Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Securing your Journey to the Cloud
1. Securing your Journey to the Cloud
John Maddison
GM Data Center Business Unit
April 2012
4/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 1
2. Trend Micro
A global cloud security leader that creates a world safe for businesses and
consumers exchanging digital information, through content security and
threat management
EVA CHEN
CEO and Co-Founder
Founded $1 Billion Annual Revenue /
VISION United States $1.7 Billion Total Assets
in 1988
A world safe
for exchanging Headquarters #1 in Server Security
digital information Tokyo, Japan
Employees
4,846 #1 in Virtualization
MISSION
Innovate to Market Security
provide the best Content Security and
content security Threat Management
1000+ Threat Experts that fits into the
IT infrastructure Locations #1 in Cloud Security
28 Offices Worldwide
3. Trend Micro is the Largest Independent Security Company
Trend Micro Global 500 Penetration
•
• 10 of the top 10 Automotive companies
• 10 of the top 10 Telecom companies
• 8 of the top 10 Banks
• 9 of the top 10 Oil companies
Trust Trend Micro security solutions*
Trend Micro Trend Micro Trend Micro Trend Micro Trend Micro
protects protects protects protects protects
96% of the top 50 100% of the top 100% of the top 80% of the top 90% of the top
global 10 automotive 10 telecom 10 banks. 10 oil companies.
corporations. companies. companies.
* In calculating the above data, the percentage use of Trend Micro products include usage by
parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service.
5. APT Definition
―Advanced Persistent Threat‖ was first coined
by the US Air Force in 2006 to describe
complex cyber attacks against specific targets
over long periods of time. Originally, the term
was used to describe nation- states stealing
data or causing damage to other nation-states
for strategic gain
I prefer ―Targeted Attacks‖
6. APT Phases 1. Intelligence Gathering
Identify & research target individuals using public sources
(LinkedIn, Facebook, etc) and prepare a customized attack.
2. Point of Entry (Infiltration)
The initial compromise is typically malware delivered via
social engineering (email/IM or drive by download). A
backdoor is created and the network can now be infiltrated.
3. Command & Control (C&C) Communication
Allows the attacker to instruct and control the compromised
machines and malware used for all subsequent phases.
4. Lateral Movement
Once inside the network, attacker compromises additional
machines to harvest credentials, escalate privilege levels and
maintain persistent control.
5. Asset/Data Discovery
Several techniques and tools are used to identify the
noteworthy servers and the services that house the data of
interest.
6. Data Exit (Exfiltration)
Once sensitive information is gathered, the data is funneled to
an internal staging server where it is chunked, compressed
and often encrypted for transmission to external locations.
7. A Recent Example - ShadowNet
• Less than 200 computers compromised, almost all in India
• Recovered data included Secret, Confidential and Restricted Indian
Gov’t documents
• Social engineering + malware embedded in malicious documents +
tiered C&C infrastructure
Exploit
Target Root
Spread Control
Steal
C&C
10. Journey to the Cloud
Access data, anytime, anywhere, from any device
PUBLIC CLOUD (SaaS, IaaS, PaaS):
Flexibility and operational efficiency
Delivers agility by anticipating and
meeting business needs
VIRTUALIZATION
Desktop / server
consolidation PLATFORM
using virtual
machines
PHYSICAL:
On premise desktop /
server
11. Virtualization & Cloud Computing
One security platform across physical, virtual,
and cloud environments
Physical Virtual Cloud
Firewall
Antivirus Agentless Encryption
HIPS
Web Protection
Vulnerability Shielding
File Integrity
One Security Platform
12. Security Tools and Threat
Firewall White List
Full function centrally managed Malware protection for virtual servers
network and application firewall
Deep Packet Inspection Web Reputation Services
Provides IDS / IPS, Web App
Malware protection for virtual servers
Protection, Application Control
Integrity Monitoring IP Reputation
Full System Monitoring in real-time;
Malware protection for virtual servers
Scheduled & on-demand scanning
Log Inspection
Collects & analyzes OS and
application logs for security events
Antivirus
Malware protection for virtual servers
13. PHYSICAL(P)
Single Pane Deep Security
Manager SIEM
Scalable
Redundant
Reports
Deep Security
Agent
• Firewall
• IDS/IPS
• Integrity Monitoring
• Log Inspection
• Antivirus
• Reputation
16. Recommendation Scans
Voted
Number 1
Feature by
Customers
• The server being protected is analyzed to determine:
– OS, service pack and patch level
– Installed applications and version
– DPI rules are recommended to shield the unpatched vulnerabilities from attacks
– As patches, hotfixes, and updates are applied over time, the Recommendation Scan
will:
• Recommend new rules for assignment
• Recommend removal of rules no longer required after system patching
– Recommendations for DPI, Integrity Monitoring, and Log Inspection rules are
supported
18. Microsoft Active Protections
Program
• Microsoft Active Protections Program (MAPP)
– Program for security software vendors
– Members receive security vulnerability information from the Microsoft
Security Response Center (MSRC) in advance of Microsoft’s monthly
security update
– Members use this information to deliver protection to their customers
after the Microsoft Security Bulletins have been published
• Trend Micro’s protection is delivered to customers within 2 hours of
Microsoft Security Bulletins being published
– This enables customers to shield their vulnerable systems from attack
– Systems can then be patched during the next scheduled maintenance window
19. Certifications
• Common Criteria
• In evaluation for Level 4 Augmented (EAL 4+)
– All protection modules (Firewall, DPI, Integrity Monitoring,
Log Inspection, Anti Malware)
– All platforms (Windows, Linux, Solaris, HPUX, AIX,
VMware - Virtual Appliance)
• NSS Labs
– Third Brigade Deep Security is the first product to pass
NSS Labs’ PCI Suitability testing for Host Intrusion
Prevention Systems (HIPS).
1
20. Data Protection - SecureCloud
Enterprise Datacenter
or SaaS Offering
VM
Corporate VM VM VM
App
Hypervisor
Trend Micro
SecureCloud Console
Shared Storage
Enterprise Key
My Data
21. Deep Security for PCI compliance
Addressing 7 PCI Regulations
and 20+ Sub-Controls Including:
Deep Packet Inspection (1.) Network Segmentation
IDS / IPS
(1.x) Firewall
Web Application Protection
(5.x) Anti-virus*
Application Control
(6.1) Virtual Patching**
Firewall Integrity
Monitoring (6.6) Web App. Protection
(10.6) Daily Log Review
Log Anti-Virus
Inspection (11.4) IDS / IPS
(11.5) File Integrity Monitoring
* Available for VMware only Q3 2010
** Compensating Control
22. PCI DSS 2.0 Virtualization Guidelines
Function Solution
Hypervisor Environment in Scope - Deep Security DPI and FIM
One Function per Server - Deep Security Firewall
Separation of Duty - Deep Security Manager
Mixing VM’s of different trust levels - Deep Security Firewall and IDS/IPS
Dormant VM’s and VM Snapshots - Deep Security Firewall and IDS/IPS
Immaturity of monitoring solutions - Deep Security IDS/IPS, Integrity Monitoring &
Log Insp.
Information Leakage - Deep Security (all modules)
Defense in Depth - Deep Security (all modules)
VM Hardening - Virtualization Vendors
Cloud Computing - Cloud Vendor + Deep Security and SecureCloud
4/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 22
23. Trend Micro Vision
Use Case: Correlated Data &Threat Protection
Data Protection Threat Protection
Deep Security
SecureCloud
Context
Aware
Credit Card Payment Server Security Platform
SensitiveMedicalNumbers
Social Security Records
Patient Research Results
Encryption with Policy-
Information
based Key Management
Server security validation
prior to releasing keys Server security information
On-going checks can revoke or reinstate keys at any time
Physical Virtual Cloud
Classification 4/26/2012 2
3
24. Cloud & Virtualization Computing Leadership
Server Security—Unique from Desktop
• Servers require a different security strategy
than desktops
• Paper calls out the need for many
technologies provided in Deep Security
“Some of the vendors are well ahead in their virtualization-optimized solutions
—for example, Trend Micro.”
“Also, when server-based VM’s…move out from behind perimeter security…
Protection capabilities such as host-based encryption (for example, Trend Micro’s
SecureCloud… become extremely important”
25. Trend Micro #1: Securing Your
Journey to the Cloud
Trend Micro
13–17%
Source: 2012 Technavio – Global
Cloud Security Software Market
Trend
Micro
Trend Micro 23.7%
13%
Worldwide Endpoint Security
Revenue Share by Vendor, 2010
Source: IDC, 2011
Source: 2011 Technavio – Global
Virtualization Security Management
Solutions
Let‘S really be careful, not to fall into the APT trap. APT nowadays is a new name for malware – and is used by every company to sell their old stuff under a new name.In attacks like the Sony data exfiltration last year, a server was hacked and the traffic forked to a third party – malware was not involved at all! But the attacker had skills and know what he was looking for. So it was a targeted attack, the term I prefer to describe tehse kind of attacks!
Targeted attack via E-Mail, the attachment had executable code in it, the malware gets full admin access onto the system, transfers the data out and replicates.
Cloud computing is revolutionizing the way businesses and people consume, share and use digital information, making access to information and computing power easier, faster and more affordable for people everywhere. Businesses are moving to the cloud to save money, increase flexibility and operational efficiency, and to enable access to data, anytime, anywhere, from any device. The catch, of course, is taking advantage of everything the cloud has to offer while maintaining control over all the data. Migrating to the cloud is a process, and everyone’s journey to the cloud is unique. Trend Micro is the perfect partner for those wanting to take this journey from physical to virtual to cloud because Trend Micro is a leader in cloud security and we provide protection every step of the way. Trend Micro provides real-time protection for your data wherever it resides – on premise, virtually, and in the cloud—from Trend Micro™ Smart Protection Network™ to our leading server security and extensive data protection and encryption technologies. From the endpoint to the cloud and everywhere in between, Trend Micro is securing your journey.
So, what can enterprises do to actually benefit from Consumerization and make it work to their advantage? Well, the first thing Trend suggests is to accept the fact that consumerization is happening. It can’t be stopped - and it doesn’t make sense to try. You can embrace Consumerization in order to unlock its full business potential.So how do you go about it?Trend Micro recommends a three-step approach to embrace consumerization: 1--Have a plan. Take a strategic approach to Consumerization. IT cannot do this in a vacuum: engage your lines of business owners (marketing, sales, HR, product development), involve your early adopters in the company, ask them what they use, what they like, and what they find most useful to support their work activities. Pull from their consumer experience rather than push your IT perspective onto them.2--Say yes…but not to everything…and not to everyone. Develop a set of policies that clearly define which technologies are fully supported vesus tolerated or prohibited. Profile your internal users based on their role, line of business and location. Then map technologies to user profiles and define an Service Level Agreement (SLA) for each intersection. 3--Put the right infrastructure into place. Deploy enterprise-grade tools and infrastructure specifically designed to secure and manage consumer technology in the enterprise. No single vendor can provide one solution that covers all functional requirements across all platforms. And several vendors from adjacent product segments offer overlapping core functionality. For a start, you will probably have to look at security vendors for Internet content security, mobile anti-malware and mobile data protection. And look to Mobile Device Management vendors for system provisioning and application management. And to Telecom Expense Management solutions for procurement, support and cost control of voice and data services.Additional resources:Go to Trend Micro Global Sales Toolkit (GST) for access to the internal-only Gartner reports on mobile data protection and mobile device management: http://sales.trendmicro.com/pr/tm/en-us/assets/view-document.aspx?rid=139894Trend Micro Mobile Security (TMMS) assets on GST:http://sales.trendmicro.com/pr/tm/en-us/assets/home.aspx?s21574=20::25189
Here we’ll show you how the encryption key process actually works. Again we have the key server deployed as either a SaaS or on-site deployment. [click]And for this example, we’ll use a cloud service provider environment, although, as we mentioned before, this can also apply to data stored in virtual machines or a private cloud. [click]The process starts with a virtual machine application that wants to access the encrypted data. The application will make a key request to the key server. Note the arrow goes both ways. The VM application makes the request, the key server then uses identity- and integrity-based rules to validate the server. Only if the server passes these validation tests will a key be released. And additional policy-based rules can be applied to ensure that the data is only accessed when and where the business specifies. This helps to support internal governance and compliance requirements.[click]If all of these rules are met, the virtual machine application housed by the service provider can access and decrypt the data stored by the service provider. Again the arrow goes both ways. The key is delivered to the storage volume and the data is released to the application.
