SlideShare une entreprise Scribd logo
1  sur  36
Télécharger pour lire hors ligne
© 2009 VMware Inc. All rights reserved
Confidential
Agentless Anti-Virus and IDS/IPS
A New Paradigm for Security in Virtual Environments
Harish Agastya. Director of Datacenter Security. Trend Micro
2 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
3 Confidential
Securing Servers the Traditional Way
App
OS
Network
IDS / IPS
ESX Server
App
OS
App
OS
AppAV AppAV AppAV
• Anti-virus: Local, agent-based protection
in the VM
• IDS / IPS : Network-based device or
software solution
4 Confidential
Virtualization Journey
Stage 1: Server Consolidation
Classification 01/30/15
4
5 Confidential
Virtualization Journey
Stage 2: Expansion & Desktop
Classification 01/30/15
5
Increased Server
Consolidation
Desktop
Virtualization
6 Confidential
Virtualization Journey
Stage 3: From Private to Public Cloud
Classification 01/30/15
6
7 Confidential
Servers
Desktops
Stage 1
Server Consolidation
Stage 2
Expansion & Desktop
Virtualization Journey Stages
Stage 3
Private > Public Cloud
15%
30%
70%
85%
Virtualization Adoption Rate
THE SECURITY INHIBITORS
TO VIRTUALIZATION
8 Confidential
IT Production Business Production ITaaS
Data destruction
Diminished perimeter
Resource Contention
Multi-tenancy
Data access & governance
Complexity of Management
Mixed trust level VMs
Compliance/ Lack of audit trail
1
2
3
4
5
6
7
8
9
10
11
Virtualization
Adoption
Rate
Security Challenges Along the Virtualization Journey
Inter-VM attacks
Instant-on gaps
Host controls under-deployed
9 Confidential
Inter-VM attacks/ blind spots1
Security Inhibitors to Virtualization
10 Confidential
Active
   
Dormant
 
Reactivated with
out-of-date security
   
Instant-on gaps2
Security Inhibitors to Virtualization
New VMs
11 Confidential
Resource contention
Typical AV
Console
3:00am Scan
3
Security Inhibitors to Virtualization
12 Confidential
Patch
agents
Rollout
patterns
Provisioning
new VMs
Complexity of Management4
Security Inhibitors to Virtualization
Reconfiguring
agents
13 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
14 Confidential
14
• More Profitable
• $100 billion: Estimated profits from global cybercrime
-- Chicago Tribune, 2008
• More Sophisticated
• “Breaches go undiscovered and uncontained for
weeks or months in 75% of cases.”
-- Verizon Breach Report, 2009
• More Frequent
• "Harvard and Harvard Medical School are attacked
every 7 seconds, 24 hours a day, 7 days a week.”
-- John Halamka, CIO
• More Targeted
• “27% of respondents had reported targeted attacks”.
-- 2008 CSI Computer Crime & Security Survey
Today’s threat environment
15 Confidential
Perimeter defenses are not enough
15
© 2005, Third Brigade Inc.
Encrypted
Attacks 10011100111001
Mobile
Computers2
Wireless
Networks3
Insider
Attacks5
Unsuspecting
Users4 ?
16 Confidential
16
# of days until
vulnerability is
first exploited,
after patch is
made available
2003
MS- Blast
28 days
2004
Sasser
18 days
2005
Zotob
10 days
2006 …
WMF
Zero-day Zero-day
Exploits are happening before patches are developed
2010
IE zero-day
“Microsoft today admitted it knew
of the Internet Explorer flaw used
in the attacks against Google and
Adobe since September last
year.”
-- ZDNet, January 21, 2010
“Microsoft today admitted it knew
of the Internet Explorer flaw used
in the attacks against Google and
Adobe since September last
year.”
-- ZDNet, January 21, 2010
17 Confidential
17
Where are you vulnerable?
Takes days to months
until patches are
available and can be
tested & deployed:
• “Microsoft Tuesday”
• Oracle
• Adobe
Developers not available
to fix vulnerabilities:
• No longer with company
• Working on other projects
Patches are no longer
being developed:
• Red Hat 3 -- Oct 2010
• Windows 2000 -- Jul 2010
• Solaris 8 -- Mar 2009
• Oracle 10.1 -- Jan 2009
Can’t be patched
because of cost,
regulations, SLA
reasons:
• POS
• Kiosks
• Medical Devices
18 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
19 Confidential
New Paradigm #1:
Hypervisor-powered Security Architectures
19
App
OS
ESX Server
App
OS
App
OS
vShield Endpoint
Anti-virus
Virtual Appliance
• vShield Endpoint enables agentless AV scanning
• Secures VMs from the outside, no changes to VM
20 Confidential
The Opportunity with Agentless Anti-malware
Virtual
Appliance
Agent
vShield Endpoint
AgentAgent
vSphere
Today using vShield EndpointPreviously
• More manageable: No agents to configure, update, patch
• Faster performance: Freedom from AV Storms
• Stronger security: Instant ON protection + tamper-proofing
• Higher consolidation: Inefficient operations removed
21 Confidential
Security Virtual ApplianceSecurity Virtual Appliance
VM
APP
OS
Kernel
Kernel
BIOS
ESX 4.1
vSphere Platform
VM
APP
OS
Kernel
Kernel
BIOS
Guest VM
OS
Anti-malware
Product
Console
Anti-malware
Product
Console
vShield Endpoint
Library
Agentless anti-malware: Architecture
Anti-malware Scanning ModuleAnti-malware Scanning Module
vShield Endpoint ESX
Module
vShield Endpoint ESX
Module
On Access ScansOn Access Scans
On Demand ScansOn Demand Scans
Vshield Guest
Driver
Vshield Guest
Driver
EPsec
Interface
VI Admin
Security
Admin
RemediationRemediation
Caching & FilteringCaching & Filtering
APPsAPPs
APPsAPPs
APPsAPPs
REST
Status
Monitor
Status
Monitor
22 Confidential
Agentless Anti-malware: Process flow
VMVMGuest VM
OS
Security Virtual ApplianceSecurity Virtual Appliance
EPsec
Lib
Anti-malware
Scanning module
Anti-malware
Scanning module
On Access ScansOn Access Scans
On Demand ScansOn Demand Scans
RemediationRemediation
Caching & FilteringCaching & Filtering
APPsAPPs
APPsAPPs
APPsAPPs Vshield
Guest
Driver
Vshield
Guest
Driver
result cached?
excluded by filter?
file event
* file data request
* file data
* file data
* file data request
scan result
scan resultresult
file event
data cached?
file event
result
result
* file data
time
23 Confidential
Agentless approach uses less ESX memory
# of Guest VMs
Anti-Virus “B”
Anti-Virus “Y”
Anti-Virus “R”
24 Confidential
Anti-Virus “B”
Time (Seconds)
Anti-Virus “Y”
Anti-Virus “R”
Agentless approach uses less bandwidth
Signature update for 10 agents
Agentless
Anti-Virus “T”
25 Confidential
New Paradigm #2:
Opportunity to Beef up Server Security
 VMsafe enables you to supplement perimeter defense
 Agentless IDS/IPS, Firewall and application protection
App
OS
ESX Server
App
OS
App
OS
VMsafe APIs
Virtual Appliance
Firewall
IDS / IPS
Web app
Anti-Virus
26 Confidential
VMsafe™ APIs
26
CPU/Memory Inspection
• Inspection of specific memory pages
• Knowledge of the CPU state
• Policy enforcement through resource allocation
Networking
• View all IO traffic on the host
• Intercept, view, modify and replicate IO traffic
• Provide inline or passive protection
Storage
• Mount and read virtual disks (VMDK)
• Inspect IO read/writes to the storage devices
• Transparent to device & inline with ESX Storage stack
27 Confidential
Fastpath Driver
Micro Firewall
(Blacklist &
Bypass)
Tap/Inline
Incoming
/
Outgoing
Packet
Pass
Drop
Stateful
Firewall
Drop
Slowpath Driver
Pass
DPI
Intrusion Defense with VMsafe
28 Confidential
vSphere
App
OS
App
OS
vCenter
New Paradigm # 3
Virtualization-aware agents
 vCenter integration makes security virtualization-aware
 V-aware agents complement virtual appliance
 Use cases: offline desktops, compliance, defense in depth
29 Confidential
vSphere
App
OS
App
OS OS
App
New Paradigm # 4
Security that is Cloud-Ready
 Security for datacenter VMs moves to the cloud with
application and data
 Advanced security modules (IDS/IPS, Integrity monitoring)
protect server in multi-tenant environment
30 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
31 Confidential
Founded
Headquarters
Offices
Employees
Market
Leadership
United States, 1988
Tokyo, Japan
23 countries
4,350
Internet Content Security
US $1 Billion annual revenue 1,000+ Threat Research Experts
10 labs. 24x7 ops
Real-time alerts for new threats
nd Micro security & compliance solutions
VMware customers :
Accelerate and complete their virtualization journey
More fully leverage their VMware investments
Maximize their virtualization ROI
Security Built for VMware
32 Confidential
32
Trend Micro Deep Security
Server & application protection
• Latest anti-malware module adds to existing set of advanced protection
modules
Firewall
Web app
protection
Log
Inspection
Integrity
Monitoring
Anti-
Malware
Intrusion
Detection
Prevention
33 Confidential
33
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Log
Inspection
Anti-Virus
Detects and blocks known and
zero-day attacks that target
vulnerabilities
Shields web application
vulnerabilities Provides increased visibility into,
or control over, applications
accessing the network
Reduces attack surface.
Prevents DoS & detects
reconnaissance scans
Detects malicious and
unauthorized changes to
directories, files, registry keys…
Optimizes the
identification of important
security events buried in
log entries
Detects and blocks malware
(web threats, viruses &
worms, Trojans)
Trend Micro Deep Security
Server & application protection
Protection is delivered via Agent and/or Virtual Appliance
5 protection modules
Integrity
Monitoring
34 Confidential
Classification 01/30/15
34
Agent-based security:
• Comprehensive protection
within datacenter
• Mobility – to extend protection
to public cloud
Hypervisor / vCenter integration:
• Enables virtualization-aware security
• Eliminates instant-on gaps
Coordinated approach:
• Optimized protection
• Operational efficiency
2
3
4
Inline virtual appliance:
• AV, IDS/IPS, FW
• Greater efficiency
• Manageability
1
Trend Micro Deep Security
Security Built for VMware
35 Confidential
Deep Security 7.5 Integrates vShield Endpoint & VMsafe
Agent-Less Real Time Scan
• Triggers notifications to AV engine on file open/close
• Provides access to file data for scanning
Agent-Less Manual and Schedule Scan
• On demand scans are coordinated and staggered
• Traverses guest file-system and triggers notifications to the AV engine
• Integrates with vShield Endpoint (in vSphere 4.1)
• Zero Day Protection
• Trend Micro SPN Integration
Agent-Less Remediation
• Active Action, Delete, Pass, Quarantine, Clean
API Level Caching
• Caching of data and results to minimize data
traffic and optimize performance
Virtual
Appl.
vShield Endpoint
SPN
36 Confidential
Thank You
www.trendmicro.com/deepsecurity
www.vmware.com/trendmicro

Contenu connexe

Tendances

PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksSymantec Security Response
 
Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Sophos Benelux
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsChristopher Gerritz
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Sophos Benelux
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital SecurityShawn Wells
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!MSHOWTO Bilisim Toplulugu
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentationData Unit
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentMarketingArrowECS_CZ
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCanSecWest
 
Android security - an enterprise perspective
Android security -  an enterprise perspectiveAndroid security -  an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 

Tendances (20)

PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
 
Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
 
Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015Kaspersky Endpoint Security for Business 2015
Kaspersky Endpoint Security for Business 2015
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
 
Kaspersky endpoint security business presentation
Kaspersky endpoint security business presentationKaspersky endpoint security business presentation
Kaspersky endpoint security business presentation
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Mind the gap
Mind the gapMind the gap
Mind the gap
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast Agent
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
 
Android security - an enterprise perspective
Android security -  an enterprise perspectiveAndroid security -  an enterprise perspective
Android security - an enterprise perspective
 

Similaire à Trend Micro VForum Agentless Scanning Presentation

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.pptDubemJavapi
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendArrow ECS UK
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterVMUG IT
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.pptwebhostingguy
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUG IT
 

Similaire à Trend Micro VForum Agentless Scanning Presentation (20)

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.ppt
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - Trend
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data Center
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
 

Plus de Graeme Wood

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment Graeme Wood
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview Graeme Wood
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work? Graeme Wood
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service SegmentGraeme Wood
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewGraeme Wood
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Graeme Wood
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic ComputingGraeme Wood
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721Graeme Wood
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt   cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt   cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Raimund genes from traditional malware to targeted attacks
Raimund genes    from traditional malware to targeted attacksRaimund genes    from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksGraeme Wood
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013Graeme Wood
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Graeme Wood
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marGraeme Wood
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 

Plus de Graeme Wood (15)

TechCatalyst free assessment
TechCatalyst free assessment TechCatalyst free assessment
TechCatalyst free assessment
 
TechCatalyst Corporate Overview
TechCatalyst Corporate Overview TechCatalyst Corporate Overview
TechCatalyst Corporate Overview
 
How does semantic technology work?
How does semantic technology work? How does semantic technology work?
How does semantic technology work?
 
AI and the Financial Service Segment
AI and the Financial Service SegmentAI and the Financial Service Segment
AI and the Financial Service Segment
 
Ai and Legal Industy - Executive Overview
Ai and Legal Industy - Executive OverviewAi and Legal Industy - Executive Overview
Ai and Legal Industy - Executive Overview
 
Semantic Computing Executive Briefing
Semantic Computing Executive Briefing Semantic Computing Executive Briefing
Semantic Computing Executive Briefing
 
Introduction to Semantic Computing
Introduction to Semantic ComputingIntroduction to Semantic Computing
Introduction to Semantic Computing
 
AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721AIIA_DataAnalytics_Project_External_20160721
AIIA_DataAnalytics_Project_External_20160721
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt   cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt   cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
 
Raimund genes from traditional malware to targeted attacks
Raimund genes    from traditional malware to targeted attacksRaimund genes    from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013andrew milroy - top security trends and takeaways for 2013
andrew milroy - top security trends and takeaways for 2013
 
Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010Anz campaign creative 11 sept 2010
Anz campaign creative 11 sept 2010
 
Anz cloud thought leadership 16 mar
Anz cloud thought leadership 16 marAnz cloud thought leadership 16 mar
Anz cloud thought leadership 16 mar
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 

Dernier

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 

Dernier (20)

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 

Trend Micro VForum Agentless Scanning Presentation

  • 1. © 2009 VMware Inc. All rights reserved Confidential Agentless Anti-Virus and IDS/IPS A New Paradigm for Security in Virtual Environments Harish Agastya. Director of Datacenter Security. Trend Micro
  • 2. 2 Confidential Agenda Security Roadblocks in the Virtualization Journey Threat Evolution and the Porous Perimeter New Security Paradigms on the vSphere platform Trend Micro: Security Built for VMware
  • 3. 3 Confidential Securing Servers the Traditional Way App OS Network IDS / IPS ESX Server App OS App OS AppAV AppAV AppAV • Anti-virus: Local, agent-based protection in the VM • IDS / IPS : Network-based device or software solution
  • 4. 4 Confidential Virtualization Journey Stage 1: Server Consolidation Classification 01/30/15 4
  • 5. 5 Confidential Virtualization Journey Stage 2: Expansion & Desktop Classification 01/30/15 5 Increased Server Consolidation Desktop Virtualization
  • 6. 6 Confidential Virtualization Journey Stage 3: From Private to Public Cloud Classification 01/30/15 6
  • 7. 7 Confidential Servers Desktops Stage 1 Server Consolidation Stage 2 Expansion & Desktop Virtualization Journey Stages Stage 3 Private > Public Cloud 15% 30% 70% 85% Virtualization Adoption Rate THE SECURITY INHIBITORS TO VIRTUALIZATION
  • 8. 8 Confidential IT Production Business Production ITaaS Data destruction Diminished perimeter Resource Contention Multi-tenancy Data access & governance Complexity of Management Mixed trust level VMs Compliance/ Lack of audit trail 1 2 3 4 5 6 7 8 9 10 11 Virtualization Adoption Rate Security Challenges Along the Virtualization Journey Inter-VM attacks Instant-on gaps Host controls under-deployed
  • 9. 9 Confidential Inter-VM attacks/ blind spots1 Security Inhibitors to Virtualization
  • 10. 10 Confidential Active     Dormant   Reactivated with out-of-date security     Instant-on gaps2 Security Inhibitors to Virtualization New VMs
  • 11. 11 Confidential Resource contention Typical AV Console 3:00am Scan 3 Security Inhibitors to Virtualization
  • 12. 12 Confidential Patch agents Rollout patterns Provisioning new VMs Complexity of Management4 Security Inhibitors to Virtualization Reconfiguring agents
  • 13. 13 Confidential Agenda Security Roadblocks in the Virtualization Journey Threat Evolution and the Porous Perimeter New Security Paradigms on the vSphere platform Trend Micro: Security Built for VMware
  • 14. 14 Confidential 14 • More Profitable • $100 billion: Estimated profits from global cybercrime -- Chicago Tribune, 2008 • More Sophisticated • “Breaches go undiscovered and uncontained for weeks or months in 75% of cases.” -- Verizon Breach Report, 2009 • More Frequent • "Harvard and Harvard Medical School are attacked every 7 seconds, 24 hours a day, 7 days a week.” -- John Halamka, CIO • More Targeted • “27% of respondents had reported targeted attacks”. -- 2008 CSI Computer Crime & Security Survey Today’s threat environment
  • 15. 15 Confidential Perimeter defenses are not enough 15 © 2005, Third Brigade Inc. Encrypted Attacks 10011100111001 Mobile Computers2 Wireless Networks3 Insider Attacks5 Unsuspecting Users4 ?
  • 16. 16 Confidential 16 # of days until vulnerability is first exploited, after patch is made available 2003 MS- Blast 28 days 2004 Sasser 18 days 2005 Zotob 10 days 2006 … WMF Zero-day Zero-day Exploits are happening before patches are developed 2010 IE zero-day “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.” -- ZDNet, January 21, 2010 “Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.” -- ZDNet, January 21, 2010
  • 17. 17 Confidential 17 Where are you vulnerable? Takes days to months until patches are available and can be tested & deployed: • “Microsoft Tuesday” • Oracle • Adobe Developers not available to fix vulnerabilities: • No longer with company • Working on other projects Patches are no longer being developed: • Red Hat 3 -- Oct 2010 • Windows 2000 -- Jul 2010 • Solaris 8 -- Mar 2009 • Oracle 10.1 -- Jan 2009 Can’t be patched because of cost, regulations, SLA reasons: • POS • Kiosks • Medical Devices
  • 18. 18 Confidential Agenda Security Roadblocks in the Virtualization Journey Threat Evolution and the Porous Perimeter New Security Paradigms on the vSphere platform Trend Micro: Security Built for VMware
  • 19. 19 Confidential New Paradigm #1: Hypervisor-powered Security Architectures 19 App OS ESX Server App OS App OS vShield Endpoint Anti-virus Virtual Appliance • vShield Endpoint enables agentless AV scanning • Secures VMs from the outside, no changes to VM
  • 20. 20 Confidential The Opportunity with Agentless Anti-malware Virtual Appliance Agent vShield Endpoint AgentAgent vSphere Today using vShield EndpointPreviously • More manageable: No agents to configure, update, patch • Faster performance: Freedom from AV Storms • Stronger security: Instant ON protection + tamper-proofing • Higher consolidation: Inefficient operations removed
  • 21. 21 Confidential Security Virtual ApplianceSecurity Virtual Appliance VM APP OS Kernel Kernel BIOS ESX 4.1 vSphere Platform VM APP OS Kernel Kernel BIOS Guest VM OS Anti-malware Product Console Anti-malware Product Console vShield Endpoint Library Agentless anti-malware: Architecture Anti-malware Scanning ModuleAnti-malware Scanning Module vShield Endpoint ESX Module vShield Endpoint ESX Module On Access ScansOn Access Scans On Demand ScansOn Demand Scans Vshield Guest Driver Vshield Guest Driver EPsec Interface VI Admin Security Admin RemediationRemediation Caching & FilteringCaching & Filtering APPsAPPs APPsAPPs APPsAPPs REST Status Monitor Status Monitor
  • 22. 22 Confidential Agentless Anti-malware: Process flow VMVMGuest VM OS Security Virtual ApplianceSecurity Virtual Appliance EPsec Lib Anti-malware Scanning module Anti-malware Scanning module On Access ScansOn Access Scans On Demand ScansOn Demand Scans RemediationRemediation Caching & FilteringCaching & Filtering APPsAPPs APPsAPPs APPsAPPs Vshield Guest Driver Vshield Guest Driver result cached? excluded by filter? file event * file data request * file data * file data * file data request scan result scan resultresult file event data cached? file event result result * file data time
  • 23. 23 Confidential Agentless approach uses less ESX memory # of Guest VMs Anti-Virus “B” Anti-Virus “Y” Anti-Virus “R”
  • 24. 24 Confidential Anti-Virus “B” Time (Seconds) Anti-Virus “Y” Anti-Virus “R” Agentless approach uses less bandwidth Signature update for 10 agents Agentless Anti-Virus “T”
  • 25. 25 Confidential New Paradigm #2: Opportunity to Beef up Server Security  VMsafe enables you to supplement perimeter defense  Agentless IDS/IPS, Firewall and application protection App OS ESX Server App OS App OS VMsafe APIs Virtual Appliance Firewall IDS / IPS Web app Anti-Virus
  • 26. 26 Confidential VMsafe™ APIs 26 CPU/Memory Inspection • Inspection of specific memory pages • Knowledge of the CPU state • Policy enforcement through resource allocation Networking • View all IO traffic on the host • Intercept, view, modify and replicate IO traffic • Provide inline or passive protection Storage • Mount and read virtual disks (VMDK) • Inspect IO read/writes to the storage devices • Transparent to device & inline with ESX Storage stack
  • 27. 27 Confidential Fastpath Driver Micro Firewall (Blacklist & Bypass) Tap/Inline Incoming / Outgoing Packet Pass Drop Stateful Firewall Drop Slowpath Driver Pass DPI Intrusion Defense with VMsafe
  • 28. 28 Confidential vSphere App OS App OS vCenter New Paradigm # 3 Virtualization-aware agents  vCenter integration makes security virtualization-aware  V-aware agents complement virtual appliance  Use cases: offline desktops, compliance, defense in depth
  • 29. 29 Confidential vSphere App OS App OS OS App New Paradigm # 4 Security that is Cloud-Ready  Security for datacenter VMs moves to the cloud with application and data  Advanced security modules (IDS/IPS, Integrity monitoring) protect server in multi-tenant environment
  • 30. 30 Confidential Agenda Security Roadblocks in the Virtualization Journey Threat Evolution and the Porous Perimeter New Security Paradigms on the vSphere platform Trend Micro: Security Built for VMware
  • 31. 31 Confidential Founded Headquarters Offices Employees Market Leadership United States, 1988 Tokyo, Japan 23 countries 4,350 Internet Content Security US $1 Billion annual revenue 1,000+ Threat Research Experts 10 labs. 24x7 ops Real-time alerts for new threats nd Micro security & compliance solutions VMware customers : Accelerate and complete their virtualization journey More fully leverage their VMware investments Maximize their virtualization ROI Security Built for VMware
  • 32. 32 Confidential 32 Trend Micro Deep Security Server & application protection • Latest anti-malware module adds to existing set of advanced protection modules Firewall Web app protection Log Inspection Integrity Monitoring Anti- Malware Intrusion Detection Prevention
  • 33. 33 Confidential 33 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Log Inspection Anti-Virus Detects and blocks known and zero-day attacks that target vulnerabilities Shields web application vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects malicious and unauthorized changes to directories, files, registry keys… Optimizes the identification of important security events buried in log entries Detects and blocks malware (web threats, viruses & worms, Trojans) Trend Micro Deep Security Server & application protection Protection is delivered via Agent and/or Virtual Appliance 5 protection modules Integrity Monitoring
  • 34. 34 Confidential Classification 01/30/15 34 Agent-based security: • Comprehensive protection within datacenter • Mobility – to extend protection to public cloud Hypervisor / vCenter integration: • Enables virtualization-aware security • Eliminates instant-on gaps Coordinated approach: • Optimized protection • Operational efficiency 2 3 4 Inline virtual appliance: • AV, IDS/IPS, FW • Greater efficiency • Manageability 1 Trend Micro Deep Security Security Built for VMware
  • 35. 35 Confidential Deep Security 7.5 Integrates vShield Endpoint & VMsafe Agent-Less Real Time Scan • Triggers notifications to AV engine on file open/close • Provides access to file data for scanning Agent-Less Manual and Schedule Scan • On demand scans are coordinated and staggered • Traverses guest file-system and triggers notifications to the AV engine • Integrates with vShield Endpoint (in vSphere 4.1) • Zero Day Protection • Trend Micro SPN Integration Agent-Less Remediation • Active Action, Delete, Pass, Quarantine, Clean API Level Caching • Caching of data and results to minimize data traffic and optimize performance Virtual Appl. vShield Endpoint SPN

Notes de l'éditeur

  1. .
  2. New security solutions can be developed and integrated into VMware virtual infrastructure Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage) Provides an unprecedented level of security for the application and the data inside the VM Complete integration with, and awareness of VMotion, Storage VMotion, HA, etc.
  3. CPU/Memory Inspection Inspection of specific memory pages used by the VM or it applications Knowledge of the CPU state Policy enforcement through resource allocation of CPU and memory page Networking View all IO traffic on the host Ability to intercept, view, modify and replicate IO traffic from any one VM or all VM’s on a single host. Capability to provide inline or passive protection Storage Mount and read virtual disks (VMDK) Inspect IO read/writes to the storage devices Transparent to device & inline with ESX Storage stack