Trend Micro End to End Security Protection by Steve Quane
Transcript of Trend Micro End to End Security Protection by Steve Quane
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
1/30
1 Copyright 2010 EMC Corporation. All rights reserved.
End to End Protection for
Virtualised & Cloud Environments
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
2/30
Copyright 2009 Trend Micro Inc.
Why virtualization matters
Speed and Business Impact
Expertise and Performance
Massive Cost Reduction
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
3/30
Copyright 2009 Trend Micro Inc.
15% 30% 70%
85%
Stage 1Consolidation
DC Consolidation
- Non-mission criticalbase applications
- Standardized hypervisor- Simple VM Management
Public and private cloud
- Multi-hypervisor-Virtualized storage
-Multi-tenancy-Workload Management
-Dedicate or Burst to public
Stage 3Private > Public Cloud
Mission critical applications&
Endpoint Control
- Performance becomes critical-API and advanced
management useVDI sampling
-Enhanced Compliance controls
Servers
Desktops
Stage 2Expansion & Desktop
GET TECHIE
Typical Customer Virtualization Evolution
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
4/30
Copyright 2009 Trend Micro Inc.
By far, the number one concern aboutcloud services is security .-- Frank Gens, IDC, Senior VP & Chief Analyst
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
5/30
Copyright 2009 Trend Micro Inc. 5
Phase 1 Security Challenge
Perimeter- only (Outside -in) approach together
with rapid virtualization have created less secureapplication environments
Through 2012, 60% of virtualized servers will be less secure thanthe physical servers they replace.
Addressing the Most Common Security Risks in Data Center Virtualization Projects Gartner, 25 January 2010
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
6/30
Copyright 2009 Trend Micro Inc.
Phase I: The virtual datacenter is verydynamic !
6
Hypervisor
Inter-VMattacks PCI Mobility Cloud Computing
New Challenges Require a New Security Architecture
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
7/30
Copyright 2009 Trend Micro Inc.
Virtual Machines Need Specialized Protection
Same threats in virtualized servers
as physical.
New challenges:1. Instant-on/Dormant VMs
2. Resource contention
3. VM Sprawl
4. Inter-VM traffic
5. vMotion
7
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
8/30
Copyright 2009 Trend Micro Inc.
Virtualization Security FoundationSecure the workload
App3
OS3
VM3
App1
OS1
VM1
Hypervisor
VM & NetworkSecurity Integration
Self-secured workloadApp FW, IPS, AV
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
9/30
Copyright 2009 Trend Micro Inc.
Customers most common Phase I concern:Instant-on or unmanaged VMs & Patching
Determines missing patches and existing vulnerabilities Operating System
Common desktop applications
Recommends set of lightweight, fast-to-deploy filters Virtually patches the vulnerabilities
Zero-Day protection
Reports on attempts to exploit vulnerabilities
Removes filters as soon as the patch is deployed
Virtual patch endpoints until patch is readyWithout exposing them to exploits
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
10/30
Copyright 2009 Trend Micro Inc.
Deep SecurityInside -out Protection Model for Physical,Virtual and Cloud Computing
De-Militarized Zone (DMZ)
Mission Critical ServersBusiness Servers
FirewallIPS Firewall
NIPSIPS
Firewall
File Integrity
Monitoring
Log Inspection
IDS / IPS
Trend Micro Deep Security Provides A Secure
Container for Applications and Data
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
11/30
Copyright 2009 Trend Micro Inc.
15% 30% 70%
85%
Stage 1Consolidation
DC Consolidation
- Non-mission criticalbase applications
- Standardized hypervisor- Simple VM Management
Stage 2Expansion & Desktop
Mission critical applications&
Endpoint Control
- Performance becomes critical-API and advanced
management useVDI sampling
-Enhanced Compliance controls
Servers
Desktops
Hybrid andselected public cloud
- Multi-hypervisor-Virtualized storage
-Workload Management-Burst to public
Stage 3Private > Public Cloud
GET TECHIE
Typical Customer Virtualization Evolution
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
12/30
Copyright 2009 Trend Micro Inc. 12
Phase 2: Security Challenge
Virtually unaware traditional security
architectures eliminate the benefits of VDI andvirtualized mission-critical applications
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
13/30
Copyright 2009 Trend Micro Inc.
Phase II Server Performance
13
App
OS
ESX Server
App
OS
App
OS
VMsafe APIs
Security VM
Firewall
IDS / IPSAnti-VirusIntegrity
Monitoring
Protect the VM by inspection of virtual components Unprecedented security for the app & data inside the VM Complete integration with, and awareness of, vMotion,
Storage VMotion, HA, etc.
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
14/30
Copyright 2009 Trend Micro Inc.
Phase II: Securing virtual desktops (VDI)
Malware risk potential: Identical to physical desktops Same operating systems Same software Same vulnerabilities Same user activities
=> Same risk of exposing corporate and sensitive data
New challenges, unique to VDI: Identify endpoints virtualization status
Manage resource contention CPU Storage IOPs Network
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
15/30
Copyright 2009 Trend Micro Inc.
FILEREPUTATION
WEBREPUTATION
Phase II: Cloud-client architecture
Threat Collection
Partners
ISPs Routers Etc.
Endpoint
Gateway
SaaS/Managed
Cloud
Management
Off Network
Messaging
Threats
EMAILREPUTATION
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
16/30
Copyright 2009 Trend Micro Inc.
CLOUD-CLIENT ARCHITECTURE Speeds protection
In-the-cloud technologies are constantly updated Frees resources
Offloads growing patterns to the cloud
Phase II: Light and Lean ArchitectureSmart Protection Network
GLOBAL THREAT INTELLIGENCE Correlated
Integrates web, email, and file reputation databases Instant feedback
Immediately updates using global feedback loops
WEB
FILE
EMAIL
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
17/30
Copyright 2009 Trend Micro Inc.
The 9 -AM problem Multiple users log in and download updates at the same time
AV-Storms, Scheduled scans Adds significant load to the endpoint Multiplied by number of VMs
Cumulativesystem loadExisting Endpoint Security Induces
Resource Contention and LimitsDesktop Virtualization Benefits
Phase II: IT Environment ChangesChallenge: Resource Contention with VDI
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
18/30
Copyright 2009 Trend Micro Inc.
Phase II Security has to have VDI-Intelligence
Detects whether endpoints are physical or virtual With VMware View With Citrix XenDesktop
Serialize updates and scans per VDI-host Controls the number of concurrent scans and updates per VDI host Maintains availability and performance of the VDI host Faster than concurrent approach
Leverages Base-Images to further shorten scan times Pre-scans and white-lists VDI base-images Prevents duplicate scanning of unchanged files on a VDI host Further reduces impact on the VDI host
Can be done agentlessly as well
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
19/30
Copyright 2009 Trend Micro Inc.
OfficeScan 10.5 has VDI-intelligence
With OfficeScan 10.5, you can run more than double the number of desktop images per host without sacrificingsecurity
Investment in OfficeScans VDI plug -in pays for itself: In less than 3 months with 1000 users*
In less than 2 months with 2500 users*
*: assuming average cost of $8000 per VDI server and the deployment of standard endpoint secur
You no longer have to choose betweenSecurity and Return On Investment
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
20/30
Copyright 2009 Trend Micro Inc.
Summary of Phase II Solutions
Light and lean agents when deep visibilityis required Using cloud-client architecture
Agent-less option for application & serverperformance Using virtualization APIs
Architecture optimizes performance acrossentire infrastructure Processes are virtually -aware across CPU, network,
and storage
Trend Micro Confidential11/26/2010 20
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
21/30
Copyright 2009 Trend Micro Inc.
15% 30% 70%
85%
Stage 1Consolidation
DC Consolidation
- Non-mission criticalbase applications
- Standardized hypervisor- Simple VM Management
Stage 2Expansion & Desktop
Mission critical applications&
Endpoint Control
- Performance becomes critical-API and advanced
management useVDI sampling
-Enhanced Compliance controls
Servers
Desktops
Hybrid andselected public cloud
- Multi-hypervisor-Virtualized storage
-Workload Management-Burst to public
Stage 3Private > Public Cloud
GET TECHIE
Typical Customer Virtualization Evolution
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
22/30
Copyright 2009 Trend Micro Inc.
Phase III: Virtualized Storage and Multi-tenancyCreates Data Protection Nightmares
Classification 11/26/2010 22
Perimeter
Public andPrivate
CloudDatacenter
Strong perimeter securityNo shared CPU
No shared networkNo shared storage
Weak perimeter securityShared CPU
Shared networkShared storage
Traditional outside -in approach is inadequate in an
inside -out cloud world full of strangers
Hypervisor
C o m p an
y1
A p p2
A p p1
A p p 3
A p p1
A p p2
A p p 3
A p p4
A p p 5
A p pn
C o m p an
y2
C o m p an
y 3
C o m p an
y4
C o m p an
y 5
C o m p an
yn
Hypervisor
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
23/30
Copyright 2009 Trend Micro Inc.
The Public Cloud:Who Has Control? How Secure is the Data?
Servers Virtualization &Private Cloud
Public CloudPaaS
Public CloudIaaS
End-User (Enterprise)Service Provider
Public CloudSaaS
23Trend Micro Confidential 11/26/2010
Hypervisor
C o m p an
y1
A p p2
A p p1
A p p 3
A p p1
A p p2
A p p 3
A p p4
A p p 5
A p pn
C o m p an
y2
C o m p an
y 3
C o m p an
y4
C o m p an
y 5
C o m p an
yn
Hypervisor
Data
Shared CPUShared networkShared storage
Company
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
24/30
Copyright 2009 Trend Micro Inc. 24
Phase 3: Security Challenge
How do I protect data in a virtualized and multi-tenant storage environment (private, hybrid, or
public cloud) ?
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
25/30
Copyright 2009 Trend Micro Inc.
SecureCloud: Enterprise ControlledData Protection for the Cloud
25
Patent pending Trend Micro technology enablesenterprises to retain control of data in the cloud
Trend Micro Confidential11/26/2010 25
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
26/30
Copyright 2009 Trend Micro Inc. 26
All Phases: Architecture Security ChallengeHow do I bring it all together in a manageable way
across virtualized, private and public cloudenvironments?
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
27/30
Copyright 2009 Trend Micro Inc.
A New Security Architecture For A New EraAll environments should be considered un-trusted
Usersaccess app
Image ensures datais always encrypted
and managed
Host defendsitself from attack
EncryptedData
Encryption keyscontrolled by you
DC1, LAN 1
Cloud 2, LAN 1
Data
Cloud 1, LAN 2
DC2, LAN 2
Data
Public CloudDatacenter
Data
Trend Micro Confidential11/26/2010 27
BenefitsFacilitates movement between
datacenter & cloudDelivers security compliancethrough encryptionEnables portability between serviceprovidersEnsures private data in public cloud
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
28/30
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
29/30
Copyright 2009 Trend Micro Inc.
ANSWER: YES, BUT ONLY WITH ABETTER -THAN-PHYSICAL CLOUD
SECURITY ARCHITECTURE
Back to the question: To Virtualize or not ?
Trend Micro Confidential11/26/2010 29
Speed and Business Impact
Expertise and Performance
Massive Cost Reduction
-
8/8/2019 Trend Micro End to End Security Protection by Steve Quane
30/30
Copyright 2009 Trend Micro Inc.
Thank you
For visiting the Trend Micro Carnival