Trend Micro VForum Agentless Scanning Presentation

2. 2 Confidential Agenda Security Roadblocks in the Virtualization Journey Threat Evolution and the Porous Perimeter New Security Paradigms on the vSphere platform Trend Micro: Security Built for VMware

3. 3 Confidential Securing Servers the Traditional Way App OS Network IDS / IPS ESX Server App OS App OS AppAV AppAV AppAV • Anti-virus: Local, agent-based protection in the VM • IDS / IPS : Network-based device or software solution

4. 4 Confidential Virtualization Journey Stage 1: Server Consolidation Classification 01/30/15 4

5. 5 Confidential Virtualization Journey Stage 2: Expansion & Desktop Classification 01/30/15 5 Increased Server Consolidation Desktop Virtualization

6. 6 Confidential Virtualization Journey Stage 3: From Private to Public Cloud Classification 01/30/15 6

7. 7 Confidential Servers Desktops Stage 1 Server Consolidation Stage 2 Expansion & Desktop Virtualization Journey Stages Stage 3 Private > Public Cloud 15% 30% 70% 85% Virtualization Adoption Rate THE SECURITY INHIBITORS TO VIRTUALIZATION

8. 8 Confidential IT Production Business Production ITaaS Data destruction Diminished perimeter Resource Contention Multi-tenancy Data access & governance Complexity of Management Mixed trust level VMs Compliance/ Lack of audit trail 1 2 3 4 5 6 7 8 9 10 11 Virtualization Adoption Rate Security Challenges Along the Virtualization Journey Inter-VM attacks Instant-on gaps Host controls under-deployed

9. 9 Confidential Inter-VM attacks/ blind spots1 Security Inhibitors to Virtualization

10. 10 Confidential Active     Dormant   Reactivated with out-of-date security     Instant-on gaps2 Security Inhibitors to Virtualization New VMs

11. 11 Confidential Resource contention Typical AV Console 3:00am Scan 3 Security Inhibitors to Virtualization

12. 12 Confidential Patch agents Rollout patterns Provisioning new VMs Complexity of Management4 Security Inhibitors to Virtualization Reconfiguring agents

14. 14 Confidential 14 • More Profitable • $100 billion: Estimated profits from global cybercrime -- Chicago Tribune, 2008 • More Sophisticated • “Breaches go undiscovered and uncontained for weeks or months in 75% of cases.” -- Verizon Breach Report, 2009 • More Frequent • "Harvard and Harvard Medical School are attacked every 7 seconds, 24 hours a day, 7 days a week.” -- John Halamka, CIO • More Targeted • “27% of respondents had reported targeted attacks”. -- 2008 CSI Computer Crime & Security Survey Today’s threat environment

16. 16 Confidential 16 # of days until vulnerability is first exploited, after patch is made available 2003 MS- Blast 28 days 2004 Sasser 18 days 2005 Zotob 10 days 2006 … WMF Zero-day Zero-day Exploits are happening before patches are developed 2010 IE zero-day “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.” -- ZDNet, January 21, 2010 “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.” -- ZDNet, January 21, 2010

17. 17 Confidential 17 Where are you vulnerable? Takes days to months until patches are available and can be tested & deployed: • “Microsoft Tuesday” • Oracle • Adobe Developers not available to fix vulnerabilities: • No longer with company • Working on other projects Patches are no longer being developed: • Red Hat 3 -- Oct 2010 • Windows 2000 -- Jul 2010 • Solaris 8 -- Mar 2009 • Oracle 10.1 -- Jan 2009 Can’t be patched because of cost, regulations, SLA reasons: • POS • Kiosks • Medical Devices

19. 19 Confidential New Paradigm #1: Hypervisor-powered Security Architectures 19 App OS ESX Server App OS App OS vShield Endpoint Anti-virus Virtual Appliance • vShield Endpoint enables agentless AV scanning • Secures VMs from the outside, no changes to VM

20. 20 Confidential The Opportunity with Agentless Anti-malware Virtual Appliance Agent vShield Endpoint AgentAgent vSphere Today using vShield EndpointPreviously • More manageable: No agents to configure, update, patch • Faster performance: Freedom from AV Storms • Stronger security: Instant ON protection + tamper-proofing • Higher consolidation: Inefficient operations removed

21. 21 Confidential Security Virtual ApplianceSecurity Virtual Appliance VM APP OS Kernel Kernel BIOS ESX 4.1 vSphere Platform VM APP OS Kernel Kernel BIOS Guest VM OS Anti-malware Product Console Anti-malware Product Console vShield Endpoint Library Agentless anti-malware: Architecture Anti-malware Scanning ModuleAnti-malware Scanning Module vShield Endpoint ESX Module vShield Endpoint ESX Module On Access ScansOn Access Scans On Demand ScansOn Demand Scans Vshield Guest Driver Vshield Guest Driver EPsec Interface VI Admin Security Admin RemediationRemediation Caching & FilteringCaching & Filtering APPsAPPs APPsAPPs APPsAPPs REST Status Monitor Status Monitor

22. 22 Confidential Agentless Anti-malware: Process flow VMVMGuest VM OS Security Virtual ApplianceSecurity Virtual Appliance EPsec Lib Anti-malware Scanning module Anti-malware Scanning module On Access ScansOn Access Scans On Demand ScansOn Demand Scans RemediationRemediation Caching & FilteringCaching & Filtering APPsAPPs APPsAPPs APPsAPPs Vshield Guest Driver Vshield Guest Driver result cached? excluded by filter? file event * file data request * file data * file data * file data request scan result scan resultresult file event data cached? file event result result * file data time

23. 23 Confidential Agentless approach uses less ESX memory # of Guest VMs Anti-Virus “B” Anti-Virus “Y” Anti-Virus “R”

24. 24 Confidential Anti-Virus “B” Time (Seconds) Anti-Virus “Y” Anti-Virus “R” Agentless approach uses less bandwidth Signature update for 10 agents Agentless Anti-Virus “T”

25. 25 Confidential New Paradigm #2: Opportunity to Beef up Server Security  VMsafe enables you to supplement perimeter defense  Agentless IDS/IPS, Firewall and application protection App OS ESX Server App OS App OS VMsafe APIs Virtual Appliance Firewall IDS / IPS Web app Anti-Virus

26. 26 Confidential VMsafe™ APIs 26 CPU/Memory Inspection • Inspection of specific memory pages • Knowledge of the CPU state • Policy enforcement through resource allocation Networking • View all IO traffic on the host • Intercept, view, modify and replicate IO traffic • Provide inline or passive protection Storage • Mount and read virtual disks (VMDK) • Inspect IO read/writes to the storage devices • Transparent to device & inline with ESX Storage stack

27. 27 Confidential Fastpath Driver Micro Firewall (Blacklist & Bypass) Tap/Inline Incoming / Outgoing Packet Pass Drop Stateful Firewall Drop Slowpath Driver Pass DPI Intrusion Defense with VMsafe

28. 28 Confidential vSphere App OS App OS vCenter New Paradigm # 3 Virtualization-aware agents  vCenter integration makes security virtualization-aware  V-aware agents complement virtual appliance  Use cases: offline desktops, compliance, defense in depth

29. 29 Confidential vSphere App OS App OS OS App New Paradigm # 4 Security that is Cloud-Ready  Security for datacenter VMs moves to the cloud with application and data  Advanced security modules (IDS/IPS, Integrity monitoring) protect server in multi-tenant environment

31. 31 Confidential Founded Headquarters Offices Employees Market Leadership United States, 1988 Tokyo, Japan 23 countries 4,350 Internet Content Security US $1 Billion annual revenue 1,000+ Threat Research Experts 10 labs. 24x7 ops Real-time alerts for new threats nd Micro security & compliance solutions VMware customers : Accelerate and complete their virtualization journey More fully leverage their VMware investments Maximize their virtualization ROI Security Built for VMware

32. 32 Confidential 32 Trend Micro Deep Security Server & application protection • Latest anti-malware module adds to existing set of advanced protection modules Firewall Web app protection Log Inspection Integrity Monitoring Anti- Malware Intrusion Detection Prevention

33. 33 Confidential 33 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Log Inspection Anti-Virus Detects and blocks known and zero-day attacks that target vulnerabilities Shields web application vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects malicious and unauthorized changes to directories, files, registry keys… Optimizes the identification of important security events buried in log entries Detects and blocks malware (web threats, viruses & worms, Trojans) Trend Micro Deep Security Server & application protection Protection is delivered via Agent and/or Virtual Appliance 5 protection modules Integrity Monitoring

34. 34 Confidential Classification 01/30/15 34 Agent-based security: • Comprehensive protection within datacenter • Mobility – to extend protection to public cloud Hypervisor / vCenter integration: • Enables virtualization-aware security • Eliminates instant-on gaps Coordinated approach: • Optimized protection • Operational efficiency 2 3 4 Inline virtual appliance: • AV, IDS/IPS, FW • Greater efficiency • Manageability 1 Trend Micro Deep Security Security Built for VMware

35. 35 Confidential Deep Security 7.5 Integrates vShield Endpoint & VMsafe Agent-Less Real Time Scan • Triggers notifications to AV engine on file open/close • Provides access to file data for scanning Agent-Less Manual and Schedule Scan • On demand scans are coordinated and staggered • Traverses guest file-system and triggers notifications to the AV engine • Integrates with vShield Endpoint (in vSphere 4.1) • Zero Day Protection • Trend Micro SPN Integration Agent-Less Remediation • Active Action, Delete, Pass, Quarantine, Clean API Level Caching • Caching of data and results to minimize data traffic and optimize performance Virtual Appl. vShield Endpoint SPN

36. 36 Confidential Thank You www.trendmicro.com/deepsecurity www.vmware.com/trendmicro

Trend Micro VForum Agentless Scanning Presentation

Trend Micro VForum Agentless Scanning Presentation

Recommended

More Related Content

What's hot

What's hot(20)

Similar to Trend Micro VForum Agentless Scanning Presentation

Similar to Trend Micro VForum Agentless Scanning Presentation(20)

More from Graeme Wood

More from Graeme Wood(15)

Recently uploaded

Recently uploaded(20)

Trend Micro VForum Agentless Scanning Presentation

Editor's Notes