Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend.

Slides:



Advertisements
Similar presentations
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Advertisements

System Center 2012 R2 Overview
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Copyright 2009 Trend Micro Inc. Paul Burton Pre-Sales Manager -NEUR How Trend Micro address virtualisation challenges Classification 7/13/
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Introducing VMware vSphere 5.0
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
5205 – IT Service Delivery and Support
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
Norman Endpoint Protection Advanced security made easy.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant Classification 8/27/
Copyright 2009 Trend Micro Inc. Harish Agastya, Director Server Security Product Marketing Server Security Press Presentation.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

PRESIDIO.COM MARCH  Presidio Overview  What’s New in VDP and VDPA  VDPA Features  Backup and Restore Job Creation  Q&A.
Kaseya Fundamentals Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 DAY FOUR.
2011 / 9/11/ S V E Security for Virtualized Environments The first comprehensive security solution for.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Module 14: Configuring Server Security Compliance
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
The Changing World of Endpoint Protection
Managing Linux with System Center and PowerShell DSC Anurag Gupta M382.
Exchange Deployment Planning Services Exchange 2010 Complementary Products.
Hyper-V Security TipsHyper-V Security Tips Fix the Gaps you Never Knew About Symon Thomas.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Michael Kelley Linux Monitoring and Management with Microsoft System Center and PowerShell DSC INF334 A.
Copyright 2011 Trend Micro Inc. Deep Security 9 A Server Security Platform for Physical, Virtual, Cloud Available Aug 30, 2011 Presenter Name Presenter.
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
© 2011 VMware Inc. All rights reserved VMware – Cloud Security Solutions.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Copyright 2011 Trend Micro Inc. Securing Your Journey to the Cloud Data Center Evolution: Physical. Virtual. Cloud. 1.
Virtual IT Partner TOOLS. 2 Toolset Overview Provides a unified approach to the most common and needed management tools needed in IT Saves money by consolidating.
Chapter 6: Securing the Cloud
Boost VM Density with AV Designed for VDI
Deep Serucity 7.0 Training
Threat Management Gateway
Infrastructure as a Service
Virtualization & Security real solutions
Healthcare Cloud Security Stack for Microsoft Azure
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
Healthcare Cloud Security Stack for Microsoft Azure
Microsoft Virtual Academy
Presentation transcript:

Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend Micro, Inc. A Better Way with Trend Micro Deep Security

Copyright 2010 Trend Micro Inc. Virtualization On The Rise 10 X Growth in next 3 years: 58 Million Virtual Machines by 2012 Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace** **Gartner, Inc

Copyright 2010 Trend Micro Inc. Securing Servers the Traditional Way App OS Network IDS / IPS ESX Server App OS App OS App AV App AV App AV Anti-virus: Local, agent-based protection in the VM IDS / IPS: Network-based device or software solution

Copyright 2010 Trend Micro Inc. Virtualisation & Cloud Computing Create New Security Challenges 3 Hypervisor Inter-VM attacks PCIMobility Cloud Computing

Copyright 2010 Trend Micro Inc. Virtualisation Security Challenges Same threats as in physical environments New challenges: 7/14/2015 Security ChallengesCompliance Challenge Inter VM TrafficNetwork Segmentation IDS/IPS Concentration of VM with Mixed Trust Levels Network Segmentation IDS/IPS Variable State - Instant ON, Reverted, Paused, Copied, Restarted... Network Segmentation IDS/IPS Patch Management Anti Virus Integrity Monitoring VM MovementNetwork Segmentation IDS/IPS VM SprawlNetwork Segmentation IDS/IPS

Copyright 2010 Trend Micro Inc. Resource contention Typical AV Console 3:00am Scan Security Inhibitors to Virtualization

Copyright 2010 Trend Micro Inc. 6 DEEP SECURITY Comprehensive, cost-effective and modular security that complements network defenses, for physical and virtualized servers NSS Labs Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS).

Copyright 2010 Trend Micro Inc. Who do hosts need to be self defending? 5 th Largest payments processor in the US Security Breach occurred May 2008; disclosed January 20 th 2009 Largest criminal breach of card data to date (130 Million records), costing them over $68 Million –Albert Gonzalez sentenced to 20 years in Prison March 2010 Attack –Entered Network (DMZ) via Web Application (via the SQL injection) and installed Malware –Propagated a packet sniffer to machines in the Transaction Network via Corporate Network –Same techniques used to attack Hannaford, 7-eleven, JC Penny

Copyright 2010 Trend Micro Inc. 8 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Integrity Monitoring Log Inspection Anti-Virus Detects and blocks known and zero-day attacks that target vulnerabilities Shields web application vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects malicious and unauthorized changes to directories, files, registry keys… Optimizes identification of important security events across multiple log files Detects and blocks malware (viruses & worms, Trojans) Trend Micro Deep Security Protection is delivered via Agent and/or Virtual Appliance 5 protection modules

Copyright 2010 Trend Micro Inc. Trend Micro Deep Security Agentless protection for VMware servers 9 Security Virtual Appliance Firewall IDS/ IPS Anti-virus Virtual Appliance secures VMs from the outside, without changes to the VM VMware APIs enable o FW, IDS/IPS at hypervisor layer o Agentless AV scanning via hypervisor Virtual Appliance isolates security for better-than-physical protection VMware APIs

Copyright 2010 Trend Micro Inc. Security Virtual Appliance vSphere (ESX) Introspection API’s Anti Malware -On Access - On Demand Anti Malware -On Access - On Demand Guest VMs OS Kernel VMTools IDS/IPS -Virtual Patch - App Control IDS/IPS -Virtual Patch - App Control Firewall EndPointSEC API VMsafe-net API Security Virtual Appliance

Copyright 2010 Trend Micro Inc. The Opportunity with Agentless Anti-malware Virtual Appliance Agent vShield Endpoint Agent vSphere Today using vShield Endpoint Previously More manageable: No agents to configure, update, patch Faster performance: Freedom from AV Storms Stronger security: Instant ON protection + tamper-proofing Higher consolidation: Inefficient operations removed

Copyright 2010 Trend Micro Inc. ESX Memory Utilization 12 # of Guest VMs Anti-Virus “B” Anti-Virus “Y” Anti-Virus “R” 12

Copyright 2010 Trend Micro Inc. ESX Network Utilization Signature update for 10 agents 13 Anti-Virus “B” Time (Seconds) Anti-Virus “Y” Anti-Virus “R” 13

Copyright 2010 Trend Micro Inc. Deep Security 7.5 Integrates vShield Endpoint & VMsafe Agent-Less Real Time Scan –Triggers notifications to AV engine on file open/close –Provides access to file data for scanning Agent-Less Manual and Schedule Scan –On demand scans are coordinated and staggered –Traverses guest file-system and triggers notifications to the AV engine Integrates with vShield Endpoint (in vSphere 4.1) Zero Day Protection –Trend Micro SPN Integration Agent-Less Remediation –Active Action, Delete, Pass, Quarantine, Clean API Level Caching –Caching of data and results to minimize data traffic and optimize performance Virtual Appl. vShield Endpoint SPN

Copyright 2010 Trend Micro Inc. Deep Security Product Components Deep Security Manager Deep Security Manager Security Center Alerts Security Profiles Security Updates Reports IT Infrastructure Integration vCenter SIEM Active Directory Log correlation Web services 15 Deep Security Agent Deep Security Agent Deep Security Virtual Appliances Deep Security Virtual Appliances PHYSICAL VIRTUALCLOUD

Copyright 2010 Trend Micro Inc.

Addressing Payment Card Industry (PCI) Requirements 17 Key Deep Security features & capabilities  (1.) – Network Segmentation  (1.x) – Firewall  (5.x) – Anti-virus*  (6.1) – Virtual Patching**  (6.6) – Web Application Protection  (10.6) – Review Logs Daily  (11.4) – Deploy IDS / IPS  (11.5) – Deploy File Integrity Monitoring * Available in Deep Security 7.5 for VMware vSphere environments ** Compensating control subject to QSA approval

Copyright 2010 Trend Micro Inc. The Compliance Mandate “I can’t get a project funded unless it’s about compliance” - Anonymous CISO Most influential factor on security spending $ 9.2B technology spend in 2010

Copyright 2010 Trend Micro Inc. Platforms protected 19 Windows 2000 Windows 2003 (32 & 64 bit) Windows XP Vista (32 & 64 bit) Windows Server 2008 (32 & 64 bit) Windows 7 HyperV (Guest VM) 8, 9, 10 on SPARC 10 on x86 (64 bit) Red Hat 4, 5 (32 & 64 bit) SuSE 10, 11 (32 & 64 bit) VMware ESX Server (guest OS) VMware Server (host & guest OS) XenServer (Guest VM) HP-UX 11i (11.23 & 11.31) AIX 5.3, 6.1 Integrity Monitoring & Log Inspection modules

Copyright 2010 Trend Micro Inc. Sample list of systems protected Deep Security rules shield vulnerabilities in these common applications Operating SystemsWindows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11) Database serversOracle, MySQL, Microsoft SQL Server, Ingres Web app serversMicrosoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint Mail serversMicrosoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional, FTP serversIpswitch, War FTP Daemon, Allied Telesis Backup serversComputer Associates, Symantec, EMC Storage mgt serversSymantec, Veritas DHCP serversISC DHCPD Desktop applicationsMicrosoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer Mail clientsOutlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client Web browsersInternet Explorer, Mozilla Firefox Anti-virusClam AV, CA, Symantec, Norton, Trend Micro, Microsoft Other applicationsSamba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 20

Copyright 2010 Trend Micro Inc. Solution Scenarios SECURITY Defense-in-Depth OPERATIONS Virtual Patching COMPLIANCE PCI Compliance VIRTUALIZAZTION Virtualization Security

Copyright 2010 Trend Micro Inc. VDI-Intelligence Increases consolidation rates Prevents resource contention Pays for itself Comprehensive Protection Smart Protection Network Local Cloud support Virtual patching plug-in Introducing OfficeScan 10.5 Industry‘s first VDI-aware endpoint security 5 Best for Windows 7 Logo certification 32 bit and 64 bit Extensible plug-in architecture Enterprise-class management Scalability Role-based administration Active Directory Integration

Copyright 2010 Trend Micro Inc. IT Environment Changes Challenge: Securing virtual desktops Malware risk potential: Identical to physical desktops –Same operating systems –Same software –Same vulnerabilities –Same user activities => Same risk of exposing corporate and sensitive data New challenges, unique to VDI: –Identify endpoints virtualization status –Manage resource contention CPU Storage IOPs Network

Copyright 2010 Trend Micro Inc. OfficeScan 10.5 has VDI-Intelligence Detects whether endpoints are physical or virtual –With VMware View –With Citrix XenDesktop Serializes updates and scans per VDI-host –Controls the number of concurrent scans and updates per VDI host –Maintains availability and performance of the VDI host –Faster than concurrent approach Leverages Base-Images to further shorten scan times –Pre-scans and white-lists VDI base-images –Prevents duplicate scanning of unchanged files on a VDI host –Further reduces impact on the VDI host

Copyright 2010 Trend Micro Inc. Thank You

Copyright 2010 Trend Micro Inc. Certifications Common Criteria Evaluation Assurance Level 3 Augmented (EAL 3+) –Achieved certification across more platforms (Windows, Solaris, Linux) than any other host-based intrusion prevention product. –Deep Security 7.5 Registered for EAL 4+ NSS Labs –Third Brigade Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS). 26 © Third Brigade, Inc.

Copyright 2010 Trend Micro Inc. Recommendation Scans The server being protected is analyzed to determine: –OS, service pack and patch level –Installed applications and version –DPI rules are recommended to shield the unpatched vulnerabilities from attacks –As patches, hotfixes, and updates are applied over time, the Recommendation Scan will: Recommend new rules for assignment Recommend removal of rules no longer required after system patching –Recommendations for DPI, Integrity Monitoring, and Log Inspection rules are supported

Copyright 2010 Trend Micro Inc. Microsoft Active Protections Program Microsoft Active Protections Program (MAPP) –Program for security software vendors –Members receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update –Members use this information to deliver protection to their customers after the Microsoft Security Bulletins have been published Trend Micro’s protection is delivered to customers within 2 hours of Microsoft Security Bulletins being published –This enables customers to shield their vulnerable systems from attack –Systems can then be patched during the next scheduled maintenance window

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.