TrendMicro

Magic Words of VDI Security:
“Agentless” and “Aware”
David Girard, Senior Security Advisor – Trend Micro Canada

1

1

Virtualization Project ?
Desktop Server Cloud Virtual Appliance

10/4/2010 Copyright 2009 Trend Micro Inc. 2

2

Security Built for VMware
The most comprehensive suite
of next-generation
virtualization security solutions


3


IT Operations Security Compliance

Consolidation rates Protect data Ensure
Operational efficiencies & applications compliance
Flexibility
Savings


4




5

Key Issue:
Resource Contention

High impact : Employee’s arrival or schedule scans

9:00am Scan
Typical AV
Console

If several, or all, VMs start a full anti-malware scan at the same time, the underlying
shared hardware will experience extreme load (memory, CPU, I/O), causing a
slowdown of all virtual systems on the server.
Large pattern file updates require significant memory and can impact, network and
storage I/O resources.
Classification 10/4/2010 Copyright 2009 Trend Micro Inc. 6

6

VDI Security option #1: OfficeScan
(First AV optimized for VDI)

Trend Micro OfficeScan
Protects virtual & physical endpoints
• VDI Intelligence with VDI plug-in
• Serializes updates and scans per VDI-host
• Leverages base-images to further shorten scan times
• Smart Scan limit Endpoints pattern updates since it is
mostly in the cloud


7

OfficeScan 10.5 has VDI-Intelligence

• Detects whether endpoints are physical or virtual
– With VMware View
• Serializes updates and scans per VDI-host
– Controls the number of concurrent scans and updates per VDI host
– Maintains availability and performance of the VDI host
– Faster than concurrent approach
• Leverages Base-Images to further shorten scan times
– Pre-scans and white-lists VDI base-images
– Prevents duplicate scanning of unchanged files on a VDI host
– Further reduces impact on the VDI host

Copyright 2009 Trend Micro Inc.

8

OfficeScan 10.5 Integrates with vCenter


9

CPU


10

CPU - Analysis
• Only 10.5 can support 20+ desktop images with mixed user profile.
• With no AV, average CPU utilization while 4 heavy and 16 light user
script is running is 33%
• With 10.5 with ALL 4 heavy and 16 light user machines scanning,
CPU utilization is 41%. Very Impressive.
• With powerful machines typically used in VDI environment CPU’s
typically are not the breaking point.
• With 20 desktop images, 10.5 adds marginal load to CPU where as
other solutions can not even get to support baseline number of
desktop images
• With 10 desktop images, 10.5 adds only 11% CPU overhead
compared to baseline (no AV and no scanning) versus Symantec
which adds 29% CPU overhead , 10.1 which adds 50% CPU
overhead and McAfee which is the worst which adds 83% CPU
overhead

11

IOPS (vDisk Utilization)


12

IOPS - Analysis
• Only 10.5 can support 20+ desktop images with mixed
user profile.
• With 10 desktop images, 10.5 has 4.25 IOPS, 10.1 has
10.95 IOPS, Symantec has 9.02 IOPS and McAfee has
whopping 22.39 IOPS
• Trend Micro Office Scan 10.5 IOPS has small deviation of
0.77 MB/s and 3.66 MB/s only from baseline and mixed
20 user profile
• Lets recap why 10.5 is so much better with IOPS
• 10.5 Serializes updates and scans per VDI-host
• Pre-scans and white-lists VDI base-images
• Prevents duplicate scanning of unchanged files on a VDI host

13

IOPS – How many Systems?

• A VDI environment sized for 20
desktop images with 4 heavy
and 16 light users.
• Keep IOPS between 6-8 and
see how many desktop images
can be supported with each AV
deployment (Apples to Apples
comparison)
• All about return of investment

• If you deploy McAfee, you can deploy ONLY 2 desktop images in an
environment which supports 20 images without AV
• If you deploy Symantec, you can deploy ONLY 4 desktop images in an
environment which supports 20 images without AV
• If you deploy Trend 10.5, you can deploy ALL 20 desktop images
Customers no longer have to choose
between Security and Return On Investment

14

Memory


15

Memory - Analysis
• Only 10.5 can support 20+ desktop images with mixed
user profile.
• Automatic Pool of 20 desktop images without AV in
Mixed user Profile is consuming around 7.74 GB of
Active Memory
• Trend Micro Office scan 10.5 is putting an overhead of
only 1.32 GB in maximum VDI Density environment.


16

Scan Time with 10.5

VDI Profile Other AV Solution Trend Micro 10.5

Mixed Maximum High Density Approx 1-2 Hours 16 Minutes
VDI Pool(4H &16 L)

Mixed Low Density VDI Pool Approx. 27- 49 minutes 2 Minutes
(1H & 3 L)

17

Scan Time - Analysis
• Trend Micro Office scan 10.5 is performing Approx. 15 -
25 times better in Mixed Low Density VDI pool and 4 -8
times better in Mixed Maximum High Density VDI pool.

• Trend Micro office scan 10.5 with its Smart Scan and VDI
aware capability is consuming remarkably less scan time
than other AV solutions.


18

VDI Security option #2:
Deep Security

Trend Micro Deep Security
Protects virtualized endpoints & servers
• First agent-less anti-malware solution
• Hypervisor-based introspection
• Eliminates “AV storms”


19




20

Key Issue:
Resource Contention

9:00am Scan
Typical AV
Console


21

Key Issue:
Instant On Gaps

Active, with
Active Dormant security
out-of-date


22

Key Issue:
Mixed Trust Level VMs

ERP Email Web Test CRM


23

Trend Micro Deep Security

IDS / IPS Integrity Log
Anti-Virus Firewall
Monitoring Inspection

Physical Virtual Cloud Desktop/Laptop

Core Protection for Virtual Machines or CPVM deliver Agent Less AV for ESX 3.5 and 4.0.
Deep Security 7.5 will go deeper with vShield on ESX or ESXi 4.1


24

Co-ordinated Approach
• Optimized protection
• Operational efficiency

Security virtual Security
Agent-based
appliance VM Security
Efficiency Protection
Manageability Mobility


25




26

Issue #1:
Multi-tenancy


27

Issue #2:
Data Access & Governance

10010011
01101100


28

Issue #3:
Secure Storage Recycling

10011 10011
01110 01110
00101 00101


29

Trend Micro Cloud Security
Solutions
Deep Security SecureCloud
• Anti-Virus • Encryption
• IDS/IPS • Policy-based key management
Private & Public
• + Virtual Patching
• + Web App Protection
Cloud Computing
Flexibility & Confidence

• File Integrity Monitoring
• Log Inspection
• Firewall


30




31

Virtual Appliances
Virtual Appliance

Application

Operating
System

Hypervisor Hypervisor

Hardware Hardware


32

Virtual Appliance Benefits

Virtual Appliance
Costs
70%
IT Flexibility
Per-User
Improve Business Cost of Virtual
Continuity Appliance

A solution that scale over time. Don’t need to buy a bigger physical
appliance. Just add more resources. Don’t need to buy an extra box
for pre-production environment, just fire a new VM or install on any
box that can run CentOS or Red Hat.


33

Trend Micro
Security Virtual Appliances
Virtual Appliance

Web Security
Email Security

Other Trend Micro Product are offered as a virtual appliance :
-Data Loss Prevention Server
-Threat Discovery Virtual Appliance (part of Threat Management Services (TMS)


34

Deep Security Deep Security Deep Security InterScan Web Security
OR AND InterScan Messaging
OfficeScan SecureCloud Security

Desktop Server Cloud Virtual Appliance*

Encryption of the *VMware Certified
virtual file system Appliances


35



36

Trend Micro
Global leader in Internet content security and threat management.
Catalyst for faster adoption of virtualization.
Our Vision:
A world safe for exchanging digital information

Founded • United States in 1988

Headquarters • Tokyo, Japan
Offices • 23 countries
Employees • 4,350
Leadership • US $1 Billion annual revenue
• 3rd largest security company 1,000+ Threat Research Experts
10 labs. 24x7 ops
• “Global 100 Most Sustainable Corporations” Real-time alerts for new threats
• Top 3 in Messaging, Web and Endpoint security
• Leader in virtualization & cloud computing
security

Copyright 2009 Trend Micro Inc.
37

37

Questions?

Thank you, merci
New Threats Informations For more informations:
http://blog.trendmicro.com/ Technical:
david_girard@trendmicro.com
514-629-1680

User group Sales:
Groupe d’utilisateurs Michel_bouasria@trendmicro.com
Trend Micro du Québec 514-653-2257
http://www.linkedin.com/groups?gid=2296257 Jean_houle@trendmicro.com
514 893-1512

38

TrendMicro

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to TrendMicro

Similar to TrendMicro (20)

More from 1CloudRoad.com

More from 1CloudRoad.com (19)

Recently uploaded

Recently uploaded (20)

TrendMicro