Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
-
Upload
unit4-it-solutions -
Category
Technology
-
view
1.137 -
download
0
description
Transcript of Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Copyright 2009 Trend Micro Inc. 1
NameTitle, Date
How Security can maximise your Virtualisation ROI
Copyright 2009 Trend Micro Inc.4/5/2011 2
The journey to the cloud
Security issues & risks
Questions
Securing your journey to the cloud
Copyright 2009 Trend Micro Inc.
The Evolving DatacenterLowering Costs, Increasing Flexibility
3
Physical
Servers virtualized in scalable, shared, automated & elastic environment
Private Cloud
Public Cloud
Select enterprise applications in public cloud
Virtual
Servers virtualized with minimal changes to datacenter processesTraditional
datacenter
Copyright 2009 Trend Micro Inc.
Securing the Cloud is About Securing…Virtualisation
Dynamic Data Center withShared System, Share Storage
Application Platform
New Platform for New Apps. Example, Web Defacing, SQL Injection
Highly Mobile Devices
Ubiquitous, BorderlessData Access, Data Everywhere
Shared Data Storage
Ownership of Data vs. ComputingConfidentiality & Access Control
Hybrid Cloud Management
SecurityThat Fits
Cloud Infrastructure
Cloud Data Cloud Application
Endpoint Revolution
Pillars of Cloud Computing
Copyright 2009 Trend Micro Inc.4/5/2011 5
The journey to the cloud
Security issues & risks
Questions
Securing your journey to the cloud
Copyright 2009 Trend Micro Inc.
The Dynamic Datacenter
88% of North American enterprises [no] virtualization security strategy Forrester Research / Info Week
Physical Virtual Cloud
Number one concern (87.5%) about cloud services is security.Frank Gens, IDC, Senior VP & Chief Analyst
2012, 60% of virtualized servers.. less secure than… physical servers…. “Addressing the Most Common Security Risks in Data Center Virtualization Projects” Gartner, 25 January 2010
Technologies and practices for securing physical servers won’t provide sufficient protections for VMs. Neil MacDonald, Gartner, June 2009
Copyright 2009 Trend Micro Inc. 7
Security and privacy were the foremost concerns by far, with a weighted score higher than the next three (performance, immaturity and regulatory compliance) combined.
Gartner (April 2010)
Security: the #1 Cloud Challenge
Copyright 2009 Trend Micro Inc.
IT Production Business Production ITaaS
Data destruction
Diminished perimeter
Compliance / Lack of audit trail
Multi-tenancy
Data access & governance
Resource contention
Mixed trust level VMs
Data confidentiality & integrity
1
2
3
4
5
6
7
8
9
10
11
12
Assessing Risk in the Cloud Journey
Inter-VM attacks
Instant-on gaps
Host controls under-deployed
Complexity of Management
08-31
Copyright 2009 Trend Micro Inc.4/5/2011 9
The journey to the cloud
Security issues & risks
Questions
Securing your journey to the cloud
Copyright 2009 Trend Micro Inc.
Cloud Application Platform
Cloud Infrastructure and Management
End User Computing
• Secure
• Manageable
• Open
VMware Solutions for IT as a Service
Management,Security,
Compliance.
Copyright 2009 Trend Micro Inc.
Security Zone
vShield App 1.0 and Zones
Application protection from network based threats
vShield SecuritySecuring the Private Cloud End to End: from the Edge to the Endpoint
EdgevShield Edge 1.0
Secure the edge of the virtual datacenter
Endpoint = VM vShield Endpoint 1.0
Enables offloaded anti-virus
Virtual Datacenter 1 Virtual Datacenter 2
DMZ PCI compliant
HIPAA compliant
Web ViewVMwarevShield
VMwarevShield
VMware vShield Manager
Copyright 2009 Trend Micro Inc.
• Enable our customers to maximize the benefits of virtualization,
• Securely accelerating the journey to the cloud
• Trend FIRST to partner with VMware to fully leverage the new vShield EndPoint platform
“While their competitors talk about virtualization, Trend Micro is leading the way
with product” Sept 3, 2010
12
VMware and Trend Micro have partnered to deliver the first and only agentless anti-virus solution
architected for VMware virtualized datacenters and desktops.
Copyright 2009 Trend Micro Inc.
Agentless Anti-Virus OverviewThese are the key “building blocks” for VMware customers
13
Agent-less Anti-Virus for VMware
Protection for virtualized desktops and datacenters
Trend Micro Deep SecurityAnti-malware
A virtual appliance that detects and blocks malware (web threats, viruses & worms, Trojans).
VMware vShield Endpoint
Enables offloading of antivirus processing to Trend Micro Deep Security Anti-malware – a dedicated, security-hardened VM.
The first and only agentless anti-virus solution architected for VMware
BetterManageability
HigherConsolidation
FasterPerformance
StrongerSecurity
The idea
The components
CustomerBenefits
Differ-entiator
Copyright 2009 Trend Micro Inc.
vShieldEndpoint
Protection beyond Anti-MalwareBeyond providing Agentless AV, Trend Micro Deep Security provides additional protection for VMware customers
14
Anti-MalwareDetects and blocks malware (web threats, viruses & worms, Trojans). (PCI*)
Agentless1
DEEP SECURITY
VMsafeAPIs
Log Inspection
Integrity Monitoring
IDS / IPS
Web Application Protection
Application Control
Firewall
Detects and blocks known and zero-day attacks that target vulnerabilities (PCI*)
Provides increased visibility into, or control over, applications accessing the network
Reduces attack surface. Prevents DoS & detects reconnaissance scans (PCI*)
Optimizes the identification of important security events buried in log entries. (PCI*)
Detects malicious and unauthorized changes to directories, files, registry keys. (PCI*)
Shields web application vulnerabilities (PCI*)
Agent-based
2
3
4Agent-based
Agentless
(PCI*): Helps address one or more PCI Data Security Standards and other compliance requirements
Copyright 2009 Trend Micro Inc.
Benefits that Matter to Customers
• Higher consolidation− Inefficient operations removed
• Faster performance− Freedom from AV Storms
• Better manageability − No agents to configure,
update & patch• Stronger security
− Instant ON protection− Tamper-proofing
15
VM VM VM
Previously
AV Virtual Appliance
VM VM VM
Now, with Deep Security 7.5
VM
Copyright 2009 Trend Micro Inc.
Deep Security enables higher VM densities• SYMC/MFE consume 3x –12x more resources in sch. scans & could not handle
more than 25 desktop VMs/host
• DS supports 2-3 times no. of desktop VMs/host than traditional AV
• DS supports 40-60% more server VMs/host than traditional AV
Scheduled scan resource usage over baseline – 50 VMs per host
273%
81%
307%
Symantec Trend McAfee
CPUSymantec Trend McAfee
2143%
692%
2053%
Symantec Trend McAfee
IOPSSymantec Trend McAfee
Copyright 2009 Trend Micro Inc.
Data Security Challenges in the CloudEncryption rarely used:- Who can see your information?
Storage volumes and servers are mobile: - Where is your data? Has it moved?
Rogue servers might access data: - Who is attaching to your storage?
Audit and alerting modules lacking:- What happened when you weren’t looking?
Encryption keys tied to vendor:- Are you locked into a single security solution? Who has access to your keys?
Storage volumes contain residual data:- Are your storage devices recycled securely?
Classification 4/5/2011 19
Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…
Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…
Copyright 2009 Trend Micro Inc.
Protection at the Data LevelEncryption designed to secure the cloud
Copyright 2009 Trend Micro Inc.
Identity - “Is it mine?”• Mounted data store
• Location
• Start-up time
• Embedded keys
Integrity - “Is it OK?”• Firewall
• AV
• Self integrity check
• Deep Security
21
Auto or Manual rules based key approval
Identity and Integrity are paramount
Copyright 2009 Trend Micro Inc.
IT Production Business Production ITaaS
Data destruction
Diminished perimeter
Mixed Trust Level VMs
Multi-tenancy
Data access & governance
Resource contention
Data confidentiality & integrity
1
2
3
4
5
6
7
8
9
10
11
12
Trend Micro Mapped Along the Journey
Inter-VM attacks
Instant-on gaps
Host controls under-deployed
Complexity of Management
08-31
Compliance / Lack of audit trail
Copyright 2009 Trend Micro Inc. 23
Trend Micro: Server Security LeadershipIDC Market Analysis: Worldwide Corporate Server Security Market Share
All Others77.1%
Trend Micro22.9%
Source: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC
These products are generally more robust than desktop endpoint securityand are available for a much wider set of operating systems (Windows, Unix, and Linux).
This category also includes products that are designed to protect hypervisors and virtualservers.”
Copyright 2009 Trend Micro Inc.24
The most comprehensive suite of next-generation,
virtualization security solutions:
Virtual appliance- and guest-based
Tightly integrated with, and leverages,
VMware APIs and technologies.
Architected to fully leverage the VMware platform
for delivering better-than-physical security.
Improves Securityby providing the most
secure virtualization infrastructure, with APIs, and certification programs
Improves Virtualizationby providing security solutions
architected to fully leveragethe VMware platform
Copyright 2009 Trend Micro Inc.
Thank you from Trend Micro