Trend Micro - Virtualization and Security Compliance


Published on

Data Center Virtualization and Security Compliance : How to have Both at a Lower Cost

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Trend Micro - Virtualization and Security Compliance

  1. 1. Datacenter Virtualization &Security ComplianceHow to Have Both at a Lower CostVMUG Montreal – January 17, 2012David Girard • Senior Security Advisor • Trend Micro Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 2 1
  2. 2. VMWorld 2011: Partners for Security Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform• VMware #1 Security Partner• Trend Micro: 2011 Technology Alliance Partner ofthe Year Copyright 2012 Trend Micro Inc. 2
  3. 3. Questions (before we start)• How many are in charge of virtualization?• How many are in charge of security compliance?• How many are responsible for both?• Who think security controls kill their virtualization project or increase its cost ($$$ and performance) by too much? Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 4 3
  4. 4. Virtualization to reduce costSecurity Compliance is not an option Security Compliance at lower cost Conclusion, Q&A 1/18/2012 Copyright 2012 Trend Micro Inc. 5 4
  5. 5. Collision Course in the Making …• Two major industry drivers at odds w/ each other – Increased focus on compliance – Datacenter virtualization and Cloud computing You must comply. You have no choice. Corporate Lawyers and external auditors are watching you. You must save on IT cost. You have no choice according to CFO How to make both lawyer, auditors and CFO happy? Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 6 5
  6. 6. Key Trends: Businesses Are Moving to the CloudSource: Trend Micro survey, May 2011 As current pre-production clouds go live, we will see 4x as many clouds Copyright 2012 Trend Micro Inc. 7 6
  7. 7. Deploying Applications in the Cloud Companies with public or hybrid clouds • 45% of their existing applications are in the cloud • 53% of their new applications will be deployed in the cloud 43% experienced a security issue in the last 12 months Copyright 2012 Trend Micro Inc. 8 7
  8. 8. Who Has Control? Servers Virtualization & Public Cloud Public Cloud Public Cloud Private Cloud IaaS PaaS SaaS End-User (Enterprise) Service Provider Who is responsible for security? • With IaaS the customer is responsible for security – Example: (11 May 2011) • With SaaS or PaaS the service provider is responsible for security – Not all SaaS or PaaS services are secure – Can compromise your endpoints that connect to the service – Endpoint security becomes critical Copyright 2012 Trend Micro Inc. 9 8
  9. 9. Cloud classificationReference: Cloud_Computing_Business_Use_Case_Template.pdf from NIST Service Model Software as a Plateform as a Infrastructure as a service service service (SaaS)* (PaaS) (IaaS) Private Deployment Community Model Public Hybrid*DaaS are considered as a sub category of SaaS by many organizations Reference :Guidelines on Security and Privacy in Public Cloud Computing Draft-SP-800-144_cloud-computing.pdf Trend Micro Confidential 1/18/2012 Copyright 2012 Trend Micro Inc. 10 9
  10. 10. Platform-specific Security RisksPhysical Virtual CloudManageability Performance & Threats Visibility & Threats• Glut of security products • Security degrades • Less visibility performance• Less security • More external risks • New VM-based threats• Higher TCOReduce Complexity Increase Efficiency Deliver Agility Integrated Security Single Management Console Copyright 2012 Trend Micro Inc. 11 10
  11. 11. Virtualization to reduce costSecurity Compliance is not an option Security Compliance at lower cost Conclusion, Q&A 1/18/2012 Copyright 2012 Trend Micro Inc. 12 11
  12. 12. Key Trends: Compliance Imperative More standards: • PCI, PIPEDA, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS… With more than 400 More specific security requirements regulations and over • Virtualization, Web applications, EHR, PII… 10,000 overlapping controls in 38 countries, compliance has become aMore penalties & fines challenging and complex mandate for organizations• HITECH, Breach notifications, civil litigation everywhere. DMZ consolidation using virtualization will be a "hot spot” for auditors, given the greater risk of mis-configuration and lower visibility of DMZ policy violation. Through year-end 2011, auditors will challenge virtualized deployments in the DMZ more than non-virtualized DMZ solutions. -- Neil MacDonald, Gartner Copyright 2012 Trend Micro Inc. 13 12
  13. 13. Core Security Compliance ControlsDon’t forgetEnvironmentalregulationsWith our solutions youget more VM density =less CO2 = Green =Compliant Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 14 13
  14. 14. The PCI compliance case• PCI SSC’s most FAQ’s is on virtualization compliance – “If I virtualize my cardholder data environment (CDE) will I still be PCI compliant?” – “Do I need to use dedicated hypervisors to host my CDE components”• PCI DSS v2.0 formerly acknowledged virtualization of the CDE was permitted – Specific guidance was deferred to an emerging technology information supplement on virtualization Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 15 14
  15. 15. The History …• PCI Virtualization Special Interest Group (SIG) formed during the 2009 RSA Conference – SIG Objective: Provide clarification on the use of virtualization in accordance with the PCI DSS – After a 2 year process, the SIG submitted recommendations to the PCI SSC working group for consideration – Trend has been a contributing member of the SIG from the very first call – Opinions on the SIG varied widely • Leading edge: Embrace virtualization and the direction towards cloud computing • Conservative: Recommend dedicated hypervisor environments and restrict consolidation of system components – defer use of the cloud Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 16 15
  16. 16. 10 Key Principles from PCI-DSSVirtualization Guidelines1. Hypervisor environment is in scope2. One function per server3. Separation of duty4. Mixing VM’s of different trust levels5. Dormant VMs and VM snapshots6. Immaturity of monitoring solutions7. Information leakage8. Defense in depth9. VM Hardening10. Cloud Computing Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 17 16
  17. 17. PCI DSS 2.0 Virtualization GuidelinesPCI DSS 2.0 Virtualization Guideline Required Controls1. Hypervisor environment is in scope Deep Security DPI and FIM- Hypervisor and supporting components - Virtual Patching Prevents VMs from must be hardened being compromised to attack hypervisor- Security patches applied ASAP - FIM checks the integrity of vSphere- Logging/monitoring of hypervisor events utilizing Intel TPM/TXT2. One function per server Deep Security Firewall- Physical servers had the same - Firewall ensures only requires ports andrequirement, no change in behavior protocols are accessible3. Separation of duty Deep Security Manager- Consider multi-factor authentication - Support for RBAC enables separation of- Access controls for both local and duty of security policiesremote should be accessed- Review and monitor RBAC controls- Enforce least privilege where possible4. Mixing VM’s of different trust levels Deep Security Firewall and IDS/IPS- In order for in-scope and out-of-scope - A combination of VLAN and per VMVMs to co-exist on the same hypervisor firewall and IDS/IPS provides the isolationthe VMs must be isolated from each other and visibility into inter-VM traffic required Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 27 17
  18. 18. PCI DSS 2.0 Virtualization GuidelinesPCI DSS 2.0 Virtualization Guideline Required Controls5. Dormant VMs and VM snapshots Deep Security Agentless DPI & AV- Access should be restricted - Automated VM discovery via real-time- Ensure that only authorized VMs are integration w/ vCenteradded and removed - Dormant VMs are protected by the Virtual- Recognize that VMs are dynamic Appliance when first powered on eliminatingand state cannot be assumed ‘stale’ protection policies6. Immaturity of monitoring Deep Security IDS/IPS, FIM & LIsolutions - Deep Security IDS/IPS provides visibility- Traditional tools do not monitor inter- into inter-VM trafficVM traffic - Integrity Monitoring provides visibility into- Virtualization tools are still immature unauthorized changes to guest-VMs and thecompared to their physical hypervisorcounterparts - Log Inspection provides visibility into security events occurring to guest-VMs7. Information leakage Deep Security (all modules)- Increased risk of information leakage - IDS/IPS, FIM and Log Inspection providesbetween logical network segments & visibility as shown in #6 abovebetween logical components - Firewall reduces the VMs attack surface Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 28 18
  19. 19. PCI DSS 2.0 Virtualization GuidelinesPCI DSS 2.0 Virtualization Guideline Required Controls8. Defense in depth Deep Security (all modules)- Traditional security appliances - Automated VM discovery via real-timecannot protect virtual integration w/ vCenter & new VMs are auto-- Traditional agent-based security protected w/ a default security profileproducts can impact performance - Protection for physical, server VMs, VDI, hybrid cloud, and public cloud9. VM Hardening Deep Security and VMware- Harden VMs (OS & Apps) by - IDS/IPS & firewall hardens VMsdisabling unnecessary services, ports, - Integrity Monitoring provides visibility intointerfaces, and devices unauthorized changes to guest-VMs- Send logs off-board in near real-time - Log Inspection provides visibility into- Establish limits on VM resource security events occurring to guest-VMs &usage forwards in real-time10. Cloud Computing Deep Security and SecureCloud- Cloud service provider must provide - Deep Security protects VMs in enterprise,sufficient assurance that the scope of hybrid cloud and public cloud environmentsPCI compliance is sufficient - SecureCloud provides encryption services- Customer is required to provide independent of cloud provider ensuring onlyadditional necessary controls authorized personnel can access the data Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 29 19
  20. 20. Exploits are happening before patches are developed “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe 28 days since September last year.”# of days until -- ZDNet, January 21, 2010vulnerability isfirst exploited, 18 daysafter patch ismade available 10 days Zero-day Zero-day 2003 2004 2005 2006 … 2010 MS- Blast Sasser Zotob WMF IE zero-day 31 Copyright 2012 Trend Micro Inc. 20
  21. 21. By exploiting a vulnerability… An attacker can: – Take full control of a system – Install programs – View, delete, or change data – Create accounts with user privileges – Deny services – Crash systems – Steal & sell valuable data 32 Copyright 2012 Trend Micro Inc. 21
  22. 22. Where are you most vulnerable? 1 Enterprise applications 2 Legacy web applications 3 Unsupported OSs & apps Untouchable apps 4 Copyright 2012 Trend Micro Inc. 33 22
  23. 23. 1 Enterprise applications2,723 Critical “Software Flaw” Vulnerabilities in 2009 • Common Vulnerabilities & Exposures (“CVE”): Score 7-10 78 73 23 How often / easily do you patch Oracle vulnerabilities? Copyright 2012 Trend Micro Inc. 34 23
  24. 24. 2 Legacy web applications• Inherently open and accessible “New mass SQL• Content & functionality constantly evolving injection attack infects 56,000• Web 2.0 adds more complexity websites”• Many legacy web apps cannot be -- SC Magazine. fixed (developers gone) August 25, 2009• Perimeter security doesn’t protect web apps• Secure SDLC: Lack of awareness and training 35 Copyright 2012 Trend Micro Inc. © Third Brigade, Inc. 24
  25. 25. Unsupported OSs &3 apps Security patches no longer issued for: 8 3 March October 2009 2010 January July 2009 2010 10.1 Copyright 2012 Trend Micro Inc. 36 25
  26. 26. Untouchable apps 4 Medical Kiosks Point ATMs of Sale• Reason for not patching: The underlying applications require security patches, which could – Cost of refresh create incompatibilities and even – Compliance restrictions break the medical device. Medical device manufacturers are reluctant – Service Level Agreements to patch until they have performed adequate testing. Copyright 2012 Trend Micro Inc. 37 26
  27. 27. Trend Micro Deep SecurityVirtual patching solution 5 protection modules Deep Packet Inspection Detects and blocks known and IDS / IPS zero-day attacks that target vulnerabilitiesShields web application Web Application Protectionvulnerabilities Provides increased visibility Application Control into, or control over, applications accessing the networkReduces attack surface. Integrity Detects malicious andPrevents DoS & detects Firewall unauthorized changes to Monitoringreconnaissance scans directories, files, registry keys…Optimizes the Log Detects and blocksidentification of Anti-Virus Inspection malware (web threats,important security viruses & worms, Trojans)events buried in logentries Copyright 2012 Trend Micro Inc. 38 Protection is delivered via Agent and/or Virtual Appliance 27
  28. 28. Sample list of systems protectedDeep Security rules shield vulnerabilities in these common applicationsOperating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11)Database servers Oracle, MySQL, Microsoft SQL Server, IngresWeb app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft SharepointMail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional,FTP servers Ipswitch, War FTP Daemon, Allied TelesisBackup servers Computer Associates, Symantec, EMCStorage mgt servers Symantec, VeritasDHCP servers ISC DHCPDDesktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayerMail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail ClientWeb browsers Internet Explorer, Mozilla FirefoxAnti-virus Clam AV, CA, Symantec, Norton, Trend Micro, MicrosoftOther applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 39 Copyright 2012 Trend Micro Inc. 28
  29. 29. Security Center Rules to shield newly discovered vulnerabilities are developed and delivered automatically Automated Monitoring Monitor Public • SANS • VulnWatch Private • CERT • PacketStorm Underground • Vendor Advisories • Securiteam • Bugtraq Application Triage Triage Coverage • Wide range of server, desktop and Analysis custom application coverage • Per filter recommendations Develop Quality Filter Types Assurance • Exploit / Attack Filter Development • Vulnerability • Smart / Anomaly / Traffic Deliver Coordinate Response Information • Automated and • Within Hours Response Copyright 2012 Trend Micro Inc.© Third Brigade, Inc. 40 29
  30. 30. Platforms protected Windows 2000 Windows 2003 (32 & 64 bit) Windows XP Vista (32 & 64 bit) Windows Server 2008 (32 & 64 bit) Windows 7 HyperV (Guest VM) 8, 9, 10 on SPARC 10 on x86 (64 bit) Red Hat (CentOS) 4, 5, 6 (32 & 64 bit) SuSE 10, 11 VMware ESX Server (guest OS) VMware Server (host & guest OS) XenServer (Guest VM) HP-UX 11i (11.23 & 11.31) Integrity Monitoring AIX 5.3, 6.1 & Log Inspection modules Copyright 2012 Trend Micro Inc. 41 41 30
  31. 31. Protection for web applications • Microsoft.NET - based website tested with IBM Rational AppScan • 5,428 vulnerability tests sent 42 Copyright 2012 Trend Micro Inc. © Third Brigade, Inc. 31
  32. 32. Conficker Worm exampleFive Variants: • Nov 21, 2008 Win32/Conficker.A • Dec 29, 2008 Win32/Conficker.B • Feb 16, 2009 Win32/Conficker.B++ (C) • Mar 4, 2009 Win32/Conficker.D • April 8, 2009 Win32/Conficker.EImpact• Up to 10 million machines infected• Weeks of clean-up & containment effort• Lost productivity during the worm outbreak• Potential for further attacks due to Conficker disabling AV processes and blocking updates• Additional malware installed in silent mode for future malicious use and/or creation of BotNets Copyright 2012 Trend Micro Inc. 43 32
  33. 33. Deep Security customers were protectedbefore first Conficker exploits appeared • Deep Security customers were protected against MS08-067 exploits beginning Oct 23, 2008 (same day vulnerability was announced, and weeks before first exploit). – DPI rules shield MS08-067 from exploit – Log Inspection rules detect Conficker brute force attempts – Integrity Monitoring rules detect Conficker system infection • Two new Deep Security DPI rules released Feb 23, 2009 to protect against Conficker.B++ • Deep Security’s Recommendation Scan feature automatically recommends the above protection rules – Ensures the appropriate level of protection is applied to systems even if IT Security is not aware of a particular attack 44 Copyright 2012 Trend Micro Inc. © Third Brigade, Inc. 33
  34. 34. Deep Security 8 Integrity MonitoringAgentless Integrity Monitoring The Old Way With Agent-less Integrity Monitoring Security VM VM VM Virtual Appliance VM VM VM VM Zero Added Faster Better Stronger Footprint Performance Manageability Security • Zero added footprint: Integrity monitoring in the same virtual appliance that also provides agentless AV and Deep Packet Inspection • Stronger Security: Expands the scope of protection to hypervisors through Intel TPM/TXT integration • Order of Magnitude savings in manageability • Virtual Appliance avoids performance degradation from FIM storms 46 Copyright 2012 Trend Micro Inc. 46 34
  35. 35. Security for Cloud ServersDeliver Agility Cloud Key Challenge: Data security in the cloud Need: Enable path to private, public or hybrid cloud with added data security, management APIs and multi-tenancy support Amazon, vCloud Deep Security 8 with SecureCloud 1.2 • Support for bare metal and virtual infrastructure without cloud API Deep Security 8 with SecureCloud Deep Security 8 with SecureCloud 2.0 2.0 will provide • Deep Security Manager integration context-aware data security necessary • FIPS 140-2 certification for ALL cloud • Key revocation, rotation & lifecycle environments mgmt Copyright 2012 Trend Micro Inc. 47 35
  36. 36. Total Cloud ProtectionSystem, application and data security in the cloud Context Deep Security 8 Aware Credit Card Payment 2 SecureCloud PatientSecurity Numbers Social Medical Records Sensitive Research Results Information Encryption with Policy-based Modular protection for Key Management servers and applications • Data is unreadable • Self-Defending VM Security to unauthorized users in the Cloud • Policy-based key management • Agent on VM allows travel controls and automates key between cloud solutions delivery • One management portal for • Server validation authenticates all modules servers requesting keys Copyright 2012 Trend Micro Inc. 48 36
  37. 37. SecureCloud – New In 2• FIPS 140-2 Certification – Exchange of Mobile Armor encryption agent – Gives Trend access to Fed / Gov accounts• DSM Integration – Greatly improves ability to build robust authentication policies – Begins integration of two cutting edge technologies – Additional integration – unified management console• Total Cloud Protection Bundle – New bundle connects both products – Gives protection across all infrastructures – PVC – Defines a place to manage and protect all future environments 1/18/2012 Copyright 2012 Trend Micro Inc. 49 49 37
  38. 38. SecureCloudNew Features and BenefitsNew Features• Support for bare metal and virtual infrastructures, cloud API no longer necessary• FIPS 140-2 certification opens government highly sensitive accounts• Addition of key revocation, rotation and lifecycle management efficiently manages keys across physical, virtual and cloud deployments• Integration with Deep Security gives robust, context-aware securityValue to the customer:• Access cloud economics and agility by removing data privacy concerns.• Segregate data of varied trust levels to avoid breach and insider threat• Reduce complexity and costs with policy-based key management• Boost security with identity- and integrity-based server authentication• Move freely among clouds knowing that remnant data is unreadable Trend Micro Confidential1/18/2012 Copyright 2012 Trend Micro Inc. 50 38
  39. 39. SecureCloud 2Enterprise Deployment Options Key Management Encryption Support Deployment Options VM VM VM VM vSphere Trend Micro Virtual SaaS Solution Machines VM VM VM VM Private Clouds Or SecureCloud Data Center Console VM VM VM VM Public Software Application Clouds Copyright 2012 Trend Micro Inc. 51 39
  40. 40. SecureCloud 2Service Provider Deployment Options Key Management Encryption Support Deployment Options VM VM VM VM Public Hosted Model Clouds Or • Direct model gives providers SecureCloud full control over services Direct Model Console offered. • Hosted model creates SoD and relieves providers of the liability and responsibilities. • Both models give providers revenue and differentiation. Copyright 2012 Trend Micro Inc. 52 40
  41. 41. Deep Security Platform Architecture Deep Security Single Pane Manager Scalable Redundant 1 Threat Reports Intelligence Manager 5 Deep Security 2 Agent 3 4 SecureCloudDeep Security Deep SecurityAgent Virtual Appliance Cloud IntegrationModules:• DPI & FW Modules:• Anti-malware • DPI & FW• Integrity Monitoring • Anti-malware• Log Inspection • Integrity Monitoring Copyright 2012 Trend Micro Inc. 53 41
  42. 42. Log inspectionLog inspection keeps track of pre-selectedsystem logs for events that might indicatea successful intrusion Windows Event Log Inspection Event 1/18/2012 Copyright 2012 Trend Micro Inc. 54 42
  43. 43. Customer feedback • “Deep Security protects our Windows, Linux and other hosts, and allows us to proactively shield vulnerabilities in these critical servers from targeted attacks until patches can be deployed.” • “Deep Security acts as a virtual patch, shielding hard-to-patch and unpatchable systems, and allowing us to test and deploy vendor-supplied patches more thoroughly and efficiently." • “In the review period, Deep Security was demonstrated to reduce the vulnerability gap on critical servers by more than 90%.” 55 Copyright 2012 Trend Micro Inc. 43
  44. 44. The Deep Security difference Comprehensive ProtectionTighter Broader PlatformIntegration Coverage Greater Operational Efficiency Copyright 2012 Trend Micro Inc. 56 44
  45. 45. What is the Solution?Security that Travels with the VM Cloud Security – Modular Protection Data Template VM Real-time Compliance Protection Integrity Isolation Protection Self-Defending VM Security in the Cloud • Agent on VM allows travel between cloud solutions • One management portal for all modules • SaaS security deployment option 57 Copyright 2012 Trend Micro Inc. 45
  46. 46. Virtualization to reduce costSecurity Compliance is not an option Security Compliance at lower cost Conclusion, Q&A 1/18/2012 Copyright 2012 Trend Micro Inc. 58 46
  47. 47. Reduce ComplexityConsolidate Physical Security Vendors Physical Vendor Management Savings: 30% Less Time Improved Security and Availability: 73% Fewer Security Incidents Windows, Linux, Solaris, etc Cost Savings: Customer Case Studies: Average $605,927 Savings Source: Forrester. The Total Economic Impact of Trend Micro Enterprise Copyright 2012 Trend Micro Inc. Security. 6/11. 47
  48. 48. Increase EfficiencyServer and Desktop Virtualization Security Virtualization Deployment • Server Virtualization in production / trial = 59% • Desktop virtualization in production / trial = 52% Consolidation Ratios Baseline (no AV) 20 Virtualization Aware 20 Traditional Security 2-4 0 5 10 15 20 25 Source: Indusface June 2010 Cloud Foundation If server virtualization is deployed then • 62% have also deployed a private cloud • 60% have also deployed a public cloud Copyright 2012 Trend Micro Inc. 48
  49. 49. Agentless AV enables greater density • Other products consume 3x –12x more resources in scheduled scans & could not handle more than 25 desktop VMs/host • Trend supports 200-300% more desktop VMs/host than traditional AV • Trend supports 40-60% more server VMs/host than traditional AV CPU IOPS 2143 307% % 2053 % 273% 692% 81% Symantec Trend McAfee Symantec Trend McAfee Scheduled scan resource usage over baseline – 50 VMs per host Copyright 2012 Trend Micro Inc. 49
  50. 50. What about scan time?OfficeScan VDI Plugin caching technology is thefastest on the market VDI Profile Other AV Solution Trend Micro 10.5 Mixed Maximum High Density Approx 1-2 Hours 16 Minutes VDI Pool(4H &16 L) Mixed Low Density VDI Pool Approx. 27- 49 minutes 2 Minutes (1H & 3 L) Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 62 50
  51. 51. Improved Density means Dollars Saved$250K over 3 years for 1000 Virtual DesktopsSaved Desktop Virtualization With Trend Micro With Traditional TCO Antivirus 1000 Virtual Desktops GREEN +CO2 VDI Images per server 75 25 Servers Required to Host 14 40 1000 Virtual Desktops Capex Savings for 1 server $5900 (from VMware TCO Calculator) Power, Cooling & Rackspace Savings for 1 $3600 (from VMware TCO Calculator) server over 3 years 3-year savings for 1000 $(5900+3600) X 26 fewer servers = virtual desktops running $247,000 Trend Micro Similar savings accrue for server VM as well. 3-year savings for 600 server VMs running Trend Micro = $200,000 Copyright 2012 Trend Micro Inc. 64 51
  52. 52. Risk : Malware Signature size Evolution of malware signatures files from 2008-2011 160 160 140 158 120 100 117 80 MB 60 77 68 61 65 40 55 43 20 39 35 32 0 2008 2009 2010 Trend Micro McAfee Kaspersky Symantec Evolution -14% +38% + 101% +70% Copyright 2012 Trend Micro Inc. 52
  53. 53. What do you use to protect your VM’s? or Traditional protection Kill Trend Micro got the VM’S and your infrastructure weapon to kill malware Don’t play Russian roulette with your not your infrastructure virtual security! Deep Security, SecureCloud and OfficeScan-VDI are VM aware. They are optimized for VMware . Save resources, save money now! Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 66 53
  54. 54. Competitive LandscapeProtection Trend McAfee Symantec IBM Tripwire Micro DSAgentless YES NO NO NO NOAnti-malware (MOVE AV for (optimized SEP VDI = thin agent with agent) whitelisting)Agentless YES NO NO YES NOFW, IDS/IPS & (only IDS/IPS)web app protectionAgentless FIM incl. YES NO NO NO NOhypervisor integrity (agent-based = (has a more Solidcore) feature-rich agent)Integrated Agent YES NO NO NO NOwith AV, FW, DPI, 3 different prod 2 differentFIM, LI Relies on EPO prod.Task automation w. YES NO NO NO NORecommendationScan, Golden HostContext-aware YES NO NO NO NOTotal CloudProtectionvCenter & vShield YES NO NO NO (only NO 1/18/2012 Copyright 2012 Trend Micro Inc. 67Integration vCenter) 67 54
  55. 55. The opportunity for your organization For IT : – Provide better security for critical systems & data – Stay ahead of virtualization and cloud computing security challenges For Operations & Finance: – Consolidate protection through a single, easy-to- manage solution at a low cost For Compliance: – More quickly & simply meet compliance requirements. – Reduce time & effort required to prepare for audits Copyright 2012 Trend Micro Inc. 68 55
  56. 56. Virtualization to reduce costSecurity Compliance is not an option Security Compliance at lower cost Conclusion, Q&A 1/18/2012 Copyright 2012 Trend Micro Inc. 69 56
  57. 57. Conclusion & Recommendations Look for virtualization/ cloud security solutions with these key attributes : • Flexible: Physical-virtual-cloud • Comprehensive: Multiple protection mechanisms • Modular: Deployment options • Integrated: With Vmware: vCenter, VMsafe, vShield… • Multiplatform : Windows, Linux, Solaris, AIX, HP-UX • Certified solutions : FIPS 140-2, EAL4+, PCI… (Insist on vendor product roadmaps but don’t buy Vaporware. Buy mature solutions like Deep Security 8 Classification 1/18/2012 70 or SecureCloud 2) Copyright 2012 Trend Micro Inc. 57
  58. 58. Questions? Product Information:Thank you! security/deep-security/index.htmlMerci! solutions/virtualization/securecloud/ Copyright 2012 Trend Micro Inc. 58
  59. 59. Next Steps• Dowload a trial or White Paper.• Call us! Schedule a live demo to discuss how our solutions can enhance your virtual Server or Desktop deployment• The proof is in the pudding – let us deploy a Proof of Concept in your environment featuring the only and most advanced solution today! Technical sales : Sales : Copyright 2012 Trend Micro Inc. 59