Trend Micro Dec 6 Toronto VMUG

2. VMWorld 2011: Partners for Security Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform • VMware #1 Security Partner • Trend Micro: 2011 Technology Alliance Partner of the Year Copyright 2011 Trend Micro Inc.

5. Threat Landscape • Malware • Advanced Persistent Threats • Botnets • Espionage Trend Micro finds over 70% of enterprise networks contain active malicious malware Millions of computers have been compromised by ZeuS Copyright 2011 Trend Micro Inc.

6. Key Trends: Data-centric threat environment # of days until More Profitable vulnerability is first exploited, after patch is made available Exploits are happening before patches More Sophisticated 28 days are developed More Frequent 18 days 10 days More Targeted Zero-day Zero-day 2003 2004 2005 2006 … 2010 MS- Blast Sasser Zotob WMF IE zero-day 6 Copyright 2011 Trend Micro Inc.

7. Threats are more targeted RSA Europe Two groups from the same country teamed up to launch a sophisticated attack against RSA Security's systems last March, EMC's security division said. Unspecified information gained during the attack paved the way towards an unsuccessful attack against a defence contractor (self-identified as Lockheed Martin), senior RSA execs said during the opening of the RSA Conference in London on Tuesday. "Two groups were involved in the attack," Thomas Heiser, RSA Security president, said during a keynote at the conference. "Both are known to authorities but they have never worked together before." "The attack involved a lot of preparation," he added The Register Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 7

8. Key Trends: Compliance Imperative More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS… More specific security requirements • Virtualization, Web applications, EHR, PII… More penalties & fines • HITECH, Breach notifications, civil litigation • PIPEDA- Risk based breach • California SB1386 – Data notification. Bill C29 to make breach of unencrypted data breach notification mandatory. notification • Alberta PIPA Bill 54 amended • Industry Regs - HITECH, May 2010 to mandate HIPAA, PCI, SOX, HIPAA, notification of breaches. FISMA, Basel II… • Quebec QPPIPS similar to PIPEDA with additional civil liabilities. Copyright 2011 Trend Micro Inc. 8

10. Identifying Security Challenges in the Virtual/Cloud Physical Virtual Cloud Public Cloud Windows/Linux/Solaris Server Virtualization Private Cloud Desktop Virtualization Hybrid Cloud • New platforms don‘t change the threat landscape • Each platform adds unique security risks Copyright 2011 Trend Micro Inc. 10

11. The Fundamentals Many third party courses and best practices covering: • Hypervisor lockdown • Virtual Network design and configuration • VM security configuration • VDI security architecture and configuration • Storage security issues SANS 579: Virtualization Security Architecture and Design Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 11

12. P2V: Security Challenge Virtualization driven by: • increased density • consolidated resources • ‗green‘ IT Yet ―virtually unaware‖ security controls directly impact the organization‘s ability to achieve the desired performance, density and ROI goals. Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 12

14. Virtualization Security Inhibitors Reactivated with 1 Resource Contention Active out-of-date security New VMs Dormant 2 Instant-on Gaps        Cloned VMs must have a configured agent and updated pattern files Copyright 2011 Trend Micro Inc. 14

16. Virtualization Security Inhibitors Provisioning Reconfiguring Rollout Patch new VMs agents patterns agents 1 Resource Contention 2 Instant-on Gaps 3 Inter-VM Attacks / Blind Spots 4 Complexity of Management VM sprawl inhibits compliance Copyright 2011 Trend Micro Inc. 16

18. The Deep Security server security platform Server Application and Data Security for: Physical Virtual Cloud Deep Packet Inspection Web App. Application Integrity Log IDS / IPS Firewall Antimalware Inspection Monitoring Protection Control Copyright 2011 Trend Micro Inc. 18

19. Server-Centric Security ―De-Militarized Zone‖ (DMZ) IDS/IPS Firewall Firewall & IDS/IPS IDS/IPS File Integrity Monitoring Gateway & Log Inspection (Malware) Anti-Malware Business Mission Critical Servers Servers / Endpoints 5/28/2009 Copyright 2011 Trend Micro Inc. 19 19

21. Deep Security 8 Agent Deep Packet Firewall Inspection Anti-malware WEB REPUTATION VDI Local Mode SERVICES Integrity Log Monitoring Inspection • New Agent-based AV for physical Windows and Linux* systems, virtual servers, and virtual desktops in local mode • Web reputation services through integration with Smart Protection Network protects systems/users from access to malicious websites Copyright 2011 Trend Micro Inc. 21

22. Trend Micro Deep Security Server & application protection 5 protection modules Deep Packet Inspection Detects and blocks known and IDS / IPS zero-day attacks that target vulnerabilities Shields web application Web Application Protection vulnerabilities Provides increased visibility into, Application Control or control over, applications accessing the network Reduces attack surface. Detects and blocks malware Prevents DoS & detects Firewall Anti-Virus (web threats, viruses & reconnaissance scans worms, Trojans) Optimizes the Detects malicious and Log Integrity identification of important unauthorized changes to Inspection Monitoring security events buried in directories, files, registry keys… log entries Copyright 2011 Trend Micro Inc. 22

23. Over 100 applications protected Deep Security rules shield vulnerabilities in these common applications Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11) Database servers Oracle, MySQL, Microsoft SQL Server, Ingres Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional, FTP servers Ipswitch, War FTP Daemon, Allied Telesis Backup servers Computer Associates, Symantec, EMC Storage mgt servers Symantec, Veritas DHCP servers ISC DHCPD Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client Web browsers Internet Explorer, Mozilla Firefox Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 23 Copyright 2011 Trend Micro Inc.

24. vShield Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App and vShield Edge vShield Endpoint Zones Endpoint = VM Edge Security Zone Secure the edge of Application protection from Enables offloaded anti-virus the virtual datacenter network based threats Virtual Datacenter 1 Virtual Datacenter 2 VMware VMware DMZ PCI HIPAA vShield Web View vShield compliant compliant VMware vShield Manager Copyright 2011 Trend Micro Inc.

25. Deep Security 8 Agentless Security for VMware Trend Micro Deep Security Integrates Agentless with 1 IDS / IPS VMsafe vCenter APIs Web Application Protection Application Control Security Virtual Firewall Machine Agentless v 2 S vShield Antivirus p Endpoint Agentless h 3 e Integrity Monitoring vShield Endpoint r e Agent-based 4 Log Inspection Security agent on individual VMs Copyright 2011 Trend Micro Inc.

26. Agentless Anti-Virus Agent-less Anti-Virus for VMware The idea Protection for virtualized desktops and datacenters Trend Micro The components VMware Deep Security vShield Endpoint Anti-malware Enables offloading of antivirus A virtual appliance that detects processing to Trend Micro Deep and blocks malware (web threats, Security Anti-malware – a viruses & worms, Trojans). dedicated, security-hardened VM. Customer Benefits Higher Faster Better Stronger Consolidation Performance Manageability Security Differ- entiator The first and only agentless anti-virus solution architected for VMware 26 Copyright 2011 Trend Micro Inc.

27. Agentless Integrity Monitoring The Old Way With Agent-less Integrity Monitoring Security VM VM VM Virtual Appliance VM VM VM VM Zero Added Faster Better Stronger Footprint Performance Manageability Security • Zero added footprint: Integrity monitoring in the same virtual appliance that also provides agentless AV and Deep Packet Inspection • Stronger Security: Expands the scope of protection to hypervisors • Order of Magnitude savings in manageability • Virtual Appliance avoids performance degradation from FIM storms 27 Copyright 2011 Trend Micro Inc.

28. Agent-less Security Architecture Trend Trend Micro Micro Deep Security Virtual Appliance Guest VM Deep Security Network Security Anti-Malware Manager Security IDS/IPS - Real-time Scan APPs Admin - Web App Protection - Scheduled & APPs - Application Control Manual Scan APPs OS Kernel FIM Firewall OS BIOS VMsafe-net vShield Endpoint API API Thin Driver vShield ESX 4.1 Manager Trend Micro vShield Endpoint filter driver ESX Module VI Admin vCenter vSphere Platform Trend Micro vShield Legend  product VMware Endpoint components Platform Components Copyright 2011 Trend Micro Inc.

29. Virtualization Addressing Security Inhibitors Solution: Agentless Security 1 Resource Contention Services from a separate scanning VM Solution: Dedicated scanning VMs 2 Instant-on Gaps with layered protection Inter-VM Attacks / Blind Spots Solution: VM-aware security with 3 virtualization platform integration Solution: Integration with 4 Complexity of Management virtualization management consoles such as VMware vCenter Copyright 2011 Trend Micro Inc. 29

31. Deep Security: Agentless Security Benefits • Higher VM density Agentless server security platform − Agentless AV enables 2-3 times more desktop VMs − Enables 40-60% more server VMs • Better manageability − No security agents to configure, update & patch − Integrated AV, FIM & IDS/IPS simplifies security mgmt      • Stronger security − Added security (FIM, IDS/IPS, etc.) through virtual appliance Previously − Instant ON protection − Tamper-proofing • Faster performance – Freedom from AV and FIM storms Copyright 2011 Trend Micro Inc. 31

33. Four Key Strategies: •patching applications and always using the latest version of an application; •keeping operating systems patched; •keeping admin rights under strict control (and forbidding the use of administrative accounts for e-mail and browsing); •whitelisting applications. Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 33

34. Recap: Virtual Patching with Deep Security Raw Traffic Over 100 applications shielded including: Operating Systems 1 Stateful Firewall Database servers Allow known good Web app servers Mail servers 2 Exploit Rules FTP servers Deep packet inspection Stop known bad Backup servers Storage mgt servers 3 Vulnerability Rules Shield known DHCP servers vulnerabilities Desktop applications 4 Smart Rules Mail clients Shield unknown vulnerabilities Web browsers and protect Anti-virus specific applications Filtered Traffic Other applications 34 Copyright 2011 Trend Micro Inc.

36. Recap: Deep Security for PCI compliance Addressing 7 PCI Regulations Deep Packet Inspection and 20+ Sub-Controls Including: IDS / IPS  (1.) Network Segmentation Web Application Protection  (1.x) Firewall Application Control  (5.x) Anti-virus Firewall Integrity  (6.1) Virtual Patching* Monitoring  (6.6) Web App. Protection Log Anti- Malware  (10.6) Daily Log Review Inspection  (11.4) IDS / IPS Physical Virtual Cloud Endpoints Servers Servers Computing & Devices  (11.5) File Integrity Monitoring * Compensating Control Copyright 2011 Trend Micro Inc.

37. Emerging Governance • PCI Virtualization Special Interest Group (SIG) formed during the 2009 RSA Conference – SIG Objective: Provide clarification on the use of virtualization in accordance with the PCI DSS – After a 2+ year process, the SIG submitted recommendations to the PCI SSC working group for consideration – Trend has been a contributing member of the SIG from the very first call – Opinions on the SIG varied widely • Leading edge: Embrace virtualization and the direction towards cloud computing • Conservative: Recommend dedicated hypervisor environments and restrict consolidation of system components – defer use of the cloud Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 39

39. Cloud is a computing style, not a location…. Public Cloud Hybrid Cloud Private Cloud Capital Expense Elimination Flexibly match cost to demand Server Virtualization Cost Management Peak load flexibility IaaS Integration of 3rd Party Solutions Agility Virtualization will inevitably Consolidation lead to Cloud Computing Flexibility models Gartner, 2011 Speed Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 41

40. Adoption of Cloud Computing Businesses are moving into the cloud • Gartner – 15% of workloads will be cloud based by 2014 • Information Week − 17% of businesses in public cloud − 28% using, 30% planning for private cloud But for businesses to truly invest in the cloud… • Must be interchangeable with on-site data center deployments • Must retain similar levels of security and control • Must provide data privacy and support compliance requirements Copyright 2011 Trend Micro Inc. 42

41. Public IaaS Clouds Security and Privacy are #1 Concerns • Your data is mobile — has it moved? • Who can see your information? • Who is attaching to your volumes? • Do you have visibility into who has accessed your data? Rogue server access No visibility to data access Name: John Doe Name: John Doe n SSN: 425-79-0053 SSN: 425-79-0053 Visa #: 4456-8732… Visa #: 4456-8732… Data can be moved and leave residual data behind Copyright 2011 Trend Micro Inc. 43

42. Public Cloud Who Has Control? Servers Virtualization & Public Cloud Public Cloud Public Cloud Private Cloud IaaS PaaS SaaS End-User (Enterprise) Service Provider Who is responsible for security? • With IaaS the customer is responsible for security • With SaaS or PaaS the service provider is responsible for security – Not all SaaS or PaaS services are secure – Can compromise your endpoints that connect to the service – Endpoint security becomes critical Copyright 2011 Trend Micro Inc. 44

43. So who is responsible? The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers. The majority of cloud providers believe it is their customer’s responsibility to secure the cloud and not their responsibility. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers. Buyer beware – on average providers of cloud computing technologies allocate10 percent or less of their operational resources to security and most do not have confidence that customers’ security requirements are being met. Cloud providers in our study say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications. In contrast, improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services. The majority of cloud providers in our study admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms. conducted by Ponemon Institute LLC Publication Date: April 2011 Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 45

44. Accountability • Ultimately who is responsible will pale beside the governance which dictates who is accountable • Accountability will rest with the data owner by most governance regimes • Cloud computing due diligence means you must own and control your data – wherever it resides and moves Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 46

45. Working on Cloud GRC Cloud Security Alliance GRC Stack The Cloud Security Alliance GRC Stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements https://cloudsecurityalliance.org/ Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 47

46. What is the Solution? Data Protection in the Cloud Encryption Credit Card Payment SensitiveMedical Numbers Social Security Records Patient Policy-based with Research Results Information Key Management AES Encryption Policy-based Auditing, Reporting, 128, 192, & 256 bits Key Management & Mobility • Unreadable to outsiders • Trusted server access • Compliance support • Obscured data on • Control for when and • Custody of keys—SaaS recycled devices where data is accessed or virtual appliance • No vendor lock-in Copyright 2011 Trend Micro Inc.

47. Security that Travels with the VM Cloud Security – Modular Protection Data Template VM Real-time Compliance Protection Integrity Isolation Protection Self-Defending VM Security in the Cloud • Agent on VM allows travel between cloud solutions • One management portal for all modules • SaaS security deployment option 49 Copyright 2011 Trend Micro Inc.

48. Total Cloud Protection System, application and data security in the cloud Deep Security 8 Context Aware Credit Card Payment 2 SecureCloud Patient Medical Records Social Security Numbers Sensitive Research Results Information Encryption with Policy-based Modular protection for Key Management servers and applications • Data is unreadable • Self-Defending VM Security to unauthorized users in the Cloud • Policy-based key management • Agent on VM allows travel controls and automates key between cloud solutions delivery • One management portal for • Server validation authenticates all modules servers requesting keys Copyright 2011 Trend Micro Inc. 50

49. SecureCloud 2 Enterprise Deployment Options Key Management Encryption Support Deployment Options VM VM VM VM vSphere Trend Micro Virtual SaaS Solution Machines VM VM VM VM Private Clouds Or SecureCloud Data Center Console VM VM VM VM Public Software Application Clouds Copyright 2011 Trend Micro Inc. 51

50. SecureCloud – New In 2.0 • FIPS 140-2 Certification – Exchange of Mobile Armor encryption agent – Gives Trend access to Fed / Gov accounts • DSM Integration – Greatly improves ability to build robust authentication policies – Begins integration of two cutting edge technologies – Additional integration – unified management console • Total Cloud Protection Bundle – New bundle connects both products – Gives protection across all infrastructures – PVC – Defines a place to manage and protect all future environments 12/22/2011 Copyright 2011 Trend Micro Inc. 52 52

51. SecureCloud Benefits • Access cloud economics and agility by removing data privacy concerns. • Segregate data of varied trust levels to avoid breach and insider threat • Reduce complexity and costs with policy-based key management • Boost security with identity- and integrity-based server authentication • Move freely among clouds knowing that remnant data is unreadable Trend Micro Confidential12/22/2011 Copyright 2011 Trend Micro Inc. 53

52. Securing Your Journey to the Cloud • Integrate security—server, web, email, Physical endpoint, network Reduce Complexity • Improve security and availability • Lower costs • Apply VM-aware security Virtual • Ensure higher VM densities Increase Efficiency • Get better performance and better protection • Encrypt with policy-based key management Cloud • Deploy self-defending VMs in the cloud Deliver Agility • Use security that travels with your data Use Data Center Security to Drive Your Business Forward Copyright 2011 Trend Micro Inc. 54

54. Rethinking Security Controls in a Cloud-Service Envronment The end of ‗physical‘ thinking Focus on the Data Center – Protection focused on (v)applications and data Security Controls are a property of the Virtual Application – not the device where it is accessed – not the plumbing on which it is executed You are accountable for your data – whatever cloud it lives in – own your data protection controls Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 56

55. Deep Security Summary of highlights  A fully integrated server security platform  Only solution to offer specialized protection for physical virtual and cloud  First and only agentless anti-malware – nearly a 1000 customers have purchased  Only solution to also offer agentless FW, IDS/IPS and FIM in the same appliance  Only solution in its category to be FIPS and EAL4+ certified Trend Trend Micro Micro 13% 22.9% All Others Top ratings for All Virtualization Combined Others 87% Security 77.1% Source: Worldwide Endpoint Source: 2011 Technavio – Security 2010-2014 Forecast Global Virtualization Security and 2009 Vendor Shares, IDC Management Solutions Copyright 2011 Trend Micro Inc.

56. Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year Improves Security Improves Virtualization by providing the most by providing security solutions secure virtualization infrastructure, architected to fully exploit with APIs, and certification programs the VMware platform VMworld: Trend Micro Dec: Deep Security virtsec customer Nov: Deep Security 7 7.5 with virtual appliance w/ Agentless May: Trend AntiVirus acquires RSA: Trend Micro Vmworld: Announce Feb: Join Third Brigade Demos Agentless VMsafe Deep Security 8 program Sale of DS 7.5 & vShield OEM Before GA 2008 2009 2010 2011 July: VMworld: Announce Q1: VMware buys RSA: Trend Micro CPVM Deep Security 7.5 Deep Security for announces Coordinated GA Internal VDI Use approach & Virtual pricing And shows Vmsafe demo Q4: Joined EPSEC 2010: RSA: Trend Micro vShield Program >100 customers announces virtual Copyright 2011 Trend Micro Inc. >$1M revenue appliance

Trend Micro Dec 6 Toronto VMUG

Trend Micro Dec 6 Toronto VMUG

Recommended

More Related Content

What's hot

What's hot(13)

Viewers also liked

Viewers also liked(20)

Similar to Trend Micro Dec 6 Toronto VMUG

Similar to Trend Micro Dec 6 Toronto VMUG(20)

More from tovmug

More from tovmug(20)

Recently uploaded

Recently uploaded(20)

Trend Micro Dec 6 Toronto VMUG