2. VMWorld 2011: Partners for Security
Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform
• VMware #1 Security Partner
• Trend Micro: 2011 Technology Alliance Partner of
the Year
Copyright 2011 Trend Micro Inc.
4. Journey to the Cloud
Physical Virtual Cloud
Public
Cloud
Windows/Linux/Solaris
Server
Virtualization
Private
Cloud
Desktop
Virtualization Hybrid
Cloud
Copyright 2011 Trend Micro Inc. 4
5. Threat Landscape • Malware
• Advanced Persistent Threats
• Botnets
• Espionage
Trend Micro finds
over 70% of
enterprise networks
contain active malicious
malware
Millions of computers
have been compromised
by ZeuS
Copyright 2011 Trend Micro Inc.
6. Key Trends: Data-centric threat environment
# of days until
More Profitable vulnerability is
first exploited,
after patch is
made available Exploits are happening
before patches
More Sophisticated
28 days are developed
More Frequent 18 days
10 days
More Targeted
Zero-day Zero-day
2003 2004 2005 2006 … 2010
MS- Blast Sasser Zotob WMF IE zero-day
6
Copyright 2011 Trend Micro Inc.
7. Threats are more targeted
RSA Europe Two groups from the same country
teamed up to launch a sophisticated attack against
RSA Security's systems last March, EMC's security
division said.
Unspecified information gained during the attack paved
the way towards an unsuccessful attack against a
defence contractor (self-identified as Lockheed
Martin), senior RSA execs said during the opening of
the RSA Conference in London on Tuesday.
"Two groups were involved in the attack," Thomas
Heiser, RSA Security president, said during a keynote
at the conference. "Both are known to authorities but
they have never worked together before."
"The attack involved a lot of preparation," he added
The Register
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 7
8. Key Trends: Compliance Imperative
More standards:
• PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
More specific security requirements
• Virtualization, Web applications, EHR, PII…
More penalties & fines
• HITECH, Breach notifications, civil litigation
• PIPEDA- Risk based breach • California SB1386 – Data
notification. Bill C29 to make breach of unencrypted data
breach notification mandatory. notification
• Alberta PIPA Bill 54 amended • Industry Regs - HITECH,
May 2010 to mandate HIPAA, PCI, SOX, HIPAA,
notification of breaches. FISMA, Basel II…
• Quebec QPPIPS similar to
PIPEDA with additional civil
liabilities.
Copyright 2011 Trend Micro Inc. 8
10. Identifying Security Challenges
in the Virtual/Cloud
Physical Virtual Cloud
Public
Cloud
Windows/Linux/Solaris
Server
Virtualization
Private
Cloud
Desktop
Virtualization Hybrid
Cloud
• New platforms don‘t change the threat landscape
• Each platform adds unique security risks
Copyright 2011 Trend Micro Inc. 10
11. The Fundamentals
Many third party courses and best practices
covering:
• Hypervisor lockdown
• Virtual Network design and configuration
• VM security configuration
• VDI security architecture and configuration
• Storage security issues
SANS 579: Virtualization Security
Architecture and Design
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 11
12. P2V: Security Challenge
Virtualization driven by:
• increased density
• consolidated resources
• ‗green‘ IT
Yet ―virtually unaware‖ security controls directly
impact the organization‘s ability to achieve the
desired performance, density and ROI goals.
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 12
13. Virtualization
Security Inhibitors Typical AV
Console
3:00am Scan
1 Resource Contention
Antivirus Storm
Automatic antivirus scans
overburden the system
Copyright 2011 Trend Micro Inc. 13
14. Virtualization
Security Inhibitors
Reactivated with
1 Resource Contention Active out-of-date security New VMs
Dormant
2 Instant-on Gaps
Cloned VMs must have a configured
agent and updated pattern files
Copyright 2011 Trend Micro Inc. 14
15. Virtualization
Security Inhibitors
1 Resource Contention
2 Instant-on Gaps
3 Inter-VM Attacks / Blind Spots
Attacks can spread across VMs
Copyright 2011 Trend Micro Inc. 15
16. Virtualization
Security Inhibitors
Provisioning Reconfiguring Rollout Patch
new VMs agents patterns agents
1 Resource Contention
2 Instant-on Gaps
3 Inter-VM Attacks / Blind Spots
4 Complexity of Management
VM sprawl inhibits compliance
Copyright 2011 Trend Micro Inc. 16
17. Deep Security 8
A Server Security Platform for
Physical, Virtual, Cloud
Available Aug 30, 2011
Copyright 2011 Trend Micro Inc.
18. The Deep Security server security platform
Server Application and Data Security for:
Physical Virtual Cloud
Deep Packet Inspection
Web App. Application Integrity Log
IDS / IPS Firewall Antimalware Inspection
Monitoring
Protection Control
Copyright 2011 Trend Micro Inc.
18
21. Deep Security 8 Agent
Deep Packet
Firewall
Inspection
Anti-malware
WEB REPUTATION
VDI Local Mode
SERVICES
Integrity Log
Monitoring Inspection
• New Agent-based AV for physical Windows and Linux* systems,
virtual servers, and virtual desktops in local mode
• Web reputation services through integration with Smart Protection
Network protects systems/users from access to malicious websites
Copyright 2011 Trend Micro Inc. 21
22. Trend Micro Deep Security
Server & application protection
5 protection modules
Deep Packet Inspection Detects and blocks known and
IDS / IPS zero-day attacks that target
vulnerabilities
Shields web application
Web Application Protection
vulnerabilities Provides increased visibility into,
Application Control or control over, applications
accessing the network
Reduces attack surface. Detects and blocks malware
Prevents DoS & detects Firewall Anti-Virus (web threats, viruses &
reconnaissance scans worms, Trojans)
Optimizes the Detects malicious and
Log Integrity
identification of important unauthorized changes to
Inspection Monitoring
security events buried in directories, files, registry keys…
log entries
Copyright 2011 Trend Micro Inc. 22
23. Over 100 applications protected
Deep Security rules shield vulnerabilities in these common applications
Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE
Linux (10,11)
Database servers Oracle, MySQL, Microsoft SQL Server, Ingres
Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint
Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,,
MailEnable Professional,
FTP servers Ipswitch, War FTP Daemon, Allied Telesis
Backup servers Computer Associates, Symantec, EMC
Storage mgt servers Symantec, Veritas
DHCP servers ISC DHCPD
Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer,
Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime,
RealNetworks RealPlayer
Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client
Web browsers Internet Explorer, Mozilla Firefox
Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft
Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior,
Rsync, OpenSSL, Novell Client
23 Copyright 2011 Trend Micro Inc.
24. vShield
Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield App and
vShield Edge vShield Endpoint
Zones Endpoint = VM
Edge Security Zone
Secure the edge of Application protection from Enables offloaded anti-virus
the virtual datacenter network based threats
Virtual Datacenter 1 Virtual Datacenter 2
VMware VMware
DMZ PCI HIPAA vShield Web View vShield
compliant compliant
VMware vShield Manager
Copyright 2011 Trend Micro Inc.
25. Deep Security 8
Agentless Security for VMware
Trend Micro Deep Security
Integrates Agentless
with 1
IDS / IPS VMsafe
vCenter
APIs
Web Application Protection
Application Control Security
Virtual
Firewall
Machine
Agentless
v
2 S
vShield
Antivirus p
Endpoint
Agentless h
3 e
Integrity Monitoring vShield
Endpoint r
e
Agent-based
4
Log Inspection
Security agent
on individual VMs
Copyright 2011 Trend Micro Inc.
26. Agentless Anti-Virus
Agent-less Anti-Virus for VMware
The idea
Protection for virtualized
desktops and datacenters
Trend Micro
The components VMware
Deep Security
vShield Endpoint
Anti-malware
Enables offloading of antivirus A virtual appliance that detects
processing to Trend Micro Deep and blocks malware (web threats,
Security Anti-malware – a viruses & worms, Trojans).
dedicated, security-hardened VM.
Customer
Benefits Higher Faster Better Stronger
Consolidation Performance Manageability Security
Differ-
entiator The first and only agentless anti-virus solution architected for VMware
26 Copyright 2011 Trend Micro Inc.
27. Agentless Integrity Monitoring
The Old Way With Agent-less Integrity Monitoring
Security
VM VM VM Virtual
Appliance
VM VM VM VM
Zero Added Faster Better Stronger
Footprint Performance Manageability Security
• Zero added footprint: Integrity monitoring in the same virtual appliance
that also provides agentless AV and Deep Packet Inspection
• Stronger Security: Expands the scope of protection to hypervisors
• Order of Magnitude savings in manageability
• Virtual Appliance avoids performance degradation from FIM storms
27 Copyright 2011 Trend Micro Inc.
28. Agent-less Security Architecture
Trend Trend Micro
Micro Deep Security Virtual Appliance Guest VM
Deep Security Network Security Anti-Malware
Manager
Security IDS/IPS - Real-time Scan APPs
Admin - Web App Protection - Scheduled & APPs
- Application Control Manual Scan APPs
OS
Kernel
FIM
Firewall OS
BIOS
VMsafe-net vShield Endpoint
API API Thin Driver
vShield ESX 4.1
Manager Trend Micro vShield Endpoint
filter driver ESX Module
VI
Admin vCenter
vSphere Platform
Trend Micro vShield
Legend product VMware Endpoint
components Platform Components
Copyright 2011 Trend Micro Inc.
29. Virtualization
Addressing Security Inhibitors
Solution: Agentless Security
1 Resource Contention
Services from a separate scanning
VM
Solution: Dedicated scanning VMs
2 Instant-on Gaps
with layered protection
Inter-VM Attacks / Blind Spots Solution: VM-aware security with
3 virtualization platform integration
Solution: Integration with
4 Complexity of Management
virtualization management
consoles such as VMware vCenter
Copyright 2011 Trend Micro Inc. 29
30. Virtualization
DEEP SECURITY
Security built for
virtualization helps
maximize
consolidation rates,
operational
efficiencies and
cost savings
Copyright 2011 Trend Micro Inc. 30
31. Deep Security: Agentless Security Benefits
• Higher VM density Agentless server security platform
− Agentless AV enables 2-3 times
more desktop VMs
− Enables 40-60% more server VMs
• Better manageability
− No security agents to configure,
update & patch
− Integrated AV, FIM & IDS/IPS
simplifies security mgmt
• Stronger security
− Added security (FIM, IDS/IPS, etc.)
through virtual appliance Previously
− Instant ON protection
− Tamper-proofing
• Faster performance
– Freedom from AV and FIM storms
Copyright 2011 Trend Micro Inc. 31
32. Virtual Patching
DEEP SECURITY
Shield
vulnerabilities in
critical systems,
until, or without,
patching
Copyright 2011 Trend Micro Inc. 32
33. Four Key Strategies:
•patching applications and always using the latest version of
an application;
•keeping operating systems patched;
•keeping admin rights under strict control (and forbidding the
use of administrative accounts for e-mail and browsing);
•whitelisting applications.
Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 33
34. Recap: Virtual Patching with Deep Security
Raw Traffic Over 100 applications
shielded including:
Operating Systems
1 Stateful Firewall Database servers
Allow known good
Web app servers
Mail servers
2 Exploit Rules
FTP servers
Deep packet inspection
Stop known bad
Backup servers
Storage mgt servers
3 Vulnerability Rules
Shield known DHCP servers
vulnerabilities
Desktop applications
4 Smart Rules Mail clients
Shield unknown
vulnerabilities Web browsers
and protect Anti-virus
specific applications
Filtered Traffic Other applications
34 Copyright 2011 Trend Micro Inc.
35. Compliance
DEEP SECURITY
A security and
compliance solution
that addresses
multiple PCI and
other regulatory
requirements cost-
effectively
Copyright 2011 Trend Micro Inc.
36. Recap: Deep Security for PCI compliance
Addressing 7 PCI Regulations
Deep Packet Inspection and 20+ Sub-Controls Including:
IDS / IPS
(1.) Network Segmentation
Web Application Protection
(1.x) Firewall
Application Control
(5.x) Anti-virus
Firewall Integrity (6.1) Virtual Patching*
Monitoring
(6.6) Web App. Protection
Log Anti-
Malware (10.6) Daily Log Review
Inspection
(11.4) IDS / IPS
Physical Virtual Cloud Endpoints
Servers
Servers Computing & Devices (11.5) File Integrity Monitoring
* Compensating Control
Copyright 2011 Trend Micro Inc.
37. Emerging Governance
• PCI Virtualization Special Interest Group (SIG)
formed during the 2009 RSA Conference
– SIG Objective: Provide clarification on the use of
virtualization in accordance with the PCI DSS
– After a 2+ year process, the SIG submitted
recommendations to the PCI SSC working group
for consideration
– Trend has been a contributing member of the SIG
from the very first call
– Opinions on the SIG varied widely
• Leading edge: Embrace virtualization and the
direction towards cloud computing
• Conservative: Recommend dedicated hypervisor
environments and restrict consolidation of system
components – defer use of the cloud
Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 39
38. Security in a Cloudy World
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 40
39. Cloud is a computing style, not a
location…. Public
Cloud
Hybrid
Cloud
Private
Cloud
Capital Expense Elimination
Flexibly match cost to demand
Server
Virtualization Cost Management
Peak load flexibility
IaaS Integration of 3rd Party Solutions
Agility
Virtualization will inevitably
Consolidation lead to Cloud Computing
Flexibility models Gartner, 2011
Speed
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 41
40. Adoption of Cloud Computing
Businesses are moving into the cloud
• Gartner
– 15% of workloads will be cloud based by 2014
• Information Week
− 17% of businesses in public cloud
− 28% using, 30% planning for private cloud
But for businesses to truly invest in the cloud…
• Must be interchangeable with on-site data center deployments
• Must retain similar levels of security and control
• Must provide data privacy and support compliance requirements
Copyright 2011 Trend Micro Inc. 42
41. Public IaaS Clouds
Security and Privacy are #1 Concerns
• Your data is mobile — has it moved?
• Who can see your information?
• Who is attaching to your volumes?
• Do you have visibility into who has
accessed your data? Rogue server
access
No visibility to
data access
Name: John Doe Name: John Doe n
SSN: 425-79-0053 SSN: 425-79-0053
Visa #: 4456-8732… Visa #: 4456-8732…
Data can be moved and
leave residual data behind
Copyright 2011 Trend Micro Inc. 43
42. Public Cloud
Who Has Control?
Servers Virtualization & Public Cloud Public Cloud Public Cloud
Private Cloud IaaS PaaS SaaS
End-User (Enterprise) Service Provider
Who is responsible for security?
• With IaaS the customer is responsible for security
• With SaaS or PaaS the service provider is responsible for security
– Not all SaaS or PaaS services are secure
– Can compromise your endpoints that connect to the service
– Endpoint security becomes critical
Copyright 2011 Trend Micro Inc. 44
43. So who is responsible?
The majority of cloud computing providers surveyed do not believe their organization views the
security of their cloud services as a competitive advantage. Further, they do not consider cloud
computing security as one of their most important responsibilities and do not believe their
products or services substantially protect and secure the confidential or sensitive information of
their customers.
The majority of cloud providers believe it is their customer’s responsibility to secure the cloud
and not their responsibility. They also say their systems and applications are not always
evaluated for security threats prior to deployment to customers.
Buyer beware – on average providers of cloud computing technologies allocate10 percent or
less of their operational resources to security and most do not have confidence that customers’
security requirements are being met.
Cloud providers in our study say the primary reasons why customers purchase cloud resources
are lower cost and faster deployment of applications. In contrast, improved security or
compliance with regulations is viewed as an unlikely reason for choosing cloud services.
The majority of cloud providers in our study admit they do not have dedicated security
personnel to oversee the security of cloud applications, infrastructure or platforms.
conducted by Ponemon Institute LLC
Publication Date: April 2011
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 45
44. Accountability
• Ultimately who is responsible will pale beside
the governance which dictates who is
accountable
• Accountability will rest with the data owner by
most governance regimes
• Cloud computing due diligence means you
must own and control your data – wherever it
resides and moves
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 46
45. Working on Cloud GRC
Cloud Security Alliance GRC Stack
The Cloud Security Alliance GRC Stack provides a toolkit for
enterprises, cloud providers, security solution providers, IT auditors
and other key stakeholders to instrument and assess both private and
public clouds against industry established best practices, standards
and critical compliance requirements
https://cloudsecurityalliance.org/
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 47
46. What is the Solution?
Data Protection in the Cloud
Encryption
Credit Card Payment
SensitiveMedical Numbers
Social Security Records
Patient Policy-based
with Research Results
Information
Key Management
AES Encryption Policy-based Auditing, Reporting,
128, 192, & 256 bits Key Management & Mobility
• Unreadable to outsiders • Trusted server access • Compliance support
• Obscured data on • Control for when and • Custody of keys—SaaS
recycled devices where data is accessed or virtual appliance
• No vendor lock-in
Copyright 2011 Trend Micro Inc.
47. Security that Travels with the VM
Cloud Security – Modular Protection
Data Template VM Real-time
Compliance
Protection Integrity Isolation Protection
Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
• SaaS security deployment option
49 Copyright 2011 Trend Micro Inc.
48. Total Cloud Protection
System, application and data security in the cloud
Deep Security 8
Context
Aware Credit Card Payment 2
SecureCloud
Patient Medical Records
Social Security Numbers
Sensitive Research Results
Information
Encryption with Policy-based
Modular protection for Key Management
servers and applications
• Data is unreadable
• Self-Defending VM Security to unauthorized users
in the Cloud
• Policy-based key management
• Agent on VM allows travel controls and automates key
between cloud solutions delivery
• One management portal for • Server validation authenticates
all modules servers requesting keys
Copyright 2011 Trend Micro Inc.
50
49. SecureCloud 2
Enterprise Deployment Options
Key Management Encryption Support
Deployment Options
VM VM VM VM vSphere
Trend Micro Virtual
SaaS Solution Machines
VM VM VM VM
Private
Clouds
Or
SecureCloud
Data Center Console VM VM VM VM Public
Software Application Clouds
Copyright 2011 Trend Micro Inc.
51
50. SecureCloud – New In 2.0
• FIPS 140-2 Certification
– Exchange of Mobile Armor encryption agent
– Gives Trend access to Fed / Gov accounts
• DSM Integration
– Greatly improves ability to build robust
authentication policies
– Begins integration of two cutting edge technologies
– Additional integration – unified management console
• Total Cloud Protection Bundle
– New bundle connects both products
– Gives protection across all infrastructures – PVC
– Defines a place to manage and protect all future
environments
12/22/2011 Copyright 2011 Trend Micro Inc. 52
52
51. SecureCloud
Benefits
• Access cloud economics and agility by removing data privacy
concerns.
• Segregate data of varied trust levels to avoid breach and insider threat
• Reduce complexity and costs with policy-based key management
• Boost security with identity- and integrity-based server authentication
• Move freely among clouds knowing that remnant data is unreadable
Trend Micro Confidential12/22/2011 Copyright 2011 Trend Micro Inc.
53
52. Securing Your Journey to the Cloud
• Integrate security—server, web, email,
Physical endpoint, network
Reduce Complexity
• Improve security and availability
• Lower costs
• Apply VM-aware security
Virtual
• Ensure higher VM densities
Increase Efficiency
• Get better performance and better protection
• Encrypt with policy-based key management
Cloud
• Deploy self-defending VMs in the cloud
Deliver Agility
• Use security that travels with your data
Use Data Center Security to Drive Your Business Forward
Copyright 2011 Trend Micro Inc. 54
53. Final Thoughts
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 55
54. Rethinking Security Controls in a
Cloud-Service Envronment
The end of ‗physical‘ thinking
Focus on the Data Center
– Protection focused on (v)applications and data
Security Controls are a property of the Virtual Application
– not the device where it is accessed
– not the plumbing on which it is executed
You are accountable for your data
– whatever cloud it lives in
– own your data protection controls
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 56
55. Deep Security
Summary of highlights
A fully integrated server security platform
Only solution to offer specialized protection for physical virtual and cloud
First and only agentless anti-malware – nearly a 1000 customers have
purchased
Only solution to also offer agentless FW, IDS/IPS and FIM in the same
appliance
Only solution in its category to be FIPS and EAL4+ certified
Trend Trend Micro
Micro 13%
22.9%
All Others Top ratings for
All Virtualization
Combined
Others
87% Security
77.1%
Source: Worldwide Endpoint Source: 2011 Technavio –
Security 2010-2014 Forecast Global Virtualization Security
and 2009 Vendor Shares, IDC Management Solutions
Copyright 2011 Trend Micro Inc.
56. Trend Micro: VMware #1 Security Partner and
2011 Technology Alliance Partner of the Year
Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform
VMworld: Trend Micro Dec: Deep Security
virtsec customer Nov: Deep Security 7 7.5
with virtual appliance w/ Agentless
May: Trend
AntiVirus
acquires RSA: Trend Micro Vmworld: Announce
Feb: Join Third Brigade Demos Agentless
VMsafe Deep Security 8
program Sale of DS 7.5 & vShield OEM
Before GA
2008 2009 2010 2011
July: VMworld: Announce Q1: VMware buys
RSA: Trend Micro
CPVM Deep Security 7.5 Deep Security for
announces Coordinated
GA Internal VDI Use
approach & Virtual pricing
And shows Vmsafe demo Q4: Joined EPSEC 2010:
RSA: Trend Micro
vShield Program >100 customers
announces virtual
Copyright 2011 Trend Micro Inc.
>$1M revenue
appliance