How Trend Micro address virtualisation
challenges
Paul Burton
Pre-Sales Manager -NEUR
Classification 7/28/2017
Copyright 2009 Trend Micro Inc.
1
Agenda
• Server Virtualisation –Deep Security 7.5
• Virtual Desktop Infrastructure –Officescan 10.5
Copyright 2009 Trend Micro Inc.
The Benefits of Virtualisation
£
Reduce IT
Capital Expense
by 50%
Business
Reduce
Administration
overhead
Reduce IT
operational
expense
Scalability
Increased
Flexibility
Agility
Classification 7/28/2017
Copyright 2009 Trend Micro Inc.
3
Server Virtualisation
Classification 7/28/2017
Copyright 2009 Trend Micro Inc.
4
Virtualisation Security Challenges
• Same threats as in physical environments
• New challenges:
Security Challenges
Compliance Challenge
Inter Virtual Machine Traffic
Network Segmentation
IDS/IPS
Concentration of Virtual Machine
with Mixed Trust Levels
Network Segmentation
IDS/IPS
Variable State
- Instant ON, Reverted, Paused,
Copied, Restarted...
Network Segmentation
IDS/IPS
Patch Management
Anti Virus
Integrity Monitoring
Virtual Machine Movement
Network Segmentation
IDS/IPS
Virtual Machine Sprawl
Network Segmentation
IDS/IPS
7/28/2017
Copyright 2009 Trend Micro Inc.
Trend Micro Deep Security
5 protection modules
Deep Packet Inspection
Detects and blocks known and
zero-day attacks that target
vulnerabilities
IDS / IPS
Shields web application
vulnerabilities
Web Application Protection
Provides increased visibility into,
or control over, applications
accessing the network
Application Control
Reduces attack surface.
Prevents DoS & detects
reconnaissance scans
Optimizes identification of
important security events
across multiple log files
Firewall
Integrity
Monitoring
Detects malicious and
unauthorized changes to
directories, files, registry keys…
Log
Inspection
Anti-Virus
Detects and blocks malware
(viruses & worms, Trojans)
Copyright 2009 Trend Micro Inc.
7
Protection is delivered via Agent and/or Virtual Appliance
Deep Security Product Components
Deep Security
Agent
Deep Security
Virtual Appliance
Security
Profiles
Alerts
Deep Security
Manager
Security Center
Security
Updates
Reports
Copyright 2009 Trend Micro Inc.
8
The Trend Micro Approach
Dormant
Active
Active
Security VM
- Firewall
- IDS / IPS
- Anti-Malware
Vmsafe
EPSEC/Seraph API
ESX
Server
Comprehensive, coordinated protection for all VMs
• Local, agent-based protection in the VM
• Security VM that secures VMs from the outside
• Multiple protection capabilities
• Integrates with VMware vCenter and VMsafe
Copyright 2009 Trend Micro Inc.
9
Secure Server Virtualization with
Deep Security
VIRTUAL
PHYSICAL
Deep Packet
Inspection
Firewall
Anti –
Malware
Within the DSVA
Copyright 2009 Trend Micro Inc.
CLOUD
Integrity
Monitoring
Log
Inspection
Why Customers Buy Deep Security
• Compliance
–
–
–
–
Reason to do it today
Internal compliance, security policy
External compliance, like PCI
Detailed reporting, audit support
• Virtualization Security
– Reason to revisit security practices
– Provides security necessary to achieve100% virtualization
– Enables mobility and evolution to cloud computing
• Defense in Depth / Business Continuity
–
–
–
–
Best practice
Preventing data breach and business disruption
Zero-day protection and virtual patching
Detecting suspicious activity
Copyright 2009 Trend Micro Inc.
Confidential
7/28/2017
11
Deep Security Center (also known as Labs)
• Dedicated team of security experts
• Track global vulnerabilities
– 100+ sources of information (public, private, govt): SANS,
CERT, Bugtraq, VulnWatch, PacketStorm, and Securiteam
– Member of Microsoft Active Protections Program
• Respond to new vulnerabilities and threats
– Advisories & Security updates
• Six-step, rapid response process supported
by automated tools
• On-going research to improve overall
protection mechanisms
12
Copyright 2009 Trend Micro Inc. © Third Brigade, Inc.
Deep Security Protection
“Provides targeted, server and application protection for
the widest range of platforms used to run mission critical
systems”
Operating Systems
Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11), AIX (5.3,6.1),
HP-UX 11i
Database servers
Microsoft SQL Server, Oracle, MySQL, Ingres, PostgresSQL, SAP MaxDB
Web servers
Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint, SAP, Sybase, Oracle
FTP servers
Ipswitch, War FTP Daemon, Microsoft IIS, Linux, Oracle XDB, NetTerm
Backup servers
CA BrightStor, EMC Legato, IBM Tivoli
Storage mgt servers
Symantec, Veritas
DHCP servers
Microsoft DHCP
Mail clients
Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client
Application Control
Remote Login, Mail Clients, File Sharing, Instant Messaging, Browsers, Web Media,
Suspicious Server
Traffic
MS SQL, Telnet, SSL, SSH, SMTP, FTP, HTTP, Oracle, RDP, X11, HTTP over HTTPS
Other applications
Samba, IBM WebSphere, Oracle BEA WebLogic, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync,
OpenSSL, Novell Client, LDAP Directories, Internet Explorer, Firefox
Classification 7/28/2017
Copyright 2009 Trend Micro Inc. 13
Desktop Virtualisation
Classification 7/28/2017
Copyright 2009 Trend Micro Inc. 15
IT Environment Changes
Threat Landscape
• Exponential growth in malware
• Web is number1 infection vector
• Vulnerabilities are exploited more quickly
Web-based attacks
Copyright 2009 Trend Micro Inc.
IT Environment Changes
Challenge: Traditional Approaches Fail
• Signature file updates take too long
• Signature files are becoming too big
26,598
• Patches cannot be deployed in time
16,438
10,160
6,279
3,881
2,397
57
205 799
2007
1,484
2009
2011
2013
Unique threat samples PER HOUR
Copyright 2009 Trend Micro Inc.
2015
IT Environment Changes
virtualisation
• Enterprises extend virtualisation to desktops
– Lower operational cost than physical hardware
• Easier deployment, patching, application provisioning
– Extended desktop hardware lifecycles
• Windows 7 rollout funds may get reassigned to VDI
– Security and data protection
• Data never leaves the data centre
– Regulatory compliance
• More tightly controlled environment
• VDI adoption results in mixed environments
Copyright 2009 Trend Micro Inc.
IT Environment Changes
Challenge: Securing virtual desktops
• Malware risk potential: Identical to physical desktops
• New challenges, unique to VDI:
– Identify endpoints virtualisation status
– Manage resource contention
• CPU
• Storage IOPs
• Network
Copyright 2009 Trend Micro Inc.
IT Environment Changes
Challenge: Resource Contention with VDI
• The “9-AM problem”
– Multiple users log in and get updates at the same time
• Scheduled scans
– Adds significant load to the endpoint
– Multiplied by number of VMs
Cumulative
system load
Conventional Endpoint Security Limits
Desktop virtualisation Benefits
Copyright 2009 Trend Micro Inc.
IT Environment Changes
Windows 7
• First major Operating System rollout in years
• Higher endpoint requirements:
– Call for desktop hardware refresh
– Fuel adoption of desktop virtualisation
• Enterprise re-evaluate their endpoint protection:
– Preserve Windows 7 performance
– Bridge multiple Windows versions to support a smooth migration
Copyright 2009 Trend Micro Inc.
OfficeScan
Innovative cloud-based technology


Policy based Web Reputation prevents
access to malicious or infiltrated websites
New File Reputation provides faster
protection with a minimal footprint
Endpoint-centric security



Built-in threat cleaning automatically
cleans
endpoints when needed
Device control protects removable storage
devices
Industries first solution optimized for Virtual
Desktop Infrastrucutre (VMWARE & CITRIX)
Advanced Firewall


Shields vulnerabilities before patching is
possible
Protects from zero-day attacks
Copyright 2009 Trend Micro Inc. 22
OfficeScan Plug-in architecture
extends the solution lifecycle
• Adds protection technology
– Virtual Patching
– VDI Intelligence
• Adds management capabilities
– Smartphones and PDAs
– Apple MacIntosh computers
OfficeScan
Console
Plug-in Manager
Copyright 2009 Trend Micro Inc.
Introducing OfficeScan 10.5
Industry‘s first VDI-aware endpoint security
VDI-Intelligence
5
• Increases consolidation rates
• Prevents resource contention
• Pays for itself
Comprehensive Protection
• Smart Protection Network
• Local Cloud support
• Virtual patching plug-in
Best for Windows 7
• Logo certification
• 32 bit and 64 bit
• Extensible plug-in architecture
Enterprise-class management
• Scalability
• Role-based administration
• Active Directory Integration
Copyright 2009 Trend Micro Inc.
OfficeScan 10.5 has VDI-Intelligence
• Detects whether endpoints are physical or virtual
– With VMware View
– With Citrix XenDesktop
• Serialises updates and scans
– Controls the number of concurrent scans and updates per VDI host
– Maintains availability and performance of the VDI host
– Faster than concurrent approach
• Uses Base-Images to further shorten scan times
– Pre-scans and white-lists VDI base-images
– Prevents duplicate scanning of unchanged files on a VDI host
– Further reduces impact on the VDI host
Copyright 2009 Trend Micro Inc.
Smart Protection Network
CLOUD-CLIENT ARCHITECTURE
•
Speeds protection
In-the-cloud technologies are constantly updated
•
Frees resources
Offloads growing patterns to the cloud
WEB
EMAIL
FILE
GLOBAL THREAT INTELLIGENCE
•
Correlated
Integrates web, email, and file reputation databases
•
Instant feedback
Immediately updates using global feedback loops
Copyright 2009 Trend Micro Inc.
Smart Protection Network
Web
Reputation
WEB
Blocks access to dangerous web content
• Protects both on and off the network
• Supports any application
• Limits exposure to today‘s threats
EMAIL
FILE
Prevents users from opening infected files
File
Reputation
•
•
•
•
Eliminates signature management effort
Reduces resource impact on endpoints
Enables accurate risk management
Feeds back threat information into Smart Protection Network
Copyright 2009 Trend Micro Inc.
Local Cloud Option for
File Reputation AND Web Reputation
FILE REPUTATION
WEB REPUTATION
Query CRC/URL
Immediate response
Internet
Corporate Network
Constant, real-time
updates happen
in the cloud
Query CRC/URL
Immediate response
Local Smart Protection
Network Server
Copyright 2009 Trend Micro Inc.
Windows 7 support
• Logo-certification as compatible with Windows 7
– Supports XP, Vista, Win7
– Windows POSReady, Windows Embedded Enterprise
– Supports Server 2003, 2003R2, 2008 and 2008R2
• Integrates with Windows 7 Action centre
• Support for 32 and 64 bit environments
• Easy migration from physical to virtual
deployments accross versions of Windows
Copyright 2009 Trend Micro Inc.
Virtual Patching
• Intrusion Defense Firewall plug-in
– Determines missing patches and existing vulnerabilities
• Operating System
• Common desktop applications
– Recommends set of lightweight, fast-to-deploy filters
• Virtually patches the vulnerabilities
• Zero-Day protection
• Reports on attempts to exploit vulnerabilities
– Removes filters as soon as the patch is deployed
Patch endpoints on your terms,
Without exposing them to exploits
Copyright 2009 Trend Micro Inc.
The Result:
Best overall protection in real-world tests
Copyright 2009 Trend Micro Inc.
Enterprise-class management
• Unified management for physical and virtual endpoints
• Enterprise-class scalability
– 20,000 or more endpoints per single management server
– Allows consolidation of management stations
• Role-based administration
– Supports task delegation
– Client-tree domains and sub-domains segregate customers/regions
• Improved Active Directory Integration
– Bi-directional synchronisation with Active Directory
– Security compliance reports highlight unprotected endpoints
Copyright 2009 Trend Micro Inc.
Summary
• Industry‘s first VDI-aware endpoint security solution
– optimised for physical and virtual desktops
– optimises VDI Return on Investment
– Pays for itself in 3 months or less
• Best Security for Windows 7
• Smart Protection Network
– File Reputation and Web Reputation drastically reduce risk exposure
– Local Cloud deployment option for privacy and performance
• Management enhancements
– Enables management server consolidation
– More granular Role-based Administration
Copyright 2009 Trend Micro Inc.
Classification 7/28/2017
Copyright 2009 Trend Micro Inc. 34