Smart, Data-Centric Security for the Post-PC Era

Uploaded on

In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from …

In the cloud, data is not tied to one server or even one group of servers, and it can be accessed from multiple devices simultaneously. To protect data, therefore, security solutions must shift from defense of a fixed perimeter towards an approach that protects the data as it travels from physical to virtual to cloud environments.

In the post-PC era, Trend Micro envisions a smart, data-centric security framework that advances the capabilities of our cloud-based Smart Protection Network™, adds smarter threat protection that correlates local threat intelligence; smarter data protection that follows and protects your data; and unified security management that increases visibility into data access and potential attacks.

This presentation was given at the Information Security Executive Summit on 28th / 29th February 2012

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • So, what can enterprises do to actually benefit from Consumerization and make it work to their advantage? Well, the first thing Trend suggests is to accept the fact that consumerization is happening. It can’t be stopped - and it doesn’t make sense to try. You can embrace Consumerization in order to unlock its full business potential.So how do you go about it?Trend Micro recommends a three-step approach to embrace consumerization: 1--Have a plan. Take a strategic approach to Consumerization. IT cannot do this in a vacuum: engage your lines of business owners (marketing, sales, HR, product development), involve your early adopters in the company, ask them what they use, what they like, and what they find most useful to support their work activities. Pull from their consumer experience rather than push your IT perspective onto them.2--Say yes…but not to everything…and not to everyone. Develop a set of policies that clearly define which technologies are fully supported vesus tolerated or prohibited. Profile your internal users based on their role, line of business and location. Then map technologies to user profiles and define an Service Level Agreement (SLA) for each intersection. 3--Put the right infrastructure into place. Deploy enterprise-grade tools and infrastructure specifically designed to secure and manage consumer technology in the enterprise. No single vendor can provide one solution that covers all functional requirements across all platforms. And several vendors from adjacent product segments offer overlapping core functionality. For a start, you will probably have to look at security vendors for Internet content security, mobile anti-malware and mobile data protection. And look to Mobile Device Management vendors for system provisioning and application management. And to Telecom Expense Management solutions for procurement, support and cost control of voice and data services.Additional resources:Go to Trend Micro Global Sales Toolkit (GST) for access to the internal-only Gartner reports on mobile data protection and mobile device management: Micro Mobile Security (TMMS) assets on GST:
  • Now that we’ve looked at the threat landscape, I’d like to talk a bit about general security approaches. Here we see the traditional outside-in perimeter defense. This security model is based on the assumption that data stays inside the system and application, and that systems and applications stay inside the network. [click]Anything on the outside is inspected and potentially blocked at the perimeter, if flagged as a threat. Multiple layers work together to stop threats at the earliest possible point in the network.
  • The outside-in approach is still important, but, alone, is not sufficient in today’s evolving data center. Disgruntled employees are already within the perimeter. Advanced Persistent Threats are unique attacks that will not be stopped by many traditional perimeter defenses. And the changing nature of IT is causing deperimeterization with new technologies like virtualization, cloud computing, and consumerization. New security approaches must be added to the traditional outside-in protection.
  • #5 - ConsumerizationAlready well covered in the general sessions, but you really cannot understate how much pain this is creating for IT decision-makers Social media is close behind it devices:30 billion pieces of content are shared on Facebook every month 78% of social media users think their privacy settings are sufficient Social engineering is giving way to social media engineering MDM in downward phase of Hype Cycle, but managing devices still primary concern for customers, so having a solution is a great way to get on their radar MDM still preferred approach in regulated environments - doctors coats now being made with pockets big enough to hold iPad, need to take a stronger centrally managed approach to management and access Not just about smartphones and tablets and apps - also about data sharing and even supporting Mac laptops SF customer who is heading towards 50% of their environment (6000 clients) being Macs.As of early 2011, 30 billion pieces of content (links, photos, notes, etc) are shared on Facebook every month (source: Royal Pingdom, “Internet 2010 in Numbers,” 12 January 2011), and 50 percent of active users log into Facebook every day (source: A Harris Interactive poll found that 65 percent of U.S. adults use social media and say that they have received a positive benefit as a result (source: Harris Interactive, “The Pros, Cons and Learning Curve of Social Media,” 18 January 2011), and that 78 percent of social media users felt that their privacy settings were sufficient to prevent potentially negative social media experiences, even as the number of malicious applications and frequency of social media-related data breaches were increasing.The consumerization of IT is already happening, and it is about more than smartphones and tabletsMobile devices have overtaken PCs as the predominant means of connecting to the cloudData must be accessible to employees and partners from many locations outside the traditional networkSocial media and cloud-based services are essential components of any business’ growth strategyThe Consumerization of IT also carries many potential risks and costsIncreased operational costs due to managing a de-standardized, heterogeneous environmentIncreased capital costs to port applications, scale data centers and deliver corporate data to a heterogeneous endpoint environmentIncreased risk of data loss and business disruption in a difficult-to-secure IT environmentTrend Micro has seen the advent of this new world of end user and have designed a portfolio of solutions to help businesses embrace consumerization, unlocking its opportunities while containing its costs
  • We’ve “borrowed” the idea of the Hype Cycle to show the journey that most enterprises are experiencing with mobile devices. The trigger is usually BYOD and that causes security owners to react the way they’ve reacted to end-user security in the past decade: by controlling the device and everything on it. This is what most MDM vendors are focused on. This is a great start, but both security and business owners quickly realize that it’s not the devices that matter, but the data on the devices. When they move to make the MDM solutions solve this challenge they quickly realize that it’s just not possible to segregate the corporate and personal data on the devices and maintain the usability of the device – this leads to the equivalent of the trough of disillusionment.But a new technology has emerged recently that gives Enterprises the flexibility to manage not only the apps on the devices, but also the data that belongs to the apps. Very few Enterprises globally have made the transition out of the trough, but many of them will be making the move in 2012 and it’s interesting to note that they don’t always choose the same vendor for Mobile Application Management as they do for Mobile Device Management.Mid-Market customers are about 12-18 months behind the average Enterprise customer. So in 2012, we plan to address the needs of the Enterprise by moving into Mobile Application Management and the Mid-Market by ensuring we have an easy to use, easy to deploy Hosted Mobile Device Management solution. But in the meantime, we have a very competitive MDM solution on the market in TMMS.
  • Threat Intelligence Map enable user to visualize global and local SPN (Feedback loop) infection trail in 24 hours or 7 days fashion.User can either select top 20 ranking or manually query malware name from console to render detection trails.
  • TIM rollout topology working with Trend and 3rd party logs


  • 1. Trend Micro DiscussionStephen FT PorterAlliance & SI Business ManagerSimon YoungEMEA Alliances Director Copyright 2012 Trend Micro Inc.
  • 2. Product Approach Core Platform – Security Capabilities• Anti-Malware • Anti-Malware • Anti-Malware • Policy• Mobile • Data-Loss • IDS/IPS • Reporting• Data-Loss Prevention • File Integrity • Threat Intel Prevention • Application ID • Log Inspection • Dashboard• Encryption • Mobile • Data-Loss • Configuration• SafeSync • Web/DB Prevention • Update • Encryption Endpoint Network Data Center Management Platform Platform Platform Platform 2 Trend Micro Confidential 3/6/2012 Copyright 2012 Trend Micro Inc.
  • 3. Trend is No.1 in Server and Virtualization Security Physical Virtual Cloud Trend Trend Micro Micro 13% 23.7% Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: IDC, 2011 Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: 2011 Technavio – Global Source: IDC, 2011 Virtualization Security Management Solutions Copyright 2012 Trend Micro Inc.
  • 4. Virtualization Journey StagesStage 1 Stage 2 Stage 3Server Consolidation Expansion & Desktop Private > Public Cloud 85% Servers Desktops 70% 30% 15% THE SECURITY INHIBITORS TO VIRTUALIZATION Copyright 2012 Trend Micro Inc.
  • 5. The Ever-Changing Threat Landscape 2009 2011 2013 Global Threat Distributions Based on estimations by a panel of experts within Trend Micro, 2012 Copyright 2012 Trend Micro Inc.
  • 6. Outside-in Perimeter Defense Isn’t Enough…EmpoweredEmployees Advanced Targeted Threats Re-Perimeterization Virtualization, Cloud Consumerization & Mobility Copyright 2012 Trend Micro Inc. Source: Forrester
  • 7. Cloud Era Revolution Cloud Infrastructure Cloud Application Hybrid Cloud Management • Physical • Virtual • Cloud Threat Landscape Cloud Data Consumerization Targeted Attack APT andTechnology Evolution Mobility Cloud Computing Endpoint Mobility Customer Behaviour Data Risk /compliance Management Copyright 2012 Trend Micro Inc.
  • 8. The Enterprise Endpoint Evolution Cloud 50% Mobile Devices/SaaS DataCenter Management Virtual Driven20% 15% Virtual Laptops/PCs Physical80% 35% EndPoint Management Driven 2011 2013 3-5 Years Cross-over year Copyright 2012 Trend Micro Inc. 9
  • 9. Consumerisation iPhone Windows phone iPad • Challenges: – Manage mobile devices – Provide secure access to applications and data – Defend against social media- based attacks – Data protection for BYOIT • 47%: Mobile workers who have a personally owned tablet that they use for at least some work Copyright 2012 Trend Micro Inc. 10 Copyright 2011 Trend Micro Inc.
  • 10. Mobile Device Market Mid-Market (~250-2500) Mobile Devices In the Enterprise Hype Cycle Enterprise (~2500+) 2012 Copyright 2012 Trend Micro Inc.
  • 11. Mobile Device Protection Requirements Manage Efficiently Protect the Data Secure the Devices • Device Discovery • Encryption • Anti-Malware • Device Enrollment • Remote Wipe • Firewall • Device Provisioning • Remote Lock • Web Threat Protection • Asset Tracking • SIM Change/ Watch • Email Security • S/W Management • Feature Lock • Call/ SMS Anti-Spam • Remote Control • Password Policy • App Control/Lock-down Central Policy Management Copyright 2012 Trend Micro Inc.
  • 12. Deep SecurityAn Agentless Security Environment Deep Security Virtual Appliance • Anti-malware • Intrusion Prevention • Integrity Monitoring • Web App Protection • Firewall • Application Control The Old Way With Deep Security More VMs Security VM VM VM Virtual VM VM VM VM VM Appliance Higher Fewer Easier Stronger Density Resources Manageability Security Copyright 2012 Trend Micro Inc. 13
  • 13. VDI Example – Cost Breakdown STD VDI VDI+ Security 1000 1250 875 2480 1160 928 1360 440 396 4840 2850 2199 Classification 3/6/2012 Copyright 2012 Trend Micro Inc. 14
  • 14. SecureCloud: Enterprise ControlledData Protection for the Cloud My Data 15 Copyright 2012 Trend Micro Inc.
  • 15. Deep Security / Secure Cloud Example Customer 1 Customer 2 Unix/ Win Server Vmware Vsphere ESX Customer Test Classification 3/6/2012 Copyright 2012 Trend Micro Inc. 16
  • 16. Dashboard (Threat Intelligence Map) Classification Copyright 2012 Trend Micro Inc. 17
  • 17. Enterprise Security Manager • Risk Assessment • Risk Mitigation • Risk Escalation • Configuration Management • Update Management • Log Management • Alert Management Threat Intelligence Manager 3rd Party Products Control Manager Threat Discovery Appliance OSCE, DSM, IDF Servers IxSVA Trend Endpoints Corporate Network 3/6/2012 Copyright 2012 Trend Micro Inc. 18
  • 18. Q&A Copyright 2012 Trend Micro Inc.