Wie Trend Micro virtuelle Umgebungen zukunftsweisend schützt
1. Wie Trend Micro virtuelle Umgebungen
zukunftsweisend schützt
Richard Javet • Channel Account Manager Schweiz
Gabriel Kälin • Sales Engineer Schweiz
Copyright 2009 – Trend Micro Inc.
2. Trend Micro
A global leader in Internet content security advancing threat
management technology to secure data against a wide range of threats
EVA CHEN
CEO and Co-Founder
Founded
VISION United States $1 Billion Annual Revenue
A world safe in 1988
for exchanging Headquarters Largest Security Company
digital information Tokyo, Japan Headquartered Outside US
Employees Top 3 in Messaging, Web
4,850
MISSION and Endpoint Security
Market
Innovate to Content Security A Leader in Virtualization
provide the best and Cloud Computing
content security Locations
1000+ Threat Experts Security
that fits into the Operations in 23
IT infrastructure Countries
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 2
3. Security That Fits: IT Infrastructure
Trend Micro innovation enables benefits of next-generation
IT platforms
1st Cloud
1stIntegrated Computing
Virtualization Security
1st in
Security (Coming)
Netbooks
Security
1st Threat
Management
1st Gateway Solution
Security (Network)
1st LAN
Server
Security
Back to
Security that Fits
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 3
4. Smart Protection Network
Correlation
WEB
REPUTATION
EMAIL FILE
REPUTATION REPUTATION
Copyright 2009 Trend Micro Inc.
3/17/2011 6
Classification
5. Security That Fits: Customer Environment
Trend Micro’s ubiquitous protection secures your data
wherever it resides
Servers
Virtual
Servers
Networks
Cloud
Computing
Routers
Security Appliances
Netbooks
Windows/OSX
Hosted Security
Smart PSP/PS3
Phones
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 10
6. Agentenloser Schutz mit Deep Security
An die Virtualisierung angepasste Sicherheit
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 11
8. Herausforderung der virtuellen Sicherheit
2 Instant-on Lücken
Reaktiviert mit
Aktiv Ruhend
veralteter Security Neue VMs
Copyright 2009 Trend Micro Inc.
9. Herausforderung der virtuellen Sicherheit
3 Resourcen Engpässe
3:00 Uhr Scan
Standard
AV
Konsole
Copyright 2009 Trend Micro Inc.
10. Herausforderung der virtuellen Sicherheit
4 Komplexes Management
Patchen
Provisionierung Neukonfiguration Pattern
der
neuer VMs der Agenten verteilen
Clients
Copyright 2009 Trend Micro Inc.
11. Ausnutzen der Sicherheitslücken
bevor ein Patch zur Verfügung steht
“Microsoft today admitted it knew of
the Internet Explorer flaw used in the
attacks against Google and Adobe
28 Tage since September last year.”
Tage bis zur -- ZDNet, January 21, 2010
ersten
Ausnutzung der 18 Tage
Sicherheitslücke
10 Tage
Zero-day Zero-day
2003 2004 2005 2006 … 2010
MS- Blast Sasser Zotob WMF IE zero-day
19 Copyright 2009 Trend Micro Inc.
12. Vision eines neuen Sicherheitsmodells
für Datenzentren
„Der virtuelle Host muss sich selbst schützen“
Selbstschützende Integration von VM- und
Anwendung Netzwerk-Sicherheit
Firewall, IPS, Virenschutz...
! !
! VM1 VM3 !
Anw1 ! Anw3
! BS1 BS3 !
Hypervisor
Copyright 2009 Trend Micro Inc.
13. Deep Security
Server & Application Protection
PHYSICAL VIRTUAL CLOUD
Deep Packet Inspection
Anti- Web App. Application Integrity Log
IDS / IPS Firewall
Malware Protection Control Monitoring Inspection
Copyright 2009 Trend Micro Inc. 22
14. Deep Security Product Components
PHYSICAL VIRTUAL CLOUD
Deep Security
Agent
Deep Security
Security Virtual Appliance
Profiles IT Infrastructure
Integration
• vCenter
Alerts
• SIEM
• Active Directory
• Log correlation
Deep Security
• Web services
Manager
Security Center
Reports Security
Updates
Copyright 2009 Trend Micro Inc.
23
15. Deep Security Coordinated Approach
Firewall
DPI, AV
Protection
Deep Security VMware
Virtual Appliance vCenter
VMware vSphere 4.1
Copyright 2009 Trend Micro Inc.
25
16. Architektur: Agentenloser Malwareschutz
Security Virtual Appliance
DeepSecurity
Manager VM
VM
Anti-malware Scanning Module Guest VM
Security
Admin EPsec
Interface APPs
APP
APP
vShield Endpoint APPs
Library
APPs
On Access Scans
On Demand Scans OSOS
OS
REST
Kernel
Status Remediation Kernel
Vshield Guest
Monitor Driver
BIOS
BIOS
Caching & Filtering
vShield Manager 4.1 ESX 4.1
vShield Endpoint
ESX Module
VI Admin vCenter
vSphere Platform
Copyright 2009 Trend Micro Inc.
17. Demo: Deep Security 7.5
Viren über Hypervisor erkennen
Real-Time Scan
Deep Security Scheduled Scan
Virtual Appliance
VMware vSphere 4 mit vShield Endpoint
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 28
18. Secure Cloud
Wie kann ich in der Cloud Kontrolle über meine Daten behalten?
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 29
19. Who Has Control?
Servers Virtualization & Public Cloud Public Cloud Public Cloud
Private Cloud IaaS PaaS SaaS
End-User (Enterprise) Service Provider
Trend Micro Confidential 3/17/2011 Copyright 2009 Trend Micro Inc. 30
21. A New Security Architecture For A New Era
All environments should be considered un-trusted
Users
access app
Deep Security
Datacenter SecureCloud:
• Facilitates movement between
Public Cloud
datacenter & cloud
• Delivers control, security and
compliance through encryption
• Host defends
Avoids service provider lock-in
• itself from attack
Enables secure storage recycling
SecureCloud
Data encrypted
within the server
Encryption keys
controlled by you
Encrypted
Data Data Data
Trend Micro Confidential3/17/2011 Copyright 2009 Trend Micro Inc. 32
22. VDI Schutz mit OfficeScan
Wie kann der Desktop effizient geschützt werden?
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 33
23. OfficeScan 10.5: Optimiert für VDI
• Unterscheidet virtuelle und physikalische Endgeräte
– Mit VMware View
– Mit Citrix XenDesktop
• Serialisiert Updates und Scans
– Kontrolliert die Anzahl gleichzeitiger Scans und Updates
– Erhält die Verfügbarkeit und Performance der VDI Hosts
– Schneller als gleichzeitiger Ansatz
• Nutzt VDI Provisionierung für kürzere Scan-Dauer
– Base-Images können vorab gescannt und Whitelist erstellt werden
– Verhindert mehrfach-Scans gleicher Dateien
– Nochmalige Senkung der benötigten Ressourcen
Copyright 2009 Trend Micro Inc.
25. Vielen Dank!
Classification 3/17/2011 Copyright 2009 Trend Micro Inc. 38
Hinweis der Redaktion
Today’s threat landscape is about volume and profit with the majority of threats coming from the Web. Cybercriminals are releasing new threats every 1.5 seconds in order to avoid detection. This shift is putting pressure on all vendors to improve their ability to source, analyze and provide protection from new threats faster than ever before. Their goal is to steal data and data is now everywhere – which means protection has to secure networks, endpoints, remote devices, data centers and virtualized environments. [Click to advance to Threat Tracker slide] At Trend Micro, we’ve spend the last 5 years developing our Smart Protection Network cloud-client infrastructure and we own all the technology. It sources threats from millions of sensors, honeypots, customers and partners around the world in order to gather the latest threat intelligence. The Smart Protection Network is integrated into all of our solutions and TrendLabs researches analyze terabytes of threat data every day. By correlating this information across multiple threat vectors – email, file and Web, we are able to provide proactive protection faster than anyone else in this industry. It’s blocking billions of threats every dayOther vendors have just started adding in the cloud protection or reputation services to one or two of their products at most and usually only covering one or two threat vectors – they don’t have it throughout their product line, they don’t correlate across the multiple threat vectors, and they don’t have feedback automatically coming from and integrating into consumer, business and partner products around the worldThe Smart Protection Network provides the latest protection immediately to all of our customers around the globe, no matter where they connect. How well is this working? [Click to bring up NSS Labs results] NSS Labs performed an independent endpoint test focused on real-world, socially engineered threats, not just your typical static file-based test. This test was performed over 17 days and tested whether a threat could be blocked at its source (URL) or during download and last upon execution. If a vendor was unable to detect a threat, NSS Labs retested to determine just how well a vendor was at automatically sourcing, analyzing and providing protection over time. Trend Micro came out #1 in both consumer as well as Enterprise endpoint protection, and also #1 in the time to protect.Be critical of other test results – did they have a live connection to the internet to all reputation services to block threats before they got to the endpoint or are they only testing a product’s ability to detect malware on endpoints? Are their threats the latest and how do they source them?
This slide can be used for new customers. If you have an existing customer who has not upgraded to the new solutions supporting File reputation, you should use slide 20.Endpoint pattern or signature size can give us some information on why customers are moving away from Symantec & McAfee. The growth of their signature files on the endpoint has grown dramatically due to the explosive volume of malware recently. As such, they have to add more and more signatures which need to be distributed to each and every endpoint device they manage. Meanwhile, Trend Micro introduced File Reputation in 2009 where the majority of our signatures now reside in the cloud reputation database or on the customers Smart Protection server. This has allowed us to dramatically reduce the size of our endpoint signature file, which is improving the endpoint resource utilization as well as the bandwidth and speed requirements to publish new signatures.
OfficeSCan performed the best at the Exposure layer, with Sophos ranked #2. You’ll notice that Symantec, Microsoft & McAfee all performed poorly in this area, which shows they’re web threat protections are still in their infancy stages or non-existent in the case of Symantec. Microsoft performed the best at the infection layer, but vendors who continue to focus on file-based protections (Symantec, Microsoft) will struggle as the volume of threats continues to increase. Lastly, you’ll notice that Trend’s Dynamic Layer is better than the other vendors, even though we are generally more conservative in our heuristics than these other vendors.
NSS Labs performed this test over 11 days and tested both missed samples and new samples every 6 hours to determine which vendor was able to source, analyze and provide protection the fastest for threats it missed in earlier runs. Again as before, Trend Micro ranked #1 in this category, showing the power and maturity of our Smart Protection Network.
We may not always show up 1st in every test, but we will consistently be near the top or at the top of the results. As you see here, many of our competitors results vary quite dramatically up and down. This is due to lack of a mature, stable protection network within their products. Our multi-layered strategy is showing consistent results in protecting our customers well.