Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

Transcription

1 Deep Security 9 A Server Security Platform for Physical, Virtual, Cloud Marko Djordjevic, Available Aug 30, 2011 Territory Sales Manager SEE, Trend Micro

2 Deep Security 9 Exec Summary Market Trends Deep Security: A Server Security Platform What s New in Deep Security 9 Why You Need Deep Security 10/15/2012 2

3 Trend Micro Leader in Datacenter Security #1 in server, virtualization and cloud security First and only agentless security suite built for virtualization First company to offer security for the cloud 2011 VMware Technology Alliance Partner of the Year Cloud Security Alliance Award for Innovation in

4 Executive Summary: Deep Security 9 PHYSICAL VIRTUAL CLOUD Intrusion Prevention Firewall Antimalware Web Reputation Integrity Monitoring Log Inspection 1. Agentless platform for VMware environments goes wider and deeper Latest VMware platform support Hypervisor integrity monitoring Improved performance & tuning 2. Extending datacenter security to public and hybrid clouds vcloud and AWS integration enables single pane of glass and unified policies across all workloads 3. Multi-tenant architecture for software-defined datacenters & providers Delegation and self-service for tenants Automated deployments of components for elastic scaling

5 Deep Security 9 Exec Summary Market Trends Deep Security: A Server Security Platform Virtualization & Cloud Security with Deep Security Why You Need Deep Security 10/15/2012 5

6 1. Legacy Security Hinders Datacenter Consolidation Physical Virtual Cloud Physical Servers Virtual Servers Virtual Desktops Private & Public Cloud Servers Reduced Cloud Adoption Reduced Virtualization Density & ROI SECURITY INHIBITORS

7 2. Organizations Struggle With Keeping Servers Patched per year = Critical Software Flaw Vulnerabilities in 2010 Common Vulnerabilities & Exposures ( CVE ): Score critical alerts everyday! NVD Statistical Data Year # Vulns % Total , , , , , , , * 1,

8 3. Advanced threats are breaching existing defenses More Sophisticated More Targeted More Frequent More Profitable Advanced Persistent Threats Basic perimeter and host defenses not adequate anymore De-Perimeterization

9 4. Compliance Mandates Driving Costs Up Solutions Need to Achieve Broader Coverage with Lower TCO More standards: PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST , MITS More specific security requirements Virtualization, Web applications, EHR, PII More penalties & fines HITECH, Breach notifications, civil litigation DMZ consolidation using virtualization will be a "hot spot for auditors, given the greater risk of mis-configuration and lower visibility of DMZ policy violation. Through year-end 2011, auditors will challenge virtualized deployments in the DMZ more than non-virtualized DMZ solutions. -- Neil MacDonald, Gartner 9

10 Deep Security 9 Exec Summary Market Trends Deep Security: A Server Security Platform What s New in Deep Security 9 Why You Need Deep Security 10/15/

11 Trend Micro Deep Security A server security platform for: PHYSICAL VIRTUAL CLOUD Intrusion Prevention Firewall Anti Malware Web Reputation Integrity Monitoring Log Inspection VMware vshield enabled Agent-less

12 Deep Security Architecture Single Pane Scalable Redundant Deep Security Manager Threat Intelligence Manager SecureCloud Reports Deep Security Agent Modules: Intrusion Prevention Firewall Integrity Monitoring Log Inspection Anti-malware Web Reputation Deep Security Virtual Appliance Includes: Intrusion Prevention Firewall Anti-malware Web Reputation Integrity Monitoring Hypervisor Integrity Monitoring Classification 10/15/

13 Deep Security Agent/Virtual Appliance System, application and data security for servers 6 protection modules Reduces attack surface. Prevents DoS & detects reconnaissance scans Firewall Intrusion Prevention Detects and blocks known and zero-day attacks that target vulnerabilities Tracks credibility of websites and safeguards users from malicious urls Web Reputation Anti-Virus Detects and blocks malware (web threats, viruses & worms, Trojans) Optimizes the identification of important security events buried in log entries Log Inspection Integrity Monitoring Detects malicious and unauthorized changes to directories, files, registry keys Protection is delivered via Agent and/or Virtual Appliance * Log Inspection is only available in agent form today 13

14 Deep Security Manager Web-based, customizable console Multiple & delegated admin Ecosystem integration Scalable 14

15 Virtualization Security with Deep Security Agentless Security Platform for Virtual Environments Deep Security Virtual Appliance Intrusion prevention Firewall Anti-malware Web reputation Integrity monitoring The Old Way VM VM VM With Deep Security Security Virtual Appliance VM VM VM VM More VMs VM Higher Density Fewer Resources Easier Manageability Stronger Security 15

16 Agentless Architecture = CAPEX + OPEX Savings VM servers per host Agentless AV Traditional AV X higher VDI VM consolidation ratios year Savings on 1000 VDI VMs = $539,600 Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations Trend Micro Confidential 10/15/

17 Virtual Patching with Deep Security Raw Traffic Over 100 applications shielded including: Operating Systems 1 Stateful Firewall Allow known good Database servers Web app servers Deep packet inspec ction Filtered Traffic Exploit Rules Stop known bad Vulnerability Rules Shield known vulnerabilities Smart Rules Shield unknown vulnerabilities and protect specific applications Mail servers FTP servers Backup servers Storage mgt servers DHCP servers Desktop applications Mail clients Web browsers Anti-virus Other applications 17

18 Example: Microsoft Critical Vulnerability MS Remote Desktop Protocol Vulnerability Details Tuesday March 13 (Patch Tuesday): Microsoft Releases Security Update MS Vulnerability is rated as Critical and affects all versions of Windows where RDP service is ON Could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights The vulnerability is potentially wormable due to it being an unauthenticated, network-based vulnerability Microsoft sees a high likelihood of attempts to exploit the vulnerability in the next 30 days 18

19 Deep Security for Defense-in-Depth & Compliance Addressing 7 PCI Regulations and 20+ Sub-Controls Including: Firewall Web Reputation Log Inspection Intrusion Prevention Anti-Virus Integrity Monitoring (1.) Network Segmentation (1.x) Firewall (5.x) Anti-virus (6.1) Virtual Patching* (6.6) Web App. Protection (10.6) Daily Log Review Physical Servers Virtual Servers Cloud Computing Endpoints & Devices (11.4) IDS / IPS (11.5) File Integrity Monitoring * Compensating Control

20 Deep Security 9 Exec Summary Market Trends Deep Security: A Server Security Platform What s New in Deep Security 9 Why You Need Deep Security 10/15/

21 Cloud Security Challenges Securing Private Cloud Lack of physical to virtual security policy controls Difficulties in delegating security controls to internal teams Securing Hybrid Cloud Securing assets on the move Visibility in to vulnerability and changes Security as a Service (xsp) Provide differentiated service Delegate security management tasks 10/15/

22 Deep Security 9 Key Features 1. Deeper Integration with VMware Platform Support for latest vsphere and vshield platform capabilities 4 th -generation enhancements across broadest agentless security suite Improved performance Antivirus and integrity scan caching/de-dupe across VMs Significant storage I/O benefits for further VDI consolidation Tuning of IPS policies to guest application Stronger protection Hypervisor boot integrity chain of trust from VM file integrity to H/W Application-aware targeting of IPS policies (agentless recommendation) Copyright 2011 Trend Micro Confidential-NDA Inc. Required

23 Deep Security Integration with VMware APIs Integrates with vcenter Integrates with vcloud Integrates with Intel TPM/TXT Trend Micro Deep Security Antivirus Web reputation Agentless Intrusion prevention Firewall Log inspection Agentless Agentless Integrity monitoring Agent-based VMsafe APIs vshield Endpoint vshield Endpoint Security agent on individual VMs Security Virtual Machine v S p h e r e v C l o u d 5 years of collaboration and joint product innovation First and only agentless security platform First and only security that extends from datacenter to cloud Hypervisor Integrity Monitoring

24 Deep Security 9 Key Features 2. Extending Datacenter Security to Hybrid Cloud AWS and vcloud API integration Single management pane-of-glass between VM s in internal VMware datacenters, VPC s, and public clouds Hierarchical policy management Inheritance enables customized policies for different VM s or datacenters, while central IT can mandate compliant baseline settings Copyright 2011 Trend Micro Confidential-NDA Inc. Required

25 Deep Security 9 Key Features 3. Agile Security Management for the Cloud Multi-tenant Deep Security Manager architected for key attributes of cloud computing*: Resource-pooling independent tenant policies/data for shared, multi-tenant clouds Elasticity - Automated deployment of components to cloud scale Self-service Policies can be delegated by cloud admin to tenants through selfservice GUI Broad network access Web-based console built on RESTful APIs for extensibility and integration with broader cloud management frameworks Same architecture can be deployed as security-as-a-service by IaaS public cloud providers, or within enterprise ITaaS for private clouds *e.g. NIST definition of Cloud Computing Extending to cloud scale Copyright 2011 Trend Micro Confidential-NDA Inc. Required

26 Data Protection in the Cloud System, application and data security in the cloud Deep Security 9 Context Aware Credit Card Payment Sensitive Social Patient SecureCloud Security Medical Research Numbers Records Results Information Modular protection for servers and applications Self-Defending VM Security in the Cloud Agent on VM allows travel between cloud solutions One management portal for all modules Encryption with Policy-based Key Management Data is unreadable to unauthorized users Policy-based key management controls and automates key delivery Server validation authenticates servers requesting keys

27 Deep Security 9 Exec Summary Market Trends Deep Security: A Server Security Platform What s New in Deep Security 9 Why You Need Deep Security 10/15/

28 Large Enterprise Case Study Company American multi-national insurance company. A global 2000 company offering a wide range of insurance services. (including CDS insurance) Product Deep Security anti-malware, firewall, IDS/IPS and integrity monitoring Key Buying Drivers Building next gen datacenter on top of vsphere 5.0 with the goal of maximizing server density leveraging the latest and greatest security technology from Trend Micro and VMware Key Customer Benefits Deployment Employee: 96,000+ Virtualization Rate: 100% at the new datacentre Server 2,000+ and growing Saw Trend as the only solution in the market that offers agent-less protection for the new datacentre. Phase 1 will be AV, firewall and IDS/IPS while second phase will focus on FIM deployment Classification 10/15/2012

29 vcloud Provider (XSP) Case Study Company Multiple vcloud-based Service Providers Product Deep Security for public cloud SecureCloud Key Buying Drivers Security-as-service for IaaS offerings based on vcloud/vsphere Automation, elasticity, agility for dynamic cloud environments Multi-tenancy and self-service Key Customer Benefits Deployment Virtualization Rate: 100% (Hosting) Capacity to hundreds of thousands of VM s On-demand protection and compliance provides assurance to enterprise tenants Lowest TCO for cloud-scale

30 Trend Ready Program for Cloud Service Providers A technology partnership initiative aimed at facilitating enterprise adoption of public and hybrid IaaS cloud computing by reducing security adoption barriers Provides end user education on cloud security and governance risks; describes methods to mitigate them Delivers cloud security tools relevant to reducing cloud risk Deep Security and SecureCloud offer integrated application, server and data threat mitigation Verifies through testing that Trend Micro security products are interoperable and effective in partner clouds Directs enterprises towards Trend Ready CSPs for rapid and secure cloud deployment Value: End user: gain additional knowledge about cloud risk factors; ability to safely access efficiencies and economics offered by public IaaS CSP: offer additional security components that help increase user base, add revenue and differentiate cloud service from peer CSPs

31 Deep Security Key Solution Differentiators Physical Virtual Cloud Comprehensive protection for systems, applications and data Greater operational efficiency Superior platform support Tighter integration with eco-system Firewall IDS / IPS Web application protection Antimalware Web Threat Protection Integrity monitoring (including hypervisor) Log inspection Integrated security platform Single pane of glass across datacenter and clouds Agentless architecture Task automation with recommendation scans, security profiles, trusted sources, etc. Full functionality across more PVC platforms Quick support for current versions Hypervisor and cloud platforms Enterprise directories, SIEM and other apps

32 Deep Security Summary of highlights A fully integrated server security platform Only solution to offer specialized protection for physical virtual and cloud First and only agentless security platform (anti-malware, web reputation, firewall, intrusion prevention, VM & hypervisor integrity monitoring) for VMware environment First and only datacenter security solution that extends to public/hybrid cloud Only solution in its category to be certified EAL 4+ Trend Micro 22.9% Trend Micro 13% Trend Micro All Others 77.1% All Others Combined 87%

33 Thank you!

34 Deep Security Deployment Services Deployment Services get your Deep Security project off the ground and empowers your team with greater advanced server and virtualization security knowledge. Remote Onsite Key Features: Provides guided walk through to get your deployment started; including: - Discuss deployment architecture and deploy one Deep Security module - Configure and demo Deep Security Manager - Guided GUI walk through and best practices discussion - Deploy 2 3 agents to demonstrate deployment Options: 1 module; up to 25 endpoints 3 WebEx sessions, up to 4 hrs ea. 4 modules (Super Bundle); up to 25 endpoints 7 WebEx sessions, up to 4 hrs ea. Key Features: -Provides onsite staff augmentation to deliver a complete Deep Security installation - Design and deployment development - Structured, staged deployment process - Initial assessment base-lining and fine-tuning - In-depth transfer of knowledge Options: Up to 9 endpoints or 1 Host endpoints or up to 5 hosts 101 to 1000 endpoints or 6-20 Hosts 1,001+ endpoints or 20 Hosts Custom Scoped Deployment Projects

35 Deep Security Project Consulting Services Deep Security Services provide the piece of mind to know that you are protected as your environment changes and as you grow with your Deep Security platform. Assessment Services Data Center Security Assessment analyzes the security of your virtualized environments Build Services Design and Deployment Services help expedite a successful Deep Security implementation Solution Upgrade Services provide smooth Deep Security upgrades to leverage the latest innovations Manage Services Best Practices Implementation brings your solution to industry best practices levels Solution Optimization and Tuning Services tailors Deep Security to meet your organization s specific security strategy

36 Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year Improves Security by providing the most secure virtualization infrastructure, with APIs, and certification programs Improves Virtualization by providing security solutions architected to fully exploit the VMware platform Feb: Join VMsafe program VMworld: Trend Micro virtsec customer May: Trend acquires Third Brigade Nov: Deep Security 7 with virtual appliance RSA: Trend Micro Demos Agentless Sale of DS 7.5 Before GA Dec: Deep Security 7.5 w/ Agentless AntiVirus Vmworld: Announce Deep Security 8 w/ Agentless FIM RSA: Other vendors announce Agentless RSA: Trend Micro announces Coordinated approach & Virtual pricing And shows Vmsafe demo July: CPVM GA RSA: Trend Micro announces virtual appliance VMworld: Announce Deep Security 7.5 Q4: Joined EPSEC vshield Program 2010: >100 customers >$1M revenue Q1: VMware buys Deep Security for Internal VDI Use

37 Securing workloads: physical, private and public cloud Asset visibility across networks into the cloud Simultaeously manage physical, virtual, cloud Enforce consistent security policy Corporate Network Physical Virtual Cloud Providers Database Web Server Web Storage Mail Server Mail

38 Configure delegation for tenant self-service Trend Micro Confidential-NDA Required

39 Administration as tenant or cloud provider Administer as tenant (T1, T2) or cloud provider (T0) Trend Micro Confidential-NDA Required

40 Deep Security: Overall benefits Agentless security platform increases resource efficiency & VM density with zero guest footprint Scanning de-duplication for increases scan performance Maximizes NEW and resource efficiency Virtualization and vcloud Director & Amazon Cloud ROI Web Services integration automatically secures public/hybrid clouds NEW Multi-tenancy support enables providers NEW to offer secure clouds Supports Integrated security managed by single pane of glass Supports task automation with recommendation scans, trusted sources and event whitelisting Operational Cost Reductions Virtual patching reduces need for emergency patching enables prioritization of secure coding efforts Provides layered defense against advanced attacks Shields against known & Prevents Data Breach unknown vulnerabilities Monitors integrity of & Business Disruptions NEW VMware hypervisor Web reputation prevents malicious website access Enables Cost-effective Compliance 40 Supports PCI DSS 2.0, NIST, HIPAA & other regulations Detailed reports document prevented attacks & compliance status