Trend Micro plus F5: better together - Veracomp Adria · Trend Micro plus F5: better together ......
Transcript of Trend Micro plus F5: better together - Veracomp Adria · Trend Micro plus F5: better together ......
Copyright 2016 Trend Micro Inc.3
Trend Micro 27 years focused on security software
Headquartered in Japan, Tokyo Exchange Nikkei Index (4704)
Customers include 48 of top 50 global corporations
5200+ employees, 38 business units worldwide
500k commercial customers &155M endpoints protected
Small Business
Midsize Business
Enterprise
ConsumerConsumers
Email and Web Protection
Cloud App Security for Office 365 and Deep Discovery Email Inspector block ransomware before it gets to your users.
Spear Phishing ProtectionIdentify and block emails which spur users to action that will deliver ransomware
Malware ScanningScan for ransomware in emails, attachments and downloads
Web ReputationBlock access to know malicious urls
Sandbox Attachments and URLsDetect and stop malicious URLs, document exploits, macros and scripts
Endpoint Protection
Ransomware Behavior MonitoringDetect and stop unauthorized encryption of multiple files
Vulnerability ShieldingVirtually patche endpoint software until it can be patched, shielding endpoints against vulnerability exploits
Application ControlAllow only know good applications to run
Lateral Movement DetectionIDS/IPS rules detect and block lateral movement of attackers
Smart Protection Suites deliver the broadest range of next-gen endpoint protection to detect and block ransomware that makes it to the endpoint.
Copyright 2016 Trend Micro Inc.10
Network Protection
Deep Discovery Inspector detect and block ransomware from spreading on your network via unmanaged devices or other attack methods like island hopping.
Custom Sandbox AnalysisDetect mass file modifications, encryption behavior and modifications that are consistent with ransomware
Network MonitoringMonitor all network ports and protocols:• pattern and reputation analysis
and script emulation• zero-day exploits and command
and control traffic
Server Protection
Deep Security stops ransomware from impacting your most critical data on your servers, whether physical, virtual or in the cloud.
C&C Traffic DetectionDetect and alert on ransomware-specific command & control traffic
Vulnerability ShieldingVirtually patches server software until it can be patched, shielding servers against vulnerability exploits
Suspicious Action MonitoringDetect suspicious activity on file servers related to ransomware and stops it
Malware ScanningScan for malicious software and stop it
Copyright 2016 Trend Micro Inc.12
Connected Threat Defense: Better, Faster Protection
Gain centralized visibility
across the system, and
analyze and assess
impact of threats
Enable rapid response through shared threat
intelligence and delivery of real-time security
updates
Detect advanced malware,
behavior and
communications invisible
to standard defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
PROTECT
DETECT
RESPOND
Gartner Magic Quadrant forEndpoint Protection PlatformsFeb 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Copyright 2016 Trend Micro Inc.15
The market leader in server security for the 6th straight year!1
SymantecIntel
Other
Trend Micro
30.3%
Sources: 1. IDC, Server Security: Virtualization and Cloud Changes Everything , January 2016
Copyright 2016 Trend Micro Inc.16
Exploits & Evasions – Oct 2015
Source: NSS Labs October 2015
98.8% 98.3%
90.1%88.4%
80.8%
62.8%
40.0%
50.0%
60.0%
70.0%
80.0%
90.0%
100.0%
Trend Micro Symantec Kaspersky McAfee Sophos F-Secure
Copyright 2016 Trend Micro Inc.17Source: av-test.orgJan 2014 to Dec 2015
17.2917.00
16.5816.00
15.72 15.71
13.50
11.00
0.00
2.00
4.00
6.00
8.00
10.00
12.00
14.00
16.00
18.00
Trend Micro Kaspersky Symantec F-Secure McAfee Sophos Cylance Microsoft
Best Overall Score2014-2015: Includes performance, protection (prevalent & 0-day) & usability
Copyright 2016 Trend Micro Inc.18
Trend Micro + F5: better togetherSynergy for better security and scalability
Scenario 1: protecting public services featuring file uploads
• Document digital signing services (government or private)
• Email attachments on OWA or other web based email service
• Prevent malicious uploads (document exploits, etc)
It is now safe to upload attachments!
Internetusers
F5 BIG-IP
Trend Micro Web Security
Optionally add Trend Micro Deep Discovery Analyzer for sandbox detonation
Scale Ou
t
Scale Out
Trend Micro Web Security
HTTP(S) uploads to public web service
Safe HTTP(S) uploads
We
b a
pp
licat
ion
se
rve
r p
oo
l
Scale Out
ICAP Pool
The solution benefits
• Strategic point of control in the
network (application-layer traffic
steering)
• Allows integration of AV scanning
without changing application code
(clean separation of functions)
• Reduces the resource requirements
of web/application servers by
offloading and only forwarding valid
uploads to the application
• Either HTTP or HTTPS (SSL) traffic
• Aggregates logging/auditing for
compliance and reporting
• Best-of-breed content security
• 25+ years of malware security
expertise
• Advanced Threat Protection (ATP)
including latest sandboxing and
machine learning technologies
• Not dependent on application
code, reuses standard (ICAP) and
out-of-the-box integration
• Scalability and failover assured at
each point of failure! Failopen or
failover
Copyright 2016 Trend Micro Inc.23
Scenario 2: protecting internal web users
• Organization users surf the internet and are exposed to advanced malware, inappropriate content and data leakage
• Increasing share of user traffic is SSL encrypted, making malicious content slip through the defenses
ATP&AV, URL filtering and DLP for web users, even if SSL encrypted!
F5 BIG-IP
Trend Micro Web Security
Trend Micro Deep Discovery Analyzer
Scale Out
Trend Micro Web Security
HTTP(S)
Scale Out
ICAP PoolEndpointsInternet
HTTP(S)
AntimalwareOptionally URL filtering
and DLP
Optional ATP Sandboxing
The solution benefits
• Strategic point of control in the
network
• Intelligent application traffic
steering (only relevant traffic can
be scanned)
• Offers optimized SSL decrpytion,
even on non-standard ports
• Optionally can handle URL filtering
on-box
• ICAP client allows for both HTTP
response and request scanning (DLP)
• Best-of-breed content security
• Advanced Threat Protection (ATP)
including latest sandboxing and
machine learning technologies
• URL filtering leveraging Smart
Protection Network
• Data loss prevention (DLP)
• Out-of-the-box integration via
ICAP
• Scalability and failover assured at
each point of failure!
Copyright 2016 Trend Micro Inc.26
Scenario 3: SSL TAP for ATP inspection
• Increasing share of user traffic directed to internet is SSL encrypted, making malicious content slip through the defenses
• Trend Micro Deep Discovery Inspector, a network layer ATP solution can be provided decrypted traffic by F5
Provide SSL decrypted traffic for ATP analysis
F5 BIG-IP
Trend Micro Deep Discovery Inspector
Optionally add Deep Discovery Analyzerfor sandbox detonation
SSL
EndpointsInternet
SSL
Decrypted trafficClone pool
The solution benefits
• Strategic point of control in the
network
• Intelligent application traffic
steering (only relevant traffic can
be scanned)
• Swiss-knife for network traffic;
clones traffic for use by
IDS/IPS/network monitoring
solutions, effectively serving as
intelligent tap solution
• Offers optimized SSL decrpytion,
even on non-standard ports
• Best-of-breed content security
• Advanced Threat Protection (ATP)
including latest sandboxing and
machine learning technologies
• Deep Discovery Inspector: full
application layer ATP visibility and
scanning (not only web, but also
smtp, dns, etc)
Conclusion
• F5 Networks => Strategic point of control enabling flexible application traffic steering
• Trend Micro => best-of-breed content security protecting both public services and internal network users from malicious content
• Better together: scalable, flexible and secure