SlideShare une entreprise Scribd logo

Trend micro deep security

Trend Micro
Trend Micro

Meeting PCI DSS V 2.0 Compliance Requirements

1  sur  4
Télécharger pour lire hors ligne
TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS The Payment Card Industry Data Security Standard (PCI DSS 2.0) specifies Deep Security provides a unique host- requirements to secure cardholder data that is stored, processed or based software solution to address transmitted by merchants and any other organization. 7PCI regulations and over 20 sub- controls including*: Trend Micro Deep Security provides software-based integrated security Network Segmentation and compliance for business systems operating in standalone, virtual, and Host Firewall cloud-based environments. Deep Security helps assure the PCI compliance Antivirus and overall security of critical business servers and endpoints with a single, Virtual Patching / Shielding centrally managed solution that minimizes your operational costs. Deep Web Application Protection Security provides core PCI security controls with a unique approach that Log Review IDS/IPS economically solves the toughest compliance challenges, including: Distributed Locations. Deep Security provides integrity monitoring, firewall, IPS and other core controls directly to host systems that process PAN data, eliminating the cost and complexity of multiple appliances at each location. Vulnerability and Patch Management. Deep Security virtual patching keeps you protected and compliant by closing your window of exposure to vulnerabilities, protecting “un-patchable” systems, lengthening standard patch cycles, and eliminating the need for costly ad-hoc and emergency patching. Website Protection and Compliance. The public exposure and dynamic nature of your website leave it extremely vulnerable to attack. Deep Security comprehensive system and web application protection and shielding keeps your website and company reputation secure. Virtualization and Cloud Compliance. The complexity and fluidity of desktop and server virtualization pose security, compliance, and performance risks that require the specialized, virtualization-optimized protection and performance of the Deep Security solution. Most features are available as an agent or agent-less VMware appliance. DEEP SECURITY FEATURES Intrusion Detection and Prevention (IDS/IPS). Integrity Monitoring. For critical OS and application Advanced deep packet inspection detects and blocks files (including data files, directories, log files, registry host attacks by examining all traffic for protocol keys and values). Detects and reports malicious and deviations, exploit indications and policy violations. unexpected changes to both physical servers and Virtual Patching. Discovers host vulnerabilities and virtual machines. recommends rules to shield applications and systems Application Control. Application control rules with advanced deep packet inspection technology. provide visibility and control over applications Firewall. An enterprise-grade, bi-directional and accessing the network. Rules can also identify stateful firewall enables network segmentation and malicious software activity and reduce the PCI audit scope reduction. Includes centralized vulnerability exposure of servers. management of server firewall policy, and pre-defined Logs and Log Inspection. Analyzes OS and templates for common enterprise server types. application logs to identify important security events, Web Application Protection. Protects web generate alerts, and forward to SIEM system. applications against sophisticated attacks such as Virtualization Compliance. VM isolation and SQL injection, cross-site scripting, and more. hardening protects and isolates payment processing Antivirus Protection. Provides “agentless” malware applications from other VMs on the same hardware. protection via a high-performance VMware virtual Most features are available as an agent or agent-less appliance. appliance for VMware. * Network Segmentation applicable to remote/distributed environments. Virtual Patching may provide a compensating control. Antivirus available for VMware only until 2H 2011 1 Solution Profile | Deep Security for PCI DSS Compliance
TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 1.1 Establish firewall and router configuration Deep Security includes a sophisticated, centrally managed, stateful firewall. It helps standards that include: prevent policy violations, logging and reporting any attempted firewall policy violations. 1.2 Build a firewall configuration that restricts connections between untrusted networks and The solution’s security profiles contain the firewall configuration policy. Role-based any system components in the cardholder data access-control capabilities support separation of administrative duties with respect to environment. creating, deploying, and auditing firewall policy and events that violate the policies. 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data Deep Security is used to create and manage sophisticated firewall rules that allow and environment. deny appropriate connections with a minimum number of rules and maximum flexibility. 1.3 Prohibit direct public access between the Centralized management makes this easy to administer and deploy to the right Internet and any system component in the systems. cardholder data environment. Deep Security provides out-of-box reporting capabilities for creating reports that detail the hosts’ stateful firewall configuration. Deep Security firewall capabilities can enable network segmentation to isolate systems that store, process, or transmit cardholder data from systems that do not. This enables cardholder data environments to be easily defined, reducing the overall scope of the PCI audit. 1.4 Install personal firewall software on any mobile The next-generation firewall in Deep Security provides advanced protection against and/or employee-owned computers with direct threats to mobile users. connectivity to the Internet. 2.2 Develop configuration standards for all system Security profiles can be used to specify configurations for unique server functions (e.g., components. Assure that these standards a DNS, Web, or database server), and restrict or prevent access to services and address all known security vulnerabilities and protocols. are consistent with industry-accepted system- hardening standards as defined. 2.2.1 Implement only one primary function per In virtualized environments, the ability to create virtual machine zones and isolate server or per virtual system component. payment-processing applications from applications that are not part of the cardholder data environment—but do reside on the same physical hardware— is a critical factor during compliance audits. The solution’s firewall and IDS/IPS capabilities provide next- generation firewall protection capabilities down to the virtual machine level, ensuring that compliance requirements have been met, independent of the fact that virtualization technology is being utilized. 2.2.2 Disable all unnecessary and insecure services Deep Security provides the ability to deploy firewall rules that block all unnecessary and protocols (services and protocols not ports and protocols not directly needed to perform the server’s specified function. In directly needed to perform the device’s addition, Deep Security supports the ability to audit the system’s firewall configuration specified function). by running port scans to validate that no unexpected ports are accessible. 2.4 Shared hosting providers must protect each Shared hosting providers leverage virtualization to make services cost-effective for entity’s hosted environment and data. These their clients. In virtualized environments, the ability to create virtual machine zones and providers must meet specific requirements as isolate payment-processing applications from other applications—ones not part of the detailed in Appendix A: “PCI DSS Applicability cardholder data environment but residing on the same physical hardware—is a critical for Hosting Providers.” factor during compliance audits. The solution’s host-based firewall and IDS/IPS capabilities provide next-generation firewall protection capabilities down to the virtual machine level, helping ensure that compliance requirements have been met, independent of the fact that virtualization technology is being utilized. Deep Security can also help hosting providers with Appendix A requirements, by enforcing logical access restrictions to the host and through RBAC and delegated administration restrictions on Deep Security Manager. 2 Solution Profile | Deep Security for PCI DSS Compliance
TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 5.1 Deploy anti-virus software on all systems Deep Security antivirus module provides advanced malware protection for physical and commonly affected by malicious software virtual systems host servers and endpoints (Available for VMware only until 2H 2011) 5.2 Ensure that all anti-virus mechanisms are Deep Security antivirus signatures are automatically kept up to date via the Trend current Micro Smart Protection Network. Antivirus events are automatically logged to the Deep Security Manager. 6.1 Ensure that all system components and Deep Security virtual patching capabilities protect systems and data until patches can software have the latest vendor-supplied be deployed. When approved by your QSA, it can act as a compensating control for security patches installed. Install critical systems that cannot be patched within the required time frame. Deep Security can also security patches within one month of release. shield known vulnerabilities for which a vendor patch is not available, or in custom applications where source code changes are required to remediate vulnerabilities. 6.2 Establish a process to identify and assign a risk Deep Security systematically monitors and categorizes a wide range of vulnerability ranking to newly discovered security research sources to identify and deliver new deep packet inspection (DPI) rules to vulnerabilities. customers. The deployment of new security rules can be completely automated so that downloading and installing new security rules to the appropriate systems occur without administrative intervention. Deep Security also supports the ability to schedule automatic scans—one time only, daily, weekly, and so forth—of host systems, offering recommendations on the appropriate security rules to protect these hosts. 6.5 Develop applications based on security coding Deep Security complements secure coding initiatives by providing strong detection and guidelines. Prevent common coding prevention capabilities that address attacks as identified by OWASP: vulnerabilities in software development Detection—It is important to detect attacks, even if an application is not processes. susceptible to a specific attack or class of attack, because it identifies the attacker before they can find other potential vulnerabilities. . Protection—Deep Security shields Web application vulnerabilities, preventing security breaches until the underlying flaws can be addressed. 6.6 For public-facing Web applications, address Web application protection rules defend against SQL injection attacks, cross-site new threats and vulnerabilities on an ongoing scripting attacks, and other Web application vulnerabilities, and shield these basis and ensure that these applications are vulnerabilities until code fixes can be completed. Deep Security also protects against protected against known attacks by either of vulnerabilities in the operating system and Web infrastructure. Deep Security Integrity the following methods: Monitoring and Log Inspection modules provide immediate insight into suspicious Reviewing public-facing Web applications activity that might be occurring in your Web environment. Monitoring and detecting via manual or automated application- suspicious behavior is a key element in identifying data breach attempts. vulnerability security-assessment tools or methods, at least annually and after any changes Installing a Web application firewall in front of public-facing Web applications 10.3 Record at least the following audit trail entries Deep Security provides the ability to collect and forward all operating system and for all system components for each event: application events to a centralized logging server or SIEM. Alternatively, Deep Security User identification provides the ability to correlate and forward just the operating system and application logging events of relevance to PCI compliance, significantly reducing network Type of event bandwidth consumption for centralized logging, in addition to reducing the number of Date and time events that need to be analyzed, correlated, and archived. Deep Security provides Success or failure indication default log inspection rules for many of the most common enterprise operating systems and applications, as well as enabling the creation of custom log inspection rules. Deep Origination of event Security firewall, IDS/IPS, antivirus, and integrity monitoring events can also be Identity or name of affected data system forwarded to the SIEM or centralized logging server. component or resource 3 Solution Profile | Deep Security for PCI DSS Compliance
TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 10.5.3 Promptly back up audit trail files to a The Deep Security Log Inspection module enables you to forward event information to centralized log server or media that is difficult centralized logging servers or SIEMs via syslog in real time, in addition to sending to alter. these events to the Deep Security Manager. 10.5.5 Use file integrity monitoring or change- The Deep Security Log Inspection module provides the ability to monitor log files detection software on logs to ensure that without generating alerts as new data is added to the log. existing log data cannot be changed without generating alerts—although new data being added should not cause an alert. 10.6 Review logs for all system components at least The Deep Security Log Inspection module monitors critical OS and application logs in daily. Log reviews must include those servers real time for relevant security events, and forwards these events to a SIEM or that perform security functions, such as centralized logging server for further analysis, correlation, alerting, and archival— intrusion detection system (IDS) and automating the process of log reviews. authentication, authorization, and accounting (AAA) protocol servers—for example, RADIUS. Note: Log harvesting, parsing, and alerting tools may be used to meet compliance with Requirement 10.6. 11.4 Use IDS, and/or intrusion prevention system Deep Security includes a host-based IDS/IPS module. This module monitors traffic, (IPS), to monitor all traffic at the perimeter of prevents intrusions, and alerts personnel to suspected compromises. Security updates the CDE as well as at critical points inside the that shield newly discovered vulnerabilities are automatically delivered to customers CDE. Keep all intrusion-detection and and hosts. Deep Security’s “recommendation scan” feature identifies applications prevention engines, baselines, and signatures running on hosts that might be vulnerable, and recommends which rules should be up-to-date. applied to these hosts, ensuring that the correct protection is continuously in place with minimal effort. 11.5 Deploy file integrity monitoring software to alert The Deep Security Integrity Monitoring module meets and exceeds these requirements personnel to unauthorized modification of by monitoring system executables, application executables, configuration and critical system files, configuration files, or parameter files, and log and audit files. The Windows registry, services, ports, and content files; configure the software to perform directory contents can also be monitored. critical file comparisons at least weekly. 12.9.5 Include alerts from intrusion detection, Deep Security provides alerts that are integral to a security incident response plan. intrusion prevention, and file integrity And because it can prevent attacks as well, Deep Security reduces the number of monitoring systems. incidents requiring a response. The solution’s integration with leading SIEM vendors enables you to receive a consolidated view of security incidents. Appendix B: Deep Security delivers comprehensive, modular protection including IDS/IPS, Web Compensating Controls for Encryption of application protection, application control, stateful firewall, log inspection, and integrity Stored Data. monitoring. This centrally managed solution offers capabilities that can be used to address gaps identified in a PCI audit assessment. For more information please call or visit us at. www.trendmicro.com/go/enterprise +1-877-21-TREND © 2010 Trend Micro, Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. SB01_DeepSecurity-PCI_101029US 4 Solution Profile | Deep Security for PCI DSS Compliance

Recommandé

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
TrendMicro
TrendMicroTrendMicro
TrendMicro1CloudRoad.com
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
HP versus Dell - A Server Comparison
HP versus Dell - A Server ComparisonHP versus Dell - A Server Comparison
HP versus Dell - A Server ComparisonAlbie Attias
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
VMware Cloud on AWS - 100819.pdf
VMware Cloud on AWS - 100819.pdfVMware Cloud on AWS - 100819.pdf
VMware Cloud on AWS - 100819.pdfAmazon Web Services
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 

Recommandé

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
TrendMicro
TrendMicroTrendMicro
TrendMicro1CloudRoad.com
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
HP versus Dell - A Server Comparison
HP versus Dell - A Server ComparisonHP versus Dell - A Server Comparison
HP versus Dell - A Server ComparisonAlbie Attias
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
VMware Cloud on AWS - 100819.pdf
VMware Cloud on AWS - 100819.pdfVMware Cloud on AWS - 100819.pdf
VMware Cloud on AWS - 100819.pdfAmazon Web Services
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareVirtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareDatapath Consulting
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE Haris Chughtai
 
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築日本マイクロソフト株式会社
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101Gaurav Marwaha
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Vmware view overview
Vmware view overviewVmware view overview
Vmware view overviewManny Singh
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution OverviewCisco Service Provider
 
The Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured NetworkThe Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured Networkjeremywatkins57
 

Contenu connexe

Tendances

IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareVirtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareDatapath Consulting
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築日本マイクロソフト株式会社
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security OverviewRobert Crane
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Vmware view overview
Vmware view overviewVmware view overview
Vmware view overviewManny Singh
 

Tendances (20)

IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareVirtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMware
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
 
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
【de:code 2020】 Microsoft 365 E5 を活用したセキュア リモート ワーク環境の構築
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Vmware view overview
Vmware view overviewVmware view overview
Vmware view overview
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 

Similaire à Trend micro deep security

The Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured NetworkThe Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured Networkjeremywatkins57
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurrezkellahhichem
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESwebhostingguy
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfBenAissaTaher1
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Block Armour
 
Block Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureBaqar kazmi
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureMaliha Ali
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureBaqar Kazmi
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochurebakar kazmi
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 

Similaire à Trend micro deep security (20)

Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
The Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured NetworkThe Brooklyn Circus’ Secured Network
The Brooklyn Circus’ Secured Network
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeur
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdf
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
 
Block Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter Brochure
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
 
Core Trace PCI DSS Compliance
Core Trace PCI DSS ComplianceCore Trace PCI DSS Compliance
Core Trace PCI DSS Compliance
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 

Plus de Trend Micro

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesTrend Micro
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 

Plus de Trend Micro (20)

Industrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, VulnerabilitiesIndustrial Remote Controllers Safety, Security, Vulnerabilities
Industrial Remote Controllers Safety, Security, Vulnerabilities
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 

Trend micro deep security

  • 1. TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS The Payment Card Industry Data Security Standard (PCI DSS 2.0) specifies Deep Security provides a unique host- requirements to secure cardholder data that is stored, processed or based software solution to address transmitted by merchants and any other organization. 7PCI regulations and over 20 sub- controls including*: Trend Micro Deep Security provides software-based integrated security Network Segmentation and compliance for business systems operating in standalone, virtual, and Host Firewall cloud-based environments. Deep Security helps assure the PCI compliance Antivirus and overall security of critical business servers and endpoints with a single, Virtual Patching / Shielding centrally managed solution that minimizes your operational costs. Deep Web Application Protection Security provides core PCI security controls with a unique approach that Log Review IDS/IPS economically solves the toughest compliance challenges, including: Distributed Locations. Deep Security provides integrity monitoring, firewall, IPS and other core controls directly to host systems that process PAN data, eliminating the cost and complexity of multiple appliances at each location. Vulnerability and Patch Management. Deep Security virtual patching keeps you protected and compliant by closing your window of exposure to vulnerabilities, protecting “un-patchable” systems, lengthening standard patch cycles, and eliminating the need for costly ad-hoc and emergency patching. Website Protection and Compliance. The public exposure and dynamic nature of your website leave it extremely vulnerable to attack. Deep Security comprehensive system and web application protection and shielding keeps your website and company reputation secure. Virtualization and Cloud Compliance. The complexity and fluidity of desktop and server virtualization pose security, compliance, and performance risks that require the specialized, virtualization-optimized protection and performance of the Deep Security solution. Most features are available as an agent or agent-less VMware appliance. DEEP SECURITY FEATURES Intrusion Detection and Prevention (IDS/IPS). Integrity Monitoring. For critical OS and application Advanced deep packet inspection detects and blocks files (including data files, directories, log files, registry host attacks by examining all traffic for protocol keys and values). Detects and reports malicious and deviations, exploit indications and policy violations. unexpected changes to both physical servers and Virtual Patching. Discovers host vulnerabilities and virtual machines. recommends rules to shield applications and systems Application Control. Application control rules with advanced deep packet inspection technology. provide visibility and control over applications Firewall. An enterprise-grade, bi-directional and accessing the network. Rules can also identify stateful firewall enables network segmentation and malicious software activity and reduce the PCI audit scope reduction. Includes centralized vulnerability exposure of servers. management of server firewall policy, and pre-defined Logs and Log Inspection. Analyzes OS and templates for common enterprise server types. application logs to identify important security events, Web Application Protection. Protects web generate alerts, and forward to SIEM system. applications against sophisticated attacks such as Virtualization Compliance. VM isolation and SQL injection, cross-site scripting, and more. hardening protects and isolates payment processing Antivirus Protection. Provides “agentless” malware applications from other VMs on the same hardware. protection via a high-performance VMware virtual Most features are available as an agent or agent-less appliance. appliance for VMware. * Network Segmentation applicable to remote/distributed environments. Virtual Patching may provide a compensating control. Antivirus available for VMware only until 2H 2011 1 Solution Profile | Deep Security for PCI DSS Compliance
  • 2. TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 1.1 Establish firewall and router configuration Deep Security includes a sophisticated, centrally managed, stateful firewall. It helps standards that include: prevent policy violations, logging and reporting any attempted firewall policy violations. 1.2 Build a firewall configuration that restricts connections between untrusted networks and The solution’s security profiles contain the firewall configuration policy. Role-based any system components in the cardholder data access-control capabilities support separation of administrative duties with respect to environment. creating, deploying, and auditing firewall policy and events that violate the policies. 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data Deep Security is used to create and manage sophisticated firewall rules that allow and environment. deny appropriate connections with a minimum number of rules and maximum flexibility. 1.3 Prohibit direct public access between the Centralized management makes this easy to administer and deploy to the right Internet and any system component in the systems. cardholder data environment. Deep Security provides out-of-box reporting capabilities for creating reports that detail the hosts’ stateful firewall configuration. Deep Security firewall capabilities can enable network segmentation to isolate systems that store, process, or transmit cardholder data from systems that do not. This enables cardholder data environments to be easily defined, reducing the overall scope of the PCI audit. 1.4 Install personal firewall software on any mobile The next-generation firewall in Deep Security provides advanced protection against and/or employee-owned computers with direct threats to mobile users. connectivity to the Internet. 2.2 Develop configuration standards for all system Security profiles can be used to specify configurations for unique server functions (e.g., components. Assure that these standards a DNS, Web, or database server), and restrict or prevent access to services and address all known security vulnerabilities and protocols. are consistent with industry-accepted system- hardening standards as defined. 2.2.1 Implement only one primary function per In virtualized environments, the ability to create virtual machine zones and isolate server or per virtual system component. payment-processing applications from applications that are not part of the cardholder data environment—but do reside on the same physical hardware— is a critical factor during compliance audits. The solution’s firewall and IDS/IPS capabilities provide next- generation firewall protection capabilities down to the virtual machine level, ensuring that compliance requirements have been met, independent of the fact that virtualization technology is being utilized. 2.2.2 Disable all unnecessary and insecure services Deep Security provides the ability to deploy firewall rules that block all unnecessary and protocols (services and protocols not ports and protocols not directly needed to perform the server’s specified function. In directly needed to perform the device’s addition, Deep Security supports the ability to audit the system’s firewall configuration specified function). by running port scans to validate that no unexpected ports are accessible. 2.4 Shared hosting providers must protect each Shared hosting providers leverage virtualization to make services cost-effective for entity’s hosted environment and data. These their clients. In virtualized environments, the ability to create virtual machine zones and providers must meet specific requirements as isolate payment-processing applications from other applications—ones not part of the detailed in Appendix A: “PCI DSS Applicability cardholder data environment but residing on the same physical hardware—is a critical for Hosting Providers.” factor during compliance audits. The solution’s host-based firewall and IDS/IPS capabilities provide next-generation firewall protection capabilities down to the virtual machine level, helping ensure that compliance requirements have been met, independent of the fact that virtualization technology is being utilized. Deep Security can also help hosting providers with Appendix A requirements, by enforcing logical access restrictions to the host and through RBAC and delegated administration restrictions on Deep Security Manager. 2 Solution Profile | Deep Security for PCI DSS Compliance
  • 3. TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 5.1 Deploy anti-virus software on all systems Deep Security antivirus module provides advanced malware protection for physical and commonly affected by malicious software virtual systems host servers and endpoints (Available for VMware only until 2H 2011) 5.2 Ensure that all anti-virus mechanisms are Deep Security antivirus signatures are automatically kept up to date via the Trend current Micro Smart Protection Network. Antivirus events are automatically logged to the Deep Security Manager. 6.1 Ensure that all system components and Deep Security virtual patching capabilities protect systems and data until patches can software have the latest vendor-supplied be deployed. When approved by your QSA, it can act as a compensating control for security patches installed. Install critical systems that cannot be patched within the required time frame. Deep Security can also security patches within one month of release. shield known vulnerabilities for which a vendor patch is not available, or in custom applications where source code changes are required to remediate vulnerabilities. 6.2 Establish a process to identify and assign a risk Deep Security systematically monitors and categorizes a wide range of vulnerability ranking to newly discovered security research sources to identify and deliver new deep packet inspection (DPI) rules to vulnerabilities. customers. The deployment of new security rules can be completely automated so that downloading and installing new security rules to the appropriate systems occur without administrative intervention. Deep Security also supports the ability to schedule automatic scans—one time only, daily, weekly, and so forth—of host systems, offering recommendations on the appropriate security rules to protect these hosts. 6.5 Develop applications based on security coding Deep Security complements secure coding initiatives by providing strong detection and guidelines. Prevent common coding prevention capabilities that address attacks as identified by OWASP: vulnerabilities in software development Detection—It is important to detect attacks, even if an application is not processes. susceptible to a specific attack or class of attack, because it identifies the attacker before they can find other potential vulnerabilities. . Protection—Deep Security shields Web application vulnerabilities, preventing security breaches until the underlying flaws can be addressed. 6.6 For public-facing Web applications, address Web application protection rules defend against SQL injection attacks, cross-site new threats and vulnerabilities on an ongoing scripting attacks, and other Web application vulnerabilities, and shield these basis and ensure that these applications are vulnerabilities until code fixes can be completed. Deep Security also protects against protected against known attacks by either of vulnerabilities in the operating system and Web infrastructure. Deep Security Integrity the following methods: Monitoring and Log Inspection modules provide immediate insight into suspicious Reviewing public-facing Web applications activity that might be occurring in your Web environment. Monitoring and detecting via manual or automated application- suspicious behavior is a key element in identifying data breach attempts. vulnerability security-assessment tools or methods, at least annually and after any changes Installing a Web application firewall in front of public-facing Web applications 10.3 Record at least the following audit trail entries Deep Security provides the ability to collect and forward all operating system and for all system components for each event: application events to a centralized logging server or SIEM. Alternatively, Deep Security User identification provides the ability to correlate and forward just the operating system and application logging events of relevance to PCI compliance, significantly reducing network Type of event bandwidth consumption for centralized logging, in addition to reducing the number of Date and time events that need to be analyzed, correlated, and archived. Deep Security provides Success or failure indication default log inspection rules for many of the most common enterprise operating systems and applications, as well as enabling the creation of custom log inspection rules. Deep Origination of event Security firewall, IDS/IPS, antivirus, and integrity monitoring events can also be Identity or name of affected data system forwarded to the SIEM or centralized logging server. component or resource 3 Solution Profile | Deep Security for PCI DSS Compliance
  • 4. TREND MICRO DEEP SECURITY MEETING PCI DSS V 2.0 COMPLIANCE REQUIREMENTS PCI Requirement How Trend Micro Deep Security Addresses It 10.5.3 Promptly back up audit trail files to a The Deep Security Log Inspection module enables you to forward event information to centralized log server or media that is difficult centralized logging servers or SIEMs via syslog in real time, in addition to sending to alter. these events to the Deep Security Manager. 10.5.5 Use file integrity monitoring or change- The Deep Security Log Inspection module provides the ability to monitor log files detection software on logs to ensure that without generating alerts as new data is added to the log. existing log data cannot be changed without generating alerts—although new data being added should not cause an alert. 10.6 Review logs for all system components at least The Deep Security Log Inspection module monitors critical OS and application logs in daily. Log reviews must include those servers real time for relevant security events, and forwards these events to a SIEM or that perform security functions, such as centralized logging server for further analysis, correlation, alerting, and archival— intrusion detection system (IDS) and automating the process of log reviews. authentication, authorization, and accounting (AAA) protocol servers—for example, RADIUS. Note: Log harvesting, parsing, and alerting tools may be used to meet compliance with Requirement 10.6. 11.4 Use IDS, and/or intrusion prevention system Deep Security includes a host-based IDS/IPS module. This module monitors traffic, (IPS), to monitor all traffic at the perimeter of prevents intrusions, and alerts personnel to suspected compromises. Security updates the CDE as well as at critical points inside the that shield newly discovered vulnerabilities are automatically delivered to customers CDE. Keep all intrusion-detection and and hosts. Deep Security’s “recommendation scan” feature identifies applications prevention engines, baselines, and signatures running on hosts that might be vulnerable, and recommends which rules should be up-to-date. applied to these hosts, ensuring that the correct protection is continuously in place with minimal effort. 11.5 Deploy file integrity monitoring software to alert The Deep Security Integrity Monitoring module meets and exceeds these requirements personnel to unauthorized modification of by monitoring system executables, application executables, configuration and critical system files, configuration files, or parameter files, and log and audit files. The Windows registry, services, ports, and content files; configure the software to perform directory contents can also be monitored. critical file comparisons at least weekly. 12.9.5 Include alerts from intrusion detection, Deep Security provides alerts that are integral to a security incident response plan. intrusion prevention, and file integrity And because it can prevent attacks as well, Deep Security reduces the number of monitoring systems. incidents requiring a response. The solution’s integration with leading SIEM vendors enables you to receive a consolidated view of security incidents. Appendix B: Deep Security delivers comprehensive, modular protection including IDS/IPS, Web Compensating Controls for Encryption of application protection, application control, stateful firewall, log inspection, and integrity Stored Data. monitoring. This centrally managed solution offers capabilities that can be used to address gaps identified in a PCI audit assessment. For more information please call or visit us at. www.trendmicro.com/go/enterprise +1-877-21-TREND © 2010 Trend Micro, Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. SB01_DeepSecurity-PCI_101029US 4 Solution Profile | Deep Security for PCI DSS Compliance