Trend Micro Dec 6 Toronto VMUG

Virtualization Security:
Physical. Virtual. Cloud.
Peter Cresswell - Trend Micro Canada
CISSP ISSAP CISA CISM

Copyright 2011 Trend Micro Inc.

VMWorld 2011: Partners for Security

Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform

• VMware #1 Security Partner
• Trend Micro: 2011 Technology Alliance Partner of
the Year

VIRTUALIZATION/CLOUD:
Securing the Journey


Journey to the Cloud

Physical Virtual Cloud
Public
Cloud
Windows/Linux/Solaris
Server
Virtualization

Private
Cloud

Desktop
Virtualization Hybrid
Cloud

Copyright 2011 Trend Micro Inc. 4

Threat Landscape • Malware
• Advanced Persistent Threats
• Botnets
• Espionage

Trend Micro finds
over 70% of
enterprise networks
contain active malicious
malware

Millions of computers
have been compromised
by ZeuS


Key Trends: Data-centric threat environment
# of days until
More Profitable vulnerability is
first exploited,
after patch is
made available Exploits are happening
before patches
More Sophisticated
28 days are developed

More Frequent 18 days

10 days

More Targeted
Zero-day Zero-day

2003 2004 2005 2006 … 2010
MS- Blast Sasser Zotob WMF IE zero-day

6

Threats are more targeted
RSA Europe Two groups from the same country
teamed up to launch a sophisticated attack against
RSA Security's systems last March, EMC's security
division said.
Unspecified information gained during the attack paved
the way towards an unsuccessful attack against a
defence contractor (self-identified as Lockheed
Martin), senior RSA execs said during the opening of
the RSA Conference in London on Tuesday.
"Two groups were involved in the attack," Thomas
Heiser, RSA Security president, said during a keynote
at the conference. "Both are known to authorities but
they have never worked together before."
"The attack involved a lot of preparation," he added
The Register
Trend Micro Confidential 12/22/2011 Copyright 2011 Trend Micro Inc. 7

Key Trends: Compliance Imperative

More standards:
• PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…

More specific security requirements
• Virtualization, Web applications, EHR, PII…

More penalties & fines
• HITECH, Breach notifications, civil litigation

• PIPEDA- Risk based breach • California SB1386 – Data
notification. Bill C29 to make breach of unencrypted data
breach notification mandatory. notification
• Alberta PIPA Bill 54 amended • Industry Regs - HITECH,
May 2010 to mandate HIPAA, PCI, SOX, HIPAA,
notification of breaches. FISMA, Basel II…
• Quebec QPPIPS similar to
PIPEDA with additional civil
liabilities.

SECURING THE VIRTUALIZED
DATACENTER

Classification 12/22/2011 Copyright 2011 Trend Micro Inc. 9

Identifying Security Challenges
in the Virtual/Cloud

Public
Cloud
Windows/Linux/Solaris
Server
Virtualization

Private
Cloud

Desktop
Virtualization Hybrid
Cloud

• New platforms don‘t change the threat landscape
• Each platform adds unique security risks

The Fundamentals
Many third party courses and best practices
covering:
• Hypervisor lockdown
• Virtual Network design and configuration
• VM security configuration
• VDI security architecture and configuration
• Storage security issues
SANS 579: Virtualization Security
Architecture and Design


P2V: Security Challenge
Virtualization driven by:
• increased density
• consolidated resources
• ‗green‘ IT

Yet ―virtually unaware‖ security controls directly
impact the organization‘s ability to achieve the
desired performance, density and ROI goals.


Virtualization
Security Inhibitors Typical AV
Console
3:00am Scan
1 Resource Contention

Antivirus Storm

Automatic antivirus scans
overburden the system


Virtualization
Security Inhibitors

Reactivated with
1 Resource Contention Active out-of-date security New VMs
Dormant

2 Instant-on Gaps
  
 
 

Cloned VMs must have a configured
agent and updated pattern files


Virtualization
Security Inhibitors


2 Instant-on Gaps

3 Inter-VM Attacks / Blind Spots

Attacks can spread across VMs


Virtualization
Security Inhibitors
Provisioning Reconfiguring Rollout Patch
new VMs agents patterns agents

2 Instant-on Gaps

3 Inter-VM Attacks / Blind Spots

4 Complexity of Management

VM sprawl inhibits compliance


Deep Security 8
A Server Security Platform for
Physical, Virtual, Cloud

Available Aug 30, 2011


The Deep Security server security platform
Server Application and Data Security for:


Deep Packet Inspection
Web App. Application Integrity Log
IDS / IPS Firewall Antimalware Inspection
Monitoring
Protection Control

18

Server-Centric Security

―De-Militarized Zone‖ (DMZ)

IDS/IPS Firewall
Firewall & IDS/IPS
IDS/IPS

File Integrity Monitoring
Gateway & Log Inspection
(Malware)
Anti-Malware

Business
Mission Critical Servers Servers
/ Endpoints

5/28/2009 Copyright 2011 Trend Micro Inc. 19
19

DS 8.0 Overview


Deep Security 8 Agent

Deep Packet
Firewall
Inspection

Anti-malware

WEB REPUTATION
VDI Local Mode
SERVICES
Integrity Log
Monitoring Inspection

• New Agent-based AV for physical Windows and Linux* systems,
virtual servers, and virtual desktops in local mode

• Web reputation services through integration with Smart Protection
Network protects systems/users from access to malicious websites

Trend Micro Deep Security
Server & application protection
5 protection modules

Deep Packet Inspection Detects and blocks known and
IDS / IPS zero-day attacks that target
vulnerabilities
Shields web application
Web Application Protection
vulnerabilities Provides increased visibility into,
Application Control or control over, applications
accessing the network

Reduces attack surface. Detects and blocks malware
Prevents DoS & detects Firewall Anti-Virus (web threats, viruses &
reconnaissance scans worms, Trojans)

Optimizes the Detects malicious and
Log Integrity
identification of important unauthorized changes to
Inspection Monitoring
security events buried in directories, files, registry keys…
log entries


Over 100 applications protected
Deep Security rules shield vulnerabilities in these common applications

Operating Systems Windows (2000, XP, 2003, Vista, 2008, 7), Sun Solaris (8, 9, 10), Red Hat EL (4, 5), SuSE
Linux (10,11)
Database servers Oracle, MySQL, Microsoft SQL Server, Ingres
Web app servers Microsoft IIS, Apache, Apache Tomcat, Microsoft Sharepoint
Mail servers Microsoft Exchange Server, Merak, IBM Lotus Domino, Mdaemon, Ipswitch, IMail,,
MailEnable Professional,
FTP servers Ipswitch, War FTP Daemon, Allied Telesis

Backup servers Computer Associates, Symantec, EMC

Storage mgt servers Symantec, Veritas

DHCP servers ISC DHCPD

Desktop applications Microsoft (Office, Visual Studio, Visual Basic, Access, Visio, Publisher, Excel Viewer,
Windows Media Player), Kodak Image Viewer, Adobe Acrobat Reader, Apple Quicktime,
RealNetworks RealPlayer
Mail clients Outlook Express, MS Outlook, Windows Vista Mail, IBM Lotus Notes, Ipswitch IMail Client

Web browsers Internet Explorer, Mozilla Firefox

Anti-virus Clam AV, CA, Symantec, Norton, Trend Micro, Microsoft

Other applications Samba, IBM Websphere, IBM Lotus Domino Web Access, X.Org, X Font Server prior,
Rsync, OpenSSL, Novell Client

23 Copyright 2011 Trend Micro Inc.

vShield
Securing the Private Cloud End to End: from the Edge to the Endpoint
vShield App and
vShield Edge vShield Endpoint
Zones Endpoint = VM
Edge Security Zone
Secure the edge of Application protection from Enables offloaded anti-virus
the virtual datacenter network based threats

Virtual Datacenter 1 Virtual Datacenter 2
VMware VMware
DMZ PCI HIPAA vShield Web View vShield

compliant compliant

VMware vShield Manager


Deep Security 8
Agentless Security for VMware

Trend Micro Deep Security
Integrates Agentless
with 1
IDS / IPS VMsafe
vCenter
APIs

Application Control Security
Virtual
Firewall
Machine
Agentless
v
2 S
vShield
Antivirus p
Endpoint
Agentless h
3 e
Integrity Monitoring vShield
Endpoint r
e
Agent-based
4
Log Inspection
Security agent
on individual VMs

Agentless Anti-Virus
Agent-less Anti-Virus for VMware
The idea
Protection for virtualized
desktops and datacenters

Trend Micro
The components VMware
Deep Security
vShield Endpoint
Anti-malware

Enables offloading of antivirus A virtual appliance that detects
processing to Trend Micro Deep and blocks malware (web threats,
Security Anti-malware – a viruses & worms, Trojans).
dedicated, security-hardened VM.

Customer
Benefits Higher Faster Better Stronger
Consolidation Performance Manageability Security

Differ-
entiator The first and only agentless anti-virus solution architected for VMware


Agentless Integrity Monitoring

The Old Way With Agent-less Integrity Monitoring

Security
VM VM VM Virtual
Appliance
VM VM VM VM

Zero Added Faster Better Stronger
Footprint Performance Manageability Security

• Zero added footprint: Integrity monitoring in the same virtual appliance
that also provides agentless AV and Deep Packet Inspection
• Stronger Security: Expands the scope of protection to hypervisors
• Order of Magnitude savings in manageability
• Virtual Appliance avoids performance degradation from FIM storms

Agent-less Security Architecture

Trend Trend Micro
Micro Deep Security Virtual Appliance Guest VM
Deep Security Network Security Anti-Malware
Manager
Security IDS/IPS - Real-time Scan APPs
Admin - Web App Protection - Scheduled & APPs
- Application Control Manual Scan APPs
OS
Kernel

FIM
Firewall OS
BIOS

VMsafe-net vShield Endpoint
API API Thin Driver

vShield ESX 4.1
Manager Trend Micro vShield Endpoint
filter driver ESX Module
VI
Admin vCenter
vSphere Platform

Trend Micro vShield
Legend  product VMware Endpoint
components Platform Components


Virtualization
Addressing Security Inhibitors

Solution: Agentless Security
Services from a separate scanning
VM

Solution: Dedicated scanning VMs
2 Instant-on Gaps
with layered protection

Inter-VM Attacks / Blind Spots Solution: VM-aware security with
3 virtualization platform integration

Solution: Integration with
4 Complexity of Management
virtualization management
consoles such as VMware vCenter


Virtualization

DEEP SECURITY

Security built for
virtualization helps
maximize
consolidation rates,
operational
efficiencies and
cost savings

Deep Security: Agentless Security Benefits

• Higher VM density Agentless server security platform

− Agentless AV enables 2-3 times
more desktop VMs
− Enables 40-60% more server VMs
• Better manageability
− No security agents to configure,
update & patch
− Integrated AV, FIM & IDS/IPS
simplifies security mgmt     

• Stronger security
− Added security (FIM, IDS/IPS, etc.)
through virtual appliance Previously
− Instant ON protection
− Tamper-proofing
• Faster performance
– Freedom from AV and FIM storms

Virtual Patching

DEEP SECURITY

Shield
vulnerabilities in
critical systems,
until, or without,
patching


Four Key Strategies:
•patching applications and always using the latest version of
an application;
•keeping operating systems patched;
•keeping admin rights under strict control (and forbidding the
use of administrative accounts for e-mail and browsing);
•whitelisting applications.

Recap: Virtual Patching with Deep Security
Raw Traffic Over 100 applications
shielded including:
Operating Systems

1 Stateful Firewall Database servers
Allow known good
Web app servers
Mail servers
2 Exploit Rules
FTP servers
Deep packet inspection

Stop known bad
Backup servers

Storage mgt servers
3 Vulnerability Rules
Shield known DHCP servers
vulnerabilities
Desktop applications

4 Smart Rules Mail clients
Shield unknown
vulnerabilities Web browsers
and protect Anti-virus
specific applications
Filtered Traffic Other applications


Compliance

DEEP SECURITY

A security and
compliance solution
that addresses
multiple PCI and
other regulatory
requirements cost-
effectively

Recap: Deep Security for PCI compliance

Addressing 7 PCI Regulations
Deep Packet Inspection and 20+ Sub-Controls Including:
IDS / IPS
 (1.) Network Segmentation
 (1.x) Firewall
Application Control
 (5.x) Anti-virus

Firewall Integrity  (6.1) Virtual Patching*
Monitoring
 (6.6) Web App. Protection
Log Anti-
Malware  (10.6) Daily Log Review
Inspection
 (11.4) IDS / IPS
Physical Virtual Cloud Endpoints
Servers
Servers Computing & Devices  (11.5) File Integrity Monitoring

* Compensating Control


Emerging Governance
• PCI Virtualization Special Interest Group (SIG)
formed during the 2009 RSA Conference
– SIG Objective: Provide clarification on the use of
virtualization in accordance with the PCI DSS
– After a 2+ year process, the SIG submitted
recommendations to the PCI SSC working group
for consideration
– Trend has been a contributing member of the SIG
from the very first call
– Opinions on the SIG varied widely
• Leading edge: Embrace virtualization and the
direction towards cloud computing
• Conservative: Recommend dedicated hypervisor
environments and restrict consolidation of system
components – defer use of the cloud


Security in a Cloudy World


Cloud is a computing style, not a
location…. Public
Cloud
Hybrid
Cloud

Private
Cloud

Capital Expense Elimination
Flexibly match cost to demand

Server
Virtualization Cost Management
Peak load flexibility
IaaS Integration of 3rd Party Solutions
Agility
Virtualization will inevitably
Consolidation lead to Cloud Computing
Flexibility models Gartner, 2011
Speed

Adoption of Cloud Computing
Businesses are moving into the cloud

• Gartner
– 15% of workloads will be cloud based by 2014

• Information Week
− 17% of businesses in public cloud
− 28% using, 30% planning for private cloud

But for businesses to truly invest in the cloud…
• Must be interchangeable with on-site data center deployments
• Must retain similar levels of security and control
• Must provide data privacy and support compliance requirements


Public IaaS Clouds
Security and Privacy are #1 Concerns

• Your data is mobile — has it moved?
• Who can see your information?
• Who is attaching to your volumes?
• Do you have visibility into who has
accessed your data? Rogue server
access

No visibility to
data access
Name: John Doe Name: John Doe n
SSN: 425-79-0053 SSN: 425-79-0053
Visa #: 4456-8732… Visa #: 4456-8732…

Data can be moved and
leave residual data behind


Public Cloud
Who Has Control?
Servers Virtualization & Public Cloud Public Cloud Public Cloud
Private Cloud IaaS PaaS SaaS

End-User (Enterprise) Service Provider

Who is responsible for security?
• With IaaS the customer is responsible for security
• With SaaS or PaaS the service provider is responsible for security
– Not all SaaS or PaaS services are secure
– Can compromise your endpoints that connect to the service
– Endpoint security becomes critical


So who is responsible?
The majority of cloud computing providers surveyed do not believe their organization views the
security of their cloud services as a competitive advantage. Further, they do not consider cloud
computing security as one of their most important responsibilities and do not believe their
products or services substantially protect and secure the confidential or sensitive information of
their customers.

The majority of cloud providers believe it is their customer’s responsibility to secure the cloud
and not their responsibility. They also say their systems and applications are not always
evaluated for security threats prior to deployment to customers.

Buyer beware – on average providers of cloud computing technologies allocate10 percent or
less of their operational resources to security and most do not have confidence that customers’
security requirements are being met.

Cloud providers in our study say the primary reasons why customers purchase cloud resources
are lower cost and faster deployment of applications. In contrast, improved security or
compliance with regulations is viewed as an unlikely reason for choosing cloud services.

The majority of cloud providers in our study admit they do not have dedicated security
personnel to oversee the security of cloud applications, infrastructure or platforms.

conducted by Ponemon Institute LLC
Publication Date: April 2011

Accountability
• Ultimately who is responsible will pale beside
the governance which dictates who is
accountable
• Accountability will rest with the data owner by
most governance regimes
• Cloud computing due diligence means you
must own and control your data – wherever it
resides and moves


Working on Cloud GRC

Cloud Security Alliance GRC Stack
The Cloud Security Alliance GRC Stack provides a toolkit for
enterprises, cloud providers, security solution providers, IT auditors
and other key stakeholders to instrument and assess both private and
public clouds against industry established best practices, standards
and critical compliance requirements

https://cloudsecurityalliance.org/

What is the Solution?
Data Protection in the Cloud

Encryption
Credit Card Payment
SensitiveMedical Numbers
Social Security Records
Patient Policy-based
with Research Results
Information
Key Management

AES Encryption Policy-based Auditing, Reporting,
128, 192, & 256 bits Key Management & Mobility

• Unreadable to outsiders • Trusted server access • Compliance support
• Obscured data on • Control for when and • Custody of keys—SaaS
recycled devices where data is accessed or virtual appliance
• No vendor lock-in


Security that Travels with the VM

Cloud Security – Modular Protection

Data Template VM Real-time
Compliance
Protection Integrity Isolation Protection

Self-Defending VM Security in the Cloud
• Agent on VM allows travel between cloud solutions
• One management portal for all modules
• SaaS security deployment option


Total Cloud Protection
System, application and data security in the cloud

Deep Security 8
Context
Aware Credit Card Payment 2
SecureCloud
Patient Medical Records
Social Security Numbers
Sensitive Research Results
Information

Encryption with Policy-based
Modular protection for Key Management
servers and applications
• Data is unreadable
• Self-Defending VM Security to unauthorized users
in the Cloud
• Policy-based key management
• Agent on VM allows travel controls and automates key
between cloud solutions delivery
• One management portal for • Server validation authenticates
all modules servers requesting keys

50

SecureCloud 2
Enterprise Deployment Options

Key Management Encryption Support
Deployment Options
VM VM VM VM vSphere
Trend Micro Virtual
SaaS Solution Machines

VM VM VM VM
Private
Clouds

Or
SecureCloud
Data Center Console VM VM VM VM Public
Software Application Clouds

51

SecureCloud – New In 2.0

• FIPS 140-2 Certification
– Exchange of Mobile Armor encryption agent
– Gives Trend access to Fed / Gov accounts
• DSM Integration
– Greatly improves ability to build robust
authentication policies
– Begins integration of two cutting edge technologies
– Additional integration – unified management console
• Total Cloud Protection Bundle
– New bundle connects both products
– Gives protection across all infrastructures – PVC
– Defines a place to manage and protect all future
environments

52

SecureCloud
Benefits

• Access cloud economics and agility by removing data privacy
concerns.
• Segregate data of varied trust levels to avoid breach and insider threat
• Reduce complexity and costs with policy-based key management
• Boost security with identity- and integrity-based server authentication
• Move freely among clouds knowing that remnant data is unreadable

Trend Micro Confidential12/22/2011 Copyright 2011 Trend Micro Inc.
53

Securing Your Journey to the Cloud
• Integrate security—server, web, email,
Physical endpoint, network
Reduce Complexity
• Improve security and availability
• Lower costs

• Apply VM-aware security
Virtual
• Ensure higher VM densities
Increase Efficiency
• Get better performance and better protection

• Encrypt with policy-based key management
Cloud
• Deploy self-defending VMs in the cloud
Deliver Agility
• Use security that travels with your data

Use Data Center Security to Drive Your Business Forward


Final Thoughts


Rethinking Security Controls in a
Cloud-Service Envronment
The end of ‗physical‘ thinking
Focus on the Data Center
– Protection focused on (v)applications and data
Security Controls are a property of the Virtual Application
– not the device where it is accessed
– not the plumbing on which it is executed
You are accountable for your data
– whatever cloud it lives in
– own your data protection controls


Deep Security
Summary of highlights
 A fully integrated server security platform
 Only solution to offer specialized protection for physical virtual and cloud
 First and only agentless anti-malware – nearly a 1000 customers have
purchased
 Only solution to also offer agentless FW, IDS/IPS and FIM in the same
appliance
 Only solution in its category to be FIPS and EAL4+ certified

Trend Trend Micro
Micro 13%
22.9%

All Others Top ratings for
All Virtualization
Combined
Others
87% Security
77.1%
Source: Worldwide Endpoint Source: 2011 Technavio –
Security 2010-2014 Forecast Global Virtualization Security
and 2009 Vendor Shares, IDC Management Solutions

Trend Micro: VMware #1 Security Partner and
2011 Technology Alliance Partner of the Year

Improves Security Improves Virtualization
by providing the most by providing security solutions
secure virtualization infrastructure, architected to fully exploit
with APIs, and certification programs the VMware platform

VMworld: Trend Micro Dec: Deep Security
virtsec customer Nov: Deep Security 7 7.5
with virtual appliance w/ Agentless
May: Trend
AntiVirus
acquires RSA: Trend Micro Vmworld: Announce
Feb: Join Third Brigade Demos Agentless
VMsafe Deep Security 8
program Sale of DS 7.5 & vShield OEM
Before GA

2008 2009 2010 2011

July: VMworld: Announce Q1: VMware buys
RSA: Trend Micro
CPVM Deep Security 7.5 Deep Security for
announces Coordinated
GA Internal VDI Use
approach & Virtual pricing
And shows Vmsafe demo Q4: Joined EPSEC 2010:
RSA: Trend Micro
vShield Program >100 customers
announces virtual
>$1M revenue
appliance

Thank You!
www.cloudjourney.com
Peter Cresswell


Trend Micro Dec 6 Toronto VMUG

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Trend Micro Dec 6 Toronto VMUG

Ähnlich wie Trend Micro Dec 6 Toronto VMUG (20)

Mehr von tovmug

Mehr von tovmug (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Trend Micro Dec 6 Toronto VMUG