Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Trend Micro - Virtualization and Security Compliance
1. Datacenter Virtualization &
Security Compliance
How to Have Both at a Lower Cost
VMUG Montreal – January 17, 2012
David Girard • Senior Security Advisor • Trend Micro
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 2
1
2. VMWorld 2011: Partners for Security
Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform
• VMware #1 Security Partner
• Trend Micro: 2011 Technology Alliance Partner of
the Year
Copyright 2012 Trend Micro Inc.
2
3. Questions (before we start)
• How many are in charge of virtualization?
• How many are in charge of security compliance?
• How many are responsible for both?
• Who think security controls kill their virtualization
project or increase its cost ($$$ and performance) by
too much?
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 4
3
4. Virtualization to reduce cost
Security Compliance is not an option
Security Compliance at lower cost
Conclusion, Q&A
1/18/2012 Copyright 2012 Trend Micro Inc. 5
4
5. Collision Course in the Making …
• Two major industry drivers at odds w/ each other
– Increased focus on compliance
– Datacenter virtualization and Cloud computing
You must comply.
You have no
choice. Corporate
Lawyers and
external auditors
are watching you.
You must save on
IT cost. You have
no choice
according to CFO
How to make both
lawyer, auditors
and CFO happy?
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 6
5
6. Key Trends: Businesses Are Moving to the Cloud
Source: Trend Micro survey, May 2011
As current pre-production
clouds go live, we will see
4x as many clouds
Copyright 2012 Trend Micro Inc. 7
6
7. Deploying Applications in the Cloud
Companies with public or hybrid clouds
• 45% of their existing applications are in the cloud
• 53% of their new applications will be deployed in the cloud
43% experienced a security
issue in the last 12 months
Copyright 2012 Trend Micro Inc. 8
7
8. Who Has Control?
Servers Virtualization & Public Cloud Public Cloud Public Cloud
Private Cloud IaaS PaaS SaaS
End-User (Enterprise) Service Provider
Who is responsible for security?
• With IaaS the customer is responsible for security
– Example: http://aws.amazon.com/agreement/ (11 May 2011)
• With SaaS or PaaS the service provider is responsible for security
– Not all SaaS or PaaS services are secure
– Can compromise your endpoints that connect to the service
– Endpoint security becomes critical
Copyright 2012 Trend Micro Inc. 9
8
9. Cloud classification
Reference: Cloud_Computing_Business_Use_Case_Template.pdf from NIST
Service Model
Software as a Plateform as a Infrastructure as a
service service service
(SaaS)* (PaaS) (IaaS)
Private
Deployment Community
Model
Public
Hybrid
*DaaS are considered as a sub category of SaaS by many organizations
Reference :Guidelines on Security and Privacy in Public Cloud Computing
Draft-SP-800-144_cloud-computing.pdf
Trend Micro Confidential 1/18/2012 Copyright 2012 Trend Micro Inc. 10
9
10. Platform-specific Security Risks
Physical Virtual Cloud
Manageability Performance & Threats Visibility & Threats
• Glut of security products • Security degrades • Less visibility
performance
• Less security • More external risks
• New VM-based threats
• Higher TCO
Reduce Complexity Increase Efficiency Deliver Agility
Integrated Security
Single Management Console
Copyright 2012 Trend Micro Inc. 11
10
11. Virtualization to reduce cost
Security Compliance is not an option
Security Compliance at lower cost
Conclusion, Q&A
1/18/2012 Copyright 2012 Trend Micro Inc. 12
11
12. Key Trends: Compliance Imperative
More standards:
• PCI, PIPEDA, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
With more than 400
More specific security requirements regulations and over
• Virtualization, Web applications, EHR, PII… 10,000 overlapping
controls in 38 countries,
compliance has become a
More penalties & fines challenging and complex
mandate for organizations
• HITECH, Breach notifications, civil litigation
everywhere.
DMZ consolidation using virtualization will be a "hot spot” for
auditors, given the greater risk of mis-configuration and lower
visibility of DMZ policy violation. Through year-end 2011,
auditors will challenge virtualized deployments in the DMZ
more than non-virtualized DMZ solutions.
-- Neil MacDonald, Gartner
Copyright 2012 Trend Micro Inc.
13
12
13. Core Security Compliance Controls
Don’t forget
Environmental
regulations
With our solutions you
get more VM density =
less CO2 = Green =
Compliant Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 14
13
14. The PCI compliance case
• PCI SSC’s most FAQ’s is on virtualization compliance
– “If I virtualize my cardholder data environment (CDE) will I still
be PCI compliant?”
– “Do I need to use dedicated hypervisors to host my CDE
components”
• PCI DSS v2.0 formerly acknowledged virtualization of
the CDE was permitted
– Specific guidance was deferred to an emerging technology
information supplement on virtualization
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 15
14
15. The History …
• PCI Virtualization Special Interest Group (SIG) formed
during the 2009 RSA Conference
– SIG Objective: Provide clarification on the use of virtualization
in accordance with the PCI DSS
– After a 2 year process, the SIG submitted recommendations to
the PCI SSC working group for consideration
– Trend has been a contributing member of the SIG from the
very first call
– Opinions on the SIG varied widely
• Leading edge: Embrace virtualization and the direction towards
cloud computing
• Conservative: Recommend dedicated hypervisor environments
and restrict consolidation of system components – defer use of the
cloud
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 16
15
16. 10 Key Principles from PCI-DSS
Virtualization Guidelines
1. Hypervisor environment is in scope
2. One function per server
3. Separation of duty
4. Mixing VM’s of different trust levels
5. Dormant VMs and VM snapshots
6. Immaturity of monitoring solutions
7. Information leakage
8. Defense in depth
9. VM Hardening
10. Cloud Computing
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 17
16
17. PCI DSS 2.0 Virtualization Guidelines
PCI DSS 2.0 Virtualization Guideline Required Controls
1. Hypervisor environment is in scope Deep Security DPI and FIM
- Hypervisor and supporting components - Virtual Patching Prevents VMs from
must be hardened being compromised to attack hypervisor
- Security patches applied ASAP - FIM checks the integrity of vSphere
- Logging/monitoring of hypervisor events utilizing Intel TPM/TXT
2. One function per server Deep Security Firewall
- Physical servers had the same - Firewall ensures only requires ports and
requirement, no change in behavior protocols are accessible
3. Separation of duty Deep Security Manager
- Consider multi-factor authentication - Support for RBAC enables separation of
- Access controls for both local and duty of security policies
remote should be accessed
- Review and monitor RBAC controls
- Enforce least privilege where possible
4. Mixing VM’s of different trust levels Deep Security Firewall and IDS/IPS
- In order for in-scope and out-of-scope - A combination of VLAN and per VM
VMs to co-exist on the same hypervisor firewall and IDS/IPS provides the isolation
the VMs must be isolated from each other and visibility into inter-VM traffic required
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 27
17
18. PCI DSS 2.0 Virtualization Guidelines
PCI DSS 2.0 Virtualization Guideline Required Controls
5. Dormant VMs and VM snapshots Deep Security Agentless DPI & AV
- Access should be restricted - Automated VM discovery via real-time
- Ensure that only authorized VMs are integration w/ vCenter
added and removed - Dormant VMs are protected by the Virtual
- Recognize that VMs are dynamic Appliance when first powered on eliminating
and state cannot be assumed ‘stale’ protection policies
6. Immaturity of monitoring Deep Security IDS/IPS, FIM & LI
solutions - Deep Security IDS/IPS provides visibility
- Traditional tools do not monitor inter- into inter-VM traffic
VM traffic - Integrity Monitoring provides visibility into
- Virtualization tools are still immature unauthorized changes to guest-VMs and the
compared to their physical hypervisor
counterparts - Log Inspection provides visibility into
security events occurring to guest-VMs
7. Information leakage Deep Security (all modules)
- Increased risk of information leakage - IDS/IPS, FIM and Log Inspection provides
between logical network segments & visibility as shown in #6 above
between logical components - Firewall reduces the VMs attack surface
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 28
18
19. PCI DSS 2.0 Virtualization Guidelines
PCI DSS 2.0 Virtualization Guideline Required Controls
8. Defense in depth Deep Security (all modules)
- Traditional security appliances - Automated VM discovery via real-time
cannot protect virtual integration w/ vCenter & new VMs are auto-
- Traditional agent-based security protected w/ a default security profile
products can impact performance - Protection for physical, server VMs, VDI,
hybrid cloud, and public cloud
9. VM Hardening Deep Security and VMware
- Harden VMs (OS & Apps) by - IDS/IPS & firewall hardens VMs
disabling unnecessary services, ports, - Integrity Monitoring provides visibility into
interfaces, and devices unauthorized changes to guest-VMs
- Send logs off-board in near real-time - Log Inspection provides visibility into
- Establish limits on VM resource security events occurring to guest-VMs &
usage forwards in real-time
10. Cloud Computing Deep Security and SecureCloud
- Cloud service provider must provide - Deep Security protects VMs in enterprise,
sufficient assurance that the scope of hybrid cloud and public cloud environments
PCI compliance is sufficient - SecureCloud provides encryption services
- Customer is required to provide independent of cloud provider ensuring only
additional necessary controls authorized personnel can access the data
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 29
19
20. Exploits are happening before
patches are developed
“Microsoft today admitted it knew of
the Internet Explorer flaw used in the
attacks against Google and Adobe
28 days since September last year.”
# of days until -- ZDNet, January 21, 2010
vulnerability is
first exploited, 18 days
after patch is
made available
10 days
Zero-day Zero-day
2003 2004 2005 2006 … 2010
MS- Blast Sasser Zotob WMF IE zero-day
31 Copyright 2012 Trend Micro Inc.
20
21. By exploiting a vulnerability…
An attacker can:
– Take full control of a system
– Install programs
– View, delete, or change data
– Create accounts with user privileges
– Deny services
– Crash systems
– Steal & sell valuable data
32 Copyright 2012 Trend Micro Inc.
21
22. Where are you most vulnerable?
1 Enterprise applications
2 Legacy web applications
3 Unsupported OSs & apps
Untouchable apps
4
Copyright 2012 Trend Micro Inc. 33
22
23. 1 Enterprise applications
2,723 Critical “Software Flaw” Vulnerabilities in 2009
• Common Vulnerabilities & Exposures (“CVE”): Score 7-10
78
73
23 How often / easily do you
patch Oracle vulnerabilities?
Copyright 2012 Trend Micro Inc. 34
23
25. Unsupported OSs &
3 apps
Security patches no longer issued for:
8 3
March October
2009 2010
January July
2009 2010
10.1
Copyright 2012 Trend Micro Inc. 36
25
26. Untouchable apps
4
Medical
Kiosks Point
ATMs of Sale
• Reason for not patching: The underlying applications require
security patches, which could
– Cost of refresh create incompatibilities and even
– Compliance restrictions break the medical device. Medical
device manufacturers are reluctant
– Service Level Agreements to patch until they have performed
adequate testing.
Copyright 2012 Trend Micro Inc. 37
26
27. Trend Micro Deep Security
Virtual patching solution
5 protection modules
Deep Packet Inspection Detects and blocks known and
IDS / IPS zero-day attacks that target
vulnerabilities
Shields web application
Web Application Protection
vulnerabilities Provides increased visibility
Application Control into, or control over,
applications accessing the
network
Reduces attack surface. Integrity Detects malicious and
Prevents DoS & detects Firewall unauthorized changes to
Monitoring
reconnaissance scans directories, files, registry
keys…
Optimizes the Log Detects and blocks
identification of Anti-Virus
Inspection malware (web threats,
important security viruses & worms, Trojans)
events buried in log
entries
Copyright 2012 Trend Micro Inc. 38
Protection is delivered via Agent and/or Virtual Appliance
27
28. Sample list of systems protected
Deep Security rules shield vulnerabilities in these common applications
Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE
Linux (10,11)
Database servers Oracle, MySQL, Microsoft SQL Server, Ingres
Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint
Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,,
MailEnable Professional,
FTP servers Ipswitch, War FTP Daemon, Allied Telesis
Backup servers Computer Associates, Symantec, EMC
Storage mgt servers Symantec, Veritas
DHCP servers ISC DHCPD
Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer,
Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime,
RealNetworks RealPlayer
Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client
Web browsers Internet Explorer, Mozilla Firefox
Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft
Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior,
Rsync, OpenSSL, Novell Client
39 Copyright 2012 Trend Micro Inc.
28
32. Conficker Worm example
Five Variants:
• Nov 21, 2008 Win32/Conficker.A
• Dec 29, 2008 Win32/Conficker.B
• Feb 16, 2009 Win32/Conficker.B++ (C)
• Mar 4, 2009 Win32/Conficker.D
• April 8, 2009 Win32/Conficker.E
Impact
• Up to 10 million machines infected
• Weeks of clean-up & containment effort
• Lost productivity during the worm outbreak
• Potential for further attacks due to Conficker disabling AV
processes and blocking updates
• Additional malware installed in silent mode for future
malicious use and/or creation of BotNets
Copyright 2012 Trend Micro Inc. 43
32
34. Deep Security 8 Integrity Monitoring
Agentless Integrity Monitoring
The Old Way With Agent-less Integrity Monitoring
Security
VM VM VM Virtual
Appliance
VM VM VM VM
Zero Added Faster Better Stronger
Footprint Performance Manageability Security
• Zero added footprint: Integrity monitoring in the same virtual appliance
that also provides agentless AV and Deep Packet Inspection
• Stronger Security: Expands the scope of protection to hypervisors
through Intel TPM/TXT integration
• Order of Magnitude savings in manageability
• Virtual Appliance avoids performance degradation from FIM storms
46 Copyright 2012 Trend Micro Inc.
46
34
35. Security for Cloud Servers
Deliver Agility
Cloud Key Challenge: Data security in the
cloud
Need: Enable path to private, public or
hybrid cloud with added data security,
management APIs and multi-tenancy
support
Amazon, vCloud
Deep Security 8 with SecureCloud 1.2
• Support for bare metal and virtual
infrastructure without cloud API
Deep Security 8
with SecureCloud Deep Security 8 with SecureCloud 2.0
2.0 will provide • Deep Security Manager integration
context-aware data
security necessary
• FIPS 140-2 certification
for ALL cloud • Key revocation, rotation & lifecycle
environments
mgmt Copyright 2012 Trend Micro Inc.
47
35
36. Total Cloud Protection
System, application and data security in the cloud
Context
Deep Security 8 Aware Credit Card Payment 2
SecureCloud
PatientSecurity Numbers
Social Medical Records
Sensitive Research Results
Information
Encryption with Policy-based
Modular protection for Key Management
servers and applications
• Data is unreadable
• Self-Defending VM Security to unauthorized users
in the Cloud
• Policy-based key management
• Agent on VM allows travel controls and automates key
between cloud solutions delivery
• One management portal for • Server validation authenticates
all modules servers requesting keys
Copyright 2012 Trend Micro Inc.
48
36
37. SecureCloud – New In 2
• FIPS 140-2 Certification
– Exchange of Mobile Armor encryption agent
– Gives Trend access to Fed / Gov accounts
• DSM Integration
– Greatly improves ability to build robust
authentication policies
– Begins integration of two cutting edge technologies
– Additional integration – unified management console
• Total Cloud Protection Bundle
– New bundle connects both products
– Gives protection across all infrastructures – PVC
– Defines a place to manage and protect all future
environments
1/18/2012 Copyright 2012 Trend Micro Inc. 49
49
37
38. SecureCloud
New Features and Benefits
New Features
• Support for bare metal and virtual infrastructures, cloud API no longer
necessary
• FIPS 140-2 certification opens government highly sensitive accounts
• Addition of key revocation, rotation and lifecycle management efficiently
manages keys across physical, virtual and cloud deployments
• Integration with Deep Security gives robust, context-aware security
Value to the customer:
• Access cloud economics and agility by removing data privacy concerns.
• Segregate data of varied trust levels to avoid breach and insider threat
• Reduce complexity and costs with policy-based key management
• Boost security with identity- and integrity-based server authentication
• Move freely among clouds knowing that remnant data is unreadable
Trend Micro Confidential1/18/2012 Copyright 2012 Trend Micro Inc.
50
38
39. SecureCloud 2
Enterprise Deployment Options
Key Management Encryption Support
Deployment Options
VM VM VM VM vSphere
Trend Micro Virtual
SaaS Solution Machines
VM VM VM VM
Private
Clouds
Or
SecureCloud
Data Center Console VM VM VM VM Public
Software Application Clouds
Copyright 2012 Trend Micro Inc.
51
39
40. SecureCloud 2
Service Provider Deployment Options
Key Management Encryption Support
Deployment Options
VM VM VM VM Public
Hosted Model Clouds
Or
• Direct model gives providers
SecureCloud full control over services
Direct Model Console
offered.
• Hosted model creates SoD
and relieves providers of the
liability and responsibilities.
• Both models give providers
revenue and differentiation.
Copyright 2012 Trend Micro Inc.
52
40
41. Deep Security Platform Architecture
Deep Security
Single Pane Manager
Scalable
Redundant
1 Threat
Reports Intelligence
Manager
5
Deep Security
2
Agent
3 4 SecureCloud
Deep Security Deep Security
Agent Virtual Appliance Cloud
Integration
Modules:
• DPI & FW Modules:
• Anti-malware • DPI & FW
• Integrity Monitoring • Anti-malware
• Log Inspection • Integrity Monitoring
Copyright 2012 Trend Micro Inc.
53
41
42. Log inspection
Log inspection keeps track of pre-selected
system logs for events that might indicate
a successful intrusion
Windows Event Log Inspection Event
1/18/2012 Copyright 2012 Trend Micro Inc. 54
42
43. Customer feedback
• “Deep Security protects our Windows, Linux and
other hosts, and allows us to proactively shield
vulnerabilities in these critical servers from
targeted attacks until patches can be deployed.”
• “Deep Security acts as a virtual patch, shielding
hard-to-patch and unpatchable systems, and
allowing us to test and deploy vendor-supplied
patches more thoroughly and efficiently."
• “In the review period, Deep Security was
demonstrated to reduce the vulnerability gap on
critical servers by more than 90%.”
55 Copyright 2012 Trend Micro Inc.
43
44. The Deep Security difference
Comprehensive
Protection
Tighter Broader Platform
Integration Coverage
Greater Operational
Efficiency
Copyright 2012 Trend Micro Inc. 56
44
45. What is the Solution?
Security that Travels with the VM
Cloud Security – Modular Protection
Data Template VM Real-time
Compliance
Protection Integrity Isolation Protection
Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
• SaaS security deployment option
57 Copyright 2012 Trend Micro Inc.
45
46. Virtualization to reduce cost
Security Compliance is not an option
Security Compliance at lower cost
Conclusion, Q&A
1/18/2012 Copyright 2012 Trend Micro Inc. 58
46
47. Reduce Complexity
Consolidate Physical Security Vendors
Physical
Vendor Management Savings:
30% Less Time
Improved Security and Availability:
73% Fewer Security Incidents
Windows, Linux,
Solaris, etc Cost Savings:
Customer Case Studies:
Average $605,927 Savings
Source: Forrester. The Total Economic Impact of
Trend Micro Enterprise Copyright 2012 Trend Micro Inc.
Security. 6/11.
47
48. Increase Efficiency
Server and Desktop Virtualization Security
Virtualization
Deployment
• Server Virtualization in production / trial = 59%
• Desktop virtualization in production / trial = 52%
Consolidation Ratios
Baseline (no AV) 20
Virtualization Aware 20
Traditional Security 2-4
0 5 10 15 20 25
Source: Indusface June 2010
Cloud Foundation
If server virtualization is deployed then
• 62% have also deployed a private cloud
• 60% have also deployed a public cloud
Copyright 2012 Trend Micro Inc.
48
49. Agentless AV enables greater density
• Other products consume 3x –12x more resources in scheduled scans & could not
handle more than 25 desktop VMs/host
• Trend supports 200-300% more desktop VMs/host than traditional AV
• Trend supports 40-60% more server VMs/host than traditional AV
CPU IOPS
2143
307% % 2053
%
273%
692%
81%
Symantec Trend McAfee Symantec Trend McAfee
Scheduled scan resource usage over baseline – 50 VMs per host
Copyright 2012 Trend Micro Inc.
49
50. What about scan time?
OfficeScan VDI Plugin caching technology is the
fastest on the market
VDI Profile Other AV Solution Trend Micro 10.5
Mixed Maximum High Density Approx 1-2 Hours 16 Minutes
VDI Pool(4H &16 L)
Mixed Low Density VDI Pool Approx. 27- 49 minutes 2 Minutes
(1H & 3 L)
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 62
50
51. Improved Density means Dollars Saved
$250K over 3 years for 1000 Virtual Desktops
Saved
Desktop Virtualization With Trend Micro With Traditional
TCO Antivirus
1000 Virtual Desktops GREEN +CO2
VDI Images per server 75 25
Servers Required to Host 14 40
1000 Virtual Desktops
Capex Savings for 1 server $5900 (from VMware TCO Calculator)
Power, Cooling &
Rackspace Savings for 1 $3600 (from VMware TCO Calculator)
server over 3 years
3-year savings for 1000 $(5900+3600) X 26 fewer servers =
virtual desktops running $247,000
Trend Micro
Similar savings accrue for server VM as well.
3-year savings for 600 server VMs running Trend Micro = $200,000
Copyright 2012 Trend Micro Inc. 64
51
53. What do you use to protect your VM’s?
or
Traditional protection Kill Trend Micro got the
VM’S and your infrastructure weapon to kill malware
Don’t play Russian roulette with your
not your infrastructure
virtual security!
Deep Security, SecureCloud and OfficeScan-VDI are VM
aware. They are optimized for VMware . Save resources, save
money now!
Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 66
53
54. Competitive Landscape
Protection Trend McAfee Symantec IBM Tripwire
Micro DS
Agentless YES NO NO NO NO
Anti-malware (MOVE AV for (optimized SEP
VDI = thin agent with
agent) whitelisting)
Agentless YES NO NO YES NO
FW, IDS/IPS & (only IDS/IPS)
web app protection
Agentless FIM incl. YES NO NO NO NO
hypervisor integrity (agent-based = (has a more
Solidcore) feature-rich
agent)
Integrated Agent YES NO NO NO NO
with AV, FW, DPI, 3 different prod 2 different
FIM, LI Relies on EPO prod.
Task automation w. YES NO NO NO NO
Recommendation
Scan, Golden Host
Context-aware YES NO NO NO NO
Total Cloud
Protection
vCenter & vShield YES NO NO NO (only NO
1/18/2012 Copyright 2012 Trend Micro Inc. 67
Integration vCenter) 67
54
55. The opportunity for your organization
For IT :
– Provide better security for critical systems & data
– Stay ahead of virtualization and cloud computing
security challenges
For Operations & Finance:
– Consolidate protection through a single, easy-to-
manage solution at a low cost
For Compliance:
– More quickly & simply meet compliance
requirements.
– Reduce time & effort required to prepare for audits
Copyright 2012 Trend Micro Inc. 68
55
56. Virtualization to reduce cost
Security Compliance is not an option
Security Compliance at lower cost
Conclusion, Q&A
1/18/2012 Copyright 2012 Trend Micro Inc. 69
56
57. Conclusion & Recommendations
Look for virtualization/ cloud security
solutions with these key attributes :
• Flexible: Physical-virtual-cloud
• Comprehensive: Multiple protection mechanisms
• Modular: Deployment options
• Integrated: With Vmware: vCenter, VMsafe, vShield…
• Multiplatform : Windows, Linux, Solaris, AIX, HP-UX
• Certified solutions : FIPS 140-2, EAL4+, PCI…
(Insist on vendor product roadmaps but don’t buy
Vaporware. Buy mature solutions like Deep Security 8
Classification 1/18/2012 70
or SecureCloud 2)
Copyright 2012 Trend Micro Inc.
57
59. Next Steps
• Dowload a trial or White Paper.
• Call us! Schedule a live demo to discuss how our
solutions can enhance your virtual Server or Desktop
deployment
• The proof is in the pudding – let us deploy a Proof of
Concept in your environment featuring the only and
most advanced solution today!
Technical sales : David_girard@trendmicro.com
Sales : Michel_bouasria@trendmicro.com
Jean_houle@trendmicro.com
Larry_thibault@trendmicro.com
Copyright 2012 Trend Micro Inc.
59