3. Challenge: Resource Contention
Typical Security
Console 09:00am Virus Definition
Updates
Configuration
Storm
Automatic security scans overburden the system
3:00am Integrity Scan
Destroys the business case for VDI
4. Cloned
Challenge: Instant-on Gaps
DormantActive
Reactivated with
out dated security
Reactivated and cloned VMs can have out-of-date security
5. Log
Inspection
Anti-Virus
Detects and blocks known
and zero-day attacks that
target vulnerabilities
Tracks credibility of
websites and safeguards
users from malicious urls
Reduces attack surface.
Prevents DoS & detects
reconnaissance scans
Detects malicious and
unauthorized changes to
directories, files, registry keys…
Optimizes the
identification of important
security events buried
in log entries
Detects and blocks malware
(web threats, viruses &
worms, Trojans)
Deep Security Virtual Appliance (or Agent)
System, application and data security for servers
Protection is delivered via Agent and/or Virtual Appliance
6 protection modules
Integrity
Monitoring
Intrusion
Prevention
Firewall
Web
Reputation
Physical Servers Virtual Servers Cloud Desktop/Laptop
7. 2012 Technology Alliance Partner of the
Year
Improves Security
by providing the most secure virtualization
infrastructure, with APIs, and certification
programs
Improves Virtualization
by providing security solutions architected to
fully exploit the VMware platform
2008 2009 2011
Feb: Join
VMsafe
program
RSA: Trend Micro VMsafe
demo, announces
Coordinated approach &
Virtual pricing
RSA: Trend Micro
announces virtual
appliance
2010:
>100 customers
>$1M revenue
VMworld: Announce
Deep Security 8
w/ Agentless FIM
1000 Agentless
customers
VMworld: Trend virtsec
customer, case study,
webinar, video
May: Trend
acquires
Third Brigade
July:
CPVM
GA
Nov: Deep Security 7
with virtual appliance
RSA: Trend Micro
Demos Agentless
2010
Q4: Joined
EPSEC vShield
Program
VMworld:
Announce
Deep Security 7.5
Sale of DS 7.5
Before GA
Dec: Deep Security 7.5
w/ Agentless Antivirus
RSA: Other
vendors
“announce”
Agentless
8. Deep Security Virtual Appliance
• Intrusion prevention
• Firewall
Virtualization Security with Deep Security
Agentless Security Platform for Private Cloud Environments
• Anti-malware
• Web reputation
• Integrity monitoring
VM VM VM
The Old Way
Security
Virtual
Appliance
VM VM VM
With Deep Security
VM
Easier
Manageability
Higher
Density
Fewer
Resources
Stronger
Security
VM
More VMs
9. Anti-malware Scan Performance
1st AM
scan
2nd AM
scan
(cached)
Scan time ~ 20x faster
Significant DSVA CPU
Reduction
Huge IO Volume
Reduction
10. Shared Memory:
Light and Lean
Classification 5/9/2013
11
Keeping a signature file in
every virtual desktop is
inefficient and unsustainable
11. Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI
calculations
3X higher VDI VM consolidation ratios
Increased ROI with Deep Security
Example: Agentless Antivirus
VIRTUALIZATION SECURITY
0 10 20 30 40 50 60 70 80
Traditional AV
Agentless AV
VM servers per host
75
25
3-year Savings on 1000 VDI VMs = $539,600
12. CBRE UK – VDI Success
• 2000 Seats of VDI
• 15,000 global rollout
• Mobile Device Enabled
• Operational Benefits
• Single Image
• Easier Support
• Reduced Capex
• Improved User
Productivity
• EMEA rollout planned
14. Secure the lifecycle of the VM
VIRTUALIZATION SECURITY
Moving
VM’s
Restarted
VM
Self Service
new VMs
Reconfiguring
VM - Clones
Relevant Deep
Security
ControlsFIM
DPI
Firewall
AV
FIM
DPI
Firewall
AV
FIM
DPI
Firewall
AV
FIM
DPI
Firewall
AV
FIM
DPI
Firewall
AV
Recommendation
Scan
vCenter
17. THREAT DATA
CUSTOMERS
THREAT
INTELLIGENCE
Global Threat Intelligence with
the Smart Protection Network
Identifies
Global
We look in more
places
Broad
We look at more
threat vectors
Correlated
We identify all
components of
an attack
Proactive
We block threats
at their source
1.15B Threat
Samples Daily
90K malicious
threats daily
200M Threats blocked
daily
19. Virtual Patching
VM VM VM VM
50-60 VMs per server
vShield
VA
Microsoft Patch Tuesday Business Critical AppsOther Vendors
Regular Process
Time Consuming
Expansive
Un Supported OS
Intermittent notification
Change Freeze
Zero Down time
No Regular notification
Collaborative process
The outside-in approach is still important, but, alone, is not sufficient in today’s evolving data center. Disgruntled employees are already within the perimeter. Advanced Persistent Threats are unique attacks that will not be stopped by many traditional perimeter defenses. And the changing nature of IT is causing deperimeterization with new technologies like virtualization, cloud computing, and consumerization. New security approaches must be added to the traditional outside-in protection.
Next we’ll cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected. [click]Again the solution is a dedicated security virtual appliance that can ensure that guest VMs on the same host have up-to-date security if accessed or reactivated, and can make sure that newly provisioned VMs also have current security. This security virtual appliance should include layered protection that integrates multiple technologies such as antivirus, integrity monitoring, intrusion detection and prevention, virtual patching, and more. .
Trend Micro was VMware’s 2011 Technology Alliance Partner of the Year. This timeline helps highlight some of our achievements in our partnership with VMware, starting back in 2008. [Highlight a couple of key points from the timeline—do not cover it all.]
VMware controls more than half of the virtualization market. Virtualization security must fit into the VMware ecosystem to effectively support enterprise virtualization efforts. Here we demonstrate the different VM-security aspects and how they can fit into a VMware infrastructure.[click]The pairing of agent-less antivirus and agentless integrity monitoring with vShield Endpoint enables massive reduction in memory footprint for security on virtual hosts by eliminating security agents from the guest virtual machines and centralizing those functions on a dedicated security virtual machine. [click]Protection such as intrusion detection and prevention, web application protection, application control, and firewall can be integrated with VMware using VMsafe APIs, integrating security with VMware vSphere environments. Again this can be an agent-less option.[click]And finally, log inspection which optimizes the identification of important security events buried in log entries, can be applied through agent-based protection on each VM. [click]These elements can be integrated and centrally managed with VMware vCenter Server. Together, these provide comprehensive, integrated virtual server and desktop security.
Everybody knows about the explosive growth of malwareThis graph shows the growth in the size of the pattern file alone over the last 4 years. This is industry average, not individual vendor.Size grows faster for vendors who rely strictly on pattern files, rather than taking advantage of new protection mechanisms=> Keeping a pattern file on every client is impractical and unsustainable.
I mentioned that the agentless approach began with agentless antivirus. Trend Micro’s agentless antivirus solution was available starting in 2010, so there’s been an opportunity to test its success. In an independent study by Tolly Enterprises, Trend Micro agentless antivirus was tested against leading traditional antivirus solutions that do not use a dedicated security virtual appliance and agentless antivirus, and the results were striking. Trend Micro’s agentless antivirus achieved 3 times higher VDI VM consolidation ratios—and similar results also extended to server virtualization as well. The VDI results translate into saving almost $540,000 every 3 years for each 1000 virtual desktops.
The final virtualization challenge we’ll discuss is the complexity of management. Virtual machines are dynamic. They can quickly be reverted to previous instances, paused, and restarted, all relatively easily. They can also be readily cloned and seamlessly moved between physical servers. Vulnerabilities or configuration errors may be unknowingly propagated. Also, it is difficult to maintain an auditable record of the security state of a virtual machine at any given point in time.[click]This dynamic nature and potential for VM sprawl makes it difficult to achieve and maintain consistent security. Hypervisor introspection is needed for visibility and control. Security that leverages the hypervisor APIs can ensure that each guest VM on the host remains secure and that this security coordinates with the virtualization platform.
We continue to invest in threat research and innovate our core technologies, products and services to ensure we stay one step ahead of the bad guys, to stop threats faster, and give you the actionable threat intelligence you need to make more informed choices about how best to protect your data.As the source of global threat intelligence forTrend Micro’s cloud-era security, the Trend Micro™ Smart Protection Network™ has expanded to look in more places and correlate more threat intelligence, to identify threats, deliver proactive protection, and secure data faster than any other security vendor. This expansion includes global intelligence about mobile apps, vulnerabilities/exploits, APTs and goodware.And our global threat intelligence is integrated into all our solutions, across consumer to enterprise customers, including mobile, endpoint, server, network, messaging, gateway, and SaaS solutions.