Gurbir Singh, profile picture
Uploaded byGurbir Singh
PPTX, PDF1,244 views

Steve Porter : cloud Computing Security

The document discusses the transition to cloud infrastructure, emphasizing the shared responsibility model for security in cloud environments, where customers must secure their content and applications. It highlights challenges related to virtualization security, including the risks of outdated security due to the dynamic nature of virtual machines and the need for integrated security solutions across physical, virtual, and cloud infrastructures. The document also outlines various technologies and strategies for threat detection, data protection, and ensuring compliance within a cloud context.

Embed presentation

Downloaded 21 times
Securing Your Journey to the Cloud Trend Micro Stephen Porter Alliance BDM Data Center Evolution: Physical. Virtual. Cloud.
Control vs Responsibility? Servers Virtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS % Enterprise Responsibility Control Gap
Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
A New Model for Security – Securing the Computing Chain All environments should be considered un-trusted 4 Users access app Host defends itself from attack Image ensures data is always encrypted and managed Encrypted Data Encryption keys only controlled by you When this whole chain is secure Components can move DC1, LAN 1 Cloud 1, LAN 2 Data Cloud, LAN 1 Data DC2, LAN 2 Virtual “neighbours” don’t matterLocation doesn’t matter Service provider “lock” goes away Shared storage ROI goes up
Advanced Targeted Threats Empowered Employees Re-Perimeterization Virtualization, Cloud Consumerization & Mobility Outside-in Perimeter Defense Isn’t Enough… Source: Forrester
Reduce Noise 6 Stopping stuff on the outside from getting inside allows a focus on events on the inside that would otherwise be impossible
APT and Targeted Attack Profile Social • Spear Phishing • Drive-by Downloads • Zero-day malware Key Characteristics Stealthy • Low profile • Masked activities • Requires specialized detection Sophisticated • Exploits vulnerabilities • Remote control and backdoor • Uses credentials & privileges
Deep Discovery: Key Technologies • Deep content inspection across 100’s of protocols & applications • Smart Protection Network reputation and dynamic black listing • Sandbox simulation and analysis • Communication fingerprinting • Multi-level rule-based event correlation • And more… Driven by Trend Micro threat researchers and billions of daily events Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, service exploitation . . . • Data exfiltration communication
Real-Time Inspection Analyze Deep Analysis CorrelateSimulate Actionable Intelligence Threat Connect Watch List GeoPlotting Alerts, Reports, Evidence Gathering 9 Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence Identify Attack Behavior & Reduce False Positives Detect Malicious Content and Communication Out of band network data feed of all network traffic
Physical Virtual Cloud Manageability Glut of security products Less security Higher TCO Reduce Complexity One Security Model is Possible across Physical, Virtual, and Cloud Environments PLATFORM-SPECIFIC SECURITY RISKS Integrated Security: Single Management Console Performance & Threats Traditional security degrades performance New VM-based threats Increase Efficiency Visibility & Threats Less visibility More external risks Deliver Agility
Consolidate Physical Security REDUCE COMPLEXITY
One Server Security Platform REDUCE COMPLEXITY Firewall HIPS / Virtual Patching Web Application Protection Antivirus Integrity Monitoring Log Inspection Advanced Reporting Module Single Management Console Software Agent Based Solution
Server and Desktop Virtualization Security INCREASE EFFICIENCY
Challenge: Complexity of Management VIRTUALIZATION SECURITY VM sprawl inhibits compliance Patch agents Rollout patterns Provisioning new VMs Reconfiguring agents
Cloned  Challenge: Instant-on Gaps VIRTUALIZATION SECURITY    DormantActive Reactivated with out dated security   Reactivated and cloned VMs can have out-of-date security
Challenge: Dynamic movement Load Balancing or V-Motion VIRTUALIZATION SECURITY VMs moving between hosts can cause manual intervention and Introduce risk
Challenge: Resource Contention VIRTUALIZATION SECURITY Typical Security Console 09:00am Virus Definition Updates Configuration Storm Automatic security scans overburden the system 3:00am Integrity Scan
Security Zone vShield App and Zones Application protection from network based threats vShield Security Securing the Private Cloud End to End: from the Edge to the Endpoint Edge vShield Edge Secure the edge of the virtual datacenter Endpoint = VM vShield Endpoint Enables offloaded Security FIM, anti-virus, IDS/IPS … Virtual Datacenter 1 Virtual Datacenter 2 DMZ PCI compliant GPG13 compliant Web View VMware vShield VMware vShield VMware vShield Manager
Fitting into the VMware Ecosystem VIRTUALIZATION SECURITY vSphere Virtual Environment Integrates with vCenter Trend Micro Deep Security Security Virtual Machine Log Inspection Agent-based Other VMware APIs IDS / IPS Web Application Protection Application Control Firewall Agentless Agentless vShield Endpoint Antivirus Integrity Monitoring
Secure the lifecycle of the VM VIRTUALIZATION SECURITY Moving VM’s Restarted VM Self Service new VMs Reconfiguring VM - Clones Relevant Deep Security ControlsFIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV Recommendation Scan vCenter
•Jan 2011 results of testing conducted by AV-Test.org •Threats prevented at each layer (of total threats that reached that layer) •33% •65 / 200 •53% •72 / 135 •19% •12/ 65 •200 threats •135 threats •65 threats •51 threats •End-to-End •75% •(149 of 200)•average of all enterprise products 97% of threats blocked at the first layer of defense 21 Trend Micro Microsoft Sophos McAfee Symantec Exposure Layer 97% 2% 63% 1% 0% (194 of 200) (3 of 200) (126 of 200) (2 of 200) (0 of 200) Infection Layer 67% 68% 19% 50% 54% (4 of 6) (134 of 197) (14 of 74) (99 of 198) (108 of 200) Dynamic Layer 100% 6% 23% 25% 16% (2 of 2) (4 of 63) (14 of 60) (25 of 99) (15 of 92) All Layers 100% 71% 77% 63% 62% (200 of 200) (141 of 200) (154 of 200) (126 of 200) (123 of 200)
Integrated Management - vCenter Deep Security 8.0 VM Lifecycle • Creation • Configuration • Deployment • Dynamic update • V-Motion • Restart vCenter
Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations 3X higher VDI VM consolidation ratios Increased ROI with Deep Security Example: Agentless Antivirus VIRTUALIZATION SECURITY 0 10 20 30 40 50 60 70 80 Traditional AV Agentless AV VM servers per host 75 25 3-year Savings on 1000 VDI VMs = $539,600
Cloud Deployments and Security DELIVER AGILITY
Protect my data 2 Inside-out Security Smart Context aware Self-Secured Workload Local Threat Intelligence When Timeline Aware Who Identity Aware Where Location Aware What Content Aware User-defined Access Policies Encryption DATAINSIDE-OUT SECURITY
When data is moved, unsecured data remnants can remain Challenge: Data Destruction CLOUD SECURITY 10011 01110 00101 10011 01110 00101 10011 0 00101
Sensitive Research Results • Unreadable for unauthorized users • Control of when and where data is accessed • Server validation • Custody of keys Data Security Encryption with Policy-based Key Management Server & App Security Modular Protection • Self-defending VM security • Agentless and agent-based • One management portal for all modules, all deployments vSphere & vCloud Integration ensures servers have up-to-date security before encryption keys are released What is the Solution? Data Protection CLOUD SECURITY
VM VM VM VMVM VM VM VMVM VM VM VM VMware vCloud VMware vSphere Encryption throughout your cloud journey—data protection for virtual & cloud environments Enterprise Key Key Service Console Trend Micro SecureCloud Data Center Private Cloud Public Cloud Fitting Encryption into a VMware Ecosystem CLOUD SECURITY
Test Deep Security / Secure Cloud Example Classification 7/26/2013 29 Vmware Vsphere ESX Customer Customer 1 Customer 2 Unix/ Win Server Encrypted Volumes on SAN, NAS, Cloud Service … Policy Server Key Service
Specialized Protection for Physical, Virtual, and Cloud Physical Virtual Cloud TREND MICRO DEEP SECURITY Only fully integrated server security platform First hypervisor-integrated agentless antivirus First agentless file integrity monitoring (FIM) Only solution in its category to be EAL4+ and FIPS certified
2011 Technology Alliance Partner of the Year TREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER Improves Security by providing the most secure virtualization infrastructure, with APIs, and certification programs Improves Virtualization by providing security solutions architected to fully exploit the VMware platform 2008 2009 2011 Feb: Join VMsafe program RSA: Trend Micro VMsafe demo, announces Coordinated approach & Virtual pricing RSA: Trend Micro announces virtual appliance 2010: >100 customers >$1M revenue VMworld: Announce Deep Security 8 w/ Agentless FIM 1000 Agentless customers VMworld: Trend virtsec customer, case study, webinar, video May: Trend acquires Third Brigade July: CPVM GA Nov: Deep Security 7 with virtual appliance RSA: Trend Micro Demos Agentless 2010 Q4: Joined EPSEC vShield Program VMworld: Announce Deep Security 7.5 Sale of DS 7.5 Before GA Dec: Deep Security 7.5 w/ Agentless Antivirus RSA: Other vendors “announce” Agentless
Steve Porter : cloud Computing Security

More Related Content

PDF
TrendMicro - Security Designed for the Software-Defined Data Center
byVMUG IT
 
PDF
Advanced Threat Defense Intel Security
byxband
 
PDF
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
byfestival ICT 2016
 
PPTX
Two for Attack: Web and Email Content Protection
byCisco Canada
 
PPTX
Esteban Próspero
byClusterCba
 
PPTX
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
byOK2OK
 
PDF
Issa jason dablow
byISSA LA
 
PPTX
Cloud Crime Ops
byGreg Foss
 
TrendMicro - Security Designed for the Software-Defined Data Center
byVMUG IT
 
Advanced Threat Defense Intel Security
byxband
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
byfestival ICT 2016
 
Two for Attack: Web and Email Content Protection
byCisco Canada
 
Esteban Próspero
byClusterCba
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
byOK2OK
 
Issa jason dablow
byISSA LA
 
Cloud Crime Ops
byGreg Foss
 

What's hot

PDF
Complete Endpoint protection
byxband
 
PPTX
Radware Cloud Security Services
byRadware
 
PDF
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
PDF
Tenable Solutions for Enterprise Cloud Security
byMarketingArrowECS_CZ
 
PDF
Web Application Security
byMarketingArrowECS_CZ
 
PDF
Radware Hybrid Cloud WAF Service
byRadware
 
PPTX
Attack Prevention Solution for RADWARE
byDeivid Toledo
 
PDF
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
byAndy Ellis
 
PPTX
Radware Solutions for MSSPs
byRadware
 
PDF
Talos threat-intelligence
byxband
 
PPTX
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
PDF
DDoS Threat Landscape - Ron Winward CHINOG16
byRadware
 
PDF
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
byRadware
 
PPTX
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
byTrend Micro
 
PPTX
Cloud access unified siem
byhardik soni
 
PPTX
Cyber Attack Survival: Are You Ready?
byRadware
 
PDF
Antispam aneb plnoleté řešení
byMarketingArrowECS_CZ
 
PPTX
Industry reactions to wanna cry ransomware attacks
bykevinmass30
 
PPTX
Webinar: DRaaS - It’s Not Just For Disasters Anymore
byStorage Switzerland
 
PPTX
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
byAndris Soroka
 
Complete Endpoint protection
byxband
 
Radware Cloud Security Services
byRadware
 
WannaCry Ransomware Attack: What to Do Now
byIBM Security
 
Tenable Solutions for Enterprise Cloud Security
byMarketingArrowECS_CZ
 
Web Application Security
byMarketingArrowECS_CZ
 
Radware Hybrid Cloud WAF Service
byRadware
 
Attack Prevention Solution for RADWARE
byDeivid Toledo
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
byAndy Ellis
 
Radware Solutions for MSSPs
byRadware
 
Talos threat-intelligence
byxband
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
DDoS Threat Landscape - Ron Winward CHINOG16
byRadware
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
byRadware
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
byTrend Micro
 
Cloud access unified siem
byhardik soni
 
Cyber Attack Survival: Are You Ready?
byRadware
 
Antispam aneb plnoleté řešení
byMarketingArrowECS_CZ
 
Industry reactions to wanna cry ransomware attacks
bykevinmass30
 
Webinar: DRaaS - It’s Not Just For Disasters Anymore
byStorage Switzerland
 
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
byAndris Soroka
 

Similar to Steve Porter : cloud Computing Security

PPT
Trend Micro VForum Agentless Scanning Presentation
byGraeme Wood
 
PPTX
Trend micro v2
byJD Sherry
 
PPTX
VMware vShield - Overview
byIrsandi Hasan
 
PPTX
Virtual Machine Introspection - Future of the Cloud
byTjylen Veselyj
 
PPTX
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
byAcrodex
 
PPTX
What’s new in VMware vShield 5 - Customer Presentation
bySuministros Obras y Sistemas
 
PDF
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
byMinh Le
 
PPTX
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
byCapgemini
 
PDF
Trend Micro 10 Minute Overview
byJohn D. Haden
 
PPTX
New Horizons for End-User Computing Event - Trend
byArrow ECS UK
 
PDF
Cw13 securing your journey to the cloud by rami naccache-trend micro
byTheInevitableCloud
 
PPTX
VMware-vShield-Presentation-pp-en-Dec10.pptx
byAbasse KPEGOUNI
 
PPT
040711 webcast securing vmachine
byErin Banks
 
PPTX
Vmug birmingham mar2013 trendmicro
bydvmug1
 
PPTX
Datacenter 2014: Trend Micro - Bill MCGee
byMediehuset Ingeniøren Live
 
PPTX
Check Point: Security in virtual environment
byASBIS SK
 
PDF
A Plan to Control and Protect Data in the Private and Public Cloud
byRochester Security Summit
 
PDF
Presentation v mware virtualization & cloud vision 2010
bysolarisyourep
 
PDF
Presentation security build for v mware
bysolarisyourep
 
PDF
Automatizovaná bezpečnost – nadstandard nebo nutnost?
byMarketingArrowECS_CZ
 
Trend Micro VForum Agentless Scanning Presentation
byGraeme Wood
 
Trend micro v2
byJD Sherry
 
VMware vShield - Overview
byIrsandi Hasan
 
Virtual Machine Introspection - Future of the Cloud
byTjylen Veselyj
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
byAcrodex
 
What’s new in VMware vShield 5 - Customer Presentation
bySuministros Obras y Sistemas
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
byMinh Le
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
byCapgemini
 
Trend Micro 10 Minute Overview
byJohn D. Haden
 
New Horizons for End-User Computing Event - Trend
byArrow ECS UK
 
Cw13 securing your journey to the cloud by rami naccache-trend micro
byTheInevitableCloud
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
byAbasse KPEGOUNI
 
040711 webcast securing vmachine
byErin Banks
 
Vmug birmingham mar2013 trendmicro
bydvmug1
 
Datacenter 2014: Trend Micro - Bill MCGee
byMediehuset Ingeniøren Live
 
Check Point: Security in virtual environment
byASBIS SK
 
A Plan to Control and Protect Data in the Private and Public Cloud
byRochester Security Summit
 
Presentation v mware virtualization & cloud vision 2010
bysolarisyourep
 
Presentation security build for v mware
bysolarisyourep
 
Automatizovaná bezpečnost – nadstandard nebo nutnost?
byMarketingArrowECS_CZ
 

Recently uploaded

PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
API-First Architecture in Financial Systems
bycyy111112
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 

Steve Porter : cloud Computing Security

  • 1.
    Securing Your Journeyto the Cloud Trend Micro Stephen Porter Alliance BDM Data Center Evolution: Physical. Virtual. Cloud.
  • 2.
    Control vs Responsibility? ServersVirtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS % Enterprise Responsibility Control Gap
  • 3.
    Amazon Web Services™Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
  • 4.
    A New Modelfor Security – Securing the Computing Chain All environments should be considered un-trusted 4 Users access app Host defends itself from attack Image ensures data is always encrypted and managed Encrypted Data Encryption keys only controlled by you When this whole chain is secure Components can move DC1, LAN 1 Cloud 1, LAN 2 Data Cloud, LAN 1 Data DC2, LAN 2 Virtual “neighbours” don’t matterLocation doesn’t matter Service provider “lock” goes away Shared storage ROI goes up
  • 5.
    Advanced Targeted Threats Empowered Employees Re-Perimeterization Virtualization, Cloud Consumerization &Mobility Outside-in Perimeter Defense Isn’t Enough… Source: Forrester
  • 6.
    Reduce Noise 6 Stopping stuffon the outside from getting inside allows a focus on events on the inside that would otherwise be impossible
  • 7.
    APT and TargetedAttack Profile Social • Spear Phishing • Drive-by Downloads • Zero-day malware Key Characteristics Stealthy • Low profile • Masked activities • Requires specialized detection Sophisticated • Exploits vulnerabilities • Remote control and backdoor • Uses credentials & privileges
  • 8.
    Deep Discovery: Key Technologies •Deep content inspection across 100’s of protocols & applications • Smart Protection Network reputation and dynamic black listing • Sandbox simulation and analysis • Communication fingerprinting • Multi-level rule-based event correlation • And more… Driven by Trend Micro threat researchers and billions of daily events Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, service exploitation . . . • Data exfiltration communication
  • 9.
    Real-Time Inspection Analyze Deep Analysis CorrelateSimulate ActionableIntelligence Threat Connect Watch List GeoPlotting Alerts, Reports, Evidence Gathering 9 Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence Identify Attack Behavior & Reduce False Positives Detect Malicious Content and Communication Out of band network data feed of all network traffic
  • 10.
    Physical Virtual Cloud Manageability Glutof security products Less security Higher TCO Reduce Complexity One Security Model is Possible across Physical, Virtual, and Cloud Environments PLATFORM-SPECIFIC SECURITY RISKS Integrated Security: Single Management Console Performance & Threats Traditional security degrades performance New VM-based threats Increase Efficiency Visibility & Threats Less visibility More external risks Deliver Agility
  • 11.
  • 12.
    One Server SecurityPlatform REDUCE COMPLEXITY Firewall HIPS / Virtual Patching Web Application Protection Antivirus Integrity Monitoring Log Inspection Advanced Reporting Module Single Management Console Software Agent Based Solution
  • 13.
    Server and Desktop VirtualizationSecurity INCREASE EFFICIENCY
  • 14.
    Challenge: Complexity ofManagement VIRTUALIZATION SECURITY VM sprawl inhibits compliance Patch agents Rollout patterns Provisioning new VMs Reconfiguring agents
  • 15.
    Cloned  Challenge: Instant-on Gaps VIRTUALIZATIONSECURITY    DormantActive Reactivated with out dated security   Reactivated and cloned VMs can have out-of-date security
  • 16.
    Challenge: Dynamic movement LoadBalancing or V-Motion VIRTUALIZATION SECURITY VMs moving between hosts can cause manual intervention and Introduce risk
  • 17.
    Challenge: Resource Contention VIRTUALIZATIONSECURITY Typical Security Console 09:00am Virus Definition Updates Configuration Storm Automatic security scans overburden the system 3:00am Integrity Scan
  • 18.
    Security Zone vShield Appand Zones Application protection from network based threats vShield Security Securing the Private Cloud End to End: from the Edge to the Endpoint Edge vShield Edge Secure the edge of the virtual datacenter Endpoint = VM vShield Endpoint Enables offloaded Security FIM, anti-virus, IDS/IPS … Virtual Datacenter 1 Virtual Datacenter 2 DMZ PCI compliant GPG13 compliant Web View VMware vShield VMware vShield VMware vShield Manager
  • 19.
    Fitting into theVMware Ecosystem VIRTUALIZATION SECURITY vSphere Virtual Environment Integrates with vCenter Trend Micro Deep Security Security Virtual Machine Log Inspection Agent-based Other VMware APIs IDS / IPS Web Application Protection Application Control Firewall Agentless Agentless vShield Endpoint Antivirus Integrity Monitoring
  • 20.
    Secure the lifecycleof the VM VIRTUALIZATION SECURITY Moving VM’s Restarted VM Self Service new VMs Reconfiguring VM - Clones Relevant Deep Security ControlsFIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV FIM DPI Firewall AV Recommendation Scan vCenter
  • 21.
    •Jan 2011 resultsof testing conducted by AV-Test.org •Threats prevented at each layer (of total threats that reached that layer) •33% •65 / 200 •53% •72 / 135 •19% •12/ 65 •200 threats •135 threats •65 threats •51 threats •End-to-End •75% •(149 of 200)•average of all enterprise products 97% of threats blocked at the first layer of defense 21 Trend Micro Microsoft Sophos McAfee Symantec Exposure Layer 97% 2% 63% 1% 0% (194 of 200) (3 of 200) (126 of 200) (2 of 200) (0 of 200) Infection Layer 67% 68% 19% 50% 54% (4 of 6) (134 of 197) (14 of 74) (99 of 198) (108 of 200) Dynamic Layer 100% 6% 23% 25% 16% (2 of 2) (4 of 63) (14 of 60) (25 of 99) (15 of 92) All Layers 100% 71% 77% 63% 62% (200 of 200) (141 of 200) (154 of 200) (126 of 200) (123 of 200)
  • 22.
    Integrated Management -vCenter Deep Security 8.0 VM Lifecycle • Creation • Configuration • Deployment • Dynamic update • V-Motion • Restart vCenter
  • 23.
    Sources: Tolly EnterprisesTest Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations 3X higher VDI VM consolidation ratios Increased ROI with Deep Security Example: Agentless Antivirus VIRTUALIZATION SECURITY 0 10 20 30 40 50 60 70 80 Traditional AV Agentless AV VM servers per host 75 25 3-year Savings on 1000 VDI VMs = $539,600
  • 24.
  • 25.
    Protect my data 2 Inside-outSecurity Smart Context aware Self-Secured Workload Local Threat Intelligence When Timeline Aware Who Identity Aware Where Location Aware What Content Aware User-defined Access Policies Encryption DATAINSIDE-OUT SECURITY
  • 26.
    When data ismoved, unsecured data remnants can remain Challenge: Data Destruction CLOUD SECURITY 10011 01110 00101 10011 01110 00101 10011 0 00101
  • 27.
    Sensitive Research Results •Unreadable for unauthorized users • Control of when and where data is accessed • Server validation • Custody of keys Data Security Encryption with Policy-based Key Management Server & App Security Modular Protection • Self-defending VM security • Agentless and agent-based • One management portal for all modules, all deployments vSphere & vCloud Integration ensures servers have up-to-date security before encryption keys are released What is the Solution? Data Protection CLOUD SECURITY
  • 28.
    VM VM VMVMVM VM VM VMVM VM VM VM VMware vCloud VMware vSphere Encryption throughout your cloud journey—data protection for virtual & cloud environments Enterprise Key Key Service Console Trend Micro SecureCloud Data Center Private Cloud Public Cloud Fitting Encryption into a VMware Ecosystem CLOUD SECURITY
  • 29.
    Test Deep Security /Secure Cloud Example Classification 7/26/2013 29 Vmware Vsphere ESX Customer Customer 1 Customer 2 Unix/ Win Server Encrypted Volumes on SAN, NAS, Cloud Service … Policy Server Key Service
  • 30.
    Specialized Protection for Physical,Virtual, and Cloud Physical Virtual Cloud TREND MICRO DEEP SECURITY Only fully integrated server security platform First hypervisor-integrated agentless antivirus First agentless file integrity monitoring (FIM) Only solution in its category to be EAL4+ and FIPS certified
  • 31.
    2011 Technology AlliancePartner of the Year TREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER Improves Security by providing the most secure virtualization infrastructure, with APIs, and certification programs Improves Virtualization by providing security solutions architected to fully exploit the VMware platform 2008 2009 2011 Feb: Join VMsafe program RSA: Trend Micro VMsafe demo, announces Coordinated approach & Virtual pricing RSA: Trend Micro announces virtual appliance 2010: >100 customers >$1M revenue VMworld: Announce Deep Security 8 w/ Agentless FIM 1000 Agentless customers VMworld: Trend virtsec customer, case study, webinar, video May: Trend acquires Third Brigade July: CPVM GA Nov: Deep Security 7 with virtual appliance RSA: Trend Micro Demos Agentless 2010 Q4: Joined EPSEC vShield Program VMworld: Announce Deep Security 7.5 Sale of DS 7.5 Before GA Dec: Deep Security 7.5 w/ Agentless Antivirus RSA: Other vendors “announce” Agentless

Editor's Notes

  • #6 The outside-in approach is still important, but, alone, is not sufficient in today’s evolving data center. Disgruntled employees are already within the perimeter. Advanced Persistent Threats are unique attacks that will not be stopped by many traditional perimeter defenses. And the changing nature of IT is causing deperimeterization with new technologies like virtualization, cloud computing, and consumerization. New security approaches must be added to the traditional outside-in protection.
  • #8 Let’s take a look at a typical attack scenario… APT and targeted attacks typically follow a multi-step scenario employing means that are: Social – Targeting and attacking specific people with social engineering and advanced malwareSophisticated – Exploiting vulnerabilities, using backdoor controls, stealing and using valid credentialsand Stealthy – Executed in a series of low profile moves that are undetectable to standard security or buried among thousands of other event logs collected every day.The attack starts with intelligence gathering to create and execute a socially engineered employee infection, then network infiltration, lateral movement across the organization, and finally data discovery and exfiltration – all the while, command & control communication and backdoor controls are executed via remote control.
  • #9 To provide this unique detection, Deep Discovery uses a set of specialized threat engines, reputation services, and correlation rules including:The widest analysis of content inspectionSmart Protection Network reputation and blacklistingSandbox simulation and analysisCommunication fingerprintingMulti-level rule-based event correlation to reduce false positives and detect “low and slow” activity over timeAnd much more… all powered by over 1000 global threat researchers and the billions of daily events processed by Trend Micro Smart Protection Network(Use appendix slide for a deeper dive on how detection works)
  • #10 Deep Discovery uses a multi-level detection scheme to perform initial detection, then simulation and correlation, and ultimately, a final cross-correlation to discover “low and slow” and other evasive activities discernable only over an extended period. (Specializeddetection and correlation engines provide the most accurate and up-to-date protection aided by global threat intelligence fromTrend Micro Smart Protection Network and dedicated Threat Researchers.) The result is a high detection rate, low false positives,and in-depth incident reporting information designed to speed the containment of an attack.Let’s now look at how this detection and analysis information is made available to the security specialist.
  • #11 Each of these platforms has unique security concerns. With physical machines, the manageability of various security solutions can be an issue.There can be a glut of security products—either through excessive layering or overly specialized products. This increases hardware and software costs. Also, management across the different products can be difficult – causing security gaps. And collectively these issues create a higher Total Cost of Ownership.The solution is to reduce complexity by consolidating security vendors and correlating protection.[click]With virtualization, the risks pertain to both performance and threats specific to virtual environments. There is a concern that security will reduce performance, which reduces the ROI of a virtual infrastructure. Also there are unique virtual machine attacks, such as inter-VM threats. Here the solution is increased efficiency—security that optimizes performance while also defending against traditional as well as virtualization-specific threats. [click]With cloud services, the risks pertain to less visibility and cloud-specific threats. Companies are concerned about having less visibility into their applications and data. And they are concerned about increased external threats, especially in multi-tenant environments.For the cloud, businesses need security that allows them to use the cloud to deliver IT agility. Data must be able to safely migrate from on-premise data centers to private clouds to public clouds so organizations can make the best use of resources. [click]As we’ll see later, all of these concerns can be addressed. And through protection that is provided in an integrated security solution all managed through one console. With cross-platform security, you’ll stay protected as your data center and virtual or cloud deployments evolve, allowing you to leverage the benefits of each platform while defending against the threats unique to each environment.
  • #12 Now we’ll step through each platform individually, starting with physical servers and endpoints. Regardless of how your business evolves, you’ll still need dedicated physical servers. They give you the highest level of visibility and control, provide dedicated computing resources, and support specialty hardware and software. Today, the security that is needed for physical machines is relatively well known. The issue is more, how do I deploy effective protection while reducing management. Integrating security onto one platform reduces the glut of security products which in turn reduces management and costs.
  • #13 As you can see here, an integrated approach to server security includes a Firewall, HIPS and Virtual Patching, Web Application Protection, Antivirus, File Integrity Monitoring, and Log Inspection. [click]To reduce complexity, all of these capabilities should be integrated into one solution and should be managed through one console with advanced reporting capabilities. Here we’re talking about how to reduce complexity with your physical server security. But when this protection is provided in a cross-platform solution, your security can also travel with you as your business evolves to use virtualization and the cloud.
  • #14 The next platform we’ll discuss is virtualization. Most companies are virtualizing their data centers. In a recent survey by Trend Micro, 59% of respondents had server virtualization in production or trial, and 52% had desktop virtualization in As the foundation to the cloud, businesses should deploy virtualization security that protects their data center virtual machines as well as their virtual machines that are moved to private and public cloud environments. In the next few slides, we will discuss virtualization security challenges and the solutions to address these challenges, using virtualization-aware security.
  • #15 The final virtualization challenge we’ll discuss is the complexity of management. Virtual machines are dynamic. They can quickly be reverted to previous instances, paused, and restarted, all relatively easily. They can also be readily cloned and seamlessly moved between physical servers. Vulnerabilities or configuration errors may be unknowingly propagated. Also, it is difficult to maintain an auditable record of the security state of a virtual machine at any given point in time.[click]This dynamic nature and potential for VM sprawl makes it difficult to achieve and maintain consistent security. Hypervisor introspection is needed for visibility and control. Security that leverages the hypervisor APIs can ensure that each guest VM on the host remains secure and that this security coordinates with the virtualization platform.
  • #16 Next we’ll cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected. [click]Again the solution is a dedicated security virtual appliance that can ensure that guest VMs on the same host have up-to-date security if accessed or reactivated, and can make sure that newly provisioned VMs also have current security. This security virtual appliance should include layered protection that integrates multiple technologies such as antivirus, integrity monitoring, intrusion detection and prevention, virtual patching, and more. .
  • #17 I’d now like to highlight a couple of additional virtualization challenges. The next one we’ll discuss today is inter-VM attacks and blind spots. [click]When a threat penetrates a virtual machine, the threat can then spread to other virtual machines on the same host. Traditional security such as hardware-based firewalls might protect the host, but not the guest virtual machines. And cross-VM communication might not leave the host to be routed through other forms of security, creating a blind spot. [click]For the solution, protection must be applied on an individual virtual machine level, not host level, to ensure security. And integration with the virtualization platform, such as VMware, provide the ability to communicate with the guest virtual machines. Also, virtual patching ensures that VMs stay secure until patches can be deployed.
  • #19 As you heard VMware released last year vShield. vShield Endpoint is a set of API ….. Which today are only completed with Trend’s Agentless Anti Virus solution
  • #20 VMware controls more than half of the virtualization market. Virtualization security must fit into the VMware ecosystem to effectively support enterprise virtualization efforts. Here we demonstrate the different VM-security aspects and how they can fit into a VMware infrastructure.[click]The pairing of agent-less antivirus and agentless integrity monitoring with vShield Endpoint enables massive reduction in memory footprint for security on virtual hosts by eliminating security agents from the guest virtual machines and centralizing those functions on a dedicated security virtual machine. [click]Protection such as intrusion detection and prevention, web application protection, application control, and firewall can be integrated with VMware using VMsafe APIs, integrating security with VMware vSphere environments. Again this can be an agent-less option.[click]And finally, log inspection which optimizes the identification of important security events buried in log entries, can be applied through agent-based protection on each VM. [click]These elements can be integrated and centrally managed with VMware vCenter Server. Together, these provide comprehensive, integrated virtual server and desktop security.
  • #21 The final virtualization challenge we’ll discuss is the complexity of management. Virtual machines are dynamic. They can quickly be reverted to previous instances, paused, and restarted, all relatively easily. They can also be readily cloned and seamlessly moved between physical servers. Vulnerabilities or configuration errors may be unknowingly propagated. Also, it is difficult to maintain an auditable record of the security state of a virtual machine at any given point in time.[click]This dynamic nature and potential for VM sprawl makes it difficult to achieve and maintain consistent security. Hypervisor introspection is needed for visibility and control. Security that leverages the hypervisor APIs can ensure that each guest VM on the host remains secure and that this security coordinates with the virtualization platform.
  • #22 Key items to note:Symantec has no web threat protection (blocking the source), therefore all detection comes at the endpoint, using up valuable bandwidth (to download the file) and resources (to scan the file). Microsoft is similarOverall, OfficeScan scored 16% better protection than next competitor.
  • #24 I mentioned that the agentless approach began with agentless antivirus. Trend Micro’s agentless antivirus solution was available starting in 2010, so there’s been an opportunity to test its success. In an independent study by Tolly Enterprises, Trend Micro agentless antivirus was tested against leading traditional antivirus solutions that do not use a dedicated security virtual appliance and agentless antivirus, and the results were striking. Trend Micro’s agentless antivirus achieved 3 times higher VDI VM consolidation ratios—and similar results also extended to server virtualization as well. The VDI results translate into saving almost $540,000 every 3 years for each 1000 virtual desktops.
  • #25 Now we’ll cover the final platform, cloud computing. Cloud computing is usually built on virtualization. So, all of the previous challenges and solutions we discussed in the previous section on virtualization apply to the cloud. But cloud computing also introduces its own challenges as well as solutions. Let’s take a look.
  • #27 The final cloud computing challenge we’ll discuss today is data destruction. As I mentioned before, cloud data can move to make the best use of resources. [click]But when data is moved, sometimes remnants remain if the data in the previous location is not completely shredded. These remaining data remnants can create a security concern. [click]Again encryption is the solution because any remaining data remnants are unreadable if accessed by unauthorized users.
  • #28 So what is the solution? Cloud protection should include self-defending VM security that travels with the virtual machine into a cloud infrastructure. This allows businesses to transfer a complete security stack into the cloud and retain control. And this cloud security should be provided in a modular infrastructure with both agentless and agent-based options so it can be customized to your individual cloud deployment needs. The security should be provided on one platform that is managed through a single console—across your physical, virtual, and cloud deployments, including private, public, and hybrid clouds. [click]Another method of protecting data in the cloud is encryption with policy-based key management. The solution should start with industry-standard encryption that renders your data unreadable to outsiders. Even if your data is moved and residual data is left behind, the data in the recycled devices is obscured. It is critical to have this encryption accessed through policy-based key management to specify when and where your data is accessed. And through policies, identity- and integrity-based validation rules specify which servers have access to decryption keys.An encryption solution should also give the option to access keys through a SaaS or on-site virtual appliance with customer control over the keys to support a clear separation of duties and to avoid vendor lock-in. An encryption solution with policy-based key management allows even heavily regulated companies to leverage the flexibility and cost savings of the public cloud while ensuring their data stays secure. [click]These two solution elements can be integrated with a context approach to security. For example, encryption policies can specify that encryption keys will not be released unless the requesting server has up-to-date security, ensuring that the data stays protected when accessed by self-defending VM security. [click]And this security should work with multiple cloud platforms—allowing you to create the right cloud environment for your business.
  • #29 Earlier we reviewed how the Trend Micro server security platform with modular security integrates with a VMware ecosystem. Here we see how Trend Micro’s cloud data encryption solution—SecureCloud—supports a VMware environment.Here we see the VMware ecosystem with vSphere which creates a virtualization platform and vCloud that provides technologies to support private and public clouds. vCloud Director provides a management portal into these cloud technologies.[click]Trend Micro SecureCloud leverages information from vSphere and vCloud to provide native support for these environments. [click]Then SecureCloud can provide encryption capabilities in VMware virtual, private, and public cloud environments. [click]This gives companies encryption support today and as their data centers evolve.
  • #31 As we’ve discussed here, Trend Micro’s server security platform provides specialized protection across physical, virtual, and cloud. [Briefly step through points on slide.]
  • #32 Trend Micro was VMware’s 2011 Technology Alliance Partner of the Year. This timeline helps highlight some of our achievements in our partnership with VMware, starting back in 2008. [Highlight a couple of key points from the timeline—do not cover it all.]