Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure Your Virtualized Environment. Protection from Advanced Persistent Threats (APTs)

1,415 views

Published on

Trend Micro Deep Security
#1 Security Platform for Virtualization and the cloud

Trend Micro Deep Discovery
Combating Advanced Persistent Treats (APT’s)

Trend Micro Mobile Security
Manage and control your mobile devices (BYOD)

Published in: Technology
  • Be the first to comment

Secure Your Virtualized Environment. Protection from Advanced Persistent Threats (APTs)

  1. 1. Agenda: Secure Your  Rob Tanner Virtualized Deep Security Environment  Jay Kammerer Protection from Deep Discovery Advanced Persistent  Jamie Haggett Threats (APTs) Mobile Security  Q&A
  2. 2. Server and Desktop Virtualization Security Whats new from Trend Micro • Trend Micro Deep Security #1 Security Platform for Virtualization and the cloud • Trend Micro Deep Discovery Combating Advanced Persistent Treats (APT’s) • Trend Micro Mobile Security Manage and control your mobile devices (BYOD)2/6/2013 Copyright 2012 Trend Micro Inc. 3
  3. 3. RethinkingDatacenter Security Rob Tanner Sr. Manager, Channel Sales Trend Micro
  4. 4. Virtualization is shrinking the datacenter but what about shrinking security overhead?2/6/2013 5
  5. 5. vCenter and vCloud are accelerating VM provisioning Is you security provisioning keeping pace?2/6/2013 |Copyright 2012 Trend Micro Inc. 6
  6. 6. Data Center Physical Virtual Cloud By 2016, 71% of server workloads will be virtualized* • Increased business agility • Instant scalability • Lower capital and operational costs Source: Gartner, Forecast Analysis: Data Center, Worldwide, 2010-2016, 1Q12 Update, Jonathon Hardcastle, 16 May, 2012Confidential | Copyright 2012 Trend Micro Inc.
  7. 7. Data Center Physical Virtual Cloud Security Challenges Manage Risk Ensure compliance Protect the brand Reduce Costs Performance impact Management overheadConfidential | Copyright 2012 Trend Micro Inc.
  8. 8. Virtualization Security Challenge: Resource Contention Typical AV Console 3:00am Scan Antivirus Storm Automatic security scans overburden the system2/6/2013 Copyright 2012 Trend Micro Inc. 9
  9. 9. Virtualization Security Challenge: Instant-on Gaps Reactivated with Active Dormant security Cloned out dated        Reactivated and cloned VMs can have out-of-date security2/6/2013 Copyright 2012 Trend Micro Inc. 10
  10. 10. Virtualization Security Challenge: Inter-VM Attacks / Blind Spots Attacks can spread across VMs2/6/2013 Copyright 2012 Trend Micro Inc. 11
  11. 11. Virtualization Security Challenge: Complexity of Management Provisioning Reconfiguring Rollout Patch new VMs agents patterns agents VM sprawl inhibits compliance2/6/2013 Copyright 2012 Trend Micro Inc. 12
  12. 12. Lower Costs with Agent-less SecurityTrend Micro Deep Security Web Intrusion Firewall Integrity Anti-Malware Reputation Prevention Monitoring The Old Way With Deep Security More VMs Security VM VM VM Virtual Appliance VM VM VM VM VM Higher Fewer Easier Stronger Density Resources Manageability Security
  13. 13. Virtualization Security Increased ROI with Agentless Security Example: Agentless Antivirus VM servers per host Agentless AV 75 Traditional AV 25 3X higher VDI VM consolidation ratios 0 10 20 30 40 50 60 70 80 3-year Savings on 1000 VDI VMs = $539,600 Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations2/6/2013 Copyright 2012 Trend Micro Inc. 14
  14. 14. Deep Security 9Deeper Integration with VMware Platform• Support for latest vSphere and vShield platform capabilities – 4th-generation enhancements across broadest agentless security suite• Improved performance – Antivirus and integrity scan caching/de-dupe across VMs • Significant storage I/O benefits for further VDI consolidation – Tuning of IPS policies to guest application• Stronger protection – Hypervisor boot integrity – chain of trust from VM file integrity to H/W Trend Micro Confidential-NDA Required
  15. 15. Vulnerabilities and Patching - under control? NVD Statistical Data Year # Vulns % Total 1997 145 57.54 1998 134 54.47 1999 424 47.43 2000 452 44.31 2001 773 46.09 2002 1,004 46.57 Critical ―Software Flaw‖ 2095 Vulnerabilities in 2010 2003 2004 678 969 44.40 39.53 • Common Vulnerabilities & Exposures (―CVE‖): Score 7-10 2005 2,038 41.32 2006 2,760 41.77 2007 3,159 48.50 2008 2,841 50.44 2009 2,722 47.48 2010 2,095 45.167 critical alerts every day! 2011* 1,658 43.87
  16. 16. Virtualization Security What is the Solution? Virtual Patching Rules are developed and delivered automatically to protect • Before patches are available • Unsupported OSs and apps • Legacy web applications • Devices that are difficult to patch— ATM kiosk, point of sale, medical devices, etc. Prevent business disruption and data breach. Keep your virtual systems, applications, and data secure2/6/2013 Copyright 2012 Trend Micro Inc. 17 17
  17. 17. Security Vulnerability in Java 7 Already targeted by hacker tools Details • In early January 2013, a vulnerability was discovered in Java 7, impacting Windows, Mac, and Linux users • The vulnerability is being exploited in toolkits like: – Blackhole Exploit Kit (BHEK) – Cool Exploit Kit (CEK) • The toolkits distribute malware, most notably ransomware that locks systems and requires fees (~$200-$300) to unlock • Oracle made a patch available on Sunday, January 13, 2013 • However, the Department of Homeland Security and other security consultants still advise disabling Java unless running the software is business critical http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-in-the-wild-spreading-ransomware/ http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-and-ruby-on-rails-vulnerabilities/2/6/2013 Confidential | Copyright 2013 Trend Micro Inc. 18
  18. 18. Trend Micro Customers are Already Shielded Deep Security The Power of Virtual Patching in Deep Security • Deep Security Labs obtains information about this vulnerability from public information sources • Trend Micro protects users from this zero-day vulnerability via its Deep Security update (DSRU13-002) and rule 1005177 (Rule: Restrict Java Bytecode File (Jar/Class) Download) • The rule blocks the .JAR and class files, preventing users from downloading all related malware • At first a patch was not available from Oracle for this vulnerability • This Trend Micro update provided immediate vulnerability shielding for Deep Security and OfficeScan customers • Oracle released a patch on Sunday, January 13, 2013 • Trend Micro customers can roll out the actual Oracle patch during a regularly scheduled maintenance update2/6/2013 Confidential | Copyright 2013 Trend Micro Inc. 19
  19. 19. Automated Security Reduces CostsTrend Micro Deep SecurityInstant and Automated Protection for Virtual and Cloud workloads Deep Security Manager vSphere & vCloud Anti-Malware Firewall Web Integrity Reputation Monitoring Intrusion Log Prevention Inspection Physical Virtual Cloud Desktop & Server Private, Dedicated Server Virtualization Hybrid & Public Cloud
  20. 20. Automate Security 19 controls 15 controls Web Exchange Server Servers Virtual Appliance• Discover VMs & servers requiring protection 73 controls 28 controls – vSphere and vCloud 8 Oracle SAP – Amazon Web Services controls Web Server• Identify and Implement Provisioning Infrastructure unique security controls vSphere required vCloud Deep Security • Scalable • Redundant – OS, applications, patch-levels, vulnerabilities Public Cloud 21
  21. 21. Automate Security 19 12 controls 15 7 controls Web Exchange Server Servers Virtual Appliance• Refresh security 28 5 profiles after patching 73 24 controls controls to remove 87 controls Web Oracle SAP unnecessary rules Server Provisioning• Example, SAP now Infrastructure vSphere requires only 5 vCloud Deep Security • Scalable controls • Redundant Public Cloud 22
  22. 22. What Sets our Solution Apart?Only true server security platform:• Comprehensive, modular security controls• Optimized for virtualization and cloud – Higher density, better performance – Truly agentless Only true server – Multi-tenant management security platform:• Automated management gain freedom and confidence for your – Enforced policy based on OS, applications cloud journey! – Policy follows VM – Consistent policies across physical, virtual, cloud
  23. 23. As Virtualization Security Leader, We Can Help You• Automate tedious and costly security provisioning• Add Confidence to virtualization and cloud deployments• Accelerate deployment of virtualization and cloud 24
  24. 24. How does it work?2/6/2013 Copyright 2012 Trend Micro Inc. 25
  25. 25. IDC: Trend Micro Leader with 27% Global share Top ratings for Virtualization Security Only Enterprise Class Security product validated on Cisco UCS First Content security solution certified on VCE Vblock in April 2012Worldwide Corporate Endpoint Server Security Revenue Share by Vendor, 2011Source: IDC, 2012
  26. 26. Over 1500 Customers: Differing Security Priorities Virtual Compliance Defense inVirtualization Patching Depth Confidential | Copyright 2012 Trend Micro Inc.
  27. 27. Trend Micro: VMware #1 Security Partner and2011 Technology Alliance Partner of the Year Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform VMworld: Trend Micro Dec: Deep Security 7.5 virtsec customer Nov: Deep Security 7 w/ Agentless AntiVirus May: Trend with virtual appliance Vmworld: Announce acquires RSA: Trend Micro Deep Security 8 Feb: Join Third Brigade Demos Agentless w/ Agentless FIM VMsafe program Sale of DS 7.5 RSA: Other vendors Before GA ―announce‖ Agentless 2008 2009 2010 2011 July: Q1: VMware buys RSA: Trend Micro VMworld: Announce CPVM Deep Security for announces Coordinated Deep Security 7.5 GA Internal VDI Use approach & Virtual pricing And shows Vmsafe demo Q4: Joined EPSEC 2010: RSA: Trend Micro vShield Program >100 customers announces virtual >$1M revenue appliance
  28. 28. Thank you!
  29. 29. Deep Discoveryand The Custom Defense| Jay Kammerer
  30. 30. Traditional Security Protection is Insufficient APTs & Empowere Elastic Targeted Attacks d PerimeterAPTs & Targeted Attacks Employees―The New Norm‖ — IDC Copyright 2012 Trend Micro Inc.
  31. 31. APTs and Targeted Attacks -- The New Norm - IDC Trend Micro finds over 90% of enterprise networks A Cyber Intrusion contain active malicious Every 5 Minutes… malware according to US-CERT
  32. 32. Most Targeted Industries Most common industry targets of APT-related spear phishing Copyright 2012 Trend Micro Inc.
  33. 33. Trend Micro Custom DefenseA complete lifecycle to combat the attacks that matter to you Specialized threat detection Detect capability at network and protection points Deep analysis uses custom Analyze sandboxing & relevant global intel to fully assess threats Custom security blacklists & Deep Discovery Adapt signatures block further attack at network, gateway, endpoints Attack profiles and network-Respond wide event intelligence guide rapid containment & remediation
  34. 34. Deep Discovery Inspector Deep Discovery provides the network-wide visibility, insight and control needed to protect your company against APTs and targeted attacks • Visualization • Analysis Network • Alarms • Reporting Visibility, Analysis & Control Threat Virtual Watch Threat SIEM Detection Analyzer List Connect Connect Network InspectionNetwork Inspection Platform Platform Malicious Content Deep Discovery Suspect Communication Attacker Behavior 35
  35. 35. Threat Analyzer Custom Sandbox Simulation & Analysis • Tracking of malicious actions & events • Detection of malicious destinations and connections to C&C servers • Specific detection rules for Office, PDF and Flash docs • General detection rules for all executables • Exportable reports & PCAP filesFully Customizable Attack Surface using standard VMware tools- Operating system, Office version, Service Packs- Browsers and standard applications- Custom applications
  36. 36. Deep Discovery – How It Works Watch List Simulate GeoPlotting Detect Correlate Alerts, Reports, Out of band feed Evidence Gathering of all network Detect Malicious traffic Content & Communication Identify Attack Behavior Threat Connect & Reduce False Positives Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence2/6/2013 Confidential | Copyright 2012 Trend Micro Inc. 37
  37. 37. Threat Connect Information PortalThreat profile: What are thecharacteristics, origins andvariants of this malware.Related IPs/Domains: What arethe known C&C comms for thisattack.Attack Group/Campaign: Whoand what is behind this threat.Containment and remediation:What to look for, how toremediate and eradicate.
  38. 38. Deep Discovery Advisor Threat Intelligence Center• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events• Integrated Threat Connect Intelligence included in analysis results• Enhanced Threat Investigation and Visualization capabilities• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence
  39. 39. Deep Discovery Advisor Completing the Custom Defense Lifecyle Deep Discovery Inspector Detect Deep Discovery Analyze Advisor AdaptAdvancedProtection Forensics, Respond Containment,Solutions Remediation Security Updates
  40. 40. Why Deep Discovery Detection Intelligence • Beyond MSFT & sandboxing • Smart Protection Network – Mobile, Mac, … & Researchers • Custom sandboxing • Threat Connect Portal • Beyond malware – Attacker behavior, lateral movement, … TCO The Bigger Picture • Single appliance • Custom Defense Solution • Flexible form factors • Services & strategic value • Competitive pricing • Trend commitment to customer success Visibility Insight Control Deep Discovery2/6/2013
  41. 41. Deep DiscoveryThank You 4 2
  42. 42. Acrodex/ Public Sector Edmonton, February 2013 Jamie Haggett (@jhaggett) Global Architect – Enterprise Mobility Empowering the Mobile Workforce in the Age of Consumerization, Cloud and Cyber ThreatsCopyright 2012 Trend Micro Inc.
  43. 43. 1 Million Users 9 Days 9 Months 9 YearsSource: ReadWriteWeb, March 2012
  44. 44. Source:Asymco.com, June 2012
  45. 45. Hard Drive2000 Windows MS Office LAN PC + Email + File Server + Dialup Windows LAN Mac VPN2012 MS Office Hard Drive iOS Android + Email + Cloud + Wi-Fi Cellular VDI Cloud
  46. 46. How do youempower the business while managing risk?
  47. 47. Cyber Threats Cloud &Consumerization Virtualization
  48. 48. Personal Productivity ImpactingUser Expectations and Demands at Work I want to be … • Always connected... • Using the devices and apps that I like… • In a way that is fast & easy!
  49. 49. Devices and Apps can leak sensitive data
  50. 50. Compliance is challenging
  51. 51. • Now it’s personal!Changing Threat Landscape • Financially motivatedEvolution to Cybercrime • Targeting most valuable information CRIMEWARE Mobile AttacksDAMAGE CAUSED Targeted Attacks Web Threats Intelligent Botnets Spyware Spam Mass Worm Mailers Outbreaks Vulnerabilities 2001 2003 2004 2005 2007 2010 2012
  52. 52. Collaboration File/Folder & (SharePoint, Removable Cloud/Sync) Social Media Networking Mobile Web Email &Messaging Solution: Complete End User Protection Intrusion Data Loss Anti-Malware Mobile Security Encryption Prevention Prevention Centralized Policy | Simple Administration
  53. 53. Trend Micro Mobile Security 8.0Manage Device Data Protection Mobile Device ApplicationManagement Security Management• Device Discovery • Encryption Enforcement • Anti-Malware • App Black Listing• Device Enrollment • Remote Wipe • Firewall • App White Listing• Device Provisioning • Selective Wipe • Web Threat Protection • App Push• Asset Tracking • Remote Lock • Call Filtering • Required• S/W Management • Feature Lock • SMS/WAP Anti-Spam • Optional• Remote Control • Password Policy • Jail break detection • App Inventory• Reporting• Summary Views Centralized Policy Management – Single Platform• Summery Reports Integrates directly into OfficeScan as a Plug in
  54. 54. SmartReal-time protection powered byinnovative solutions, big data analyticsand deep threat expertiseSimpleSpecialized solutions that are easyto deploy and manageSecurity That FitsSeamless integration with yourecosystem – maximizingexisting investments, COMPLETE DATA CENTERnot replacing them END USER PROTECTION CUSTOM & CLOUD SECURITY DEFENSE
  55. 55. Secure Your Virtualized Environment Protection from Advanced Persistent Threats (APTs)software@acrodex.com

×