Today’s threat landscape is about volume and profit with the majority of threats coming from the Web. Cybercriminals are releasing new threats every 1.5 seconds in order to avoid detection. This shift is putting pressure on all vendors to improve their ability to source, analyze and provide protection from new threats faster than ever before. Their goal is to steal data and data is now everywhere – which means protection has to secure networks, endpoints, remote devices, data centers and virtualized environments. [Click to advance to Threat Tracker slide] At Trend Micro, we’ve spend the last 5 years developing our Smart Protection Network cloud-client infrastructure and we own all the technology. It sources threats from millions of sensors, honeypots, customers and partners around the world in order to gather the latest threat intelligence. The Smart Protection Network is integrated into all of our solutions and TrendLabs researches analyze terabytes of threat data every day. By correlating this information across multiple threat vectors – email, file and Web, we are able to provide proactive protection faster than anyone else in this industry. It’s blocking billions of threats every dayOther vendors have just started adding in the cloud protection or reputation services to one or two of their products at most and usually only covering one or two threat vectors – they don’t have it throughout their product line, they don’t correlate across the multiple threat vectors, and they don’t have feedback automatically coming from and integrating into consumer, business and partner products around the worldThe Smart Protection Network provides the latest protection immediately to all of our customers around the globe, no matter where they connect. How well is this working? [Click to bring up NSS Labs results] NSS Labs performed an independent endpoint test focused on real-world, socially engineered threats, not just your typical static file-based test. This test was performed over 17 days and tested whether a threat could be blocked at its source (URL) or during download and last upon execution. If a vendor was unable to detect a threat, NSS Labs retested to determine just how well a vendor was at automatically sourcing, analyzing and providing protection over time. Trend Micro came out #1 in both consumer as well as Enterprise endpoint protection, and also #1 in the time to protect.Be critical of other test results – did they have a live connection to the internet to all reputation services to block threats before they got to the endpoint or are they only testing a product’s ability to detect malware on endpoints? Are their threats the latest and how do they source them?
This slide can be used for new customers. If you have an existing customer who has not upgraded to the new solutions supporting File reputation, you should use slide 20.Endpoint pattern or signature size can give us some information on why customers are moving away from Symantec & McAfee. The growth of their signature files on the endpoint has grown dramatically due to the explosive volume of malware recently. As such, they have to add more and more signatures which need to be distributed to each and every endpoint device they manage. Meanwhile, Trend Micro introduced File Reputation in 2009 where the majority of our signatures now reside in the cloud reputation database or on the customers Smart Protection server. This has allowed us to dramatically reduce the size of our endpoint signature file, which is improving the endpoint resource utilization as well as the bandwidth and speed requirements to publish new signatures.
OfficeSCan performed the best at the Exposure layer, with Sophos ranked #2. You’ll notice that Symantec, Microsoft & McAfee all performed poorly in this area, which shows they’re web threat protections are still in their infancy stages or non-existent in the case of Symantec. Microsoft performed the best at the infection layer, but vendors who continue to focus on file-based protections (Symantec, Microsoft) will struggle as the volume of threats continues to increase. Lastly, you’ll notice that Trend’s Dynamic Layer is better than the other vendors, even though we are generally more conservative in our heuristics than these other vendors.
NSS Labs performed this test over 11 days and tested both missed samples and new samples every 6 hours to determine which vendor was able to source, analyze and provide protection the fastest for threats it missed in earlier runs. Again as before, Trend Micro ranked #1 in this category, showing the power and maturity of our Smart Protection Network.
We may not always show up 1st in every test, but we will consistently be near the top or at the top of the results. As you see here, many of our competitors results vary quite dramatically up and down. This is due to lack of a mature, stable protection network within their products. Our multi-layered strategy is showing consistent results in protecting our customers well.
Wie Trend Micro virtuelle Umgebungen zukunftsweisend schützt
Trend Micro A global leader in Internet content security advancing threat management technology to secure data against a wide range of threats EVA CHENCEO and Co-Founder Founded VISION United States $1 Billion Annual Revenue A world safe in 1988 for exchanging Headquarters Largest Security Company digital information Tokyo, Japan Headquartered Outside US Employees Top 3 in Messaging, Web 4,850 MISSION and Endpoint Security Market Innovate to Content Security A Leader in Virtualization provide the best and Cloud Computing content security Locations 1000+ Threat Experts Security that fits into the Operations in 23 IT infrastructure Countries Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 2
Security That Fits: IT InfrastructureTrend Micro innovation enables benefits of next-generationIT platforms 1st Cloud 1stIntegrated Computing Virtualization Security 1st in Security (Coming) Netbooks Security 1st Threat Management 1st Gateway Solution Security (Network) 1st LAN Server Security Back to Security that Fits Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 3
Smart Protection Network Correlation WEB REPUTATION EMAIL FILE REPUTATION REPUTATION Copyright 2009 Trend Micro Inc. 3/17/2011 6Classification
Security That Fits: Customer EnvironmentTrend Micro’s ubiquitous protection secures your datawherever it resides Servers Virtual Servers Networks Cloud Computing Routers Security AppliancesNetbooks Windows/OSX Hosted Security Smart PSP/PS3 Phones Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 10
Agentenloser Schutz mit Deep SecurityAn die Virtualisierung angepasste Sicherheit Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 11
Herausforderung der virtuellen Sicherheit 1 Angriffe unter virtuellen Maschinen Copyright 2009 Trend Micro Inc.
Herausforderung der virtuellen Sicherheit 2 Instant-on Lücken Reaktiviert mit Aktiv Ruhend veralteter Security Neue VMs Copyright 2009 Trend Micro Inc.
Herausforderung der virtuellen Sicherheit 3 Resourcen Engpässe 3:00 Uhr Scan Standard AV Konsole Copyright 2009 Trend Micro Inc.
Herausforderung der virtuellen Sicherheit 4 Komplexes Management Patchen Provisionierung Neukonfiguration Pattern der neuer VMs der Agenten verteilen Clients Copyright 2009 Trend Micro Inc.
Ausnutzen der Sicherheitslücken bevor ein Patch zur Verfügung steht “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe 28 Tage since September last year.”Tage bis zur -- ZDNet, January 21, 2010erstenAusnutzung der 18 TageSicherheitslücke 10 Tage Zero-day Zero-day 2003 2004 2005 2006 … 2010 MS- Blast Sasser Zotob WMF IE zero-day 19 Copyright 2009 Trend Micro Inc.
Vision eines neuen Sicherheitsmodellsfür Datenzentren„Der virtuelle Host muss sich selbst schützen“ Selbstschützende Integration von VM- und Anwendung Netzwerk-Sicherheit Firewall, IPS, Virenschutz... ! ! ! VM1 VM3 ! Anw1 ! Anw3 ! BS1 BS3 ! Hypervisor Copyright 2009 Trend Micro Inc.
Deep SecurityServer & Application Protection PHYSICAL VIRTUAL CLOUD Deep Packet Inspection Anti- Web App. Application Integrity Log IDS / IPS Firewall Malware Protection Control Monitoring Inspection Copyright 2009 Trend Micro Inc. 22
Deep Security Product Components PHYSICAL VIRTUAL CLOUD Deep Security Agent Deep Security Security Virtual Appliance Profiles IT Infrastructure Integration • vCenter Alerts • SIEM • Active Directory • Log correlation Deep Security • Web services Manager Security Center Reports Security Updates Copyright 2009 Trend Micro Inc. 23
Deep Security Coordinated Approach Firewall DPI, AV Protection Deep Security VMware Virtual Appliance vCenter VMware vSphere 4.1 Copyright 2009 Trend Micro Inc. 25
Architektur: Agentenloser Malwareschutz Security Virtual Appliance DeepSecurity Manager VM VM Anti-malware Scanning Module Guest VM Security Admin EPsec Interface APPs APP APP vShield Endpoint APPs Library APPs On Access Scans On Demand Scans OSOS OS REST Kernel Status Remediation Kernel Vshield Guest Monitor Driver BIOS BIOS Caching & Filtering vShield Manager 4.1 ESX 4.1 vShield Endpoint ESX Module VI Admin vCenter vSphere Platform Copyright 2009 Trend Micro Inc.
Demo: Deep Security 7.5Viren über Hypervisor erkennen Real-Time Scan Deep Security Scheduled Scan Virtual Appliance VMware vSphere 4 mit vShield Endpoint Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 28
Secure CloudWie kann ich in der Cloud Kontrolle über meine Daten behalten? Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 29
Who Has Control? Servers Virtualization & Public Cloud Public Cloud Public Cloud Private Cloud IaaS PaaS SaaS End-User (Enterprise) Service Provider Trend Micro Confidential 3/17/2011 Copyright 2009 Trend Micro Inc. 30
SecureCloud: Enterprise ControlledData Protection for the Cloud My Data 31 Copyright 2009 Trend Micro Inc.
A New Security Architecture For A New Era All environments should be considered un-trusted Users access app Deep SecurityDatacenter SecureCloud: • Facilitates movement between Public Cloud datacenter & cloud • Delivers control, security and compliance through encryption • Host defends Avoids service provider lock-in • itself from attack Enables secure storage recycling SecureCloud Data encrypted within the server Encryption keys controlled by you Encrypted Data Data Data Trend Micro Confidential3/17/2011 Copyright 2009 Trend Micro Inc. 32
VDI Schutz mit OfficeScanWie kann der Desktop effizient geschützt werden? Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 33
OfficeScan 10.5: Optimiert für VDI• Unterscheidet virtuelle und physikalische Endgeräte – Mit VMware View – Mit Citrix XenDesktop• Serialisiert Updates und Scans – Kontrolliert die Anzahl gleichzeitiger Scans und Updates – Erhält die Verfügbarkeit und Performance der VDI Hosts – Schneller als gleichzeitiger Ansatz• Nutzt VDI Provisionierung für kürzere Scan-Dauer – Base-Images können vorab gescannt und Whitelist erstellt werden – Verhindert mehrfach-Scans gleicher Dateien – Nochmalige Senkung der benötigten Ressourcen Copyright 2009 Trend Micro Inc.