Security in a Virtualized Environment with TrendMicro

Similar documents
Securing the Data Center against

Potpuna virtualizacija od servera do desktopa. Saša Hederić Senior Systems Engineer VMware Inc.

The Future of Virtualization. Jeff Jennings Global Vice President Products & Solutions VMware

The Future of Virtualization Desktop to the Datacentre. Raghu Raghuram Vice President Product and Solutions VMware

VMware vsphere 4.0 The best platform for building cloud infrastructures

Stopping Advanced Persistent Threats In Cloud and DataCenters

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Dynamic Datacenter Security Solidex, November 2009

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Back To The Future - VMware Product Directions. Andre Kemp Sr. Product Marketing Manager Asia - Pacific

Kaspersky Security for Virtualization Frequently Asked Questions

AS Stallion. Security for Virtual Server Environments. Urmas Püss

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Copyright 2011 Trend Micro Inc.

IT Infrastructure: Poised for Change

Trend Micro and IBM Security QRadar SIEM

Securing Your Virtual World Harri Kaikkonen Channel Manager

OfficeScan 10 Cloud Client File Reputation Technology

Symantec Endpoint Protection

Securing the Modern Data Center with Trend Micro Deep Security

Symantec Reference Architecture for Business Critical Virtualization

Protecting Your Digital World

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Cisco Expo 2009 Bratislava. Chief Technology Officer VMware, Inc.

SaaS Flyer for Trend Micro


IT as a Service (Internally or Externally Provisioned) Efficiency. Control. Choice. VMware vsphere 4.0

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Symantec and VMWare why 1+1 makes 3

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

Ret h i n k i n g Security f o r V i r t u a l Envi r o n m e n t s

VMware - VMware vsphere: Install, Configure, Manage [V6.7]

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Future-ready security for small and mid-size enterprises

for businesses with more than 25 seats

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Deep Security 9.5 Supported Features by Platform

Disclaimer CONFIDENTIAL 2

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Proactive Approach to Cyber Security

Deep Security 9.5 Supported Features by Platform

Why the cloud matters?

Symantec Protection Suite Add-On for Hosted Security

Networks with Cisco NAC Appliance primarily benefit from:

VMware Vision and Future Directions Jan Kvinta

Enterprise X-Architecture 5th Generation And VMware Virtualization Solutions

BUFFERZONE Advanced Endpoint Security

New Features in VMware vsphere (ESX 4)

Agile Security Solutions


Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Cisco Network Admission Control (NAC) Solution

Trend Micro deep security 9.6

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

Herd Intelligence: true protection from targeted attacks. Ryan Sherstobitoff, Chief Corporate Evangelist

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Cisco NAC Network Module for Integrated Services Routers

Symantec Network Access Control Starter Edition

Paloalto Networks PCNSA EXAM

VMware vsphere Administration Training. Course Content

ACCELERATE THE JOURNEY TO YOUR CLOUD

Seqrite Endpoint Security

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

VMware vsphere with ESX 4.1 and vcenter 4.1

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

The vsphere 6.0 Advantages Over Hyper- V

BUFFERZONE Advanced Endpoint Security

vshield Administration Guide

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

VMWARE SERVICE PROVIDER PROGRAM PRODUCT USAGE GUIDE Q2

Vblock Architecture Accelerating Deployment of the Private Cloud

for businesses with more than 25 seats

Security for the Cloud Era

VMware vsphere Beginner s Guide

VI3 to vsphere 4.0 Upgrade and New Technology Ultimate Bootcamp


Annexure E Technical Bid Format

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

[VMICMV6.5]: VMware vsphere: Install, Configure, Manage [V6.5]

Virtualizing Oracle on VMware


Symantec Network Access Control Starter Edition

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Trend Micro Deep Security

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

And do it with less...

Commercial Product Matrix

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

VMware vsphere: Fast Track [V6.7] (VWVSFT)

Foundation for Cloud Computing with VMware vsphere 4

Security Gateway Virtual Edition

Transcription:

Security in a Virtualized Environment with TrendMicro Bob van der Werf Partner Systems Engineer Andre Noordam Trend Micro

Agenda VMware vshield VMware VMSafe API TrendMicro solutions integration Smart Protection Strategy introduction Virtualization Security for VMware

VMware vsphere 4.0.Net Windows Linux J2EE Grid Web 2.0 SaaS v vcenter Suite Availability Security Scalability lication Services VMotion Storage VMotion HA Fault Tolerance Data Recovery vshield Zones VMSafe DRS Hot Add Infrastructure Services vcompute vstorage vnetwork ESX ESXi DRS/DPM VMFS Thin Provisioning Distributed Switch VMware vsphere 4.0 Internal Cloud External Cloud

Challenges with Traditional Network Security Physical Network Security in Virtual Environments External chokepoints that splinter resource pools Disrupts cloud vision of seamless pool of resources No inter-vm visibility Unable to monitor traffic within an ESX host Statically configured Too rigid to adapt to changes in infrastructure Unable to maintain network session state with live migration (VMotion) or live failover (FT)

vshield Zones Capabilities Bridge, firewall, or isolate VM zones based on familiar VI containers Monitor allowed and disallowed activity by application-based protocols (Windows RPC, Oracle TNS, FTP, etc) One-click flow-to-firewall blocks precise network traffic Benefits Well-defined security posture within virtual environment Monitoring and assured policies, even through Vmotion and VM lifecycle events Simple zone-based rules reduces policy errors

Key Use Cases for vshield Zones Virtualizing the datacenter DMZ servers Collapsing DMZ boundary using virtual firewalls Compliance Intrusion prevention, web app firewalls, other prescribed network security Monitoring of successful and unsuccessful network connections Consistent network security policies for replicated environments Failover and high availability backups Datacenter-in-a-box for SMB and Remote Office/Branch Office Network isolation for multi-tenant clouds

VMware vshield Zones Architecture vshield Host Gateway Virtual Network Monitoring Virtual Network Firewall Transparently Managed vshield Manager Centralized Monitoring Centralized Policy Assignment Web-based interface VMware vcenter vshield VMware ESX vshield VMware ESX vshield VMware ESX VMware vshield Manager

Introducing VMsafe Security VM HIPS Firewall IPS/IDS Anti-Virus Security API ESX New security solutions can be developed and integrated into VMware virtual infrastructure Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage) Complete integration and awareness of VMotion, Storage VMotion, HA, etc. Provides an unprecedented level of security for the application and the data inside the VM

VMsafe APIs API s for all virtual hardware components of the VM CPU/Memory Inspection Inspection of specific memory pages being used by the VM or it applications Knowledge of the CPU state Policy enforcement through resource allocation of CPU and memory pages Networking View all IO traffic on the host Ability to intercept, view, modify and replicate IO traffic from any one VM or all VM s on a single host. Capability to provide inline or passive protection Storage Ability to mount and read virtual disks (VMDK) Inspect IO read/writes to the storage devices Transparent to the device and inline of the ESX Storage stack

TrendMicro START Trend Micro solutions integration Immediate protection, less complexity, greater flexibility Andre Noordam Senior Pre Sales Engineer

Agenda VMware vshield VMware VMSafe API TrendMicro solutions integration Smart Protection Strategy introduction Virtualization Security for VMware

Agenda VMware vshield VMware VMSafe API TrendMicro solutions integration Smart Protection Strategy introduction Virtualization Security for VMware

Company overview Founded Headquarters Employees Market 2008 Revenue United States in 1988 Tokyo, Japan 4,120 Internet Content Security US $985 Million CEO Eva Chen 10 global TrendLabs locations; 9 global R&D centers Tokyo Stock Exchange (4704)

Security Evolution Continuous Innovation Integrated Gateway Content Security InterScan Messaging Security Suite Botnet Identification Service Data Leak Prevention LeakProof LAN Server Virus Protection ServerProtect Server-based Email Virus Protection ScanMail Threat Lifecycle Management Strategy Enterprise Protection Strategy (EPS) Trend Micro and Cisco Integrated Security in the Network Trend Micro Smart Protection Network 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 Gateway Virus Protection InterScan Web Filtering InterScan WebManager 2-Hour Virus Response SLA Compliance Message Archiver & Email Encryption Web-based Centralized Management Trend Micro Control Manager Email Reputation Services Network Access Control Network VirusWall Software as a Service SecureCloud Web Threat Protection Web Reputation

Threat Environment Evolution to Crimeware Web Threats Crimeware Intelligent Botnets Complexity Vulnerabilities Worm Outbreaks Spam Mass Mailers Spyware Information Stealing Botnet Enabled Multi-Vector Multi-Component Web Polymorphic Rapid Variants Single Instance Single Target Regional Attacks Silent, Hidden Hard to Clean

Example of todays threats Social engineering takes on a physical form as flyers are placed on car windshields in a North Dakota parking lot. These flyers bear a malicious URL.

Example of todays threats This series of malicious activities happens when a user tries to access the URL printed in the flyer

Pattern Matching a challenge for everyone -Test.org s Sample Collection 11,000,000+ Unique Samples Added Actual Forecast Source: -Test.org, June 2008

Traditional Endpoint Security Can t Keep Up Signature file updates take too long Delay protection across all clients and servers Leave a critical security gap Require multiple updates a day to keep up with threats, complicating signature management 16,438 26,598 Signature files are becoming too big Increase endpoint memory footprint 10,160 Increase impact on endpoint performance Increase bandwidth utilization 6,279 Unpredictable increase of client size 57 205 799 1,484 2,397 3,881 Unique threat samples PER HOUR 2007 2009 2011 2013 2015

Next generation architecture Threat Protection Databases Slowly Updating Patterns < 50 Per Day Small Pattern DB PAST Patterns Past

Trend Micro Smart Protection Network Security Made Smarter Threats WEB REPUTATION EMAIL REPUTATION FILE REPUTATION Threat Collection Back-end Correlation

Trend Micro Smart Protection Network Trend Micro Multi-Layered Architecture Management Threats EXTERNAL THREATS Viruses Spyware & Adware Spam & Phishing Web Threats Gateway Servers Trend Micro Control Manager Endpoint Services ScanMail Solutions LeakProof Data Leak Prevention Solution InterScan Web Security Solutions IM Security for LCS Solution Web and Email Reputation InterScan Messaging Hosted Security ServerProtect Security Solutions OfficeScan Client Security Solution Reputation Anti-Spyware Antivirus INTERNAL THREATS Information Leaks Compliance Vulnerabilities InterScan Messaging Security Solutions SharePoint Portal Security Solution Trend Micro Mobile Security Solution Off Network Anti-Spam Anti-Phishing Inappropriate Content OfficeScan Client Security Solution

Trend Micro OfficeScan Client-Server Suite Immediate Protection Endpoint Defense Web and File Reputation in the Smart Protection Network Endpoint-centric security HIPS and new device control A complete suite of endpoint security products protecting all clients, servers, and mobile devices regardless of location or network connectivity. Less Complexity Easy Management Single Web-based management console Role-based administration Active Directory integration More Flexibility Plug-in Architecture Adaptive approach to changing threats Multiple device and OS support

OfficeScan Client-Server Suite More Flexibility More Protection Points Desktops Laptops Servers Virtual Machines Macs Smartphones PDAs Storage liances More Platforms Windows XP Windows Vista Windows Server2003 Windows Server2008 Mac OS 10.4 + 10.5 Linux Windows Mobile 5.x Windows Mbile 6.x Symbian OS VMware ESX

OfficeScan Client-Server Suite More Flexibility OfficeScan Plug-in architecture Select the security you want to deploy, when, and where Easily add new modules, as needed As soon as new technologies become available At any time your needs change Extends your solution lifecycle Protects your investment No need to rip-and-replace to be protected Plug-in Manager Anti-malware File & Folder Encryption HIPS & Vulnerability shielding Mobile Security Security for Macintosh Virtualization Security MODULAR PLUG-IN ARCHITECTURE

Agenda VMware vshield VMware VMSafe API TrendMicro solutions integration Smart Protection Strategy introduction Virtualization Security for VMware

Trend Micro Virtualization Security Current Market Situation Existing content security solutions underperform in virtual environments They are unable to scan vulnerable dormant VMs Virtual Machines ESX Server (X86) Physical Server Simultaneous full system malware scans causes huge performance degradation

Trend Micro Virtualization Security Dormant Virtual Machines Need Protection Dormant VM Dormant VM Active VM Active VM Active VM ESX Server Dormant VMs have no anti-malware agent running but can still get infected Aged dormant VMs will be way behind with pattern update

Trend Micro Virtualization Security Scheduled Scanning with Existing Solutions Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM Scan 3:00AM Typical Console ESX Server Typical solutions are not VI-aware Simultaneous full scans will cause system thrashing

Trend Micro Virtualization Security Anti-malware protection for offline and online virtual machines. Signature update for offline Virtual Machines. Full integration with OfficeScan and Vmware ESX. Supports VMsafe API. Management via vcenter console. Plug-in for Trend Micro OfficeScan. Supports Trend Micro Lightweight Smart Protection agent for realtime protection

Trend Micro Virtualization Security Scanning with Virtualization Security Dormant VM Dormant VM Active VM Active VM Active VM Scanning agent Virtualization Security Console VMsafe APIs VirtualCenter ESX Server Virtualization Security scans and remediates offline VMs Virtualization Security integrates with VMware Virtual Center

Trend Micro Virtualization Security Scheduled Scanning Scan 3:00AM Scan 3:00AM Scan 3:10AM Scan 3:00AM Scan 3:10AM Dormant VM Dormant VM Active VM Active VM Active VM Scanning agent Virtual Center Virtualization Security Console VMsafe APIs ESX Server VMsafe APIs ESX Server VMsafe APIs ESX Server Virtualization Security is set up to be VI Aware Scheduled scans on the same physical server are automatically staggered

Trend Micro Virtualization Security Summary We solve the pattern volume problem File Reputation Web Reputation Vulnerability shielding We solve the Endpoint performance drop problem Cloud-Client Architecture Frees resources Offloads growing patterns to the cloud We provide full VMware support OfficeScan VMSafe Plug-in architecture Virtual liances All current products are support in a vmware environment www.trendmicro.com/go/virtualization

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback