Your data center is changing. Have your security strategies changed accordingly?

640 views

Published on

Understand the security issues and risks for your virtualised data centre and find out ways to enhance your server defenses, implement security solutions that are virtualisation aware and leverage Vmsafe-based solutions to ensure stronger security, faster performance and better manageability.

A presentation given by Trend Micro at the IDC Summit in London, Feb 2012

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
640
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The outside-in approach is still important, but, alone, is not sufficient in today’s evolving data center. Disgruntled employees are already within the perimeter. Advanced Persistent Threats are unique attacks that will not be stopped by many traditional perimeter defenses. And the changing nature of IT is causing deperimeterization with new technologies like virtualization, cloud computing, and consumerization. New security approaches must be added to the traditional outside-in protection.
  • As you can see as you progress further along you journey the security risks become more. Even in stage 2 where you are deploying Business critical apps in VMs or rolling out VDI security and compliance are key factors.
  • Next we’ll cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected.
  • Now let’s summarize the solutions to the virtualization security inhibitors we just discussed.First, resource contention can be avoided with agent-less AV scans. The dedicated scanning virtual machines can coordinate staggered scans across VMs to preserve host resources. We’ll talk about agent-less AV in more detail a bit later. [click]Second, dedicated scanning virtual machines coordinated with real-time agents within each virtual machine can prevent instant-on gaps. This ensures that virtual machines are secure when dormant and ready to go with the latest pattern updates whenever activated. [click]Third, inter-VM attacks and blind spots can be prevented with VM-aware security that is provided on the virtual machine level, independent of the host machine. [click]Fourth, management complexity can be reduced when VM security is tightly integrated with virtualization management consoles such as VMware vCenter.With integrated, comprehensive, virtualization-aware security, virtualization environments can be as secure as dedicated physical servers. And virtual servers and desktops can be secure without sacrificing performance.
  • Your data center is changing. Have your security strategies changed accordingly?

    1. 1. Your data center is changing.Have your security strategieschanged accordingly?John Burroughs CISSPSolutions Architect Copyright 2011 Trend Micro Inc. 1
    2. 2. Security Issues and Risks for your Virtualized Data CenterWhat to look for in a Security Solution for your VDI environment Copyright 2011 Trend Micro Inc. 2
    3. 3. Cross-platform SecurityPhysical Virtual Cloud • New platforms don‟t change the threat landscape • Integrated security is needed across all platforms • Each platform has unique security risks Copyright 2011 Trend Micro Inc. 3
    4. 4. Integrated security is needed across all ofthese platformsPhysical Virtual Cloud • New platforms don‟t change the threat landscape • Integrated security is needed across all platforms • Each platform has unique security risks … with a single management console Copyright 2011 Trend Micro Inc. 4
    5. 5. Threat Environment: High Profile Cases June-2011: Citi Account Online Web portal breached, hackers seized 360,000 customer records including their names, email addresses, and account numbers April -2011: PSN hacked and 77 million records accessed June -2011: Sony Online Entertainment hacked and 24.6 million records compromised. April - 2011: an e-mail marketing service provider lost the email address for customers of over 50 companies including Citibank, JP Morgan Chase, Capital One, TD Ameritrade March-2011: Hackers stole sensitive data related to their SecureID technology … Leading to Lockheed Martin and L-3 Communications networks being compromised Feb-2011: Hackers broke into the Web Portal Directors Desk used by 10,000 Executives of Fortune 500 Companies to share confidential information and documents Fed-2011: Canadian Government compromised by foreign hackers obtaining highly classified Federal Information Copyright 2011 Trend Micro Inc. 5
    6. 6. Security firm - RSA attacked usingExcel flash http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/ Copyright 2011 Trend Micro Inc.
    7. 7. Perimeter Defense Isn‟t Enough…EmpoweredEmployees Advanced Targeted Threats De-Perimeterization Virtualization, Cloud Consumerization & Mobility Copyright 2011 Trend Micro Inc. Source: Forrester
    8. 8. Assessing Risk in the Cloud Journey IT Production Business Production ITaaS Data destruction 12 Multi-tenancy 11 Diminished perimeter 10 Data access & governance 9 Data confidentiality & integrity 8 Compliance / Lack of audit trail 7 Complexity of Management 6 Resource contention 5 Mixed trust level VMs 4 Instant-on gaps 3 Inter-VM attacks 2 Host controls under-deployed 1 Copyright 2011 Trend Micro Inc.08-31
    9. 9. VirtualizationSecurity Inhibitors Typical AV Console 3:00am Scan1 Resource Contention Antivirus Storm Automatic antivirus scans overburden the system Copyright 2011 Trend Micro Inc. 9
    10. 10. VirtualizationSecurity Inhibitors Reactivated with1 Resource Contention Active out-of-date security New VMs Dormant2 Instant-on Gaps        Cloned VMs must have a configured agent and updated pattern files Copyright 2011 Trend Micro Inc. 10
    11. 11. VirtualizationSecurity Inhibitors1 Resource Contention2 Instant-on Gaps3 Inter-VM Attacks / Blind Spots Attacks can spread across VMs Copyright 2011 Trend Micro Inc. 11
    12. 12. VirtualizationSecurity Inhibitors Provisioning Reconfiguring Rollout Patch new VMs agents patterns agents1 Resource Contention2 Instant-on Gaps3 Inter-VM Attacks / Blind Spots4 Complexity of Management VM sprawl inhibits compliance Copyright 2011 Trend Micro Inc. 12
    13. 13. VirtualizationAddressing Security Inhibitors Solution: Use Security solutions that1 Resource Contention are „virtualization aware‟ Solution: Discovery and protection2 Instant-on Gaps of VMs must be automated Inter-VM Attacks / Blind Spots Solution: Use Network Protection3 (FW&IDS/IPS) to inspect traffic on a per VM basis Solution: Integration with4 Complexity of Management virtualization management consoles such as VMware vCenter Copyright 2011 Trend Micro Inc. 13
    14. 14. VirtualizationVirtual Desktop Security – What to Look for• Integrates tightly with leading VDI vendors infrastructure• Uses hypervisor API integration to off load security from VM • Provides agentless option • Allows host to be self defending • For AV, Optimizes scanning and pattern update operations• Solution architected to prevent resource contention Copyright 2011 Trend Micro Inc. 14
    15. 15. What is required is a virtualisation- aware security solutionDeep Packet InspectionFirewall SecurityAnti Virus VMLog Inspection HypervisorIntegrity Monitoring Copyright 2011 Trend Micro Inc. Copyright 2009 Trend Micro Inc.
    16. 16. Tolly Report“Full Scan Storm” Load Agent Agent Classification 3/1/2012 Copyright 2011 Trend Micro Inc. 16
    17. 17. Tolly Report“Pattern Update Storm” Load Agent Agent Classification 3/1/2012 Copyright 2011 Trend Micro Inc. 17
    18. 18. Virtualization Aware SecurityAgentless Protection for AV, Network and Integrity Monitoring The Old Way With Agent-less Protection Security VM VM VM Virtual Appliance VM VM VM VM VM Zero Added Faster Better Stronger Footprint Performance Manageability Security • Zero added footprint: AV, Network Protection and Integrity monitoring in the same Security Virtual Appliance • Order of Magnitude savings in manageability • Virtual Appliance avoids performance degradation from FIM storms 18 Copyright 2011 Trend Micro Inc.
    19. 19. For further information on Trend Micro virtualisationand cloud security solutions, including Trend MicroDeep Securitywww.trendmicro.co.uk/virtualisation Copyright 2011 Trend Micro Inc.

    ×