Trend Micro - Virtualization and Security Compliance
-
Upload
1cloudroadcom -
Category
Technology
-
view
1.785 -
download
5
description
Transcript of Trend Micro - Virtualization and Security Compliance
1
Copyright 2012 Trend Micro Inc.Classification 1/18/2012 2
David Girard • Senior Security Advisor • Trend Micro
Datacenter Virtualization & Security ComplianceHow to Have Both at a Lower Cost
VMUG Montreal – January 17, 2012
2
Copyright 2012 Trend Micro Inc.
VMWorld 2011: Partners for Security
Improves Securityby providing the most
secure virtualization infrastructure, with APIs, and certification programs
Improves Virtualizationby providing security solutions
architected to fully exploit the VMware platform
• VMware #1 Security Partner• Trend Micro: 2011 Technology Alliance Partner of the Year
3
Copyright 2012 Trend Micro Inc.
Questions (before we start)
• How many are in charge of virtualization?
• How many are in charge of security compliance?
• How many are responsible for both?
• Who think security controls kill their virtualization project or increase its cost ($$$ and performance) by too much?
Classification 1/18/2012 4
4
Copyright 2012 Trend Micro Inc.1/18/2012 5
Virtualization to reduce cost
Security Compliance is not an option
Conclusion, Q&A
Security Compliance at lower cost
5
Copyright 2012 Trend Micro Inc.
Collision Course in the Making …
Classification 1/18/2012 6
• Two major industry drivers at odds w/ each other– Increased focus on compliance– Datacenter virtualization and Cloud computing
You must comply.You have no choice. Corporate Lawyers and external auditors are watching you.
You must save on IT cost. You have no choice according to CFO
How to make both lawyer, auditors and CFO happy?
6
Copyright 2012 Trend Micro Inc.
As current pre-production clouds go live, we will see 4x as many clouds
Key Trends: Businesses Are Moving to the Cloud
7
Source: Trend Micro survey, May 2011
7
Copyright 2012 Trend Micro Inc.
Companies with public or hybrid clouds
• 45% of their existing applications are in the cloud
• 53% of their new applications will be deployed in the cloud
43% experienced a security issue in the last 12 months
Deploying Applications in the Cloud
8
8
Copyright 2012 Trend Micro Inc.
Who is responsible for security?
• With IaaS the customer is responsible for security– Example: http://aws.amazon.com/agreement/ (11 May 2011)
• With SaaS or PaaS the service provider is responsible for security– Not all SaaS or PaaS services are secure
– Can compromise your endpoints that connect to the service
– Endpoint security becomes critical
Public CloudPaaS
Public CloudIaaS
Servers Virtualization & Private Cloud
End-User (Enterprise) Service Provider
Public CloudSaaS
Who Has Control?
9
9
Copyright 2012 Trend Micro Inc.
Cloud classification
Trend Micro Confidential 1/18/2012 10
Deployment
Model
Service Model
Software as a
service
(SaaS)*
Plateform as a
service
(PaaS)
Infrastructure as a
service
(IaaS)
Private
Community
Public
Hybrid
Reference: Cloud_Computing_Business_Use_Case_Templa te.pdf from NIST
*DaaS are considered as a sub category of SaaS by many organizations
Reference :Guidelines on Security and Privacy in Pu blic Cloud Computing Draft-SP-800-144_cloud-computing.pdf
10
Copyright 2012 Trend Micro Inc.
Platform-specific Security Risks
Visibility & Threats
• Less visibility
• More external risks
Performance & Threats
• Security degrades performance
• New VM-based threats
Manageability
• Glut of security products
• Less security
• Higher TCO
Virtual CloudPhysical
Reduce Complexity Increase Efficiency
Integrated SecuritySingle Management Console
11
Deliver Agility
11
Copyright 2012 Trend Micro Inc.1/18/2012 12
Virtualization to reduce cost
Security Compliance is not an option
Conclusion, Q&A
Security Compliance at lower cost
12
Copyright 2012 Trend Micro Inc.
Key Trends: Compliance Imperative
13
More standards: • PCI, PIPEDA, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
More specific security requirements• Virtualization, Web applications, EHR, PII …
More penalties & fines• HITECH, Breach notifications, civil litigation
DMZ consolidation using virtualization will be a "h ot spot” for auditors, given the greater risk of mis-configurati on and lower visibility of DMZ policy violation. Through year-en d 2011, auditors will challenge virtualized deployments in the DMZ more than non-virtualized DMZ solutions.
-- Neil MacDonald, Gartner
With more than 400 regulations and over 10,000 overlappingcontrols in 38 countries, compliance has become a challenging and complexmandate for organizationseverywhere.
13
Copyright 2012 Trend Micro Inc.Classification 1/18/2012 14
Core Security Compliance Controls
Don’t forget Environmental regulations
With our solutions you get more VM density = less CO2 = Green = Compliant
14
Copyright 2012 Trend Micro Inc.
The PCI compliance case
• PCI SSC’s most FAQ’s is on virtualization compliance– “If I virtualize my cardholder data environment (CDE) will I still
be PCI compliant?”– “Do I need to use dedicated hypervisors to host my CDE
components”
• PCI DSS v2.0 formerly acknowledged virtualization of the CDE was permitted– Specific guidance was deferred to an emerging technology
information supplement on virtualization
Classification 1/18/2012 15
15
Copyright 2012 Trend Micro Inc.
The History …
• PCI Virtualization Special Interest Group (SIG) formed during the 2009 RSA Conference– SIG Objective : Provide clarification on the use of virtualization
in accordance with the PCI DSS– After a 2 year process, the SIG submitted recommendations to
the PCI SSC working group for consideration– Trend has been a contributing member of the SIG from the
very first call– Opinions on the SIG varied widely
• Leading edge : Embrace virtualization and the direction towards cloud computing
• Conservative : Recommend dedicated hypervisor environments and restrict consolidation of system components – defer use of the cloud
Classification 1/18/2012 16
16
Copyright 2012 Trend Micro Inc.
10 Key Principles from PCI-DSS Virtualization Guidelines
1. Hypervisor environment is in scope
2. One function per server
3. Separation of duty
4. Mixing VM’s of different trust levels
5. Dormant VMs and VM snapshots
6. Immaturity of monitoring solutions
7. Information leakage
8. Defense in depth
9. VM Hardening
10.Cloud ComputingClassification 1/18/2012 17
17
Copyright 2012 Trend Micro Inc.
PCI DSS 2.0 Virtualization Guidelines
Classification 1/18/2012 27
PCI DSS 2.0 Virtualization Guideline Required Control s
1. Hypervisor environment is in scope - Hypervisor and supporting components
must be hardened- Security patches applied ASAP- Logging/monitoring of hypervisor events
Deep Security DPI and FIM- Virtual Patching Prevents VMs from being compromised to attack hypervisor- FIM checks the integrity of vSphere utilizing Intel TPM/TXT
2. One function per server- Physical servers had the same requirement, no change in behavior
Deep Security Firewall- Firewall ensures only requires ports and protocols are accessible
3. Separation of duty- Consider multi-factor authentication- Access controls for both local and remote should be accessed- Review and monitor RBAC controls- Enforce least privilege where possible
Deep Security Manager- Support for RBAC enables separation of duty of security policies
4. Mixing VM’s of different trust levels- In order for in-scope and out-of-scope VMs to co-exist on the same hypervisor the VMs must be isolated from each other
Deep Security Firewall and IDS/IPS- A combination of VLAN and per VM firewall and IDS/IPS provides the isolation and visibility into inter-VM traffic required
18
Copyright 2012 Trend Micro Inc.
PCI DSS 2.0 Virtualization Guidelines
Classification 1/18/2012 28
PCI DSS 2.0 Virtualization Guideline Required Control s
5. Dormant VMs and VM snapshots- Access should be restricted- Ensure that only authorized VMs are added and removed - Recognize that VMs are dynamic and state cannot be assumed
Deep Security Agentless DPI & AV- Automated VM discovery via real-time integration w/ vCenter- Dormant VMs are protected by the Virtual Appliance when first powered on eliminating ‘stale’ protection policies
6. Immaturity of monitoring solutions- Traditional tools do not monitor inter-VM traffic- Virtualization tools are still immature compared to their physical counterparts
Deep Security IDS/IPS, FIM & LI- Deep Security IDS/IPS provides visibility into inter-VM traffic- Integrity Monitoring provides visibility into unauthorized changes to guest-VMs and the hypervisor- Log Inspection provides visibility into security events occurring to guest-VMs
7. Information leakage- Increased risk of information leakage between logical network segments & between logical components
Deep Security (all modules)- IDS/IPS, FIM and Log Inspection provides visibility as shown in #6 above- Firewall reduces the VMs attack surface
19
Copyright 2012 Trend Micro Inc.
PCI DSS 2.0 Virtualization Guidelines
Classification 1/18/2012 29
PCI DSS 2.0 Virtualization Guideline Required Controls
8. Defense in depth- Traditional security appliances cannot protect virtual- Traditional agent-based security products can impact performance
Deep Security (all modules)- Automated VM discovery via real-time integration w/ vCenter & new VMs are auto-protected w/ a default security profile- Protection for physical, server VMs, VDI, hybrid cloud, and public cloud
9. VM Hardening- Harden VMs (OS & Apps) by disabling unnecessary services, ports, interfaces, and devices- Send logs off-board in near real-time- Establish limits on VM resource usage
Deep Security and VMware- IDS/IPS & firewall hardens VMs - Integrity Monitoring provides visibility into unauthorized changes to guest-VMs- Log Inspection provides visibility into security events occurring to guest-VMs & forwards in real-time
10. Cloud Computing- Cloud service provider must provide sufficient assurance that the scope of PCI compliance is sufficient- Customer is required to provide additional necessary controls
Deep Security and SecureCloud- Deep Security protects VMs in enterprise, hybrid cloud and public cloud environments- SecureCloud provides encryption services independent of cloud provider ensuring only authorized personnel can access the data
20
Copyright 2012 Trend Micro Inc.31
# of days untilvulnerability isfirst exploited , after patch ismade available
2003MS- Blast
28 days
2004Sasser
18 days
2005Zotob
10 days
2006 …WMF
Zero-day Zero-day
Exploits are happening beforepatches are developed
2010IE zero-day
“ Microsoft today admitted it knew of
the Internet Explorer flaw used in the
attacks against Google and Adobe
since September last year.”
-- ZDNet, January 21, 2010
“ Microsoft today admitted it knew of
the Internet Explorer flaw used in the
attacks against Google and Adobe
since September last year.”
-- ZDNet, January 21, 2010
21
Copyright 2012 Trend Micro Inc.32
By exploiting a vulnerability…
– Take full control of a system– Install programs– View, delete, or change data– Create accounts with user privileges– Deny services – Crash systems– Steal & sell valuable data
An attacker can:
����
22
Copyright 2012 Trend Micro Inc. 33
Where are you most vulnerable?
Unsupported OSs & apps
Enterprise applications
Untouchable apps
Legacy web applications
1
2
3
4
23
Copyright 2012 Trend Micro Inc. 34
Enterprise applications1
2,723 Critical “Software Flaw” Vulnerabilities in 2009• Common Vulnerabilities & Exposures (“CVE”): Score 7-1 0
78
73
23 How often / easily do youpatch Oracle vulnerabilities?
24
Copyright 2012 Trend Micro Inc.35 © Third Brigade, Inc.
• Inherently open and accessible• Content & functionality constantly
evolving • Web 2.0 adds more complexity• Many legacy web apps cannot be
fixed (developers gone)• Perimeter security doesn’t protect
web apps• Secure SDLC: Lack of awareness
and training
“New mass SQL injection attack infects 56,000 websites”-- SC Magazine.
August 25, 2009
“New mass SQL injection attack infects 56,000 websites”-- SC Magazine.
August 25, 2009
Legacy web applications2
25
Copyright 2012 Trend Micro Inc. 36
Unsupported OSs & apps3
Security patches no longer issued for:
38
10.1
October2010
July 2010
March2009
January2009
26
Copyright 2012 Trend Micro Inc.
• Reason for not patching:– Cost of refresh– Compliance restrictions– Service Level Agreements
37
KiosksATMs
Pointof Sale
Medical
The underlying applications require security patches, which couldcreate incompatibilities and even break the medical device. Medical device manufacturers are reluctant to patch until they have performed adequate testing.
Untouchable apps4
27
Copyright 2012 Trend Micro Inc. 38
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
IntegrityMonitoring
Log Inspection
Anti-Virus
Detects and blocks known and zero-day attacks that target vulnerabilitiesShields web application
vulnerabilities Provides increased visibility into, or control over, applications accessing the network
Reduces attack surface. Prevents DoS & detects reconnaissance scans
Detects malicious and unauthorized changes to directories, files, registry keys…
Optimizes the identification of important security events buried in log entries
Detects and blocks malware (web threats, viruses & worms, Trojans)
Trend Micro Deep SecurityVirtual patching solution
Protection is delivered via Agent and/or Virtual Ap pliance
5 protection modules
28
Copyright 2012 Trend Micro Inc.
Sample list of systems protectedDeep Security rules shield vulnerabilities in these common applications
Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSELinux (10,11)
Database servers Oracle, MySQL, Microsoft SQL Server, Ingres
Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint
Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional,
FTP servers Ipswitch, War FTP Daemon, Allied Telesis
Backup servers Computer Associates, Symantec, EMC
Storage mgt servers Symantec, Veritas
DHCP servers ISC DHCPD
Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer
Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client
Web browsers Internet Explorer, Mozilla Firefox
Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft
Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client
39
29
Copyright 2012 Trend Micro Inc.
Security CenterRules to shield newly discovered vulnerabilitiesare developed and delivered automatically
PrivateUnderground
Coordinate Information
andResponse
Filter Development
Coverage Analysis
PublicMonitor
Triage
Develop
Deliver
Automated Monitoring• SANS• CERT• Vendor Advisories• Bugtraq
Filter Types• Exploit / Attack • Vulnerability • Smart / Anomaly / Traffic
Response• Automated• Within Hours
Quality Assurance
Application Triage• Wide range of server, desktop and
custom application coverage• Per filter recommendations
40© Third Brigade, Inc.
• VulnWatch• PacketStorm• Securiteam
30
Copyright 2012 Trend Micro Inc.
Platforms protected
41
41
Windows 2000Windows 2003 (32 & 64 bit)Windows XPVista (32 & 64 bit)Windows Server 2008 (32 & 64 bit)Windows 7HyperV (Guest VM)
8, 9, 10 on SPARC10 on x86 (64 bit)
Red Hat (CentOS) 4, 5, 6 (32 & 64 bit)SuSE 10, 11
VMware ESX Server (guest OS)VMware Server (host & guest OS)
XenServer (Guest VM)
HP-UX 11i (11.23 & 11.31)AIX 5.3, 6.1
Integrity Monitoring& Log Inspection modules
31
Copyright 2012 Trend Micro Inc.
Protection for web applications
• Microsoft.NET - based website tested with IBM Ration al AppScan• 5,428 vulnerability tests sent
42 © Third Brigade, Inc.
32
Copyright 2012 Trend Micro Inc.
Conficker Worm example
Five Variants:• Nov 21, 2008 Win32/Conficker.A• Dec 29, 2008 Win32/Conficker.B• Feb 16, 2009 Win32/Conficker.B++ (C)• Mar 4, 2009 Win32/Conficker.D• April 8, 2009 Win32/Conficker.E
Impact• Up to 10 million machines infected• Weeks of clean-up & containment effort• Lost productivity during the worm outbreak• Potential for further attacks due to Conficker disabling AV
processes and blocking updates• Additional malware installed in silent mode for future
malicious use and/or creation of BotNets
43
33
Copyright 2012 Trend Micro Inc.44 © Third Brigade, Inc.
Deep Security customers were protected before first Conficker exploits appeared
• Deep Security customers were protected against MS08-067 exploits beginning Oct 23, 2008 (same day vulnerability was announced, and weeks before first exploit).– DPI rules shield MS08-067 from exploit– Log Inspection rules detect Conficker brute force attempts– Integrity Monitoring rules detect Conficker system infection
• Two new Deep Security DPI rules released Feb 23, 2009 to protect against Conficker.B++
• Deep Security’s Recommendation Scan feature automatically recommends the above protection rules– Ensures the appropriate level of protection is applied to systems
even if IT Security is not aware of a particular attack
34
Copyright 2012 Trend Micro Inc.46
VM VM VM
The Old Way
Security Virtual Appliance
VM VM VM
With Agent-less Integrity Monitoring
VM
BetterManageability
Zero AddedFootprint
FasterPerformance
StrongerSecurity
• Zero added footprint: Integrity monitoring in the s ame virtual appliance that also provides agentless AV and Deep Packet Ins pection
• Stronger Security: Expands the scope of protection to hypervisors through Intel TPM/TXT integration
• Order of Magnitude savings in manageability• Virtual Appliance avoids performance degradation fr om FIM storms
Deep Security 8 Integrity MonitoringAgentless Integrity Monitoring
46
35
Copyright 2012 Trend Micro Inc.
Key Challenge: Data security in the cloudNeed: Enable path to private, public or hybrid cloud with added data security, management APIs and multi-tenancy support
Deep Security 8 with SecureCloud 1.2• Support for bare metal and virtual
infrastructure without cloud API
Deep Security 8 with SecureCloud 2.0• Deep Security Manager integration• FIPS 140-2 certification• Key revocation, rotation & lifecycle
mgmt
Cloud
Amazon, vCloud
Security for Cloud ServersDeliver Agility
Deep Security 8 with SecureCloud 2.0 will provide context-aware data security necessary for ALL cloud environments
47
36
Copyright 2012 Trend Micro Inc.
Patient Medical RecordsCredit Card Payment InformationSensitive Research ResultsSocial Security Numbers
Encryption with Policy-based Key Management
• Data is unreadable to unauthorized users
• Policy-based key management controls and automates key delivery
• Server validation authenticates servers requesting keys
SecureCloud 2
Total Cloud ProtectionSystem, application and data security in the cloud
Deep Security 8
Modular protection for servers and applications
• Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
Context Aware
48
37
Copyright 2012 Trend Micro Inc.
SecureCloud – New In 2
• FIPS 140-2 Certification– Exchange of Mobile Armor encryption agent– Gives Trend access to Fed / Gov accounts
• DSM Integration– Greatly improves ability to build robust
authentication policies– Begins integration of two cutting edge technologies– Additional integration – unified management console
• Total Cloud Protection Bundle– New bundle connects both products– Gives protection across all infrastructures – PVC– Defines a place to manage and protect all future
environments
1/18/2012 4949
38
Copyright 2012 Trend Micro Inc.
SecureCloudNew Features and Benefits
Value to the customer:
• Access cloud economics and agility by removing data privacy concerns.
• Segregate data of varied trust levels to avoid breach and insider threat
• Reduce complexity and costs with policy-based key management
• Boost security with identity- and integrity-based server authentication
• Move freely among clouds knowing that remnant data is unreadable
Trend Micro Confidential1/18/2012
New Features• Support for bare metal and virtual infrastructures, cloud API no longer
necessary
• FIPS 140-2 certification opens government highly se nsitive accounts
• Addition of key revocation, rotation and lifecycle management efficiently manages keys across physical, virtual and cloud dep loyments
• Integration with Deep Security gives robust, contex t-aware security
50
39
Copyright 2012 Trend Micro Inc.
SecureCloud 2Enterprise Deployment Options
Trend Micro SaaS Solution
Key Management Deployment Options
Encryption Support
Or
Data Center Software Application
VM VM VM VM
VM VM VM VM
SecureCloudConsole
Private Clouds
PublicClouds
vSphere Virtual Machines
VM VM VM VM
51
40
Copyright 2012 Trend Micro Inc.
SecureCloud 2Service Provider Deployment Options
Hosted Model
Key Management Deployment Options
Encryption Support
Or
Direct ModelSecureCloudConsole
VM VM VM VM PublicClouds
• Direct model gives providers full control over services offered.
• Hosted model creates SoD and relieves providers of the liability and responsibilities.
• Both models give providers revenue and differentiation.
52
41
Copyright 2012 Trend Micro Inc.
Deep Security Platform Architecture
Deep SecurityManager
Reports
Deep Security Agent
Deep Security Virtual Appliance
Modules:• DPI & FW• Anti-malware • Integrity Monitoring• Log Inspection
Modules:• DPI & FW• Anti-malware• Integrity Monitoring
2
1
3Deep Security Agent
5
Cloud Integration
4 SecureCloud
ThreatIntelligence Manager
Single PaneScalable Redundant
53
42
Copyright 2012 Trend Micro Inc.1/18/2012 54
Log inspection
Log inspection keeps track of pre-selected system logs for events that might indicate a successful intrusion
Windows Event Log Inspection Event
43
Copyright 2012 Trend Micro Inc.
Customer feedback
• “Deep Security protects our Windows, Linux and other hosts, and allows us to proactively shield vulnerabilities in these critical servers from targeted attacks until patches can be deployed.”
• “Deep Security acts as a virtual patch, shielding hard-to-patch and unpatchable systems, and allowing us to test and deploy vendor-supplied patches more thoroughly and efficiently."
• “In the review period, Deep Security was demonstrated to reduce the vulnerability gap on critical servers by more than 90%.”
55
44
Copyright 2012 Trend Micro Inc.
The Deep Security difference
56
Broader PlatformCoverage
TighterIntegration
ComprehensiveProtection
Greater OperationalEfficiency
45
Copyright 2012 Trend Micro Inc.
Cloud Security – Modular Protection
Compliance
57
TemplateIntegrity
VM Isolation
Real-timeProtection
Data Protection
What is the Solution?Security that Travels with the VM
Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
• SaaS security deployment option
46
Copyright 2012 Trend Micro Inc.1/18/2012 58
Virtualization to reduce cost
Security Compliance is not an option
Conclusion, Q&A
Security Compliance at lower cost
47
Copyright 2012 Trend Micro Inc.
Vendor Management Savings:
30% Less Time
Improved Security and Availability:
73% Fewer Security Incidents
Cost Savings:
Customer Case Studies: Average $605,927 Savings
Physical
Source: Forrester. The Total Economic Impact of Trend Micro Enterprise Security. 6/11.
Windows, Linux, Solaris, etc
Reduce ComplexityConsolidate Physical Security Vendors
48
Copyright 2012 Trend Micro Inc.
Deployment• Server Virtualization in production / trial = 59%• Desktop virtualization in production / trial = 52%
Consolidation Ratios
Source: Indusface June 2010
Cloud FoundationIf server virtualization is deployed then• 62% have also deployed a private cloud• 60% have also deployed a public cloud
Virtualization
Increase EfficiencyServer and Desktop Virtualization Security
0 5 10 15 20 25
Traditional Security
Virtualization Aware
Baseline (no AV)
2-4
20
20
49
Copyright 2012 Trend Micro Inc.
Agentless AV enables greater density• Other products consume 3x –12x more resources in scheduled scans & could not
handle more than 25 desktop VMs/host
• Trend supports 200-300% more desktop VMs/host than traditional AV
• Trend supports 40-60% more server VMs/host than traditional AV
Scheduled scan resource usage over baseline – 50 VMs per host
273%
81%
307%
Symantec Trend McAfee
CPU2143
%
692%
2053%
Symantec Trend McAfee
IOPS
50
Copyright 2012 Trend Micro Inc.
What about scan time?OfficeScan VDI Plugin caching technology is the fastest on the market
Classification 1/18/2012 62
VDI Profile Other AV Solution Trend Micro 10.5
Mixed Maximum High Density
VDI Pool(4H &16 L)
Approx 1-2 Hours 16 Minutes
Mixed Low Density VDI Pool
(1H & 3 L)
Approx. 27- 49 minutes 2 Minutes
51
Copyright 2012 Trend Micro Inc.
Improved Density means Dollars Saved$250K over 3 years for 1000 Virtual Desktops Saved
64
Similar savings accrue for server VM as well.3-year savings for 600 server VMs running Trend Mic ro = $200,000
Desktop Virtualization TCO1000 Virtual Desktops
With Trend Micro
GREEN
With TraditionalAntivirus+CO2
VDI Images per server 75 25
Servers Required to Host 1000 Virtual Desktops 14 40
Capex Savings for 1 server $5900 (from VMware TCO Calculator)
Power, Cooling & Rackspace Savings for 1server over 3 years
$3600 (from VMware TCO Calculator)
3-year savings for 1000 virtual desktops running Trend Micro
$(5900+3600) X 26 fewer servers = $247,000
52
Copyright 2012 Trend Micro Inc.
Risk : Malware Signature size
0
20
40
60
80
100
120
140
160
2008 2009 2010
43
35
32
61 65
117
39
68
158
55
77
160
Evolution of malware signatures files from 2008-201 1
Trend Micro McAfee Kaspersky Symantec
MB
Evolution -14% +38% + 101% +70%
53
Copyright 2012 Trend Micro Inc.
What do you use to protect your VM’s?
Classification 1/18/2012 66
Traditional protection Kill VM’S and your infrastructure
Trend Micro got the weapon to kill malware not your infrastructure
Deep Security, SecureCloud and OfficeScan-VDI are VM aware. They are optimized for VMware . Save resource s, save money now!
or
Don’t play Russian roulette with your virtual security!
54
Copyright 2012 Trend Micro Inc.
Competitive Landscape
1/18/2012 67
Protection TrendMicro DS
McAfee Symantec IBM Tripwire
AgentlessAnti-malware
YES NO(MOVE AV for
VDI = thin agent)
NO(optimized SEP
agent with whitelisting)
NO NO
Agentless FW, IDS/IPS & web app protection
YES NO NO YES(only IDS/IPS)
NO
Agentless FIM incl. hypervisor integrity
YES NO(agent-based =
Solidcore)
NO NO NO(has a more feature-rich
agent)
Integrated Agent with AV, FW, DPI, FIM, LI
YES NO3 different prodRelies on EPO
NO2 different
prod.
NO NO
Task automation w. Recommendation Scan, Golden Host
YES NO NO NO NO
Context-aware Total Cloud Protection
YES NO NO NO NO
vCenter & vShieldIntegration
YES NO NO NO (only vCenter)
NO67
55
Copyright 2012 Trend Micro Inc.
The opportunity for your organization
For IT : – Provide better security for critical systems & data– Stay ahead of virtualization and cloud computing
security challenges
For Operations & Finance: – Consolidate protection through a single, easy-to-
manage solution at a low cost
For Compliance: – More quickly & simply meet compliance
requirements. – Reduce time & effort required to prepare for audits
68
56
Copyright 2012 Trend Micro Inc.1/18/2012 69
Virtualization to reduce cost
Security Compliance is not an option
Conclusion, Q&A
Security Compliance at lower cost
57
Copyright 2012 Trend Micro Inc.
Conclusion & Recommendations
• Flexible: Physical-virtual-cloud
• Comprehensive: Multiple protection mechanisms
• Modular: Deployment options
• Integrated: With Vmware: vCenter, VMsafe, vShield…
• Multiplatform : Windows, Linux, Solaris, AIX, HP-UX
• Certified solutions : FIPS 140-2, EAL4+, PCI…
(Insist on vendor product roadmaps but don’t buy Vaporware. Buy mature solutions like Deep Security 8 or SecureCloud 2)
Classification 1/18/2012 70
Look for virtualization/ cloud security solutions with these key attributes :
58
Copyright 2012 Trend Micro Inc.
Thank you !Merci!
Product Information:http://us.trendmicro.com/us/products/enterprise/datacenter-security/deep-security/index.html
http://us.trendmicro.com/us/solutions/enterprise/security-solutions/virtualization/securecloud/
Questions?
59
Copyright 2012 Trend Micro Inc.
Next Steps
• Dowload a trial or White Paper.
• Call us! Schedule a live demo to discuss how our solutions can enhance your virtual Server or Desktop deployment
• The proof is in the pudding – let us deploy a Proof of Concept in your environment featuring the only and most advanced solution today!
Technical sales : [email protected] : Michel_bouasria@trendmicro .com