TrendMicro

1

1

David Girard, Senior Security Advisor – Trend Micro Canada

Magic Words of VDI Security: “Agentless” and “Aware”

2

Copyright 2009 Trend Micro Inc.10/4/2010 2

Virtualization Project

Desktop Server Cloud Virtual Appliance

?

3


The most comprehensive suite of next-generation

virtualization security solutions

Security Built for VMware


4



� Consolidation rates� Operational efficiencies

� Flexibility

� Savings

IT Operations

Protect data & applications

Security

Ensure compliance

Compliance

5




6

Copyright 2009 Trend Micro Inc.Classification 10/4/2010 6

Typical AV Console

9:00am Scan

Key Issue: Resource Contention

If several, or all, VMs start a full anti-malware scan at the same time, the underlying shared hardware will experience extreme load (memory, CPU, I/O), causing a slowdown of all virtual systems on the server. Large pattern file updates require significant memory and can impact, network and storage I/O resources.

High impact : Employee’s arrival or schedule scans

7


Trend Micro OfficeScanProtects virtual & physical endpoints

• VDI Intelligence with VDI plug-in

• Serializes updates and scans per VDI-host

• Leverages base-images to further shorten scan times

• Smart Scan limit Endpoints pattern updates since it is mostly in the cloud

VDI Security option #1: OfficeScan(First AV optimized for VDI)

8

Copyright 2009 Trend Micro Inc.

OfficeScan 10.5 has VDI-Intelligence

• Detects whether endpoints are physical or virtual– With VMware View

• Serializes updates and scans per VDI-host– Controls the number of concurrent scans and updates per VDI host– Maintains availability and performance of the VDI host– Faster than concurrent approach

• Leverages Base-Images to further shorten scan times– Pre-scans and white-lists VDI base-images– Prevents duplicate scanning of unchanged files on a VDI host– Further reduces impact on the VDI host

9


OfficeScan 10.5 Integrates with vCenter

10/4/2010 9

10


CPU

Classification 10/4/2010 10

11


CPU - Analysis


• Only 10.5 can support 20+ desktop images with mixed user profile.

• With no AV, average CPU utilization while 4 heavy and 16 light user script is running is 33%

• With 10.5 with ALL 4 heavy and 16 light user machines scanning, CPU utilization is 41%. Very Impressive.

• With powerful machines typically used in VDI environment CPU’s typically are not the breaking point.

• With 20 desktop images, 10.5 adds marginal load to CPU where as other solutions can not even get to support baseline number of desktop images

• With 10 desktop images, 10.5 adds only 11% CPU overhead compared to baseline (no AV and no scanning) versus Symantec which adds 29% CPU overhead , 10.1 which adds 50% CPU overhead and McAfee which is the worst which adds 83% CPU overhead

12


IOPS (vDisk Utilization)


13


IOPS - Analysis



• With 10 desktop images, 10.5 has 4.25 IOPS, 10.1 has 10.95 IOPS, Symantec has 9.02 IOPS and McAfee has whopping 22.39 IOPS

• Trend Micro Office Scan 10.5 IOPS has small deviation of 0.77 MB/s and 3.66 MB/s only from baseline and mixed 20 user profile

• Lets recap why 10.5 is so much better with IOPS• 10.5 Serializes updates and scans per VDI-host

• Pre-scans and white-lists VDI base-images

• Prevents duplicate scanning of unchanged files on a VDI host

14


IOPS – How many Systems?


• A VDI environment sized for 20 desktop images with 4 heavy and 16 light users.

• Keep IOPS between 6-8 and see how many desktop images can be supported with each AV deployment (Apples to Apples comparison)

• All about return of investment

• If you deploy McAfee, you can deploy ONLY 2 desktop images in an environment which supports 20 images without AV

• If you deploy Symantec, you can deploy ONLY 4 desktop images in an environment which supports 20 images without AV

• If you deploy Trend 10.5, you can deploy ALL 20 desktop images

Customers no longer have to choose

between Security and Return On Investment

15


Memory


16


Memory - Analysis



• Automatic Pool of 20 desktop images without AV in Mixed user Profile is consuming around 7.74 GB of Active Memory

• Trend Micro Office scan 10.5 is putting an overhead of only 1.32 GB in maximum VDI Density environment.

17


Scan Time with 10.5


VDI Profile Other AV Solution Trend Micro 10.5

Mixed Maximum High Density

VDI Pool(4H &16 L)

Approx 1-2 Hours 16 Minutes

Mixed Low Density VDI Pool

(1H & 3 L)

Approx. 27- 49 minutes 2 Minutes

18


Scan Time - Analysis


• Trend Micro Office scan 10.5 is performing Approx. 15 -25 times better in Mixed Low Density VDI pool and 4 -8 times better in Mixed Maximum High Density VDI pool.

• Trend Micro office scan 10.5 with its Smart Scan and VDI aware capability is consuming remarkably less scan time than other AV solutions.

19


VDI Security option #2: Deep Security

Trend Micro Deep SecurityProtects virtualized endpoints & servers

• First agent-less anti-malware solution

• Hypervisor-based introspection

• Eliminates “AV storms”

20




21


Typical AV Console

9:00am Scan

Key Issue: Resource Contention

22


Active Dormant Active, with

out-of-date security

Key Issue: Instant On Gaps

23


CRMTest WebEmailERP

Key Issue: Mixed Trust Level VMs

24


Physical Virtual Cloud Desktop/Laptop

Trend Micro Deep Security

Anti-Virus IntegrityMonitoring

LogInspection

FirewallIDS / IPS

Core Protection for Virtual Machines or CPVM deliver Agent Less AV for ESX 3.5 and 4.0.Deep Security 7.5 will go deeper with vShield on ESX or ESXi 4.1

25


• Optimized protection

• Operational efficiency

Security virtual appliance� Efficiency

� Manageability

Co-ordinated Approach

SecurityVM

Agent-based Security� Protection

� Mobility

26




27


Issue #1: Multi-tenancy

28


1001001101101100

Issue #2: Data Access & Governance

29


100110111000101

100110111000101

Issue #3: Secure Storage Recycling

30


Deep Security• Anti-Virus

• IDS/IPS

• + Virtual Patching

• + Web App Protection

• File Integrity Monitoring

• Log Inspection

• Firewall

Trend Micro Cloud Security Solutions

Flexibility & Confidence

Private & Public Cloud Computing

SecureCloud• Encryption

• Policy-based key management

31




32


Virtual Appliances

Hardware

Hypervisor

Virtual Appliance

Hypervisor

Application

OperatingSystem

Hardware

33


Virtual Appliance Benefits

Per-UserCost of Virtual

Appliance

70%Virtual Appliance Costs

IT Flexibility

Improve BusinessContinuity

A solution that scale over time. Don’t need to buy a bigger physical appliance. Just add more resources. Don’t need to buy an extra box for pre-production environment, just fire a new VM or install on any box that can run CentOS or Red Hat.

34


Web Security

Email Security

Trend Micro Security Virtual Appliances

�

�

Virtual Appliance

Other Trend Micro Product are offered as a virtual appliance :-Data Loss Prevention Server-Threat Discovery Virtual Appliance (part of Threat Management Services (TMS)

35


Desktop Server Cloud Virtual Appliance*


Deep SecurityOR

OfficeScan

Deep Security Deep SecurityAND

SecureCloud

InterScan Web SecurityInterScan Messaging

Security

*VMware CertifiedAppliances

Encryption of the virtual file system

36



37


Our Vision:

A world safe for exchanging digital information

37

Founded

Headquarters

Offices

Employees

Leadership

• United States in 1988

• Tokyo, Japan

• 23 countries

• 4,350

• US $1 Billion annual revenue

• 3rd largest security company

• “Global 100 Most Sustainable Corporations”

• Top 3 in Messaging, Web and Endpoint security

• Leader in virtualization & cloud computing security

1,000+ Threat Research Experts10 labs. 24x7 ops

Real-time alerts for new threats

Trend MicroGlobal leader in Internet content security and threat management.Catalyst for faster adoption of virtualization.

38


For more informations: Technical :[email protected]

Sales:[email protected][email protected] 893-1512

New Threats Informationshttp://blog.trendmicro.com/

User groupGroupe d’utilisateurs Trend Micro du Québechttp://www.linkedin.com/groups?gid=2296257

Thank you, merci

Questions?

TrendMicro

Technology

Transcript of TrendMicro