SlideShare a Scribd company logo

TrendMicro - Security Designed for the Software-Defined Data Center

VMUG IT
VMUG IT

This document discusses security solutions designed for the software-defined data center. It notes that traditional physical server security approaches no longer work in virtualized environments. A new software-defined approach is needed to automatically provision security as virtual machines are deployed, manage security efficiently as environments scale, and optimize data center resources. Trend Micro's Deep Security product is presented as a solution that provides workload-aware security across physical, virtual, private and public cloud environments through a single management console.

Related slideshows

Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
1 of 33
Download to read offline
Security Designed for the Software- Defined Data Center PatrickGada Senior Sales Engineer - Trend Micro 7 May2014
Are you still using your physical server security in your virtualized data center? 2Copyright 2014 Trend Micro Inc. The physical approach
Are you dealing with? 3Copyright 2014 Trend Micro Inc. • Minutes to deploy a server… weeks to secure it • Servers that share resources… security that consumes it • Virtual scale beyond physical limits… hitting a wall on security
Software-defined data center changes the game The opportunity: Automate and optimize security as part of your data center operations 4Copyright 2014 Trend Micro Inc.
Security principles remain the same; APPROACH to security must change CONTEXT Workload and application-aware SOFTWARE Optimized for virtualization and cloud infrastructure PLATFORM Comprehensive capabilities extended acrossyour data center and cloud Many Tools Generic Hardware ADAPTIVE Intelligent, dynamic policy enforcement Automatedprovisioning specific to platform Static 5Copyright 2014 Trend Micro Inc.
Copyright 2014 Trend Micro Inc. 6 Cloud and Data Center Security Anti- Malware Log Inspection Host Firewall DeepPacket Inspection Data Center Physical Virtual PrivateCloud Integrity Monitoring Public Cloud Trend Micro Deep Security
How Deep Security works 7Copyright 2014 Trend Micro Inc. Manage global deployments using Relays Integrates with VMware via vSphere, vCenter, vCloud Director Integrates with LDAP Oracle or SQL Integrates with SIEM
New approach can improve data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 8Copyright 2014 Trend Micro Inc.
Provision security automatically in your data center How do you: • Secure the VM the moment it is provisioned? • Apply the right policies to that VM? • Reduce the time to provision without compromising on security? • Securely bring up/down/moveyour VMs? 9Copyright 2014 Trend Micro Inc.
Provisioning Infrastructure vCenter, AD, vCloud and AWS SAP Exchange Servers Oracle Web Servers Web Server Automate security specific to your data center • Gain visibilityinto environmentusing vCenter and vCloud Director integration • Recommend and apply policies automatically - specific to your data center • Automatically scale up and down as required—with no security gaps 19 Rules 15 Rules 73 Rules 8 Rules 28 Rules VM VM VM VM VM VM VM VM 10Copyright 2014 Trend Micro Inc.
New approach provides new opportunities within data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 11Copyright 2014 Trend Micro Inc.
Manage security efficiently as you scale How do you: • Quickly and easily identify and remediate a security issue? • Address environment vulnerabilities in a dynamic and growing environment? • Manage all security requirements consistentlyacross your evolving data center environments? 12Copyright 2014 Trend Micro Inc.
Manage all controls across all environments 13Copyright 2014 Trend Micro Inc. • Eliminate need to manage agents on VMs • Manage all controlson a single virtual appliance • Easily apply consistent policy across environments Integrates with VMware via vSphere, vCenter, vCloud Director ESX Integrates with LDAP Oracle or SQL Integrates with SIEM
Virtualization Demo 14Copyright 2014 Trend Micro Inc. Automatically add a new VM with the appropriate policy Manage all controls across all environments
New approach provides new opportunities within data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 15Copyright 2014 Trend Micro Inc.
Optimize data center environment resources How do you address the bottlenecks created by traditional security capabilities? 16Copyright 2014 Trend Micro Inc.
Use agentless security to reduce system load Network Usage Scan Speed CPU/Memory Usage IOPS Storage ESXi SAN Disk Disk Disk Disk Disk 17Copyright 2014 Trend Micro Inc.
Avoid duplication of effort to impact performance 18 Scan Cache *All results based on internal testingusingVMware View simulators Up to 20X Faster* Full Scans Up to 5X Faster Realtime Scans Up to 2X Faster VDI Login Copyright 2014 Trend Micro Inc. 18
SIGNATURE BASED ANTI-MALWARE 1988 - 2007 Smart protection begins with global threat intelligence… CLOUD BASED GLOBAL THREAT INTELLIGENCE 2008 BIG DATA ANALYTICS-DRIVEN GLOBAL THREAT INTELLIGENCE 2012+ • Email reputation • File reputation • Web reputation • Whitelisting • Network traffic rules • Mobile app reputation • Vulnerabilities/Exploits • Threat Actor Research • Enhanced File Reputation • Enhanced Web Reputation • Command & Control Smart Protection Network Copyright 2014 Trend Micro Inc.
Smart Protection Network EVERY 24 HOURS Copyright 2014 TrendMicro Inc.
Smart Protection Network … receives 16B reputation queries from customers … analyses & correlates 100TB of data … identifies 300,000 new, unique threats … blocks 250M threats within our customer networks Copyright 2014 TrendMicro Inc.
03/29/12 Confidential | Copyright2012 TrendMicro Inc. 2 Protect against vulnerabilities – before you patch • Number of vulnerabilities on the rise – Over 13,000 vulnerabilities reported in 2013, 32% increase from 2012 – 73.5% of them are remotely exploitable over the network – In July 2013, The New York Times reported that the average vulnerability sells from around $35,000 to $160,000 • Exploits become available shortly after disclosure – 74% on the same day – 8% more than one day later 2Copyright 2014 Trend Micro Inc.
03/29/12 Confidential | Copyright2012 TrendMicro Inc. 2 Protect against vulnerabilities – before you patch • Roaming endpoints are directly exposed to threats – Connecting to the Internet from home, hotels, Wifi-Hotspots • Unauthorized network access within company parameters – Employee can access unauthorized network using personal owned devices 2Copyright 2014 Trend Micro Inc.
Patching All Vulnerabilties in Time – Not Realistic • Some vulnerabilities cannot be patched – Systemsneed to be up 24/7 and cannot be rebooted • Patches often do not exist – for 52% of known vulnerabilites, no patch exists – Average of 151 days for vendors to release patch (NSS Labs 2013) • Patches – if available – are not deployed immediately – Average time to patch in enterprises in 2013: 59 days! – Endpoints remain vulnerable Copyright 2014 Trend Micro Inc.
Protect against vulnerabilities - before you patch • Reduce risk of exposure to vulnerability exploits – especially as you scale • Save money avoiding costly emergency patching • Patch at your convenience Vulnerability Disclosed or Exploit Available Patch Available Complete Deployment Test Soak Exposure Begin Deployment Patc hed Virtually patch with Trend Micro Intrusion Prevention 25Copyright 2014 Trend Micro Inc.
Trend Micro’s Intrusion Prevention rules were released more than a month before this vulnerability was addressed! Copyright 2014 Trend Micro Inc. (CVE-2013-5065) 26Copyright 2014 Trend Micro Inc. Protect against vulnerabilities - before you patch
A new approach to security has impact CONTEXT SOFTWARE PLATFORM ADAPTIVE  Reduce time to provision  Reduce effort to manage  Optimize data center resources 27Copyright 2014 Trend Micro Inc.
A new approach to security has impact ✓ Reduce the need for patching (down-time, reboot) ✓ Extend the life of XP / Windows 2000 systems ✓ Protection against exploits ✓ Enable compliance with PCI 6.6 ✓ Control unauthorized network access 28Copyright 2014 Trend Micro Inc.
Thousands of customers….millions of servers protected 29 Automatedsecurity Secured > 3,000 virtual desktops Addressed compliance Centralized security Deployed virtual patching Reduced impact on performance Deployed multiple controlsto protectdata Copyright 2014 Trend Micro Inc.
#1 Corporate Server Security Market Share 30 30 31% Source: IDC Worldw ide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares, Figure 2, doc #242618, August 2013 Copyright 2014 Trend Micro Inc.
Success Story 31 • Protects over 30,000 VDI users and 300 servers with agentless security • Tight integration with VMware reduced management complexity • Workload on storage reduced by 70% RESULTS: “ ...Logging-in process and application performance are fast and USERS HAVE BEEN HAPPY…” Virtual Technology Center NTT-Neomeit Source: 2013 Success Story with NTT Needed to secure a large VDI deployment RESULTS: Copyright 2014 Trend Micro Inc.
Fact about Trend Micro Founded in 1988, $1.2B Revenue (2012) Headquartered in Japan, Tokyo Exchange Nikkei Index, Symbol 4704 Largest Security focused company world wide Over 5200 Employees, 38 Business Units 37%Consumer 12%Small Business 13% Midsize Business 38%Enterprise & VLE Copyright 2014 Trend Micro Inc.
Q & A ? Copyright 2014 Trend Micro Inc.

More Related Content

TrendMicro - Security Designed for the Software-Defined Data Center

  • 1. Security Designed for the Software- Defined Data Center PatrickGada Senior Sales Engineer - Trend Micro 7 May2014
  • 2. Are you still using your physical server security in your virtualized data center? 2Copyright 2014 Trend Micro Inc. The physical approach
  • 3. Are you dealing with? 3Copyright 2014 Trend Micro Inc. • Minutes to deploy a server… weeks to secure it • Servers that share resources… security that consumes it • Virtual scale beyond physical limits… hitting a wall on security
  • 4. Software-defined data center changes the game The opportunity: Automate and optimize security as part of your data center operations 4Copyright 2014 Trend Micro Inc.
  • 5. Security principles remain the same; APPROACH to security must change CONTEXT Workload and application-aware SOFTWARE Optimized for virtualization and cloud infrastructure PLATFORM Comprehensive capabilities extended acrossyour data center and cloud Many Tools Generic Hardware ADAPTIVE Intelligent, dynamic policy enforcement Automatedprovisioning specific to platform Static 5Copyright 2014 Trend Micro Inc.
  • 6. Copyright 2014 Trend Micro Inc. 6 Cloud and Data Center Security Anti- Malware Log Inspection Host Firewall DeepPacket Inspection Data Center Physical Virtual PrivateCloud Integrity Monitoring Public Cloud Trend Micro Deep Security
  • 7. How Deep Security works 7Copyright 2014 Trend Micro Inc. Manage global deployments using Relays Integrates with VMware via vSphere, vCenter, vCloud Director Integrates with LDAP Oracle or SQL Integrates with SIEM
  • 8. New approach can improve data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 8Copyright 2014 Trend Micro Inc.
  • 9. Provision security automatically in your data center How do you: • Secure the VM the moment it is provisioned? • Apply the right policies to that VM? • Reduce the time to provision without compromising on security? • Securely bring up/down/moveyour VMs? 9Copyright 2014 Trend Micro Inc.
  • 10. Provisioning Infrastructure vCenter, AD, vCloud and AWS SAP Exchange Servers Oracle Web Servers Web Server Automate security specific to your data center • Gain visibilityinto environmentusing vCenter and vCloud Director integration • Recommend and apply policies automatically - specific to your data center • Automatically scale up and down as required—with no security gaps 19 Rules 15 Rules 73 Rules 8 Rules 28 Rules VM VM VM VM VM VM VM VM 10Copyright 2014 Trend Micro Inc.
  • 11. New approach provides new opportunities within data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 11Copyright 2014 Trend Micro Inc.
  • 12. Manage security efficiently as you scale How do you: • Quickly and easily identify and remediate a security issue? • Address environment vulnerabilities in a dynamic and growing environment? • Manage all security requirements consistentlyacross your evolving data center environments? 12Copyright 2014 Trend Micro Inc.
  • 13. Manage all controls across all environments 13Copyright 2014 Trend Micro Inc. • Eliminate need to manage agents on VMs • Manage all controlson a single virtual appliance • Easily apply consistent policy across environments Integrates with VMware via vSphere, vCenter, vCloud Director ESX Integrates with LDAP Oracle or SQL Integrates with SIEM
  • 14. Virtualization Demo 14Copyright 2014 Trend Micro Inc. Automatically add a new VM with the appropriate policy Manage all controls across all environments
  • 15. New approach provides new opportunities within data center operations Provision security automatically in your data center Manage security efficiently as you scale Optimize data center environment resources 15Copyright 2014 Trend Micro Inc.
  • 16. Optimize data center environment resources How do you address the bottlenecks created by traditional security capabilities? 16Copyright 2014 Trend Micro Inc.
  • 17. Use agentless security to reduce system load Network Usage Scan Speed CPU/Memory Usage IOPS Storage ESXi SAN Disk Disk Disk Disk Disk 17Copyright 2014 Trend Micro Inc.
  • 18. Avoid duplication of effort to impact performance 18 Scan Cache *All results based on internal testingusingVMware View simulators Up to 20X Faster* Full Scans Up to 5X Faster Realtime Scans Up to 2X Faster VDI Login Copyright 2014 Trend Micro Inc. 18
  • 19. SIGNATURE BASED ANTI-MALWARE 1988 - 2007 Smart protection begins with global threat intelligence… CLOUD BASED GLOBAL THREAT INTELLIGENCE 2008 BIG DATA ANALYTICS-DRIVEN GLOBAL THREAT INTELLIGENCE 2012+ • Email reputation • File reputation • Web reputation • Whitelisting • Network traffic rules • Mobile app reputation • Vulnerabilities/Exploits • Threat Actor Research • Enhanced File Reputation • Enhanced Web Reputation • Command & Control Smart Protection Network Copyright 2014 Trend Micro Inc.
  • 21. Smart Protection Network … receives 16B reputation queries from customers … analyses & correlates 100TB of data … identifies 300,000 new, unique threats … blocks 250M threats within our customer networks Copyright 2014 TrendMicro Inc.
  • 22. 03/29/12 Confidential | Copyright2012 TrendMicro Inc. 2 Protect against vulnerabilities – before you patch • Number of vulnerabilities on the rise – Over 13,000 vulnerabilities reported in 2013, 32% increase from 2012 – 73.5% of them are remotely exploitable over the network – In July 2013, The New York Times reported that the average vulnerability sells from around $35,000 to $160,000 • Exploits become available shortly after disclosure – 74% on the same day – 8% more than one day later 2Copyright 2014 Trend Micro Inc.
  • 23. 03/29/12 Confidential | Copyright2012 TrendMicro Inc. 2 Protect against vulnerabilities – before you patch • Roaming endpoints are directly exposed to threats – Connecting to the Internet from home, hotels, Wifi-Hotspots • Unauthorized network access within company parameters – Employee can access unauthorized network using personal owned devices 2Copyright 2014 Trend Micro Inc.
  • 24. Patching All Vulnerabilties in Time – Not Realistic • Some vulnerabilities cannot be patched – Systemsneed to be up 24/7 and cannot be rebooted • Patches often do not exist – for 52% of known vulnerabilites, no patch exists – Average of 151 days for vendors to release patch (NSS Labs 2013) • Patches – if available – are not deployed immediately – Average time to patch in enterprises in 2013: 59 days! – Endpoints remain vulnerable Copyright 2014 Trend Micro Inc.
  • 25. Protect against vulnerabilities - before you patch • Reduce risk of exposure to vulnerability exploits – especially as you scale • Save money avoiding costly emergency patching • Patch at your convenience Vulnerability Disclosed or Exploit Available Patch Available Complete Deployment Test Soak Exposure Begin Deployment Patc hed Virtually patch with Trend Micro Intrusion Prevention 25Copyright 2014 Trend Micro Inc.
  • 26. Trend Micro’s Intrusion Prevention rules were released more than a month before this vulnerability was addressed! Copyright 2014 Trend Micro Inc. (CVE-2013-5065) 26Copyright 2014 Trend Micro Inc. Protect against vulnerabilities - before you patch
  • 27. A new approach to security has impact CONTEXT SOFTWARE PLATFORM ADAPTIVE  Reduce time to provision  Reduce effort to manage  Optimize data center resources 27Copyright 2014 Trend Micro Inc.
  • 28. A new approach to security has impact ✓ Reduce the need for patching (down-time, reboot) ✓ Extend the life of XP / Windows 2000 systems ✓ Protection against exploits ✓ Enable compliance with PCI 6.6 ✓ Control unauthorized network access 28Copyright 2014 Trend Micro Inc.
  • 29. Thousands of customers….millions of servers protected 29 Automatedsecurity Secured > 3,000 virtual desktops Addressed compliance Centralized security Deployed virtual patching Reduced impact on performance Deployed multiple controlsto protectdata Copyright 2014 Trend Micro Inc.
  • 30. #1 Corporate Server Security Market Share 30 30 31% Source: IDC Worldw ide Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares, Figure 2, doc #242618, August 2013 Copyright 2014 Trend Micro Inc.
  • 31. Success Story 31 • Protects over 30,000 VDI users and 300 servers with agentless security • Tight integration with VMware reduced management complexity • Workload on storage reduced by 70% RESULTS: “ ...Logging-in process and application performance are fast and USERS HAVE BEEN HAPPY…” Virtual Technology Center NTT-Neomeit Source: 2013 Success Story with NTT Needed to secure a large VDI deployment RESULTS: Copyright 2014 Trend Micro Inc.
  • 32. Fact about Trend Micro Founded in 1988, $1.2B Revenue (2012) Headquartered in Japan, Tokyo Exchange Nikkei Index, Symbol 4704 Largest Security focused company world wide Over 5200 Employees, 38 Business Units 37%Consumer 12%Small Business 13% Midsize Business 38%Enterprise & VLE Copyright 2014 Trend Micro Inc.
  • 33. Q & A ? Copyright 2014 Trend Micro Inc.