trendmicro - security designed for the software-defined data center

Security Designed for the Software-Defined Data Center

Patrick GadaSenior Sales Engineer - Trend Micro

7 May 2014

Are you still using your

physical server security in your virtualized data

center?

2Copyright 2014 Trend Micro Inc.

The physical approach

Are you dealing with?


• Minutes to deploy a server… weeks to secure it

• Servers that share resources… security that consumes it

• Virtual scale beyond physical limits… hitting a wall on security

Software-defined data center changes the

game

The opportunity:

Automate and optimize security as part of your data center operations


Security principles remain the same;

APPROACH to security must change

CONTEXT Workload and application-aware

SOFTWARE Optimized for virtualization and cloud infrastructure

PLATFORMComprehensive capabilities extended across your data center and cloud

Many Tools

Generic

Hardware

ADAPTIVE Intelligent, dynamic policy enforcement Automated provisioning specific to platform

Static


Copyright 2014 Trend Micro Inc. 6

Cloud and Data Center Security

Anti-Malware

LogInspection

Host Firewall

Deep PacketInspection

Data Center

Physical Virtual Private Cloud

IntegrityMonitoring

Public Cloud

Trend Micro Deep Security

How Deep Security works


Manage global deployments using Relays

Integrates with VMware via vSphere, vCenter, vCloud Director

Integrates with LDAP

Oracle or SQL

Integrates with SIEM

New approach can improve data center

operations

Provision security automatically in your data center

Manage security efficiently as you scale

Optimize data center environment resources


Provision security automatically in your data

center

How do you:

• Secure the VM the moment it is provisioned?

• Apply the right policies to that VM?

• Reduce the time to provision without compromising on security?

• Securely bring up/down/move your VMs?


Provisioning

InfrastructurevCenter, AD,

vCloud and AWS

SAP

Exchange Servers

Oracle

WebServers

Web Server

Automate security specific to your data

center

• Gain visibility into environment using vCenter and vCloud Director integration

• Recommend and apply policies automatically - specific to your data center

• Automatically scale up and down as required—with no security gaps

19Rules

15Rules

73Rules

8Rules

28Rules

VM VM VM VM VM

VM VM VM


New approach provides new opportunities within data center operations






How do you:

• Quickly and easily identify and remediate a security issue?

• Address environment vulnerabilities in a dynamic and growing environment?

• Manage all security requirements consistently across your evolving data center environments?


Manage all controls across all environments


• Eliminate need to manage agents on VMs

• Manage all controls on a single virtual appliance

• Easily apply consistent policy across environments

Integrates with VMware via

vSphere, vCenter, vCloud

Director

ESX

Integrates with LDAP

Oracle or SQL

Integrates

with SIEM

Virtualization Demo


Automatically add a

new VM with the

appropriate policy

Manage all controls

across all

environments

New approach provides new opportunities

within data center operations





Optimize data center environment

resources

How do you address the

bottlenecks created by

traditional security

capabilities?


Use agentless security to reduce system load

Network Usage

Scan Speed

CPU/Memory Usage

IOPS

Storage

ESXi

SAN

Disk Disk Disk Disk Disk


Avoid duplication of effort to impact

performance

18

Scan Cache

*All results based on internal testing using VMware View simulators

Up to 20X Faster* Full Scans

Up to 5X Faster Realtime Scans

Up to 2X Faster VDI

Login

Copyright 2014 Trend Micro Inc. 18

SIGNATURE BASED

ANTI-MALWARE

1988 - 2007

Smart protectionbegins with global threat intelligence…

CLOUD BASEDGLOBAL THREAT INTELLIGENCE

2008

BIG DATA

ANALYTICS-DRIVENGLOBAL THREAT

INTELLIGENCE2012+

• Email reputation• File reputation• Web reputation

• Whitelisting• Network traffic rules• Mobile app reputation• Vulnerabilities/Exploits• Threat Actor Research• Enhanced File Reputation• Enhanced Web Reputation• Command & Control

Smart Protection Network

Copyright 2014 Trend Micro Inc.


EVERY

24HOURS



… receives 16B

reputation queries from

customers

… analyses & correlates

100TB of data

… identifies 300,000

new, unique threats

… blocks 250M threats

within our customer

networks


03/29/12 Confidential | Copyright 2012 TrendMicro Inc. 2

Protect against vulnerabilities – before

you patch

• Number of vulnerabilities on the rise

– Over 13,000 vulnerabilities reported in 2013, 32% increasefrom 2012

– 73.5% of them are remotely exploitable over the network

– In July 2013, The New York Times reported that the average vulnerability sells from around $35,000 to $160,000

• Exploits become available shortly after disclosure

– 74% on the same day

– 8% more than one day later


03/29/12 Confidential | Copyright 2012 TrendMicro Inc. 2

Protect against vulnerabilities – before

you patch

• Roaming endpoints are directly exposed to threats– Connecting to the Internet from home, hotels, Wifi-Hotspots

• Unauthorized network access within company parameters

– Employee can access unauthorized network using personal owned devices


Patching All Vulnerabilties in Time – Not Realistic

• Some vulnerabilities cannot be patched

– Systems need to be up 24/7 and cannot be rebooted

• Patches often do not exist

– for 52% of known vulnerabilites, no patch exists

– Average of 151 days for vendors to release patch (NSS Labs 2013)

• Patches – if available – are not deployed immediately

– Average time to patch in enterprises in 2013: 59 days!

– Endpoints remain vulnerable


Protect against vulnerabilities - before you

patch

• Reduce risk of exposure to vulnerability exploits –especially as you scale

• Save money avoiding costly emergency patching

• Patch at your convenience

Vulnerability Disclosed or

Exploit Available

Patch

Available

Complete

Deployment

Test

Soak

Exposure

Begin

Deployment

Patc

hedVirtually patch with Trend Micro Intrusion

Prevention


Trend Micro’s Intrusion

Prevention rules were

released more than a month

before this vulnerability was

addressed!


(CVE-2013-5065)


Protect against vulnerabilities - before you

patch

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065

A new approach to security has impact

CONTEXT

SOFTWARE

PLATFORM

ADAPTIVE Reduce time to provision

Reduce effort to manage

Optimize data center

resources


A new approach to security has impact

✓ Reduce the need for patching (down-time, reboot)

✓ Extend the life of XP / Windows 2000 systems

✓ Protection against exploits

✓ Enable compliance with PCI 6.6

✓ Control unauthorized network access


Thousands of customers….millions of

servers protected

29

Automated security

Secured > 3,000 virtual desktops

Addressed compliance

Centralized security

Deployed virtual patching

Reduced impact on performance

Deployed multiple controls to protect data


#1 Corporate Server Security Market Share

30

30

31%

Source: IDC Worldw ide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares, Figure 2, doc #242618, August 2013


Success Story

31

• Protects over 30,000 VDI users and 300 servers with agentless security

• Tight integration with VMware reduced management complexity

• Workload on storage reduced by 70%

RESULTS:

“ ...Logging-in

process and

application

performance are

fast and USERS

HAVE BEEN

HAPPY…”

Virtual Technology Center

NTT-Neomeit

Source: 2013 Success Story with NTT

Needed to secure a large VDI

deployment

RESULTS:


Fact about Trend Micro

Founded in 1988, $1.2B Revenue (2012)

Headquartered in Japan, Tokyo Exchange

Nikkei Index, Symbol 4704

Largest Security focused company world wide

Over 5200 Employees, 38 Business Units

37%Consumer12%Small Business

13%Midsize Business

38%Enterprise & VLE


Q & A ?
