Trend Micro Dec 6 Toronto VMUG


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Trend Micro Dec 6 Toronto VMUG

  1. 1. Virtualization Security:Physical. Virtual. Cloud.Peter Cresswell - Trend Micro CanadaCISSP ISSAP CISA CISM Copyright 2011 Trend Micro Inc.
  2. 2. VMWorld 2011: Partners for Security Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform• VMware #1 Security Partner• Trend Micro: 2011 Technology Alliance Partner ofthe Year Copyright 2011 Trend Micro Inc.
  3. 3. VIRTUALIZATION/CLOUD:Securing the Journey Copyright 2011 Trend Micro Inc.
  4. 4. Journey to the CloudPhysical Virtual Cloud Public Cloud Windows/Linux/Solaris Server Virtualization Private Cloud Desktop Virtualization Hybrid Cloud Copyright 2011 Trend Micro Inc. 4
  5. 5. Threat Landscape • Malware • Advanced Persistent Threats • Botnets • Espionage Trend Micro finds over 70% of enterprise networks contain active malicious malware Millions of computers have been compromised by ZeuS Copyright 2011 Trend Micro Inc.
  6. 6. Key Trends: Data-centric threat environment # of days until More Profitable vulnerability is first exploited, after patch is made available Exploits are happening before patches More Sophisticated 28 days are developed More Frequent 18 days 10 days More Targeted Zero-day Zero-day 2003 2004 2005 2006 … 2010 MS- Blast Sasser Zotob WMF IE zero-day 6 Copyright 2011 Trend Micro Inc.
  7. 7. Threats are more targetedRSA Europe Two groups from the same country teamed up to launch a sophisticated attack against RSA Securitys systems last March, EMCs security division said.Unspecified information gained during the attack paved the way towards an unsuccessful attack against a defence contractor (self-identified as Lockheed Martin), senior RSA execs said during the opening of the RSA Conference in London on Tuesday."Two groups were involved in the attack," Thomas Heiser, RSA Security president, said during a keynote at the conference. "Both are known to authorities but they have never worked together before.""The attack involved a lot of preparation," he added The Register Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 7
  8. 8. Key Trends: Compliance Imperative More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS… More specific security requirements • Virtualization, Web applications, EHR, PII… More penalties & fines • HITECH, Breach notifications, civil litigation • PIPEDA- Risk based breach • California SB1386 – Data notification. Bill C29 to make breach of unencrypted data breach notification mandatory. notification • Alberta PIPA Bill 54 amended • Industry Regs - HITECH, May 2010 to mandate HIPAA, PCI, SOX, HIPAA, notification of breaches. FISMA, Basel II… • Quebec QPPIPS similar to PIPEDA with additional civil liabilities. Copyright 2011 Trend Micro Inc. 8
  9. 9. SECURING THE VIRTUALIZEDDATACENTER Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 9
  10. 10. Identifying Security Challengesin the Virtual/CloudPhysical Virtual Cloud Public Cloud Windows/Linux/Solaris Server Virtualization Private Cloud Desktop Virtualization Hybrid Cloud • New platforms don‘t change the threat landscape • Each platform adds unique security risks Copyright 2011 Trend Micro Inc. 10
  11. 11. The FundamentalsMany third party courses and best practices covering:• Hypervisor lockdown• Virtual Network design and configuration• VM security configuration• VDI security architecture and configuration• Storage security issues SANS 579: Virtualization Security Architecture and Design Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 11
  12. 12. P2V: Security ChallengeVirtualization driven by:• increased density• consolidated resources• ‗green‘ ITYet ―virtually unaware‖ security controls directly impact the organization‘s ability to achieve the desired performance, density and ROI goals. Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 12
  13. 13. VirtualizationSecurity Inhibitors Typical AV Console 3:00am Scan1 Resource Contention Antivirus Storm Automatic antivirus scans overburden the system Copyright 2011 Trend Micro Inc. 13
  14. 14. VirtualizationSecurity Inhibitors Reactivated with1 Resource Contention Active out-of-date security New VMs Dormant2 Instant-on Gaps        Cloned VMs must have a configured agent and updated pattern files Copyright 2011 Trend Micro Inc. 14
  15. 15. VirtualizationSecurity Inhibitors1 Resource Contention2 Instant-on Gaps3 Inter-VM Attacks / Blind Spots Attacks can spread across VMs Copyright 2011 Trend Micro Inc. 15
  16. 16. VirtualizationSecurity Inhibitors Provisioning Reconfiguring Rollout Patch new VMs agents patterns agents1 Resource Contention2 Instant-on Gaps3 Inter-VM Attacks / Blind Spots4 Complexity of Management VM sprawl inhibits compliance Copyright 2011 Trend Micro Inc. 16
  17. 17. Deep Security 8A Server Security Platform forPhysical, Virtual, Cloud Available Aug 30, 2011 Copyright 2011 Trend Micro Inc.
  18. 18. The Deep Security server security platformServer Application and Data Security for: Physical Virtual Cloud Deep Packet Inspection Web App. Application Integrity Log IDS / IPS Firewall Antimalware Inspection Monitoring Protection Control Copyright 2011 Trend Micro Inc. 18
  19. 19. Server-Centric Security ―De-Militarized Zone‖ (DMZ) IDS/IPS Firewall Firewall & IDS/IPS IDS/IPS File Integrity Monitoring Gateway & Log Inspection (Malware) Anti-Malware Business Mission Critical Servers Servers / Endpoints 5/28/2009 Copyright 2011 Trend Micro Inc. 19 19
  20. 20. DS 8.0 Overview 12/22/2011 Copyright 2011 Trend Micro Inc. 20
  21. 21. Deep Security 8 Agent Deep Packet Firewall Inspection Anti-malware WEB REPUTATION VDI Local Mode SERVICES Integrity Log Monitoring Inspection• New Agent-based AV for physical Windows and Linux* systems, virtual servers, and virtual desktops in local mode• Web reputation services through integration with Smart Protection Network protects systems/users from access to malicious websites Copyright 2011 Trend Micro Inc. 21
  22. 22. Trend Micro Deep SecurityServer & application protection 5 protection modules Deep Packet Inspection Detects and blocks known and IDS / IPS zero-day attacks that target vulnerabilitiesShields web application Web Application Protectionvulnerabilities Provides increased visibility into, Application Control or control over, applications accessing the networkReduces attack surface. Detects and blocks malwarePrevents DoS & detects Firewall Anti-Virus (web threats, viruses &reconnaissance scans worms, Trojans)Optimizes the Detects malicious and Log Integrityidentification of important unauthorized changes to Inspection Monitoringsecurity events buried in directories, files, registry keys…log entries Copyright 2011 Trend Micro Inc. 22
  23. 23. Over 100 applications protectedDeep Security rules shield vulnerabilities in these common applicationsOperating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11)Database servers Oracle, MySQL, Microsoft SQL Server, IngresWeb app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft SharepointMail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional,FTP servers Ipswitch, War FTP Daemon, Allied TelesisBackup servers Computer Associates, Symantec, EMCStorage mgt servers Symantec, VeritasDHCP servers ISC DHCPDDesktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayerMail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail ClientWeb browsers Internet Explorer, Mozilla FirefoxAnti-virus Clam AV, CA, Symantec, Norton, Trend Micro, MicrosoftOther applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 23 Copyright 2011 Trend Micro Inc.
  24. 24. vShieldSecuring the Private Cloud End to End: from the Edge to the Endpoint vShield App and vShield Edge vShield Endpoint Zones Endpoint = VM Edge Security Zone Secure the edge of Application protection from Enables offloaded anti-virus the virtual datacenter network based threats Virtual Datacenter 1 Virtual Datacenter 2 VMware VMware DMZ PCI HIPAA vShield Web View vShield compliant compliant VMware vShield Manager Copyright 2011 Trend Micro Inc.
  25. 25. Deep Security 8Agentless Security for VMware Trend Micro Deep SecurityIntegrates Agentless with 1 IDS / IPS VMsafe vCenter APIs Web Application Protection Application Control Security Virtual Firewall Machine Agentless v 2 S vShield Antivirus p Endpoint Agentless h 3 e Integrity Monitoring vShield Endpoint r e Agent-based 4 Log Inspection Security agent on individual VMs Copyright 2011 Trend Micro Inc.
  26. 26. Agentless Anti-Virus Agent-less Anti-Virus for VMwareThe idea Protection for virtualized desktops and datacenters Trend MicroThe components VMware Deep Security vShield Endpoint Anti-malware Enables offloading of antivirus A virtual appliance that detects processing to Trend Micro Deep and blocks malware (web threats, Security Anti-malware – a viruses & worms, Trojans). dedicated, security-hardened VM.CustomerBenefits Higher Faster Better Stronger Consolidation Performance Manageability SecurityDiffer-entiator The first and only agentless anti-virus solution architected for VMware 26 Copyright 2011 Trend Micro Inc.
  27. 27. Agentless Integrity Monitoring The Old Way With Agent-less Integrity Monitoring Security VM VM VM Virtual Appliance VM VM VM VM Zero Added Faster Better Stronger Footprint Performance Manageability Security • Zero added footprint: Integrity monitoring in the same virtual appliance that also provides agentless AV and Deep Packet Inspection • Stronger Security: Expands the scope of protection to hypervisors • Order of Magnitude savings in manageability • Virtual Appliance avoids performance degradation from FIM storms 27 Copyright 2011 Trend Micro Inc.
  28. 28. Agent-less Security Architecture Trend Trend Micro Micro Deep Security Virtual Appliance Guest VM Deep Security Network Security Anti-Malware Manager Security IDS/IPS - Real-time Scan APPs Admin - Web App Protection - Scheduled & APPs - Application Control Manual Scan APPs OS Kernel FIM Firewall OS BIOS VMsafe-net vShield Endpoint API API Thin Driver vShield ESX 4.1 Manager Trend Micro vShield Endpoint filter driver ESX Module VI Admin vCenter vSphere Platform Trend Micro vShield Legend  product VMware Endpoint components Platform Components Copyright 2011 Trend Micro Inc.
  29. 29. VirtualizationAddressing Security Inhibitors Solution: Agentless Security1 Resource Contention Services from a separate scanning VM Solution: Dedicated scanning VMs2 Instant-on Gaps with layered protection Inter-VM Attacks / Blind Spots Solution: VM-aware security with3 virtualization platform integration Solution: Integration with4 Complexity of Management virtualization management consoles such as VMware vCenter Copyright 2011 Trend Micro Inc. 29
  30. 30. VirtualizationDEEP SECURITY Security built forvirtualization helps maximizeconsolidation rates, operational efficiencies and cost savingsCopyright 2011 Trend Micro Inc. 30
  31. 31. Deep Security: Agentless Security Benefits• Higher VM density Agentless server security platform − Agentless AV enables 2-3 times more desktop VMs − Enables 40-60% more server VMs• Better manageability − No security agents to configure, update & patch − Integrated AV, FIM & IDS/IPS simplifies security mgmt     • Stronger security − Added security (FIM, IDS/IPS, etc.) through virtual appliance Previously − Instant ON protection − Tamper-proofing• Faster performance – Freedom from AV and FIM storms Copyright 2011 Trend Micro Inc. 31
  32. 32. Virtual PatchingDEEP SECURITY Shield vulnerabilities in critical systems, until, or without, patchingCopyright 2011 Trend Micro Inc. 32
  33. 33. Four Key Strategies:•patching applications and always using the latest version ofan application;•keeping operating systems patched;•keeping admin rights under strict control (and forbidding theuse of administrative accounts for e-mail and browsing);•whitelisting applications. Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 33
  34. 34. Recap: Virtual Patching with Deep Security Raw Traffic Over 100 applications shielded including: Operating Systems 1 Stateful Firewall Database servers Allow known good Web app servers Mail servers 2 Exploit Rules FTP serversDeep packet inspection Stop known bad Backup servers Storage mgt servers 3 Vulnerability Rules Shield known DHCP servers vulnerabilities Desktop applications 4 Smart Rules Mail clients Shield unknown vulnerabilities Web browsers and protect Anti-virus specific applications Filtered Traffic Other applications 34 Copyright 2011 Trend Micro Inc.
  35. 35. ComplianceDEEP SECURITY A security andcompliance solution that addresses multiple PCI and other regulatory requirements cost- effectivelyCopyright 2011 Trend Micro Inc.
  36. 36. Recap: Deep Security for PCI compliance Addressing 7 PCI Regulations Deep Packet Inspection and 20+ Sub-Controls Including: IDS / IPS  (1.) Network Segmentation Web Application Protection  (1.x) Firewall Application Control  (5.x) Anti-virus Firewall Integrity  (6.1) Virtual Patching* Monitoring  (6.6) Web App. Protection Log Anti- Malware  (10.6) Daily Log Review Inspection  (11.4) IDS / IPS Physical Virtual Cloud Endpoints Servers Servers Computing & Devices  (11.5) File Integrity Monitoring * Compensating Control Copyright 2011 Trend Micro Inc.
  37. 37. Emerging Governance • PCI Virtualization Special Interest Group (SIG) formed during the 2009 RSA Conference – SIG Objective: Provide clarification on the use of virtualization in accordance with the PCI DSS – After a 2+ year process, the SIG submitted recommendations to the PCI SSC working group for consideration – Trend has been a contributing member of the SIG from the very first call – Opinions on the SIG varied widely • Leading edge: Embrace virtualization and the direction towards cloud computing • Conservative: Recommend dedicated hypervisor environments and restrict consolidation of system components – defer use of the cloud Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 39
  38. 38. Security in a Cloudy World Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 40
  39. 39. Cloud is a computing style, not a location…. Public Cloud Hybrid Cloud Private Cloud Capital Expense Elimination Flexibly match cost to demand ServerVirtualization Cost Management Peak load flexibility IaaS Integration of 3rd Party Solutions Agility Virtualization will inevitably Consolidation lead to Cloud Computing Flexibility models Gartner, 2011 Speed Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 41
  40. 40. Adoption of Cloud ComputingBusinesses are moving into the cloud • Gartner – 15% of workloads will be cloud based by 2014 • Information Week − 17% of businesses in public cloud − 28% using, 30% planning for private cloud But for businesses to truly invest in the cloud… • Must be interchangeable with on-site data center deployments • Must retain similar levels of security and control • Must provide data privacy and support compliance requirements Copyright 2011 Trend Micro Inc. 42
  41. 41. Public IaaS CloudsSecurity and Privacy are #1 Concerns • Your data is mobile — has it moved? • Who can see your information? • Who is attaching to your volumes? • Do you have visibility into who has accessed your data? Rogue server access No visibility to data accessName: John Doe Name: John Doe nSSN: 425-79-0053 SSN: 425-79-0053Visa #: 4456-8732… Visa #: 4456-8732… Data can be moved and leave residual data behind Copyright 2011 Trend Micro Inc. 43
  42. 42. Public CloudWho Has Control? Servers Virtualization & Public Cloud Public Cloud Public Cloud Private Cloud IaaS PaaS SaaS End-User (Enterprise) Service Provider Who is responsible for security? • With IaaS the customer is responsible for security • With SaaS or PaaS the service provider is responsible for security – Not all SaaS or PaaS services are secure – Can compromise your endpoints that connect to the service – Endpoint security becomes critical Copyright 2011 Trend Micro Inc. 44
  43. 43. So who is responsible?The majority of cloud computing providers surveyed do not believe their organization views thesecurity of their cloud services as a competitive advantage. Further, they do not consider cloudcomputing security as one of their most important responsibilities and do not believe theirproducts or services substantially protect and secure the confidential or sensitive information oftheir customers.The majority of cloud providers believe it is their customer’s responsibility to secure the cloudand not their responsibility. They also say their systems and applications are not alwaysevaluated for security threats prior to deployment to customers.Buyer beware – on average providers of cloud computing technologies allocate10 percent orless of their operational resources to security and most do not have confidence that customers’security requirements are being met.Cloud providers in our study say the primary reasons why customers purchase cloud resourcesare lower cost and faster deployment of applications. In contrast, improved security orcompliance with regulations is viewed as an unlikely reason for choosing cloud services.The majority of cloud providers in our study admit they do not have dedicated securitypersonnel to oversee the security of cloud applications, infrastructure or platforms. conducted by Ponemon Institute LLC Publication Date: April 2011 Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 45
  44. 44. Accountability• Ultimately who is responsible will pale beside the governance which dictates who is accountable• Accountability will rest with the data owner by most governance regimes• Cloud computing due diligence means you must own and control your data – wherever it resides and moves Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 46
  45. 45. Working on Cloud GRCCloud Security Alliance GRC StackThe Cloud Security Alliance GRC Stack provides a toolkit forenterprises, cloud providers, security solution providers, IT auditorsand other key stakeholders to instrument and assess both private andpublic clouds against industry established best practices, standardsand critical compliance requirements Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 47
  46. 46. What is the Solution?Data Protection in the Cloud Encryption Credit Card Payment SensitiveMedical Numbers Social Security Records Patient Policy-based with Research Results Information Key Management AES Encryption Policy-based Auditing, Reporting, 128, 192, & 256 bits Key Management & Mobility• Unreadable to outsiders • Trusted server access • Compliance support• Obscured data on • Control for when and • Custody of keys—SaaS recycled devices where data is accessed or virtual appliance • No vendor lock-in Copyright 2011 Trend Micro Inc.
  47. 47. Security that Travels with the VM Cloud Security – Modular Protection Data Template VM Real-time Compliance Protection Integrity Isolation Protection Self-Defending VM Security in the Cloud • Agent on VM allows travel between cloud solutions • One management portal for all modules • SaaS security deployment option 49 Copyright 2011 Trend Micro Inc.
  48. 48. Total Cloud ProtectionSystem, application and data security in the cloud Deep Security 8 Context Aware Credit Card Payment 2 SecureCloud Patient Medical Records Social Security Numbers Sensitive Research Results Information Encryption with Policy-based Modular protection for Key Management servers and applications • Data is unreadable • Self-Defending VM Security to unauthorized users in the Cloud • Policy-based key management • Agent on VM allows travel controls and automates key between cloud solutions delivery • One management portal for • Server validation authenticates all modules servers requesting keys Copyright 2011 Trend Micro Inc. 50
  49. 49. SecureCloud 2Enterprise Deployment Options Key Management Encryption Support Deployment Options VM VM VM VM vSphere Trend Micro Virtual SaaS Solution Machines VM VM VM VM Private Clouds Or SecureCloud Data Center Console VM VM VM VM Public Software Application Clouds Copyright 2011 Trend Micro Inc. 51
  50. 50. SecureCloud – New In 2.0• FIPS 140-2 Certification – Exchange of Mobile Armor encryption agent – Gives Trend access to Fed / Gov accounts• DSM Integration – Greatly improves ability to build robust authentication policies – Begins integration of two cutting edge technologies – Additional integration – unified management console• Total Cloud Protection Bundle – New bundle connects both products – Gives protection across all infrastructures – PVC – Defines a place to manage and protect all future environments 12/22/2011 Copyright 2011 Trend Micro Inc. 52 52
  51. 51. SecureCloudBenefits• Access cloud economics and agility by removing data privacy concerns.• Segregate data of varied trust levels to avoid breach and insider threat• Reduce complexity and costs with policy-based key management• Boost security with identity- and integrity-based server authentication• Move freely among clouds knowing that remnant data is unreadable Trend Micro Confidential12/22/2011 Copyright 2011 Trend Micro Inc. 53
  52. 52. Securing Your Journey to the Cloud • Integrate security—server, web, email,Physical endpoint, networkReduce Complexity • Improve security and availability • Lower costs • Apply VM-aware securityVirtual • Ensure higher VM densitiesIncrease Efficiency • Get better performance and better protection • Encrypt with policy-based key managementCloud • Deploy self-defending VMs in the cloudDeliver Agility • Use security that travels with your data Use Data Center Security to Drive Your Business Forward Copyright 2011 Trend Micro Inc. 54
  53. 53. Final Thoughts Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 55
  54. 54. Rethinking Security Controls in aCloud-Service EnvronmentThe end of ‗physical‘ thinkingFocus on the Data Center – Protection focused on (v)applications and dataSecurity Controls are a property of the Virtual Application – not the device where it is accessed – not the plumbing on which it is executedYou are accountable for your data – whatever cloud it lives in – own your data protection controls Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 56
  55. 55. Deep Security Summary of highlights A fully integrated server security platform Only solution to offer specialized protection for physical virtual and cloud First and only agentless anti-malware – nearly a 1000 customers have purchased Only solution to also offer agentless FW, IDS/IPS and FIM in the same appliance Only solution in its category to be FIPS and EAL4+ certified Trend Trend Micro Micro 13% 22.9% All Others Top ratings for All Virtualization Combined Others 87% Security 77.1% Source: Worldwide Endpoint Source: 2011 Technavio – Security 2010-2014 Forecast Global Virtualization Security and 2009 Vendor Shares, IDC Management Solutions Copyright 2011 Trend Micro Inc.
  56. 56. Trend Micro: VMware #1 Security Partner and2011 Technology Alliance Partner of the Year Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform VMworld: Trend Micro Dec: Deep Security virtsec customer Nov: Deep Security 7 7.5 with virtual appliance w/ Agentless May: Trend AntiVirus acquires RSA: Trend Micro Vmworld: Announce Feb: Join Third Brigade Demos Agentless VMsafe Deep Security 8 program Sale of DS 7.5 & vShield OEM Before GA 2008 2009 2010 2011 July: VMworld: Announce Q1: VMware buys RSA: Trend Micro CPVM Deep Security 7.5 Deep Security for announces Coordinated GA Internal VDI Use approach & Virtual pricing And shows Vmsafe demo Q4: Joined EPSEC 2010: RSA: Trend Micro vShield Program >100 customers announces virtual Copyright 2011 Trend Micro Inc. >$1M revenue appliance
  57. 57. Copyright 2011 Trend Micro Inc.
  58. 58. Thank You! Peter Cresswell Copyright 2011 Trend Micro Inc. 60