

RSA: Other vendors “announce” Agentless

RSA: Trend Micro Demos Agentless

Sale of DS 7.5 Before GA

VMworld: AnnounceDeep Security 7.5

Vmworld: Announce Deep Security 8w/ Agentless FIM

Securing workloads: physical, private and public cloud

• Simultaeously manage physical,

virtual, cloud

• Enforce consistent

security policy

• Asset visibility across networks

into the cloud


Corporate Network

Physical Physical

Database

Storage

Virtual

Web Server

Mail Server

Cloud ProvidersCloud Providers

Web

Mail

Configure delegation for tenant self-service


Administration as tenant or cloud provider

Administer as tenant (T1, T2) or cloud provider (T0)


� Scanning de-duplication for increases scan performance and resource efficiency

� vCloud Director & Amazon Web Services integration automatically securespublic/hybrid clouds

� Multi-tenancy support

Prevents Data Prevents Data

BreachBreach

& Business & Business

DisruptionsDisruptions

Maximizes Maximizes

Virtualization and Virtualization and

Cloud ROICloud ROI

Deep Security: Overall benefits

� Provides layered defense against advanced attacks

� Shields against known &unknown vulnerabilities � Monitors integrity of

VMware hypervisor� Web reputation prevents malicious

website access

NEW

NEW

NEW

� Agentless security platformincreases resource efficiency &

VM density with zero guest footprint


� Multi-tenancy supportenables providersto offer secure clouds Enables Enables

CostCost--effectiveeffective

ComplianceCompliance

SupportsSupports

Operational CostOperational Cost

ReductionsReductions

40

� Supports PCI DSS 2.0, NIST, HIPAA &

other regulations� Detailed reports

document prevented attacks & compliance

status

� Integrated security managed by single pane of glass

� Supports task automation with recommendation scans, trusted sources and event whitelisting

� Virtual patching reduces need for emergency patching enables prioritization of secure

coding efforts

NEW

deep security 9 - dell emc · 15/10/2012 · and integration with broader cloud management...

Documents