Trend Micro - Virtualization and Security Compliance

Datacenter Virtualization &
Security Compliance
How to Have Both at a Lower Cost

VMUG Montreal – January 17, 2012
David Girard • Senior Security Advisor • Trend Micro

Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 2

1

VMWorld 2011: Partners for Security

Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform

• VMware #1 Security Partner
• Trend Micro: 2011 Technology Alliance Partner of
the Year
Copyright 2012 Trend Micro Inc.

2

Questions (before we start)

• How many are in charge of virtualization?
• How many are in charge of security compliance?
• How many are responsible for both?
• Who think security controls kill their virtualization
project or increase its cost ($$$ and performance) by
too much?


3

Virtualization to reduce cost

Security Compliance is not an option

Security Compliance at lower cost

Conclusion, Q&A

1/18/2012 Copyright 2012 Trend Micro Inc. 5

4

Collision Course in the Making …
• Two major industry drivers at odds w/ each other
– Increased focus on compliance
– Datacenter virtualization and Cloud computing
You must comply.
You have no
choice. Corporate
Lawyers and
external auditors
are watching you.

You must save on
IT cost. You have
no choice
according to CFO

How to make both
lawyer, auditors
and CFO happy?


5

Key Trends: Businesses Are Moving to the Cloud

Source: Trend Micro survey, May 2011

As current pre-production
clouds go live, we will see
4x as many clouds

Copyright 2012 Trend Micro Inc. 7

6

Deploying Applications in the Cloud

Companies with public or hybrid clouds
• 45% of their existing applications are in the cloud
• 53% of their new applications will be deployed in the cloud

43% experienced a security
issue in the last 12 months


7

Who Has Control?
Servers Virtualization & Public Cloud Public Cloud Public Cloud
Private Cloud IaaS PaaS SaaS

End-User (Enterprise) Service Provider

Who is responsible for security?
• With IaaS the customer is responsible for security
– Example: http://aws.amazon.com/agreement/ (11 May 2011)

• With SaaS or PaaS the service provider is responsible for security
– Not all SaaS or PaaS services are secure
– Can compromise your endpoints that connect to the service
– Endpoint security becomes critical

8

Cloud classification
Reference: Cloud_Computing_Business_Use_Case_Template.pdf from NIST

Service Model
Software as a Plateform as a Infrastructure as a
service service service
(SaaS)* (PaaS) (IaaS)
Private

Deployment Community
Model
Public

Hybrid

*DaaS are considered as a sub category of SaaS by many organizations

Reference :Guidelines on Security and Privacy in Public Cloud Computing
Draft-SP-800-144_cloud-computing.pdf
Trend Micro Confidential 1/18/2012 Copyright 2012 Trend Micro Inc. 10

9

Platform-specific Security Risks

Physical Virtual Cloud
Manageability Performance & Threats Visibility & Threats
• Glut of security products • Security degrades • Less visibility
performance
• Less security • More external risks
• New VM-based threats
• Higher TCO

Reduce Complexity Increase Efficiency Deliver Agility

Integrated Security
Single Management Console

10




Conclusion, Q&A


11

Key Trends: Compliance Imperative

More standards:
• PCI, PIPEDA, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
With more than 400
More specific security requirements regulations and over
• Virtualization, Web applications, EHR, PII… 10,000 overlapping
controls in 38 countries,
compliance has become a
More penalties & fines challenging and complex
mandate for organizations
• HITECH, Breach notifications, civil litigation
everywhere.

DMZ consolidation using virtualization will be a "hot spot” for
auditors, given the greater risk of mis-configuration and lower
visibility of DMZ policy violation. Through year-end 2011,
auditors will challenge virtualized deployments in the DMZ
more than non-virtualized DMZ solutions.
-- Neil MacDonald, Gartner
13

12

Core Security Compliance Controls

Don’t forget
Environmental
regulations

With our solutions you
get more VM density =
less CO2 = Green =
Compliant Classification 1/18/2012 Copyright 2012 Trend Micro Inc. 14

13

The PCI compliance case
• PCI SSC’s most FAQ’s is on virtualization compliance
– “If I virtualize my cardholder data environment (CDE) will I still
be PCI compliant?”
– “Do I need to use dedicated hypervisors to host my CDE
components”
• PCI DSS v2.0 formerly acknowledged virtualization of
the CDE was permitted
– Specific guidance was deferred to an emerging technology
information supplement on virtualization


14

The History …
• PCI Virtualization Special Interest Group (SIG) formed
during the 2009 RSA Conference
– SIG Objective: Provide clarification on the use of virtualization
in accordance with the PCI DSS
– After a 2 year process, the SIG submitted recommendations to
the PCI SSC working group for consideration
– Trend has been a contributing member of the SIG from the
very first call
– Opinions on the SIG varied widely
• Leading edge: Embrace virtualization and the direction towards
cloud computing
• Conservative: Recommend dedicated hypervisor environments
and restrict consolidation of system components – defer use of the
cloud


15

10 Key Principles from PCI-DSS
Virtualization Guidelines
1. Hypervisor environment is in scope
2. One function per server
3. Separation of duty
4. Mixing VM’s of different trust levels
5. Dormant VMs and VM snapshots
6. Immaturity of monitoring solutions
7. Information leakage
8. Defense in depth
9. VM Hardening
10. Cloud Computing

16

PCI DSS 2.0 Virtualization Guidelines
PCI DSS 2.0 Virtualization Guideline Required Controls
1. Hypervisor environment is in scope Deep Security DPI and FIM
- Hypervisor and supporting components - Virtual Patching Prevents VMs from
must be hardened being compromised to attack hypervisor
- Security patches applied ASAP - FIM checks the integrity of vSphere
- Logging/monitoring of hypervisor events utilizing Intel TPM/TXT
2. One function per server Deep Security Firewall
- Physical servers had the same - Firewall ensures only requires ports and
requirement, no change in behavior protocols are accessible
3. Separation of duty Deep Security Manager
- Consider multi-factor authentication - Support for RBAC enables separation of
- Access controls for both local and duty of security policies
remote should be accessed
- Review and monitor RBAC controls
- Enforce least privilege where possible
4. Mixing VM’s of different trust levels Deep Security Firewall and IDS/IPS
- In order for in-scope and out-of-scope - A combination of VLAN and per VM
VMs to co-exist on the same hypervisor firewall and IDS/IPS provides the isolation
the VMs must be isolated from each other and visibility into inter-VM traffic required

17

5. Dormant VMs and VM snapshots Deep Security Agentless DPI & AV
- Access should be restricted - Automated VM discovery via real-time
- Ensure that only authorized VMs are integration w/ vCenter
added and removed - Dormant VMs are protected by the Virtual
- Recognize that VMs are dynamic Appliance when first powered on eliminating
and state cannot be assumed ‘stale’ protection policies
6. Immaturity of monitoring Deep Security IDS/IPS, FIM & LI
solutions - Deep Security IDS/IPS provides visibility
- Traditional tools do not monitor inter- into inter-VM traffic
VM traffic - Integrity Monitoring provides visibility into
- Virtualization tools are still immature unauthorized changes to guest-VMs and the
compared to their physical hypervisor
counterparts - Log Inspection provides visibility into
security events occurring to guest-VMs
7. Information leakage Deep Security (all modules)
- Increased risk of information leakage - IDS/IPS, FIM and Log Inspection provides
between logical network segments & visibility as shown in #6 above
between logical components - Firewall reduces the VMs attack surface

18

8. Defense in depth Deep Security (all modules)
- Traditional security appliances - Automated VM discovery via real-time
cannot protect virtual integration w/ vCenter & new VMs are auto-
- Traditional agent-based security protected w/ a default security profile
products can impact performance - Protection for physical, server VMs, VDI,
hybrid cloud, and public cloud
9. VM Hardening Deep Security and VMware
- Harden VMs (OS & Apps) by - IDS/IPS & firewall hardens VMs
disabling unnecessary services, ports, - Integrity Monitoring provides visibility into
interfaces, and devices unauthorized changes to guest-VMs
- Send logs off-board in near real-time - Log Inspection provides visibility into
- Establish limits on VM resource security events occurring to guest-VMs &
usage forwards in real-time
10. Cloud Computing Deep Security and SecureCloud
- Cloud service provider must provide - Deep Security protects VMs in enterprise,
sufficient assurance that the scope of hybrid cloud and public cloud environments
PCI compliance is sufficient - SecureCloud provides encryption services
- Customer is required to provide independent of cloud provider ensuring only
additional necessary controls authorized personnel can access the data

19

Exploits are happening before
patches are developed
“Microsoft today admitted it knew of
the Internet Explorer flaw used in the
attacks against Google and Adobe
28 days since September last year.”
# of days until -- ZDNet, January 21, 2010
vulnerability is
first exploited, 18 days
after patch is
made available
10 days

Zero-day Zero-day

2003 2004 2005 2006 … 2010
MS- Blast Sasser Zotob WMF IE zero-day

31 Copyright 2012 Trend Micro Inc.

20

By exploiting a vulnerability…
An attacker can:
– Take full control of a system
– Install programs
– View, delete, or change data
– Create accounts with user privileges
– Deny services
– Crash systems
– Steal & sell valuable data


21

Where are you most vulnerable?

1 Enterprise applications

2 Legacy web applications

3 Unsupported OSs & apps

Untouchable apps
4


22

1 Enterprise applications

2,723 Critical “Software Flaw” Vulnerabilities in 2009
• Common Vulnerabilities & Exposures (“CVE”): Score 7-10

78

73

23 How often / easily do you
patch Oracle vulnerabilities?


23

2 Legacy web applications

• Inherently open and accessible
“New mass SQL
• Content & functionality constantly
evolving injection attack
infects 56,000
• Web 2.0 adds more complexity
websites”
• Many legacy web apps cannot be
-- SC Magazine.
fixed (developers gone)
August 25, 2009
• Perimeter security doesn’t protect
web apps
• Secure SDLC: Lack of awareness
and training

35 Copyright 2012 Trend Micro Inc. © Third Brigade, Inc.

24

Unsupported OSs &
3 apps

Security patches no longer issued for:

8 3
March October
2009 2010

January July
2009 2010
10.1


25

Untouchable apps
4
Medical
Kiosks Point
ATMs of Sale

• Reason for not patching: The underlying applications require
security patches, which could
– Cost of refresh create incompatibilities and even
– Compliance restrictions break the medical device. Medical
device manufacturers are reluctant
– Service Level Agreements to patch until they have performed
adequate testing.


26

Trend Micro Deep Security
Virtual patching solution
5 protection modules

Deep Packet Inspection Detects and blocks known and
IDS / IPS zero-day attacks that target
vulnerabilities
Shields web application
Web Application Protection
vulnerabilities Provides increased visibility
Application Control into, or control over,
applications accessing the
network
Reduces attack surface. Integrity Detects malicious and
Prevents DoS & detects Firewall unauthorized changes to
Monitoring
reconnaissance scans directories, files, registry
keys…
Optimizes the Log Detects and blocks
identification of Anti-Virus
Inspection malware (web threats,
important security viruses & worms, Trojans)
events buried in log
entries

Protection is delivered via Agent and/or Virtual Appliance

27

Sample list of systems protected
Deep Security rules shield vulnerabilities in these common applications

Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE
Linux (10,11)
Database servers Oracle, MySQL, Microsoft SQL Server, Ingres
Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint
Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,,
MailEnable Professional,
FTP servers Ipswitch, War FTP Daemon, Allied Telesis

Backup servers Computer Associates, Symantec, EMC

Storage mgt servers Symantec, Veritas

DHCP servers ISC DHCPD

Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer,
Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime,
RealNetworks RealPlayer
Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client

Web browsers Internet Explorer, Mozilla Firefox

Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft

Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior,
Rsync, OpenSSL, Novell Client


28

Security Center
Rules to shield newly discovered vulnerabilities
are developed and delivered automatically
Automated Monitoring
Monitor Public • SANS • VulnWatch
Private • CERT • PacketStorm
Underground • Vendor Advisories • Securiteam
• Bugtraq

Application Triage
Triage Coverage • Wide range of server, desktop and
Analysis custom application coverage
• Per filter recommendations

Develop
Quality Filter Types
Assurance • Exploit / Attack
Filter
Development • Vulnerability
• Smart / Anomaly / Traffic

Deliver
Coordinate Response
Information • Automated
and • Within Hours
Response


© Third Brigade, Inc. 40

29

Platforms protected
Windows 2000
Windows 2003 (32 & 64 bit)
Windows XP
Vista (32 & 64 bit)
Windows Server 2008 (32 & 64 bit)
Windows 7
HyperV (Guest VM)

8, 9, 10 on SPARC
10 on x86 (64 bit)

Red Hat (CentOS) 4, 5, 6 (32 & 64 bit)
SuSE 10, 11

VMware ESX Server (guest OS)
VMware Server (host & guest OS)

XenServer (Guest VM)

HP-UX 11i (11.23 & 11.31) Integrity Monitoring
AIX 5.3, 6.1 & Log Inspection modules


41

30

Protection for web applications
• Microsoft.NET - based website tested with IBM Rational AppScan
• 5,428 vulnerability tests sent


31

Conficker Worm example
Five Variants:
• Nov 21, 2008 Win32/Conficker.A
• Dec 29, 2008 Win32/Conficker.B
• Feb 16, 2009 Win32/Conficker.B++ (C)
• Mar 4, 2009 Win32/Conficker.D
• April 8, 2009 Win32/Conficker.E

Impact
• Up to 10 million machines infected
• Weeks of clean-up & containment effort
• Lost productivity during the worm outbreak
• Potential for further attacks due to Conficker disabling AV
processes and blocking updates
• Additional malware installed in silent mode for future
malicious use and/or creation of BotNets


32

Deep Security customers were protected
before first Conficker exploits appeared

• Deep Security customers were protected against MS08-067
exploits beginning Oct 23, 2008 (same day vulnerability was
announced, and weeks before first exploit).
– DPI rules shield MS08-067 from exploit
– Log Inspection rules detect Conficker brute force attempts
– Integrity Monitoring rules detect Conficker system infection

• Two new Deep Security DPI rules released Feb 23, 2009 to
protect against Conficker.B++

• Deep Security’s Recommendation Scan feature automatically
recommends the above protection rules
– Ensures the appropriate level of protection is applied to systems
even if IT Security is not aware of a particular attack


33

Deep Security 8 Integrity Monitoring
Agentless Integrity Monitoring

The Old Way With Agent-less Integrity Monitoring

Security
VM VM VM Virtual
Appliance
VM VM VM VM

Zero Added Faster Better Stronger
Footprint Performance Manageability Security

• Zero added footprint: Integrity monitoring in the same virtual appliance
that also provides agentless AV and Deep Packet Inspection
• Stronger Security: Expands the scope of protection to hypervisors
through Intel TPM/TXT integration
• Order of Magnitude savings in manageability
• Virtual Appliance avoids performance degradation from FIM storms
46

34

Security for Cloud Servers
Deliver Agility
Cloud Key Challenge: Data security in the
cloud
Need: Enable path to private, public or
hybrid cloud with added data security,
management APIs and multi-tenancy
support
Amazon, vCloud
Deep Security 8 with SecureCloud 1.2
• Support for bare metal and virtual
infrastructure without cloud API
Deep Security 8
with SecureCloud Deep Security 8 with SecureCloud 2.0
2.0 will provide • Deep Security Manager integration
context-aware data
security necessary
• FIPS 140-2 certification
for ALL cloud • Key revocation, rotation & lifecycle
environments
mgmt Copyright 2012 Trend Micro Inc.
47

35

Total Cloud Protection
System, application and data security in the cloud

Context
Deep Security 8 Aware Credit Card Payment 2
SecureCloud
PatientSecurity Numbers
Social Medical Records
Sensitive Research Results
Information

Encryption with Policy-based
Modular protection for Key Management
servers and applications
• Data is unreadable
• Self-Defending VM Security to unauthorized users
in the Cloud
• Policy-based key management
• Agent on VM allows travel controls and automates key
between cloud solutions delivery
• One management portal for • Server validation authenticates
all modules servers requesting keys

48

36

SecureCloud – New In 2

• FIPS 140-2 Certification
– Exchange of Mobile Armor encryption agent
– Gives Trend access to Fed / Gov accounts
• DSM Integration
– Greatly improves ability to build robust
authentication policies
– Begins integration of two cutting edge technologies
– Additional integration – unified management console
• Total Cloud Protection Bundle
– New bundle connects both products
– Gives protection across all infrastructures – PVC
– Defines a place to manage and protect all future
environments

49

37

SecureCloud
New Features and Benefits

New Features
• Support for bare metal and virtual infrastructures, cloud API no longer
necessary
• FIPS 140-2 certification opens government highly sensitive accounts
• Addition of key revocation, rotation and lifecycle management efficiently
manages keys across physical, virtual and cloud deployments
• Integration with Deep Security gives robust, context-aware security

Value to the customer:
• Access cloud economics and agility by removing data privacy concerns.
• Segregate data of varied trust levels to avoid breach and insider threat
• Reduce complexity and costs with policy-based key management
• Boost security with identity- and integrity-based server authentication
• Move freely among clouds knowing that remnant data is unreadable

Trend Micro Confidential1/18/2012 Copyright 2012 Trend Micro Inc.
50

38

SecureCloud 2
Enterprise Deployment Options

Key Management Encryption Support
Deployment Options
VM VM VM VM vSphere
Trend Micro Virtual
SaaS Solution Machines

VM VM VM VM
Private
Clouds

Or
SecureCloud
Data Center Console VM VM VM VM Public
Software Application Clouds

51

39

SecureCloud 2
Service Provider Deployment Options

Key Management Encryption Support
Deployment Options
VM VM VM VM Public
Hosted Model Clouds

Or
• Direct model gives providers
SecureCloud full control over services
Direct Model Console
offered.
• Hosted model creates SoD
and relieves providers of the
liability and responsibilities.
• Both models give providers
revenue and differentiation.

52

40

Deep Security Platform Architecture
Deep Security
Single Pane Manager
Scalable
Redundant

1 Threat
Reports Intelligence
Manager
5

Deep Security

2
Agent
3 4 SecureCloud

Deep Security Deep Security
Agent Virtual Appliance Cloud
Integration
Modules:
• DPI & FW Modules:
• Anti-malware • DPI & FW
• Integrity Monitoring • Anti-malware
• Log Inspection • Integrity Monitoring

53

41

Log inspection
Log inspection keeps track of pre-selected
system logs for events that might indicate
a successful intrusion

Windows Event Log Inspection Event

42

Customer feedback
• “Deep Security protects our Windows, Linux and
other hosts, and allows us to proactively shield
vulnerabilities in these critical servers from
targeted attacks until patches can be deployed.”

• “Deep Security acts as a virtual patch, shielding
hard-to-patch and unpatchable systems, and
allowing us to test and deploy vendor-supplied
patches more thoroughly and efficiently."

• “In the review period, Deep Security was
demonstrated to reduce the vulnerability gap on
critical servers by more than 90%.”


43

The Deep Security difference

Comprehensive
Protection

Tighter Broader Platform
Integration Coverage

Greater Operational
Efficiency

44

What is the Solution?
Security that Travels with the VM

Cloud Security – Modular Protection

Data Template VM Real-time
Compliance
Protection Integrity Isolation Protection

Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
• SaaS security deployment option


45




Conclusion, Q&A


46

Reduce Complexity
Consolidate Physical Security Vendors
Physical
Vendor Management Savings:
30% Less Time

Improved Security and Availability:
73% Fewer Security Incidents

Windows, Linux,
Solaris, etc Cost Savings:
Customer Case Studies:
Average $605,927 Savings

Source: Forrester. The Total Economic Impact of
Trend Micro Enterprise Copyright 2012 Trend Micro Inc.
Security. 6/11.

47

Increase Efficiency
Server and Desktop Virtualization Security
Virtualization
Deployment
• Server Virtualization in production / trial = 59%
• Desktop virtualization in production / trial = 52%

Consolidation Ratios
Baseline (no AV) 20

Virtualization Aware 20

Traditional Security 2-4

0 5 10 15 20 25
Source: Indusface June 2010

Cloud Foundation
If server virtualization is deployed then
• 62% have also deployed a private cloud
• 60% have also deployed a public cloud

48

Agentless AV enables greater density
• Other products consume 3x –12x more resources in scheduled scans & could not
handle more than 25 desktop VMs/host
• Trend supports 200-300% more desktop VMs/host than traditional AV
• Trend supports 40-60% more server VMs/host than traditional AV

CPU IOPS
2143
307% % 2053
%
273%

692%
81%

Symantec Trend McAfee Symantec Trend McAfee

Scheduled scan resource usage over baseline – 50 VMs per host

49

What about scan time?
OfficeScan VDI Plugin caching technology is the
fastest on the market

VDI Profile Other AV Solution Trend Micro 10.5

Mixed Maximum High Density Approx 1-2 Hours 16 Minutes
VDI Pool(4H &16 L)

Mixed Low Density VDI Pool Approx. 27- 49 minutes 2 Minutes
(1H & 3 L)

50

Improved Density means Dollars Saved
$250K over 3 years for 1000 Virtual Desktops
Saved
Desktop Virtualization With Trend Micro With Traditional
TCO Antivirus
1000 Virtual Desktops GREEN +CO2

VDI Images per server 75 25
Servers Required to Host 14 40
1000 Virtual Desktops

Capex Savings for 1 server $5900 (from VMware TCO Calculator)
Power, Cooling &
Rackspace Savings for 1 $3600 (from VMware TCO Calculator)
server over 3 years
3-year savings for 1000 $(5900+3600) X 26 fewer servers =
virtual desktops running $247,000
Trend Micro
Similar savings accrue for server VM as well.
3-year savings for 600 server VMs running Trend Micro = $200,000

51

Risk : Malware Signature size
Evolution of malware signatures files from 2008-2011
160

160
140

158
120

100
117

80 MB

60
77
68
61

65

40
55
43

20
39

35

32

0

2008 2009 2010

Trend Micro McAfee Kaspersky Symantec

Evolution -14% +38% + 101% +70%

52

What do you use to protect your VM’s?

or

Traditional protection Kill Trend Micro got the
VM’S and your infrastructure weapon to kill malware
Don’t play Russian roulette with your
not your infrastructure
virtual security!

Deep Security, SecureCloud and OfficeScan-VDI are VM
aware. They are optimized for VMware . Save resources, save
money now!


53

Competitive Landscape
Protection Trend McAfee Symantec IBM Tripwire
Micro DS
Agentless YES NO NO NO NO
Anti-malware (MOVE AV for (optimized SEP
VDI = thin agent with
agent) whitelisting)
Agentless YES NO NO YES NO
FW, IDS/IPS & (only IDS/IPS)
web app protection

Agentless FIM incl. YES NO NO NO NO
hypervisor integrity (agent-based = (has a more
Solidcore) feature-rich
agent)
Integrated Agent YES NO NO NO NO
with AV, FW, DPI, 3 different prod 2 different
FIM, LI Relies on EPO prod.
Task automation w. YES NO NO NO NO
Recommendation
Scan, Golden Host
Context-aware YES NO NO NO NO
Total Cloud
Protection
vCenter & vShield YES NO NO NO (only NO
Integration vCenter) 67

54

The opportunity for your organization

For IT :
– Provide better security for critical systems & data
– Stay ahead of virtualization and cloud computing
security challenges

For Operations & Finance:
– Consolidate protection through a single, easy-to-
manage solution at a low cost

For Compliance:
– More quickly & simply meet compliance
requirements.
– Reduce time & effort required to prepare for audits


55




Conclusion, Q&A


56

Conclusion & Recommendations

Look for virtualization/ cloud security
solutions with these key attributes :

• Flexible: Physical-virtual-cloud
• Comprehensive: Multiple protection mechanisms
• Modular: Deployment options
• Integrated: With Vmware: vCenter, VMsafe, vShield…
• Multiplatform : Windows, Linux, Solaris, AIX, HP-UX
• Certified solutions : FIPS 140-2, EAL4+, PCI…
(Insist on vendor product roadmaps but don’t buy
Vaporware. Buy mature solutions like Deep Security 8
Classification 1/18/2012 70

or SecureCloud 2)

57

Questions?

Product Information:
Thank you! http://us.trendmicro.com/us/products/enterprise/datacenter-
security/deep-security/index.html
Merci! http://us.trendmicro.com/us/solutions/enterprise/security-
solutions/virtualization/securecloud/


58

Next Steps

• Dowload a trial or White Paper.
• Call us! Schedule a live demo to discuss how our
solutions can enhance your virtual Server or Desktop
deployment
• The proof is in the pudding – let us deploy a Proof of
Concept in your environment featuring the only and
most advanced solution today!

Technical sales : David_girard@trendmicro.com
Sales : Michel_bouasria@trendmicro.com
Jean_houle@trendmicro.com
Larry_thibault@trendmicro.com


59

Trend Micro - Virtualization and Security Compliance

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Trend Micro - Virtualization and Security Compliance

Similar to Trend Micro - Virtualization and Security Compliance (20)

More from 1CloudRoad.com

More from 1CloudRoad.com (17)

Recently uploaded

Recently uploaded (20)

Trend Micro - Virtualization and Security Compliance