Post on 18-Nov-2014
description
1
1
David Girard, Senior Security Advisor – Trend Micro Canada
Magic Words of VDI Security: “Agentless” and “Aware”
2
Copyright 2009 Trend Micro Inc.10/4/2010 2
Virtualization Project
Desktop Server Cloud Virtual Appliance
?
3
Copyright 2009 Trend Micro Inc.10/4/2010 3
The most comprehensive suite of next-generation
virtualization security solutions
Security Built for VMware
Desktop Server Cloud Virtual Appliance
4
Copyright 2009 Trend Micro Inc.10/4/2010 4
Security Built for VMware
� Consolidation rates� Operational efficiencies
� Flexibility
� Savings
IT Operations
Protect data & applications
Security
Ensure compliance
Compliance
5
Copyright 2009 Trend Micro Inc.10/4/2010 5
Desktop Server Cloud Virtual Appliance
Security Built for VMware
6
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 6
Typical AV Console
9:00am Scan
Key Issue: Resource Contention
If several, or all, VMs start a full anti-malware scan at the same time, the underlying shared hardware will experience extreme load (memory, CPU, I/O), causing a slowdown of all virtual systems on the server. Large pattern file updates require significant memory and can impact, network and storage I/O resources.
High impact : Employee’s arrival or schedule scans
7
Copyright 2009 Trend Micro Inc.10/4/2010 7
Trend Micro OfficeScanProtects virtual & physical endpoints
• VDI Intelligence with VDI plug-in
• Serializes updates and scans per VDI-host
• Leverages base-images to further shorten scan times
• Smart Scan limit Endpoints pattern updates since it is mostly in the cloud
VDI Security option #1: OfficeScan(First AV optimized for VDI)
8
Copyright 2009 Trend Micro Inc.
OfficeScan 10.5 has VDI-Intelligence
• Detects whether endpoints are physical or virtual– With VMware View
• Serializes updates and scans per VDI-host– Controls the number of concurrent scans and updates per VDI host– Maintains availability and performance of the VDI host– Faster than concurrent approach
• Leverages Base-Images to further shorten scan times– Pre-scans and white-lists VDI base-images– Prevents duplicate scanning of unchanged files on a VDI host– Further reduces impact on the VDI host
9
Copyright 2009 Trend Micro Inc.
OfficeScan 10.5 Integrates with vCenter
10/4/2010 9
10
Copyright 2009 Trend Micro Inc.
CPU
Classification 10/4/2010 10
11
Copyright 2009 Trend Micro Inc.
CPU - Analysis
Classification 10/4/2010 11
• Only 10.5 can support 20+ desktop images with mixed user profile.
• With no AV, average CPU utilization while 4 heavy and 16 light user script is running is 33%
• With 10.5 with ALL 4 heavy and 16 light user machines scanning, CPU utilization is 41%. Very Impressive.
• With powerful machines typically used in VDI environment CPU’s typically are not the breaking point.
• With 20 desktop images, 10.5 adds marginal load to CPU where as other solutions can not even get to support baseline number of desktop images
• With 10 desktop images, 10.5 adds only 11% CPU overhead compared to baseline (no AV and no scanning) versus Symantec which adds 29% CPU overhead , 10.1 which adds 50% CPU overhead and McAfee which is the worst which adds 83% CPU overhead
12
Copyright 2009 Trend Micro Inc.
IOPS (vDisk Utilization)
Classification 10/4/2010 12
13
Copyright 2009 Trend Micro Inc.
IOPS - Analysis
Classification 10/4/2010 13
• Only 10.5 can support 20+ desktop images with mixed user profile.
• With 10 desktop images, 10.5 has 4.25 IOPS, 10.1 has 10.95 IOPS, Symantec has 9.02 IOPS and McAfee has whopping 22.39 IOPS
• Trend Micro Office Scan 10.5 IOPS has small deviation of 0.77 MB/s and 3.66 MB/s only from baseline and mixed 20 user profile
• Lets recap why 10.5 is so much better with IOPS• 10.5 Serializes updates and scans per VDI-host
• Pre-scans and white-lists VDI base-images
• Prevents duplicate scanning of unchanged files on a VDI host
14
Copyright 2009 Trend Micro Inc.
IOPS – How many Systems?
Classification 10/4/2010 14
• A VDI environment sized for 20 desktop images with 4 heavy and 16 light users.
• Keep IOPS between 6-8 and see how many desktop images can be supported with each AV deployment (Apples to Apples comparison)
• All about return of investment
• If you deploy McAfee, you can deploy ONLY 2 desktop images in an environment which supports 20 images without AV
• If you deploy Symantec, you can deploy ONLY 4 desktop images in an environment which supports 20 images without AV
• If you deploy Trend 10.5, you can deploy ALL 20 desktop images
Customers no longer have to choose
between Security and Return On Investment
15
Copyright 2009 Trend Micro Inc.
Memory
Classification 10/4/2010 15
16
Copyright 2009 Trend Micro Inc.
Memory - Analysis
Classification 10/4/2010 16
• Only 10.5 can support 20+ desktop images with mixed user profile.
• Automatic Pool of 20 desktop images without AV in Mixed user Profile is consuming around 7.74 GB of Active Memory
• Trend Micro Office scan 10.5 is putting an overhead of only 1.32 GB in maximum VDI Density environment.
17
Copyright 2009 Trend Micro Inc.
Scan Time with 10.5
Classification 10/4/2010 17
VDI Profile Other AV Solution Trend Micro 10.5
Mixed Maximum High Density
VDI Pool(4H &16 L)
Approx 1-2 Hours 16 Minutes
Mixed Low Density VDI Pool
(1H & 3 L)
Approx. 27- 49 minutes 2 Minutes
18
Copyright 2009 Trend Micro Inc.
Scan Time - Analysis
Classification 10/4/2010 18
• Trend Micro Office scan 10.5 is performing Approx. 15 -25 times better in Mixed Low Density VDI pool and 4 -8 times better in Mixed Maximum High Density VDI pool.
• Trend Micro office scan 10.5 with its Smart Scan and VDI aware capability is consuming remarkably less scan time than other AV solutions.
19
Copyright 2009 Trend Micro Inc.10/4/2010 19
VDI Security option #2: Deep Security
Trend Micro Deep SecurityProtects virtualized endpoints & servers
• First agent-less anti-malware solution
• Hypervisor-based introspection
• Eliminates “AV storms”
20
Copyright 2009 Trend Micro Inc.10/4/2010 20
Security Built for VMware
Desktop Server Cloud Virtual Appliance
21
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 21
Typical AV Console
9:00am Scan
Key Issue: Resource Contention
22
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 22
Active Dormant Active, with
out-of-date security
Key Issue: Instant On Gaps
23
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 23
CRMTest WebEmailERP
Key Issue: Mixed Trust Level VMs
24
Copyright 2009 Trend Micro Inc.10/4/2010 24
Physical Virtual Cloud Desktop/Laptop
Trend Micro Deep Security
Anti-Virus IntegrityMonitoring
LogInspection
FirewallIDS / IPS
Core Protection for Virtual Machines or CPVM deliver Agent Less AV for ESX 3.5 and 4.0.Deep Security 7.5 will go deeper with vShield on ESX or ESXi 4.1
25
Copyright 2009 Trend Micro Inc.10/4/2010 25
• Optimized protection
• Operational efficiency
Security virtual appliance� Efficiency
� Manageability
Co-ordinated Approach
SecurityVM
Agent-based Security� Protection
� Mobility
26
Copyright 2009 Trend Micro Inc.10/4/2010 26
Security Built for VMware
Desktop Server Cloud Virtual Appliance
27
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 27
Issue #1: Multi-tenancy
28
Copyright 2009 Trend Micro Inc.10/4/2010 28
1001001101101100
Issue #2: Data Access & Governance
29
Copyright 2009 Trend Micro Inc.10/4/2010 29
100110111000101
100110111000101
Issue #3: Secure Storage Recycling
30
Copyright 2009 Trend Micro Inc.10/4/2010 30
Deep Security• Anti-Virus
• IDS/IPS
• + Virtual Patching
• + Web App Protection
• File Integrity Monitoring
• Log Inspection
• Firewall
Trend Micro Cloud Security Solutions
Flexibility & Confidence
Private & Public Cloud Computing
SecureCloud• Encryption
• Policy-based key management
31
Copyright 2009 Trend Micro Inc.10/4/2010 31
Security Built for VMware
Desktop Server Cloud Virtual Appliance
32
Copyright 2009 Trend Micro Inc.10/4/2010 32
Virtual Appliances
Hardware
Hypervisor
Virtual Appliance
Hypervisor
Application
OperatingSystem
Hardware
33
Copyright 2009 Trend Micro Inc.10/4/2010 33
Virtual Appliance Benefits
Per-UserCost of Virtual
Appliance
70%Virtual Appliance Costs
IT Flexibility
Improve BusinessContinuity
A solution that scale over time. Don’t need to buy a bigger physical appliance. Just add more resources. Don’t need to buy an extra box for pre-production environment, just fire a new VM or install on any box that can run CentOS or Red Hat.
34
Copyright 2009 Trend Micro Inc.10/4/2010 34
Web Security
Email Security
Trend Micro Security Virtual Appliances
�
�
Virtual Appliance
Other Trend Micro Product are offered as a virtual appliance :-Data Loss Prevention Server-Threat Discovery Virtual Appliance (part of Threat Management Services (TMS)
35
Copyright 2009 Trend Micro Inc.10/4/2010 35
Desktop Server Cloud Virtual Appliance*
Security Built for VMware
Deep SecurityOR
OfficeScan
Deep Security Deep SecurityAND
SecureCloud
InterScan Web SecurityInterScan Messaging
Security
*VMware CertifiedAppliances
Encryption of the virtual file system
36
Copyright 2009 Trend Micro Inc.10/4/2010 36
Security Built for VMware
37
Copyright 2009 Trend Micro Inc.
Our Vision:
A world safe for exchanging digital information
37
Founded
Headquarters
Offices
Employees
Leadership
• United States in 1988
• Tokyo, Japan
• 23 countries
• 4,350
• US $1 Billion annual revenue
• 3rd largest security company
• “Global 100 Most Sustainable Corporations”
• Top 3 in Messaging, Web and Endpoint security
• Leader in virtualization & cloud computing security
1,000+ Threat Research Experts10 labs. 24x7 ops
Real-time alerts for new threats
Trend MicroGlobal leader in Internet content security and threat management.Catalyst for faster adoption of virtualization.
38
Copyright 2009 Trend Micro Inc.Classification 10/4/2010 38
For more informations: Technical :david_girard@trendmicro.com514-629-1680
Sales:Michel_bouasria@trendmicro.com514-653-2257Jean_houle@trendmicro.com514 893-1512
New Threats Informationshttp://blog.trendmicro.com/
User groupGroupe d’utilisateurs Trend Micro du Québechttp://www.linkedin.com/groups?gid=2296257
Thank you, merci
Questions?