Giovanni Alberici • EMEA Product Marketing

Addressing the new security challenges posed by virtualisation & cloud computing

Stage 1Consolidation

Stage 2Expansion & Desktop

Stage 3Private > Public Cloud

15%

30%

70%

85%

Servers

DesktopsVirtualization Adoption Rate

Cost-efficiency + Quality of Service + Business Agility

Data centres are evolving to drive down costs and increase business flexibility

The evolving data centre

Security challenges in the cloud

Inter-VM attacksInstant-ON gaps

Stage 1Consolidation

Stage 2Expansion & Desktop

Stage 3Private > Public Cloud

Servers

DesktopsVirtualization Adoption Rate

Cost-efficiency + Quality of Service + Business Agility

15%

30%

70%

85%

Inter-VM attacksInstant-ON gaps

Mixed Trust Level VMsResource Contention

Maintaining Compliance

Cloned

Challenge: Instant-on Gaps

Dormant Active Reactivated with

out dated security

New, reactivated and cloned VMs can have out-of-date security

Attacks can spread across VMs

Challenge: Inter-VM Attacks / Blind Spots

Not Patched

Patched

Virtualization - patching doesn’t go away

04/10/20236

Copyright 2012 Trend Micro Inc.

“…virtual machine proliferation could soon make it very difficult to maintain compliant environments.” VMware on Patch Management

Security challenges in the cloud

Inter-VM attacksInstant-ON gaps

Stage 1Consolidation

Stage 2Expansion & Desktop

Stage 3Private > Public Cloud

Servers

DesktopsVirtualization Adoption Rate

Cost-efficiency + Quality of Service + Business Agility

15%

30%

70%

85%

Inter-VM attacksInstant-ON gaps

Mixed Trust Level VMsResource Contention

Maintaining ComplianceService Provider (in)Security

Multi-tenancy

Inter-VM attacksInstant-ON gaps

Mixed Trust Level VMsResource Contention

Maintaining Compliance

Data security challenges in the cloud

Encryption rarely used: - Who can see your information?

Storage volumes and servers are mobile: - Where is your data? Has it moved?

Rogue servers might access data: - Who is attaching to your storage?

Audit and alerting modules lacking: - What happened when you weren’t looking?

Encryption keys tied to vendor:- Are you locked into a single security solution? Who has access to your keys?

Storage volumes contain residual data: - Are your storage devices recycled securely?

Classification 04/10/2023

9

Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…

Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…

Challenges for public cloud

Shared StorageShared

Firewall

Virtual Servers

Shared network inside the firewall

Shared firewall – Lowest common

denominator – less fine grained control

Multiple customers on one physical server –

potential for attacks via the hypervisor

Shared storage – is customer segmentation secure against attack?

Easily copied machine images – who else has

your server?

Internet

Public Cloud: Private Security

Shared StorageShared

Firewall

Virtual Servers

Shared network inside the firewall

Shared firewall – Lowest common

denominator – less fine grained control

Multiple customers on one physical server – potential for

attacks via the hypervisor

Shared storage – is customer segmentation secure against attack?

Easily copied machine images – who else has your server?

Doesn’t matter – the edge of my virtual machine is protected

Doesn’t matter – treat the LAN as public

Doesn’t matter – treat the LAN as public

Doesn’t matter – They can start my server but only I can unlock

my data

Doesn’t matter – My data is encrypted

Internet

Copyright 2013 Trend Micro Inc.

Data Center

Physical

Enabling the Data Center (R)evolution

Virtual Private Cloud Public Cloud

Deep Security Agent/Agentless

Anti-MalwareIntegrity

MonitoringApplication

ControlLog

InspectionFirewallVirtual

Patching

Data Center Ops

Security

By 2016, 71% of server workloads

will be virtualized

Any Hypervisor

Virtualization Security - Agent Based

VMware Hypervisor

Virtualization Security - Agentless

Improves system performance1

Eases security administration2

Improves security & compliance3

Advantages of Deep Security for Virtualization

Enables workload flexibility4

15

Deep Security Virtual Appliance

Improves system performance1

50% more VDIs

20 – 30% more virtual servers

04/10/2023 16Confidential | Copyright 2012 Trend Micro Inc.

Deep Security 9 Scan Cache

• Separate cache for Anti-malware scheduled/on-demand and Integrity Monitoring

• Up to 20x improvement for Anti-malware scans between VMs

• Reduce resources and overall on-demand scan time for Anti-malware

• Reduce overall baseline time for Integrity Monitoring

• Great benefits for VDI (VMs are linked clones)

04/10/2023 17Confidential | Copyright 2012 Trend Micro Inc.

Anti-malware Scan Performance1st AM scan

2nd AM scan

(cached)

Scan time ~ 20x fasterSignificant DSVA CPU Reduction

Huge IO Volume Reduction

18

• Visibility into virtual and cloud environments– vCenter, Active Directory,

vCloud, Amazon (AWS)

• Automation & Recommendation – Identify unique security

controls required– OS, applications,

patch-levels, vulnerabilities– Automatically deploy and

activate security policies– Example: SAP server

requires 28 controls

Provisioning InfrastructurevCenter, AD, vCloud and

AWS

Virtual Appliance

Public Cloud

Deep Security• Scalable • Redundant

SAP

ExchangeServers

Oracle

Web Server

Web Server

73controls

8controls

28controls

19controls

15controls

Linux Server

Eases security administration2

04/10/2023 19Confidential | Copyright 2012 Trend Micro Inc.

Global threat intelligence from the cloud

… collects 6TB worth of data for analysis

… analyses 1.15B new threat samples

… identifies 90,000 new threats

… blocks 200M threats

EVERY

24HOURS

20

Improves security & compliance3

Patch Management is a Growing Challenge

Critical “Software Flaw” Vulnerabilities in 2012Common Vulnerabilities & Exposures (“CVE”): Score 7-101,764

Almost 7 critical vulnerabilities everyday!

04/10/2023 21Confidential | Copyright 2013 Trend Micro Inc.

“Due to the increasing volume of public vulnerability reports, the Common Vulnerabilities and Exposures (CVE) project will change the syntax of its standard vulnerability identifiers so that CVE can track more than 10,000 vulnerabilities in a

single year.” http://cve.mitre.org/news/index.html

2012 saw 26% increase in # of vulnerabilities disclosed NSS Labs

22

Virtual Patching with Deep Security

Time

Vulnerabilitydiscovered

Over 100 applications shielded including:

Operating Systems

Database servers

Web app servers

Mail servers

FTP servers

Backup servers

Storage mgt servers

DHCP servers

Desktop applications

Mail clients

Web browsers

Anti-virus

Other applications

Patchavailable

Patchtested

Patch deployed

Systems at risk!

Reduced risk!

Virtualpatch

23

Compliance with Deep Security

IDS / IPS

Web Application Protection

Application Control

Firewall

Deep Packet Inspection

Integrity Monitoring

Log Inspection

Anti-Malware

5 Protection Modules

Defence In Depth

Addressing 7 PCI requirements and 20+ sub-controls including:

(1.) Network Segmentation

(1.x) Firewall

(5.x) Anti-Malware

(6.1) Virtual Patching

(6.6) Web App. Protection

(10.6) Daily Log Review

(11.4) IDS / IPS

(11.5) Integrity Monitoring

PCI-DSS Compliance

Physical

Database

Storage

Web Server

Enterprise

Providers

Deep Security

Web Access

Enables workload flexibility4

Physical Virtual Cloud

Manageability

Glut of security products

Less security

Higher TCO

Reduce Complexity

One Security Model is Possible across Physical, Virtual, and Cloud Environments

Integrated Security: Single Management Console

Performance & Threats

Traditional security degrades performance

New VM-based threats

Increase Efficiency

Visibility & Threats

Less visibility

More external risks

Deliver Agility

04/10/2023 26Confidential | Copyright 2012 Trend Micro Inc.

Thank You!