Vmug birmingham mar2013 trendmicro
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Vmug birmingham mar2013 trendmicro

  • 298 views
Uploaded on

Trend Micro Presentation from Birmingham VMUG

Trend Micro Presentation from Birmingham VMUG

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
298
On Slideshare
298
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The data centre is evolving. This is a depiction of a customer’s typical virtualization journey from physical to cloud via virtualization.In stage 1, orgs have begun virtualization all of their low hanging fruit – web servers, file and print servers, some app servers, and begun to realize the hardware consolidation and operational management benefits that result in lower CAPX and OPEX costs.In stage 2, they have begun virtualizing more of their tier 1 apps and mission critical servers now. They are also leveraging some of the more advanced capabilities of virtualization such as automatic live migration, disaster recovery and software fault tolerance. Many stage 2 orgs have also started deploying virtual desktops as well.Benefits in stage 2 are even more cost efficiencies plus also higher QoS from the higher level virtualization capabilities.
  • Next we’ll cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected. [click]Again the solution is a dedicated security virtual appliance that can ensure that guest VMs on the same host have up-to-date security if accessed or reactivated, and can make sure that newly provisioned VMs also have current security. This security virtual appliance should include layered protection that integrates multiple technologies such as antivirus, integrity monitoring, intrusion detection and prevention, virtual patching, and more. .
  • I’d now like to highlight a couple of additional virtualization challenges. The next one we’ll discuss today is inter-VM attacks and blind spots. [click]When a threat penetrates a virtual machine, the threat can then spread to other virtual machines on the same host. Traditional security such as hardware-based firewalls might protect the host, but not the guest virtual machines. And cross-VM communication might not leave the host to be routed through other forms of security, creating a blind spot. [click]For the solution, protection must be applied on an individual virtual machine level, not host level, to ensure security. And integration with the virtualization platform, such as VMware, provide the ability to communicate with the guest virtual machines. Also, virtual patching ensures that VMs stay secure until patches can be deployed.
  • Patching is one of the most significant pain points for every IT department, and it also needs to be addressed in virtual datacenters. Patch cycles, virtual machine proliferation could soon make it very difficult to maintain compliant environments. http://www.vmware.com/virtualization/advantages/virtualization-management/patching.html VMware vCenter Update Manager lets you:Reduce the risks associated with patching hosts by allowing fast rollbacks to a pre-patch stage Eliminate application downtime related to VMware ESX host patching Increase IT administrator productivity with unique automation capabilities Increase flexibility by allowing delayed reboot of virtual machines VMware vCenter Update Manager is a fully integrated module of VMware vCenter Server. It does not require a complex installation or additional infrastructure.
  • In stage 3, organizations have started leveraging private and public clouds. The IT dept has transformed itself into acting as a service provider with charge-back type processes where consumers of IT are in effect renting computing space and time from IT. Benefits are further cost efficiencies, QoS and faster business agility.As orgs considered their move to stage 3, security was top of mind – IDC survey data shows that it is the #1 issue why orgs will not move to the cloud.
  • To address the risks of evolving your data center, we have a single platform and administration that secures your physical, virtual and cloud environments.Our solution is open, automated and highly scalable, fitting your existing infrastructure, seamlessly integrating with key applications like VMWare or cloud environments like Amazon Web Services.Like our end user protection solution, this solution is plug-and-play in nature – allowing you to extend and grow your solution as your business needs change.Block and remove malicious software with Anti-Malware.Protect against known and zero-day vulnerabilities with Intrusion Prevention. This provides you with “virtual patching” -- protecting you before you patch.Achieve segmentation of systems and reduce the attack surface with a host-based Firewall.Identify expected and unexpected (malicious) system changes with Integrity Monitoring.Gain additional visibility and correlation of system and application events with Log Inspection. This can be integrated with your existing SIEM for further insight.Protect sensitive data, particularly when using cloud service providers with Encryption.<click>And just like our other solutions, it is powered by our Smart Protection Network, protecting against real-world threats faster.Our Cloud and Data Center Solution protects you on your journey to the cloud – now and in the future.
  • Let’s look at the example here:Let’s imagine a VMware ESX host with 15 virtual servers running on it, each of which has a locally installed security agent providing e.g. AM, Web Threat Protection, FW, DPI, IM. So what’s the problem with this approach? Simultaneous scanning, updates, network traffic analysis and so on lead to increased resource usage on each VM, and a cumulative resource impact on the ESX host which can be disastrous and lead to outages of the host and – therefore – all of the VMs running on that host. This is turn can result in a combination of the following:Less VMs per ESX hostReduced security on each VMNo security on each VMSo how does Deep Security solve this problem? Deep Security’s agentless protection abilities mean you can drastically increase the amount of VMs per ESX host – all without reducing the security posture of the VM. Which means one thing for VMware customers – increased ROI (and security!) in their virtual infrastructure.Savings on improved VM density:VDI: 50% more VDIsVirtual servers: 20 – 30% more virtual serversSavings during initial deployment:Where Deep Security saves significant setup time is when customers need to install multiple separate point security solutions – for example, for separate solutions such as anti-virus, host firewall, host IPS, and integrity monitoring. By providing these technologies in a single integrated virtual appliance, Deep Security reduces overall setup time relative to other market alternatives that deploy multiple agent-based solutions.Savings in on going management:Faster deployment on new VMsVirtual patching
  • Datacenter extension into the cloud – Workloads like Web or mail. Challenges with visibility and policy with the workloads and extension of networkDS – Allowing visibility into physical, virtual, cloud assetsBeing able to assign and enforce security policies across these workloads.
  • Each of these platforms has unique security concerns. With physical machines, the manageability of various security solutions can be an issue.There can be a glut of security products—either through excessive layering or overly specialized products. This increases hardware and software costs. Also, management across the different products can be difficult – causing security gaps. And collectively these issues create a higher Total Cost of Ownership.The solution is to reduce complexity by consolidating security vendors and correlating protection.[click]With virtualization, the risks pertain to both performance and threats specific to virtual environments. There is a concern that security will reduce performance, which reduces the ROI of a virtual infrastructure. Also there are unique virtual machine attacks, such as inter-VM threats. Here the solution is increased efficiency—security that optimizes performance while also defending against traditional as well as virtualization-specific threats. [click]With cloud services, the risks pertain to less visibility and cloud-specific threats. Companies are concerned about having less visibility into their applications and data. And they are concerned about increased external threats, especially in multi-tenant environments.For the cloud, businesses need security that allows them to use the cloud to deliver IT agility. Data must be able to safely migrate from on-premise data centers to private clouds to public clouds so organizations can make the best use of resources. [click]As we’ll see later, all of these concerns can be addressed. And through protection that is provided in an integrated security solution all managed through one console. With cross-platform security, you’ll stay protected as your data center and virtual or cloud deployments evolve, allowing you to leverage the benefits of each platform while defending against the threats unique to each environment.

Transcript

  • 1. Giovanni Alberici • EMEA Product MarketingAddressing the new securitychallenges posed by virtualisation &cloud computing
  • 2. Stage 1ConsolidationStage 2Expansion & DesktopStage 3Private > Public Cloud15%30%70%85%ServersDesktopsCost-efficiency  + Quality of Service  + Business Agility Data centres are evolving to drive downcosts and increase business flexibilityThe evolving data centre
  • 3. Security challenges in the cloudInter-VM attacksInstant-ON gapsStage 1ConsolidationStage 2Expansion & DesktopStage 3Private > Public CloudServersDesktopsCost-efficiency  + Quality of Service  + Business Agility 15%30%70%85%Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining Compliance
  • 4. ClonedChallenge: Instant-on Gaps  DormantActiveReactivated without dated security New, reactivated and cloned VMs can have out-of-datesecurity
  • 5. Attacks can spread across VMsChallenge: Inter-VM Attacks / Blind Spots
  • 6. Not Patched Patched    Virtualization - patching doesn’t go away6/18/20136Copyright 2012 Trend Micro Inc.“…virtual machine proliferation could soon make it very difficult to maintaincompliant environments.” VMware on Patch Management
  • 7. Security challenges in the cloudInter-VM attacksInstant-ON gapsStage 1ConsolidationStage 2Expansion & DesktopStage 3Private > Public CloudServersDesktopsCost-efficiency  + Quality of Service  + Business Agility 15%30%70%85%Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining ComplianceService Provider (in)SecurityMulti-tenancyInter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining Compliance
  • 8. Data security challenges in the cloudEncryption rarely used:- Who can see your information?Storage volumes and servers are mobile:- Where is your data? Has it moved?Rogue servers might access data:- Who is attaching to your storage?Audit and alerting modules lacking:- What happened when you weren’t looking?Encryption keys tied to vendor:- Are you locked into a single security solution?Who has access to your keys?Storage volumes contain residual data:- Are your storage devices recycled securely?Classification6/18/20139Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…
  • 9. Challenges for public cloudSharedStorageSharedFirewallVirtualServersShared network insidethe firewallShared firewall –Lowest commondenominator – less finegrained controlMultiple customers onone physical server –potential for attacks viathe hypervisorShared storage – iscustomer segmentationsecure against attack?Easily copied machineimages – who else hasyour server?Internet
  • 10. Public Cloud: Private SecuritySharedStorageSharedFirewallVirtualServersShared network insidethe firewallShared firewall –Lowest commondenominator – less finegrained controlMultiple customers on onephysical server – potential forattacks via the hypervisorShared storage – iscustomer segmentationsecure against attack?Easily copied machine images– who else has your server?Doesn’t matter – the edge of myvirtual machine is protectedDoesn’t matter – treatthe LAN as publicDoesn’t matter – treatthe LAN as publicDoesn’t matter – They can startmy server but only I can unlockmy dataDoesn’t matter – Mydata is encryptedInternet
  • 11. Copyright 2013 Trend Micro Inc.Data CenterPhysicalEnabling the Data Center (R)evolutionVirtual Private Cloud Public CloudDeep Security Agent/AgentlessAnti-MalwareIntegrityMonitoringApplicationControlLogInspectionFirewallVirtualPatchingData Center OpsSecurityBy 2016, 71% of server workloadswill be virtualized
  • 12. Any HypervisorVirtualization Security - Agent BasedVMware HypervisorVirtualization Security - Agentless
  • 13. Improves system performance1Eases security administration2Improves security & compliance3Advantages of Deep Security for VirtualizationEnables workload flexibility4
  • 14. 15Deep Security Virtual ApplianceImproves system performance150% more VDIs20 – 30% more virtual servers
  • 15. Deep Security 9 Scan Cache• Separate cache for Anti-malware scheduled/on-demandand Integrity Monitoring• Up to 20x improvement for Anti-malware scans betweenVMs• Reduce resources and overall on-demand scan time forAnti-malware• Reduce overall baseline time for Integrity Monitoring• Great benefits for VDI (VMs are linked clones)6/18/2013 16Confidential | Copyright 2012 Trend Micro Inc.
  • 16. Anti-malware Scan Performance6/18/2013 17Confidential | Copyright 2012 Trend Micro Inc.1st AMscan2nd AMscan(cached)Scan time ~ 20x fasterSignificant DSVA CPUReductionHuge IO VolumeReduction
  • 17. 18• Visibility into virtual and cloudenvironments– vCenter, Active Directory,vCloud, Amazon (AWS)• Automation & Recommendation– Identify unique securitycontrols required– OS, applications,patch-levels, vulnerabilities– Automatically deploy andactivate security policies– Example: SAP serverrequires 28 controlsProvisioningInfrastructurevCenter, AD,vCloud andAWSVirtualAppliancePublicCloudDeep Security• Scalable• RedundantSAPExchangeServersOracleWebServerWebServer73controls8controls28controls19controls15controlsLinux ServerEases security administration2
  • 18. 6/18/2013 19Confidential | Copyright 2012 Trend Micro Inc.
  • 19. Global threat intelligence from the cloud… collects 6TB worthof data for analysis… analyses 1.15Bnew threat samples… identifies 90,000new threats… blocks 200MthreatsEVERY24HOURS20Improves security & compliance3
  • 20. Patch Management is a Growing ChallengeCritical “Software Flaw” Vulnerabilities in 2012Common Vulnerabilities & Exposures (“CVE”): Score 7-101,764Almost 7 critical vulnerabilities everyday!6/18/2013 21Confidential | Copyright 2013 Trend Micro Inc.“Due to the increasing volume of public vulnerability reports, the CommonVulnerabilities and Exposures (CVE) project will change the syntax of its standardvulnerability identifiers so that CVE can track more than 10,000 vulnerabilities in asingle year.” http://cve.mitre.org/news/index.html2012 saw 26% increase in # of vulnerabilities disclosedNSS Labs
  • 21. 22Virtual Patching with Deep SecurityTimeVulnerabilitydiscoveredOver 100 applicationsshielded including:Operating SystemsDatabase serversWeb app serversMail serversFTP serversBackup serversStorage mgt serversDHCP serversDesktop applicationsMail clientsWeb browsersAnti-virusOther applicationsPatchavailablePatchtestedPatchdeployedSystems at risk!Reduced risk!Virtualpatch
  • 22. Compliance with Deep Security23IDS / IPSWeb Application ProtectionApplication ControlFirewallDeep Packet InspectionIntegrityMonitoringLogInspectionAnti-Malware5 Protection ModulesDefence In DepthAddressing 7 PCI requirementsand 20+ sub-controls including: (1.) Network Segmentation (1.x) Firewall (5.x) Anti-Malware (6.1) Virtual Patching (6.6) Web App. Protection (10.6) Daily Log Review (11.4) IDS / IPS (11.5) Integrity MonitoringPCI-DSS Compliance
  • 23. PhysicalDatabaseStorageVirtualWebServerMailServerWebServerEnterpriseProvidersDeep SecurityWebAccessEnables workload flexibility4
  • 24. Physical Virtual CloudManageabilityGlut of security productsLess securityHigher TCOReduce ComplexityOne Security Model is Possibleacross Physical, Virtual, and Cloud EnvironmentsIntegrated Security: Single Management ConsolePerformance & ThreatsTraditional securitydegrades performanceNew VM-based threatsIncrease EfficiencyVisibility & ThreatsLess visibilityMore external risksDeliver Agility
  • 25. Thank You!6/18/2013 26Confidential | Copyright 2012 Trend Micro Inc.