Securing Your Journey to the Cloud

Trend MicroStephen Porter Alliance BDM

Data Center Evolution: Physical. Virtual. Cloud.

Control vs Responsibility?

Servers Virtualization & Private Cloud

Public CloudPaaS

Public CloudIaaS

Public CloudSaaS

%

Ent

erpr

ise

Responsibility

Control Gap

Amazon Web Services™ Customer Agreement

7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.

http://aws.amazon.com/agreement/#7 (3 March 2010)

The cloud customer has responsibility for security and needs to plan for protection.

A New Model for Security – Securing the Computing ChainAll environments should be considered un-trusted

4

Users access app

Host defends

itself from attack

Image ensures data is always

encrypted and

managed

Encrypted Data

Encryption keys only controlled

by you

When this whole chain is secure

Components can move

DC1, LAN 1 Cloud 1, LAN 2

Data

Cloud, LAN 1

Data

DC2, LAN 2

Virtual “neighbours” don’t matterLocation doesn’t matter

Service provider “lock” goes away Shared storage ROI goes up

AdvancedTargetedThreats

EmpoweredEmployees

Re-PerimeterizationVirtualization, Cloud Consumerization & Mobility

Outside-in Perimeter Defense Isn’t Enough…

Source: Forrester

Reduce Noise

6

"The report of my death is an exaggeration.”Mark Twain, New York Journal, June 2, 1897

Stopping stuff on the outside from getting inside allows a focus on events on the inside that would otherwise be impossible

APT and Targeted Attack Profile

Social• Spear Phishing• Drive-by Downloads• Zero-day malware

Key Characteristics

Stealthy• Low profile• Masked activities• Requires specialized detection

Sophisticated• Exploits vulnerabilities• Remote control and backdoor• Uses credentials & privileges

Deep Discovery: Key Technologies

• Deep content inspection across 100’s of protocols & applications

• Smart Protection Network reputationand dynamic black listing

• Sandbox simulation and analysis

• Communication fingerprinting

• Multi-level rule-based event correlation

• And more… Driven by Trend Micro threat researchers and billions of daily events

Specialized Threat DetectionAcross the Attack Sequence

Malicious Content• Emails containing embedded

document exploits• Drive-by Downloads• Zero-day and known malware

Suspect Communication• C&C communication for any

type of malware & bots• Backdoor activity by attacker

Attack Behavior• Malware activity: propagation,

downloading, spamming . . .• Attacker activity: scan, brute

force, service exploitation . . .• Data exfiltration communication

Real-Time Inspection

Analyze

Deep Analysis

CorrelateSimulate

Actionable Intelligence

ThreatConnect

Watch List GeoPlottingAlerts, Reports,

Evidence Gathering

9

Visibility – Real-time DashboardsInsight – Risk-based AnalysisAction – Remediation Intelligence

Identify Attack Behavior & Reduce False Positives

Detect Malicious Content and Communication

Out of band network data feed of all network traffic

Physical Virtual Cloud

Manageability

Glut of security products

Less security

Higher TCO

Reduce Complexity

One Security Model is Possible across Physical, Virtual, and Cloud Environments

PLATFORM-SPECIFIC SECURITY RISKS

Integrated Security: Single Management Console

Performance & Threats

Traditional security degrades performance

New VM-based threats

Increase Efficiency

Visibility & Threats

Less visibility

More external risks

Deliver Agility

Consolidate Physical Security REDUCE COMPLEXITY

One Server Security Platform

REDUCE COMPLEXITY

Firewall HIPS / Virtual Patching

Web Application Protection

Antivirus Integrity Monitoring

Log Inspection

AdvancedReporting Module

Single ManagementConsole

Software Agent Based Solution

Server and DesktopVirtualization Security

INCREASE EFFICIENCY

Challenge: Complexity of ManagementVIRTUALIZATION SECURITY

VM sprawl inhibits compliance

Patch agents

Rollout patterns

Provisioning new VMs

Reconfiguring agents

Cloned

Challenge: Instant-on GapsVIRTUALIZATION SECURITY

Dormant Active Reactivated without dated security

Reactivated and cloned VMs can have out-of-date security

Challenge: Dynamic movement Load Balancing or V-Motion

VIRTUALIZATION SECURITY

VMs moving between hosts can cause manual intervention and Introduce risk

Challenge: Resource ContentionVIRTUALIZATION SECURITY

Typical Security

Console 09:00am Virus Definition Updates

Configuration Storm

Automatic security scans overburden the system

3:00am Integrity Scan

Security Zone

vShield App and Zones

Application protection from network based threats

vShield Security

VMware vSphere + vCenter

Securing the Private Cloud End to End: from the Edge to the Endpoint

Edge

vShield Edge

Secure the edge of the virtual datacenter

Endpoint = VM

vShield Endpoint

Enables offloaded SecurityFIM, anti-virus, IDS/IPS …

Virtual Datacenter 1 Virtual Datacenter 2

DMZ PCI compliant

GPG13 compliant

Web ViewVMwarevShield

VMwarevShield

VMware vShield Manager

Fitting into the VMware Ecosystem

VIRTUALIZATION SECURITY

vSphere Virtual Environment

Integrates with vCenter

Trend Micro Deep Security

Security Virtual Machine

Log Inspection

Agent-based

Other VMware APIs

IDS / IPS

Web Application Protection

Application Control

Firewall

Agentless

Agentless

vShieldEndpoint

Antivirus

Integrity Monitoring

Secure the lifecycle of the VM VIRTUALIZATION SECURITY

Moving VM’s

Restarted VM

Self Service new VMs

Reconfiguring VM - Clones

Relevant Deep Security

Controls FIMDPIFirewallAV

FIMDPIFirewallAV

FIMDPIFirewallAV

FIMDPIFirewallAV

FIMDPIFirewallAV

Recommendation Scan

vCenter

• Jan 2011 results of testing conducted by AV-Test.org

• Threats prevented at each layer (of total threats that reached that layer)

• 33% • 65 / 200

• 53% • 72 / 135

• 19% • 12/ 65

• 200 threats • 135 threats • 65 threats • 51 threats

• End-to-End• 75%• (149 of 200)• average of all enterprise products

97% of threats blocked at the first layer of defense

21

Trend Micro Microsoft Sophos McAfee Symantec

ExposureLayer

97% 2% 63% 1% 0%(194 of 200) (3 of 200) (126 of 200) (2 of 200) (0 of 200)

InfectionLayer

67% 68% 19% 50% 54%(4 of 6) (134 of 197) (14 of 74) (99 of 198) (108 of 200)

DynamicLayer

100% 6% 23% 25% 16%(2 of 2) (4 of 63) (14 of 60) (25 of 99) (15 of 92)

All Layers 100% 71% 77% 63% 62%(200 of 200) (141 of 200) (154 of 200) (126 of 200) (123 of 200)

Integrated Management - vCenter

Deep Security 8.0VM Lifecycle • Creation• Configuration• Deployment• Dynamic update• V-Motion• Restart

vCenter

Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations

3X higher VDI VM consolidation ratios

Increased ROI with Deep SecurityExample: Agentless Antivirus

VIRTUALIZATION SECURITY

Traditional AV

Agentless AV

0 10 20 30 40 50 60 70 80

VM servers per host

75

25

3-year Savings on 1000 VDI VMs = $539,600

Cloud Deploymentsand Security

DELIVER AGILITY

Protect my data

25

Inside-out Security

Smart

Context aware

Self-Secured Workload

Local Threat Intelligence

When Timeline Aware

Who Identity Aware

Where Location Aware

What Content Aware

User-defined Access Policies

Encryption

DATAINSIDE-OUT SECURITY

When data is moved, unsecured data remnants can remain

Challenge: Data DestructionCLOUD SECURITY

100110111000101

100110111000101

10011 000101

Sensitive Research Results

• Unreadable for unauthorized users

• Control of when and where data is accessed

• Server validation

• Custody of keys

Data SecurityEncryption

with Policy-based Key Management

Server & App Security Modular Protection

• Self-defending VM security

• Agentless and agent-based

• One management portal for all modules, all deployments

vSphere & vCloud

Integration ensures servers have up-to-date security before encryption keys are released

What is the Solution? Data ProtectionCLOUD SECURITY

VM VM VM VMVM VM VM VMVM VM VM VM

VMware vCloud

VMware vSphere

Encryption throughout your cloud journey—data protection for virtual & cloud environments

Enterprise Key

Key Service Console

Trend Micro SecureCloud

Data Center Private Cloud Public Cloud

Fitting Encryption into a VMware EcosystemCLOUD SECURITY

Test Test

Deep Security / Secure Cloud Example

Classification 04/11/2023

29

Vmware Vsphere ESX

CustomerCustomer

Customer 1 Customer 2

Unix/Win

Server

Encrypted Volumes on SAN, NAS, Cloud Service …

PolicyServer

Key Service

Specialized Protectionfor Physical, Virtual, and Cloud

Physical Virtual Cloud

TREND MICRO DEEP SECURITY

Only fully integrated server security platform

First hypervisor-integrated agentless antivirus

First agentless file integrity monitoring (FIM)

Only solution in its category to be EAL4+and FIPS certified

Only solution to offer agentless:AntivirusIntegrity monitoringIntrusion detection & preventionWeb application protection Firewall

2011 Technology Alliance Partner of the YearTREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER

Improves Securityby providing the most secure virtualization

infrastructure, with APIs, and certification programs

Improves Virtualizationby providing security solutions architected to fully

exploit the VMware platform

2008 2009 2011

Feb: Join VMsafe program

RSA: Trend Micro VMsafe demo, announces

Coordinated approach & Virtual pricing

RSA: Trend Micro announces virtual appliance

2010:>100 customers >$1M revenue

VMworld: Announce Deep Security 8w/ Agentless FIM

1000 Agentless customers

VMworld: Trend virtsec customer, case study,

webinar, video

May: Trend acquires

Third Brigade

July:CPVM

GA

Nov: Deep Security 7with virtual appliance

RSA: Trend Micro Demos Agentless

2010

Q4: Joined EPSEC vShield

Program

VMworld: Announce

Deep Security 7.5

Sale of DS 7.5 Before GA

Dec: Deep Security 7.5w/ Agentless Antivirus

RSA: Other vendors

“announce” Agentless