Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Securing your Journey to the Cloud            John Maddison            GM Data Center Business Unit            April 20124...
Trend Micro A global cloud security leader that creates a world safe for businesses and consumers exchanging digital infor...
Trend Micro is the Largest Independent Security Company         Trend Micro Global 500 Penetration         •              ...
Unique Set of Security Challenges
APT Definition  ―Advanced Persistent Threat‖ was first coined     by the US Air Force in 2006 to describe  complex cyber a...
APT Phases   1. Intelligence Gathering             Identify & research target individuals using public sources            ...
A Recent Example - ShadowNet• Less than 200 computers compromised, almost all in India• Recovered data included Secret, Co...
Recent APT Campaigns4/26/2012   Confidential | Copyright 2012 Trend Micro Inc.   8
The Footprint of an APT is very small
Journey to the CloudAccess data, anytime, anywhere, from any device                                                    PUB...
Virtualization & Cloud Computing    One security platform across physical, virtual,              and cloud environments   ...
Security Tools and Threat  Firewall                                 White List      Full function centrally managed      M...
PHYSICAL(P)                  Single Pane             Deep Security                                            Manager     ...
PHYSICAL (P) + VIRTUAL (V)                   Single Pane                       Deep Security                              ...
PHYSICAL (P) + VIRTUAL (V) + Cloud  Modular          Single Pane                       Deep Security                      ...
Recommendation Scans                                                          Voted                                       ...
PVC Dashboard• Solution Profile  & White Paper• Product Demo• Define Key Evaluation  Requirements• Product Evaluation• Pro...
Microsoft Active ProtectionsProgram• Microsoft Active Protections Program (MAPP)   – Program for security software vendors...
Certifications     • Common Criteria     • In evaluation for Level 4 Augmented (EAL 4+)       – All protection modules (Fi...
Data Protection - SecureCloud Enterprise Datacenter   or SaaS Offering                            VM                      ...
Deep Security for PCI compliance                                                        Addressing 7 PCI Regulations      ...
PCI DSS 2.0 Virtualization Guidelines        Function                                                    Solution        H...
Trend Micro VisionUse Case: Correlated Data &Threat Protection       Data Protection                                     T...
Cloud & Virtualization Computing Leadership          Server Security—Unique from Desktop   • Servers require a different s...
Trend Micro #1: Securing YourJourney to the Cloud         Trend Micro           13–17%                Source: 2012 Technav...
Copyright 2012 Trend Micro Inc.
Upcoming SlideShare
Loading in …5
×

AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, AWS Summit 2012 - NYC

2,606 views

Published on

Published in: Technology
  • Be the first to comment

AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, AWS Summit 2012 - NYC

  1. 1. Securing your Journey to the Cloud John Maddison GM Data Center Business Unit April 20124/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 1
  2. 2. Trend Micro A global cloud security leader that creates a world safe for businesses and consumers exchanging digital information, through content security and threat management EVA CHENCEO and Co-Founder Founded $1 Billion Annual Revenue / VISION United States $1.7 Billion Total Assets in 1988 A world safe for exchanging Headquarters #1 in Server Security digital information Tokyo, Japan Employees 4,846 #1 in Virtualization MISSION Innovate to Market Security provide the best Content Security and content security Threat Management 1000+ Threat Experts that fits into the IT infrastructure Locations #1 in Cloud Security 28 Offices Worldwide
  3. 3. Trend Micro is the Largest Independent Security Company Trend Micro Global 500 Penetration • • 10 of the top 10 Automotive companies • 10 of the top 10 Telecom companies • 8 of the top 10 Banks • 9 of the top 10 Oil companies Trust Trend Micro security solutions* Trend Micro Trend Micro Trend Micro Trend Micro Trend Micro protects protects protects protects protects 96% of the top 50 100% of the top 100% of the top 80% of the top 90% of the top global 10 automotive 10 telecom 10 banks. 10 oil companies. corporations. companies. companies. * In calculating the above data, the percentage use of Trend Micro products include usage by parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service.
  4. 4. Unique Set of Security Challenges
  5. 5. APT Definition ―Advanced Persistent Threat‖ was first coined by the US Air Force in 2006 to describe complex cyber attacks against specific targets over long periods of time. Originally, the term was used to describe nation- states stealing data or causing damage to other nation-states for strategic gain I prefer ―Targeted Attacks‖
  6. 6. APT Phases 1. Intelligence Gathering Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack. 2. Point of Entry (Infiltration) The initial compromise is typically malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. 3. Command & Control (C&C) Communication Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases. 4. Lateral Movement Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control. 5. Asset/Data Discovery Several techniques and tools are used to identify the noteworthy servers and the services that house the data of interest. 6. Data Exit (Exfiltration) Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations.
  7. 7. A Recent Example - ShadowNet• Less than 200 computers compromised, almost all in India• Recovered data included Secret, Confidential and Restricted Indian Gov’t documents• Social engineering + malware embedded in malicious documents + tiered C&C infrastructure Exploit Target Root Spread Control Steal C&C
  8. 8. Recent APT Campaigns4/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 8
  9. 9. The Footprint of an APT is very small
  10. 10. Journey to the CloudAccess data, anytime, anywhere, from any device PUBLIC CLOUD (SaaS, IaaS, PaaS): Flexibility and operational efficiency Delivers agility by anticipating and meeting business needs VIRTUALIZATION Desktop / server consolidation PLATFORM using virtual machines PHYSICAL: On premise desktop / server
  11. 11. Virtualization & Cloud Computing One security platform across physical, virtual, and cloud environments Physical Virtual Cloud Firewall Antivirus Agentless Encryption HIPS Web ProtectionVulnerability Shielding File Integrity One Security Platform
  12. 12. Security Tools and Threat Firewall White List Full function centrally managed Malware protection for virtual servers network and application firewall Deep Packet Inspection Web Reputation Services Provides IDS / IPS, Web App Malware protection for virtual servers Protection, Application Control Integrity Monitoring IP Reputation Full System Monitoring in real-time; Malware protection for virtual servers Scheduled & on-demand scanning Log Inspection Collects & analyzes OS and application logs for security events Antivirus Malware protection for virtual servers
  13. 13. PHYSICAL(P) Single Pane Deep Security Manager SIEM Scalable Redundant ReportsDeep Security Agent• Firewall• IDS/IPS• Integrity Monitoring• Log Inspection• Antivirus• Reputation
  14. 14. PHYSICAL (P) + VIRTUAL (V) Single Pane Deep Security Manager SIEM Scalable Redundant VIRTUALIZATION MANAGER Reports Deep Security Virtual Appliance or Agent Deep Security Agent • Firewall • IDS/IPS • Firewall • Integrity Monitoring • IDS/IPS • Log Inspection • Integrity Monitoring • Antivirus • Antivirus • Reputation • Reputation
  15. 15. PHYSICAL (P) + VIRTUAL (V) + Cloud Modular Single Pane Deep Security Manager SIEMMulti-Tennant Scalable Hosted Redundant VIRTUALIZATION MANAGER Reports Deep Security Virtual Appliance Deep Security or Agent Agent Deep Security Agent • Firewall • IDS/IPS • Firewall • Integrity Monitoring • IDS/IPS • Firewall • Log Inspection • Integrity Monitoring • IDS/IPS • Antivirus • Log Inspection • Integrity Monitoring • Reputation • Antivirus • Antivirus • Reputation • Reputation
  16. 16. Recommendation Scans Voted Number 1 Feature by Customers• The server being protected is analyzed to determine: – OS, service pack and patch level – Installed applications and version – DPI rules are recommended to shield the unpatched vulnerabilities from attacks – As patches, hotfixes, and updates are applied over time, the Recommendation Scan will: • Recommend new rules for assignment • Recommend removal of rules no longer required after system patching – Recommendations for DPI, Integrity Monitoring, and Log Inspection rules are supported
  17. 17. PVC Dashboard• Solution Profile & White Paper• Product Demo• Define Key Evaluation Requirements• Product Evaluation• Proof-of-Concept 1
  18. 18. Microsoft Active ProtectionsProgram• Microsoft Active Protections Program (MAPP) – Program for security software vendors – Members receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update – Members use this information to deliver protection to their customers after the Microsoft Security Bulletins have been published• Trend Micro’s protection is delivered to customers within 2 hours of Microsoft Security Bulletins being published – This enables customers to shield their vulnerable systems from attack – Systems can then be patched during the next scheduled maintenance window
  19. 19. Certifications • Common Criteria • In evaluation for Level 4 Augmented (EAL 4+) – All protection modules (Firewall, DPI, Integrity Monitoring, Log Inspection, Anti Malware) – All platforms (Windows, Linux, Solaris, HPUX, AIX, VMware - Virtual Appliance) • NSS Labs – Third Brigade Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS). 1
  20. 20. Data Protection - SecureCloud Enterprise Datacenter or SaaS Offering VM Corporate VM VM VM App Hypervisor Trend Micro SecureCloud Console Shared Storage Enterprise Key My Data
  21. 21. Deep Security for PCI compliance Addressing 7 PCI Regulations and 20+ Sub-Controls Including: Deep Packet Inspection  (1.) Network Segmentation IDS / IPS  (1.x) Firewall Web Application Protection  (5.x) Anti-virus* Application Control  (6.1) Virtual Patching** Firewall Integrity Monitoring  (6.6) Web App. Protection  (10.6) Daily Log Review Log Anti-Virus Inspection  (11.4) IDS / IPS  (11.5) File Integrity Monitoring * Available for VMware only Q3 2010 ** Compensating Control
  22. 22. PCI DSS 2.0 Virtualization Guidelines Function Solution Hypervisor Environment in Scope - Deep Security DPI and FIM One Function per Server - Deep Security Firewall Separation of Duty - Deep Security Manager Mixing VM’s of different trust levels - Deep Security Firewall and IDS/IPS Dormant VM’s and VM Snapshots - Deep Security Firewall and IDS/IPS Immaturity of monitoring solutions - Deep Security IDS/IPS, Integrity Monitoring & Log Insp. Information Leakage - Deep Security (all modules) Defense in Depth - Deep Security (all modules) VM Hardening - Virtualization Vendors Cloud Computing - Cloud Vendor + Deep Security and SecureCloud4/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 22
  23. 23. Trend Micro VisionUse Case: Correlated Data &Threat Protection Data Protection Threat Protection Deep Security SecureCloud Context Aware Credit Card Payment Server Security Platform SensitiveMedicalNumbers Social Security Records Patient Research Results Encryption with Policy- Information based Key Management Server security validation prior to releasing keys Server security information On-going checks can revoke or reinstate keys at any time Physical Virtual Cloud Classification 4/26/2012 2 3
  24. 24. Cloud & Virtualization Computing Leadership Server Security—Unique from Desktop • Servers require a different security strategy than desktops • Paper calls out the need for many technologies provided in Deep Security“Some of the vendors are well ahead in their virtualization-optimized solutions—for example, Trend Micro.” “Also, when server-based VM’s…move out from behind perimeter security…Protection capabilities such as host-based encryption (for example, Trend Micro’s SecureCloud… become extremely important”
  25. 25. Trend Micro #1: Securing YourJourney to the Cloud Trend Micro 13–17% Source: 2012 Technavio – Global Cloud Security Software Market Trend Micro Trend Micro 23.7% 13% Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: IDC, 2011 Source: 2011 Technavio – Global Virtualization Security Management Solutions
  26. 26. Copyright 2012 Trend Micro Inc.

×