Securing the Modern Data Center with Trend Micro Deep Security

Similar documents
EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Commercial Product Matrix

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

Stopping Advanced Persistent Threats In Cloud and DataCenters

Maximum Security with Minimum Impact : Going Beyond Next Gen

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

TREND MICRO SMART PROTECTION SUITES

Copyright 2011 Trend Micro Inc.

TREND MICRO SMART PROTECTION SUITES

SYMANTEC DATA CENTER SECURITY

Threat Landscape vs Threat Management. Thomas Ludvik Næss Country Manager

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

The Evolution of Data Center Security, Risk and Compliance

Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

Trend Micro deep security 9.6

McAfee Public Cloud Server Security Suite

Servers, Servers, Everywhere

Why the cloud matters?

Symantec Endpoint Protection Family Feature Comparison

Dynamic Datacenter Security Solidex, November 2009

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: V i r t u a l ization and Cloud C h a n g e s E ve r yt h i n g

Datacenter Security: Protection Beyond OS LifeCycle

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Symantec Endpoint Protection

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

THREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

Expand Virtualization. Maintain Security.

Changing The Conversation: Infrastructure as a Service

Kim Due Andersen Channel Account Manager,

Qualys Cloud Platform

Securing the Software-Defined Data Center

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Enterprise & Cloud Security

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Server Protection Buyers Guide

AS Stallion. Security for Virtual Server Environments. Urmas Püss

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Ransomware & Modern DR: Risky Business

Trend Micro and IBM Security QRadar SIEM

An all-in-one lightweight agent with deployment flexibility through both software as a service (SaaS) and on-premises options

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

Symantec Ransomware Protection

Security Made Simple by Sophos

CSP 2017 Network Virtualisation and Security Scott McKinnon

Annexure E Technical Bid Format

Software-Defined Secure Networks in Action

Symantec Endpoint Protection 12

Next Generation Endpoint Security Confused?

What is a mobile protection product?

Symantec and VMWare why 1+1 makes 3

Trend Micro OfficeScan XG

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

McAfee Cloud Workload Security Product Guide

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Cisco Advanced Malware Protection against WannaCry

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Securing Your Amazon Web Services Virtual Networks

VMware Hybrid Cloud Solution

Deploy Symantec Cloud Workload Protection for Storage

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

A Guide to Closing All Potential VDI Security Gaps

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

trend micro smart Protection suites

Best Practices in Securing a Multicloud World

Trend Micro Deep Discovery and Custom Defence

Kaspersky Security for Virtualization Frequently Asked Questions

Copyright 2015 EMC Corporation. All rights reserved. STRATEGIC FORUM PAT GELSINGER CEO, VMware

SentinelOne Technical Brief

McAfee Embedded Control

Securing Your Microsoft Azure Virtual Networks

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Seqrite Endpoint Security

Cisco Firepower NGFW. Anticipate, block, and respond to threats

The threat landscape is constantly

Real-time, Unified Endpoint Protection

Evolved Backup and Recovery for the Enterprise

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Symantec Endpoint Protection 14

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Symantec Endpoint Protection 11.0

Kaspersky Managed Service Providers Program

McAfee epolicy Orchestrator

What is an Endpoint Protection Platform?

McAfee Virtual Network Security Platform

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Microsoft Security Management

AT&T Endpoint Security

Agile Security Solutions

Transcription:

Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no

Infrastructure change Containers 1011 0100 0010 Serverless Public Cloud AWS Lambda Azure Functions Physical Servers Virtual Servers Virtual Desktops 2

Analyst insights & recommendations Cloud workloads have different requirements for security than end-user-facing endpoints, and the adoption of hybrid private/public cloud computing models compound the differences. Require vendors to support the security and visibility of workloads that span physical, virtual and multiple public cloud IaaS all from a single policy management framework and console. Source: Gartner, Market Guide for Cloud Workload Protection Platforms, March 2017 G00300334 3

Sandbox Analysis Intrusion Prevention Application Control Cross-generational blend of threat defense techniques Machine Learning 2H/17 Integrity Monitoring Behavioral Analysis Response & Containment Anti-Malware & Content Filtering 5

Network Security Sandbox Analysis Intrusion Prevention Application Control Cross-generational blend of threat defense techniques Machine Learning 2H/17 Integrity Monitoring Behavioral Analysis Response & Containment Anti-Malware & Content Filtering 6

Network Security Intrusion Prevention Firewall Vulnerability Scanning Defend against network and application threats Stop lateral movement and reduce server attack surface Automatically assess workload vulnerabilities & apply protection Protect against OS & application vulnerabilities (ex: Struts 2, Shellshock) Detect & stop ransomware (ex: WCRY) Reduce the need for emergency patching Shield end of life systems & applications 7

Reduce operational impacts Reduce operational costs of emergency & ongoing patching Protect systems where no patches will be provided Secure server and application-level vulnerabilities Virtual patch available Time Patch Available (if in support) Continuous protection Test Begin Deployment Completed WannaCry ransomware protection delivered in March, 2017, with enhancements at public disclosure (May 2017) Vulnerability disclosed or exploit available 8

10

File Server Ransomware Protection and early detection Ransomware Infects End users EndPoints have mounted file shares Ransomware encrypts files on shares even though the server is not infected Detection: Rule 1007596 - Identified Suspicious File Extension Rename Activity Over Network Share: - Detects renames to 50 ransomware related extensions. - Provides early detection File Server - Windows or Linux (Samba) Detection and Protection: Rule 1007598 - Identified Suspicious Rename Activity Over Network Share: - Rule to prevent renames after N renames in T1 seconds for T2 seconds. - E.g. if Deep Security Detects 10 renames in 60 seconds stop any rename activity for, say, 24 hrs 12

13

System Security Sandbox Analysis Intrusion Prevention Application Control Machine Learning 2H/17 Integrity Monitoring Behavioral Analysis Response & Containment Anti-Malware & Content Filtering 14

System Security Application Control Lock down servers and prevent changes (whitelisting) Automate protection from malicious attacks like ransomware Integrity Monitoring Detect suspicious or unauthorized changes across files, ports, registries, and more Reduce attack surface and speed compliance Log Inspection Consolidate and report on log information across systems Detect and notify of indicators of compromise (IOCs) 15

Block unknown software from running on Protected Servers When enabled, Application Control will scan servers and create a whitelist of approved software Administrator defined rules can block all unknown software (not included in the whitelist) until explicitly allowed Effectively locks down servers to significantly reduce its attack surface Real-time protection against unknown software Included with the System Security License (along with Integrity Monitoring and Log Inspection) Application Control Many ways for malware to install on your servers Intrusions Lateral Movement Human Error Authorized users installing custom/personalized tools

Stop unauthorized changes Full visibility across the hybrid cloud Lock down applications and servers (Windows & Linux) Support continuous application change with automation 17

Malware Prevention Sandbox Analysis Intrusion Prevention Application Control Machine Learning 2H/17 Integrity Monitoring Behavioral Analysis Response & Containment Anti-Malware & Content Filtering 18

Malware Prevention Anti-Malware & Content Filtering Detect & stop known malware from executing Stop malware and targeted attacks Detect & stop ransomware (ex: WCRY) Behavioral Analysis Machine Learning 2H/17 Detect suspicious files & behavior, stop malicious changes Stop zero-day attacks Sandbox Analysis Send suspicious objects to a customizable network sandbox Analyze unknown threats & share across multiple security products 19

Intelligent Detection and Protection against Ransomware attacks Deep Security detects and monitors suspicious behavior and begins backing up files Ransomware begins encrypting files Anti-malware Behavior Monitoring Unknown Ransomware finds server host and starts legitimate looking process Deep Security Antimalware is protecting server Deep Security determines behavior to be a Ransomware Attack > Stops process Deep Security restores original unencrypted files to directory and logs event 20

21

Turning Unknown threats into Known Threats with Sandbox Analysis! Real-Time Scanning OfficeScan Mail Gateway Analyzer Trend Micro Control Manager Deep Security Deep Security Suspicious Object detected and sent to Deep Discovery Analyzer for confirmation Web Gateway TMCM notified of new malware and sends signature and policy to Deep Security Full System Protection with Trend Micro Connected Threat Defense

2

2

3

LEGEND Protect Against Advanced Threats Known Good Known Bad Unknown Anti-Malware & Content Filtering Intrusion Prevention (IPS) & Firewall Integrity Monitoring & Log Inspection Application Control Machine Learning (2H/17) Behavioral Analysis Safe files & actions allowed Custom Sandbox Analysis Malicious files & actions blocked 31

Remove security complexity Deep Security 33

Smart Folders Demo 34

Eliminate manual security processes Get full visibility across environments Automatically scale up and down without gaps Scan for vulnerabilities & recommend or apply security based on policy Install only security controls required for maximum performance 35

Event-based tasks to profile new systems 36

Protect against the latest vulnerabilities: Scheduled Vulnerability Scans 37

38

Security for VMware Deployments Public Cloud (Multi-cloud) End User Computing VMware, AWS, Azure Operations Horizon Virtual Desktop Infrastructure (VDI) Deep Security vrealize Operations Management 39 vsphere, vcloud Software-Defined Data Center (Private Cloud) NSX

Securing VMware NSX Delivers automated security deployment & micro-segmentation (file & network) Integration enables security event viewing in vsphere with ability to take automated actions (ex: quarantine) 40

41

VMware continuity to NSX DS 10 Supports Agentless deployments with NSX 6.2.4 or higher Agentless AM-only requires NSX for vshield Endpoint license, or Standard license Agentless All Controls requires NSX Advanced license, or NSX Enterprise license Alternatively Agents can be deployed where All Controls are required Agent deployments do not require NSX Deep Security NSX for vshield Endpoint (Free) or NSX Standard vsphere with NSX (Agentless) NSX Advanced NSX Enterprise vsphere (Agent-based) Anti-Malware Web Reputation Firewall IPS / VP Integrity Monitoring Log Inspection 1.With the built-in NSX firewall, the Deep Security firewall will normally not be used and should not be focused on for pure NSX deployments 2.Agent-based functionality in combined mode with Agentless 42

Single pane of glass For Trend Micro events and VMware events 43

Correlate vrops Events with Security Events 44

Remove platform support issues Thousands of supported kernels with rapid updates 45

Protecting Docker Deployments Extends Deep Security server protection techniques to Docker containers Secures micro-service architectures through runtime protection Leverage anti-malware, app control, IPS, and integrity monitoring to secure containers Amazon ECS 46

Streamline information sharing 47

Accelerate compliance Multiple controls with central management & reporting Protect legacy environments Consistent security across the hybrid cloud 800-53 48 FERC

Accelerate compliance & enhance security 8 of 12 requirements 10 of 20 requirements 6 of 10 requirements 49

Gartner Magic Quadrant for Endpoint Protection Platforms January 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from https://resources.trendmicro.com/gartner-magic-quadrant-endpoints.html Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Confidential 2017 Trend Micro Inc. 50

The MARKET LEADER in server security for 7 straight years Other Intel Symantec 30% 51 Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud Has Transformed the Datacenter, January 2017 #US41867116

Questions?

Thank you! okan@trendmicro.no

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback