Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend."— Presentation transcript:

1 Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend Micro, Inc. A Better Way with Trend Micro Deep Security

2 Copyright 2010 Trend Micro Inc. Virtualization On The Rise 10 X Growth in next 3 years: 58 Million Virtual Machines by 2012 Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace** **Gartner, Inc

3 Copyright 2010 Trend Micro Inc. Securing Servers the Traditional Way App OS Network IDS / IPS ESX Server App OS App OS App AV App AV App AV Anti-virus: Local, agent-based protection in the VM IDS / IPS: Network-based device or software solution

4 Copyright 2010 Trend Micro Inc. Virtualisation & Cloud Computing Create New Security Challenges 3 Hypervisor Inter-VM attacks PCIMobility Cloud Computing

5 Copyright 2010 Trend Micro Inc. Virtualisation Security Challenges Same threats as in physical environments New challenges: 7/14/2015 Security ChallengesCompliance Challenge Inter VM TrafficNetwork Segmentation IDS/IPS Concentration of VM with Mixed Trust Levels Network Segmentation IDS/IPS Variable State - Instant ON, Reverted, Paused, Copied, Restarted... Network Segmentation IDS/IPS Patch Management Anti Virus Integrity Monitoring VM MovementNetwork Segmentation IDS/IPS VM SprawlNetwork Segmentation IDS/IPS

6 Copyright 2010 Trend Micro Inc. Resource contention Typical AV Console 3:00am Scan Security Inhibitors to Virtualization

7 Copyright 2010 Trend Micro Inc. 6 DEEP SECURITY Comprehensive, cost-effective and modular security that complements network defenses, for physical and virtualized servers NSS Labs Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS).

8 Copyright 2010 Trend Micro Inc. Who do hosts need to be self defending? 5 th Largest payments processor in the US Security Breach occurred May 2008; disclosed January 20 th 2009 Largest criminal breach of card data to date (130 Million records), costing them over $68 Million –Albert Gonzalez sentenced to 20 years in Prison March 2010 Attack –Entered Network (DMZ) via Web Application (via the SQL injection) and installed Malware –Propagated a packet sniffer to machines in the Transaction Network via Corporate Network –Same techniques used to attack Hannaford, 7-eleven, JC Penny

9 Copyright 2010 Trend Micro Inc. 8 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Integrity Monitoring Log Inspection Anti-Virus Detects and blocks known and zero-day attacks that target vulnerabilities Shields web application vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects malicious and unauthorized changes to directories, files, registry keys… Optimizes identification of important security events across multiple log files Detects and blocks malware (viruses & worms, Trojans) Trend Micro Deep Security Protection is delivered via Agent and/or Virtual Appliance 5 protection modules

10 Copyright 2010 Trend Micro Inc. Trend Micro Deep Security Agentless protection for VMware servers 9 Security Virtual Appliance Firewall IDS/ IPS Anti-virus Virtual Appliance secures VMs from the outside, without changes to the VM VMware APIs enable o FW, IDS/IPS at hypervisor layer o Agentless AV scanning via hypervisor Virtual Appliance isolates security for better-than-physical protection VMware APIs

11 Copyright 2010 Trend Micro Inc. Security Virtual Appliance vSphere (ESX) Introspection API’s Anti Malware -On Access - On Demand Anti Malware -On Access - On Demand Guest VMs OS Kernel VMTools IDS/IPS -Virtual Patch - App Control IDS/IPS -Virtual Patch - App Control Firewall EndPointSEC API VMsafe-net API Security Virtual Appliance

12 Copyright 2010 Trend Micro Inc. The Opportunity with Agentless Anti-malware Virtual Appliance Agent vShield Endpoint Agent vSphere Today using vShield Endpoint Previously More manageable: No agents to configure, update, patch Faster performance: Freedom from AV Storms Stronger security: Instant ON protection + tamper-proofing Higher consolidation: Inefficient operations removed

13 Copyright 2010 Trend Micro Inc. ESX Memory Utilization 12 # of Guest VMs Anti-Virus “B” Anti-Virus “Y” Anti-Virus “R” 12

14 Copyright 2010 Trend Micro Inc. ESX Network Utilization Signature update for 10 agents 13 Anti-Virus “B” Time (Seconds) Anti-Virus “Y” Anti-Virus “R” 13

15 Copyright 2010 Trend Micro Inc. Deep Security 7.5 Integrates vShield Endpoint & VMsafe Agent-Less Real Time Scan –Triggers notifications to AV engine on file open/close –Provides access to file data for scanning Agent-Less Manual and Schedule Scan –On demand scans are coordinated and staggered –Traverses guest file-system and triggers notifications to the AV engine Integrates with vShield Endpoint (in vSphere 4.1) Zero Day Protection –Trend Micro SPN Integration Agent-Less Remediation –Active Action, Delete, Pass, Quarantine, Clean API Level Caching –Caching of data and results to minimize data traffic and optimize performance Virtual Appl. vShield Endpoint SPN

16 Copyright 2010 Trend Micro Inc. Deep Security Product Components Deep Security Manager Deep Security Manager Security Center Alerts Security Profiles Security Updates Reports IT Infrastructure Integration vCenter SIEM Active Directory Log correlation Web services 15 Deep Security Agent Deep Security Agent Deep Security Virtual Appliances Deep Security Virtual Appliances PHYSICAL VIRTUALCLOUD

17 Copyright 2010 Trend Micro Inc.

18 Addressing Payment Card Industry (PCI) Requirements 17 Key Deep Security features & capabilities  (1.) – Network Segmentation  (1.x) – Firewall  (5.x) – Anti-virus*  (6.1) – Virtual Patching**  (6.6) – Web Application Protection  (10.6) – Review Logs Daily  (11.4) – Deploy IDS / IPS  (11.5) – Deploy File Integrity Monitoring * Available in Deep Security 7.5 for VMware vSphere environments ** Compensating control subject to QSA approval

19 Copyright 2010 Trend Micro Inc. The Compliance Mandate “I can’t get a project funded unless it’s about compliance” - Anonymous CISO Most influential factor on security spending $ 9.2B technology spend in 2010

20 Copyright 2010 Trend Micro Inc. Platforms protected 19 Windows 2000 Windows 2003 (32 & 64 bit) Windows XP Vista (32 & 64 bit) Windows Server 2008 (32 & 64 bit) Windows 7 HyperV (Guest VM) 8, 9, 10 on SPARC 10 on x86 (64 bit) Red Hat 4, 5 (32 & 64 bit) SuSE 10, 11 (32 & 64 bit) VMware ESX Server (guest OS) VMware Server (host & guest OS) XenServer (Guest VM) HP-UX 11i (11.23 & 11.31) AIX 5.3, 6.1 Integrity Monitoring & Log Inspection modules

21 Copyright 2010 Trend Micro Inc. Sample list of systems protected Deep Security rules shield vulnerabilities in these common applications Operating SystemsWindows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE Linux (10,11) Database serversOracle, MySQL, Microsoft SQL Server, Ingres Web app serversMicrosoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint Mail serversMicrosoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,, MailEnable Professional, FTP serversIpswitch, War FTP Daemon, Allied Telesis Backup serversComputer Associates, Symantec, EMC Storage mgt serversSymantec, Veritas DHCP serversISC DHCPD Desktop applicationsMicrosoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer, Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime, RealNetworks RealPlayer Mail clientsOutlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client Web browsersInternet Explorer, Mozilla Firefox Anti-virusClam AV, CA, Symantec, Norton, Trend Micro, Microsoft Other applicationsSamba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior, Rsync, OpenSSL, Novell Client 20

22 Copyright 2010 Trend Micro Inc. Solution Scenarios SECURITY Defense-in-Depth OPERATIONS Virtual Patching COMPLIANCE PCI Compliance VIRTUALIZAZTION Virtualization Security

23 Copyright 2010 Trend Micro Inc. VDI-Intelligence Increases consolidation rates Prevents resource contention Pays for itself Comprehensive Protection Smart Protection Network Local Cloud support Virtual patching plug-in Introducing OfficeScan 10.5 Industry‘s first VDI-aware endpoint security 5 Best for Windows 7 Logo certification 32 bit and 64 bit Extensible plug-in architecture Enterprise-class management Scalability Role-based administration Active Directory Integration

24 Copyright 2010 Trend Micro Inc. IT Environment Changes Challenge: Securing virtual desktops Malware risk potential: Identical to physical desktops –Same operating systems –Same software –Same vulnerabilities –Same user activities => Same risk of exposing corporate and sensitive data New challenges, unique to VDI: –Identify endpoints virtualization status –Manage resource contention CPU Storage IOPs Network

25 Copyright 2010 Trend Micro Inc. OfficeScan 10.5 has VDI-Intelligence Detects whether endpoints are physical or virtual –With VMware View –With Citrix XenDesktop Serializes updates and scans per VDI-host –Controls the number of concurrent scans and updates per VDI host –Maintains availability and performance of the VDI host –Faster than concurrent approach Leverages Base-Images to further shorten scan times –Pre-scans and white-lists VDI base-images –Prevents duplicate scanning of unchanged files on a VDI host –Further reduces impact on the VDI host

26 Copyright 2010 Trend Micro Inc. Thank You

27 Copyright 2010 Trend Micro Inc. Certifications Common Criteria Evaluation Assurance Level 3 Augmented (EAL 3+) –Achieved certification across more platforms (Windows, Solaris, Linux) than any other host-based intrusion prevention product. –Deep Security 7.5 Registered for EAL 4+ NSS Labs –Third Brigade Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS). 26 © Third Brigade, Inc.

28 Copyright 2010 Trend Micro Inc. Recommendation Scans The server being protected is analyzed to determine: –OS, service pack and patch level –Installed applications and version –DPI rules are recommended to shield the unpatched vulnerabilities from attacks –As patches, hotfixes, and updates are applied over time, the Recommendation Scan will: Recommend new rules for assignment Recommend removal of rules no longer required after system patching –Recommendations for DPI, Integrity Monitoring, and Log Inspection rules are supported

29 Copyright 2010 Trend Micro Inc. Microsoft Active Protections Program Microsoft Active Protections Program (MAPP) –Program for security software vendors –Members receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update –Members use this information to deliver protection to their customers after the Microsoft Security Bulletins have been published Trend Micro’s protection is delivered to customers within 2 hours of Microsoft Security Bulletins being published –This enables customers to shield their vulnerable systems from attack –Systems can then be patched during the next scheduled maintenance window

Download ppt "Copyright 2010 Trend Micro Inc. Security and Compliance challenges in the Virtualized data centre John Burroughs, CISSP Solution Architect, EMEA Trend."

Similar presentations

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.

Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.

Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Copyright 2009 Trend Micro Inc. Paul Burton Pre-Sales Manager -NEUR How Trend Micro address virtualisation challenges Classification 7/13/2015 1.

Copyright 2009 Trend Micro Inc. Paul Burton Pre-Sales Manager -NEUR How Trend Micro address virtualisation challenges Classification 7/13/
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google