Virtualization Journey Stages

(1)

Todd Thiemann • Sr. Dir. of Datacenter Security Marketing • Trend Micro

Harish Agastya • Director of Datacenter Security Marketing • Trend Micro

(2)

Servers

Desktops

Stage 1: IT Production

Benefit: Cost Efficiency

Stage2: Business Prodn.

+ Quality of Service

Virtualization Journey Stages

Stage 3: ITaaS

+ Business Agility

15%

30%

70%

85%

THE SECURITY INHIBITORS

TO VIRTUALIZATION

(3)

IT Production

Business Production

ITaaS

Data destruction

Diminished perimeter

Resource Contention Multi-tenancy

Data access & governance

Compliance / Lack of audit trail

Mixed trust level VMs Data confidentiality & integrity

1 2 3 4 5 6 7 8 9 10 11

Security Challenges Along the Virtualization Journey

VMware and Trend Micro help customers address these issues, and accelerate the journey

Inter-VM attacks Instant-on gaps

(4)

Deep Security 7.5

Presenting a new agentless anti-malware

module designed for VMware environments

(5)

Resource contention

Typical AV

Console

3:00am Scan

Security Inhibitors to Virtualization

(6)

Active

Dormant

Reactivated with

out-of-date security

Instant-on gaps

2

Security Inhibitors to Virtualization

(7)

Patch

agents

Rollout

patterns

Provisioning

new VMs

Complexity of Management

3

Security Inhibitors to Virtualization

Reconfiguring

agents

(8)

Firewall _malwareAnti- Log

Inspection Integrity Monitoring Deep Packet Inspectio n

Trend Micro Deep Security

Server & application protection

• Latest anti-malware module adds to existing set of advanced protection

modules

(9)

App

OS

ESX Server

App

OS

App

OS

vShield Endpoint APIs

Virtual Appl.

Agentless Anti-malware for Vmware environments

SPN

Leverages vShield Endpoint APIs (available in vSphere 4.1)

Instantly protects all VMs of all guest OS’s without an agent

Serializes scan operations to prevent AV storms

Integrates with Smart Protection Network for real-time

protection & efficient pattern file footprint

(10)

Virtual Appl.

Agentless Anti-malware Key Benefits

10

Agent

vShield Endpoint

Agent

vSphere

AFTER

BEFORE

Significantly improved manageability - no agents to

configure, update and patch

Faster performance – Freedom from AV Storms

Stronger security – Instant ON protection + tamper-proofing

Higher consolidation levels – Inefficient operations removed

(11)

Appliance also provides agentless intrusion defense

& web application protection

11

App

OS

ESX Server

App

OS

App

OS

VMsafe & vShield Endpoint APIs

Virtual Appl.

Firewall

IDS / IPS

Web app

Anti-Virus

Appliance also integrates VMsafe APIs – DS 7.0 feature

Inspects ALL network traffic at hypervisor layer

Closes Inter-VM traffic blind spots endemic to Network IPS

Modules also available in agent form – coordinates with

(12)

IDS / IPS

Web Application Protection Application Control

Firewall

Deep Packet Inspection

Log

Inspection

Anti-Virus

Detects and blocks known and

zero-day attacks that target

vulnerabilities

Shields web application

vulnerabilities

Provides increased visibility into,

or control over, applications

accessing the network

Reduces attack surface.

Prevents DoS & detects

reconnaissance scans

Detects malicious and

unauthorized changes to

directories, files, registry keys…

Optimizes the

identification of important

security events buried in

log entries

Detects and blocks malware

(web threats, viruses &

worms, Trojans)

Trend Micro Deep Security Modules

Server & application protection

Protection is delivered via Agent and/or Virtual Appliance

5 protection modules

Integrity

Monitoring

(13)

Deep Security architecture

(14)

Deep Security also provides:

Virtual patching for over 100 applications

Deep Security rules shield vulnerabilities in these common applications

Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE

Linux (10,11)

Database servers Oracle, MySQL, Microsoft SQL Server, Ingres

Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint

Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,,

MailEnable Professional,

FTP servers Ipswitch, War FTP Daemon, Allied Telesis

Backup servers Computer Associates, Symantec, EMC

Storage mgt servers Symantec, Veritas

DHCP servers ISC DHCPD

Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer,

Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer

Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client

Web browsers Internet Explorer, Mozilla Firefox

Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft

Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior,

Rsync, OpenSSL, Novell Client

(15)

Deep Security also provides:

Security for Payment Card Industry (PCI)

15

Deep Security addresses multiple PCI

requirements in ONE integrated solution

(1.) –

Network Segmentation

(1.x) – Firewall

(5.1) – Anti-virus

(6.1) – Virtual Patching*

(6.5) – Web Application Firewall

(10.6) – Review Logs Daily

(11.4) – Deploy IDS / IPS

(11.5) – Deploy File Integrity Monitoring

(16)

Trend Micro Smart Protection Network

Innovative Cloud-Client Infrastructure

Stopping threats before

they reach your network

Physical Servers

Virtual Servers Web & Email

Gateways

Web Servers

Datacenter Corporate Network

Private Cloud

On-site Employees

Security & Systems Management Threat Management Off-site Employees File Reputation Threat Correlation, Feedback Loops, Analysis Email Reputation Web Reputation EMAIL THREATS FILE THREATS WEBSITE THREATS