IT security teams are increasingly pressured to accomplish more, with fewer resources. Trend Micro Deep Security helps organizations understand and overcome their most common cloud security challenges, without having to expand their cloud tool set. Join the upcoming webinar to learn how Essilor, a world leader in the design and manufacturing of corrective lenses, has enabled their IT teams to apply, maintain and scale security across their AWS environments by overcoming these common challenges in cloud migrations. We will discuss how Essilor managed, and overcame, the pace of change when adopting a cloud environment, the transformation of their traditional IT security roles, and how they chose the right security tools and technology to achieve their business goals.

1. Seeing More Clearly: How Essilor Overcame
Three Common Cloud Security Challenges
with Deep Security and AWS
Patrick McDowell, Solutions Architect, AWS
Zack Milem, Cloud Solutions Architect, Trend Micro
Tanweer Surve, Director of IT, Infrastructure Shared Services, Essilor
August 16th, 2017

2. $6.53M 56% 70%
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/https://www.csid.com/resources/stats/data-breaches/
Average cost of a
data breach
Your Data and IPAre Your Most Valuable Assets

3. In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure Than Your
Existing Environment

4. AWS and You: Shared Responsibility for Security

5.  AWS CloudTrail lets you monitor and
record all API calls
 Amazon Inspector automatically
assesses applications for vulnerabilities
 VPC Flow Logs provides details about
traffic flowing in and out of your VPC
 AWS Config gives an inventory of your
AWS account and visibility into changes
Leverage AWS services to have constant visibility
into what is going on in your AWS account:
Constantly Monitor Your Environment

6.  43 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
 Retain control of where your data resides
for compliance with regulatory requirements
 Use AWS Shield to protect your infrastructure
and applications from DDoS attacks
 Implement server side or client side encryption
to protect the data you store in AWS
Implement data protection to meet your security requirements
Control and Protect Your Data

7.  Integrate your existing Active Directory
 Use dedicated connections as a secure,
low-latency extension of your data center
 Provide and manage your own encryption
keys if you choose
 Implement partner security solutions in
the customer portion of the shared
responsibility model
AWS enables you to improve your security
using many of your existing tools and practices
Integrated with Your Existing Resources

8. Key AWS Certifications and Assurance Programs

9. Trend Micro Deep Security
Zack Milem, Cloud Solutions Architect, Trend Micro

10. Traditional on-premises security is applied at the perimeter
On-Premises Security

11. Workload-Centric Security
Protect dynamic environments with Trend Micro Deep Security’s
workload-centric automated protection

12. Challenges
Having the right
tools for the job
Managing the pace
of change in cloud
Filling the cybersecurity
skills gap

13. Right Tools for the Right Job
 Eliminate the manual work involved with
applying security policies to workloads
 Gain a comprehensive suite of security tools
 Make the most out of your current tools
while “aging out” legacy software

14. Response &
Containment
Intrusion
Prevention
Integrity
Monitoring
Anti-Malware &
Content Filtering
Machine
Learning
Sandbox
Analysis
Application
Control
Behavioral
Analysis
Cloud Integrated Tools
Trend Micro offers a unique
blend of cross-generational
threat defense techniques

15. Manage the Pace of Change of the Cloud




16. Eliminate the Cyber Security Skills Gap




17. Deep Security for AWS
Breadth
 Layered protection with
one enforcement point
 Designed for cloud and
hybrid environments
 Accelerated compliance
Performance
 Optimized for AWS
 Fastest server IPS
 Purchasing speed
and flexibility
 Multi-platform Application
Control built for DevOps
Architecture
 Protection close to server
 Designed for automation
and easy deployment
 Connected across Trend
Micro products (SPN, ZDI)

18. Trend Micro Deep Security Use Cases








19. LEGEND
Known
Good
Known
Bad
Unknown
Anti-Malware & Web Reputation
Intrusion Prevention (IPS) & Firewall
Integrity Monitoring & Log Inspection
Application Control
Safe files &
actions allowed
Malicious files &
actions blocked
Machine Learning
Behavioral Analysis
Custom Sandbox Analysis
SOON!
Protect Against Advanced Threats
NEW!
NEW!
NEW!

20. Eliminate Manual Security Processes
 Get full visibility across environments
 Automatically scale up and down
 Scan for vulnerabilities & recommend
or apply security based on policy
 Install security controls for
maximum performance
 Bake security into workloads

21. Eliminate Security Silos

22. Reduce Deployment Complexity
Support for leading
orchestration tools
and automation
PowerShell

23. Streamline Information Sharing

24. Prevent Ransomware
 Stop ransomware on servers with
advanced anti-malware
 Lock down servers with application control
 Shield from network attacks with IPS
 Stop lateral movement and detect
command & control traffic

25. Accelerate Security & Compliance
8 of 12
requirements
10 of 20
requirements
6 of 10
requirements

26. Customer Success Story: Essilor
Tanweer Surve, Director of Infrastructure Shared Services, Essilor

27.  The world’s leading ophthalmic optic company
 Revenue of €7.1 billion in 2016
 Varilux®, Crizal®, Transitions®, Eyezen™, Xperio®, Foster Grant®, Bolon™ and Costa®
 70,000 people globally across 100 countries, 33 plants, & 500 laboratories
 5 years in a row, Essilor has made it on to Forbes magazine. Ranks - 23rd most
innovative company in the World, the 5th in Europe, and the 2nd in France.
 Listed on CAC 40 and included in Euro Stoxx 50
About Essilor

28. Essilor Environment

 Goal: To modernize data centers
on cloud to lower cost, and
improve performance and
overall efficiency

29. Why Did We Choose AWS?
 Simplicity of acquisitions, on-boarding,
and consolidation effort
 Deployment speed, agility and scalability
 Automatic scaling and high availability
 Regulatory compliance requirement –
PCI & HIPPA

30. Overcoming Cloud Security Challenges
1. Having the right tools for the right job
2. Managing the pace of change in the cloud
3. Filling the cybersecurity skills gap

31. Having the right tools for the right job
 Challenge: Too many tools that don’t
work in the cloud
 Integration with cloud service provider
 Automation is critical
– Create a template so that any instance
deployed has Deep Security put into place

32. Managing the pace of change in cloud
 Challenge: Things move fast in the
cloud, security needs to keep pace
 Cultivating a DevSecOps culture
 Single pane of glass view
 Real-time view and the instant
insight you need

33. Lack of Skills and Resources
 Challenge: Small security
team doing a lot of
different tasks
 Getting the right training
and understanding
 Gaining complete
management and visibility
in a single pane of glass

34. Evaluating Security Solutions
 Objectives
– Integration with AWS
– Acceleration of cloud adoption
– Ease of use & deployment flexibility
– Proactive & complete protection
– Consolidated billing through
AWS Marketplace

35. Results of AWS + Deep Security
 Investment costs justified
 Huge productive and performance gain
 Reduce potential risks
 Administrative overhead reduction
 Centralized dashboard
 Increased speed to market

36. Advice on Securing Cloud Instances
 What worked/didn’t work with your cloud migration?
– Host-based security could be new to you – agent to agentless
back to agent again
 What questions should you ask of your security vendor?
– Do you have an APIs with AWS?
– Will I have centralized visibility for my hybrid cloud environment?
 What roadblocks should you look for?
– Potential loss of visibility of the hypervisor which can be solved
by moving to host-based security
 When you move to the cloud, you still have security
responsibilities as a customer

37. AWS and You: Shared Responsibility for Security

38. Next Steps for Essilor
 Expanding AWS footprint with new
acquisitions / on-boarding
 Deploying Deep Security Solution through
AWS Marketplace globally

39. Q & A