Upload
trend-micro-emea-limited
View
634
Download
3
Embed Size (px)
DESCRIPTION
The world of computing is moving to the cloud – shared infrastructures, shared systems, instant provisioning and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data. But how secure is your data in the cloud and do conventional security products offer the optimal approach to securing your virtualised environments? In this presentation we examine security and performance concerns along your journey to the cloud and explore new technologies from VMware and Trend Micro. These innovations are all ready helping thousands of businesses to address the security challenges with Physical, Virtual and cloud platforms.
Citation preview
Data Center Evolution: Physical. Virtual. Cloud.Securing Your Journey to the Cloud
Trend Micro
Where is Your Data?JOURNEY TO THE CLOUD
where is your
Data?SERVER
VIRTUALIZATION
HYBRID CLOUD PUBLIC CLOUD
BYOPC
DESKTOPVIRTUALIZATION
PHYSICALDESKTOPS & SERVERS
MOBILE PRIVATE CLOUD
One Security Model is Possible across Physical, Virtual, and Cloud Environments
CROSS-PLATFORM SECURITY
Physical Virtual Cloud
New platforms don’t change the threat landscape
Each platform has unique security risks
Integrated security is needed across all platforms
Physical Virtual Cloud
One Security Model is Possible across Physical, Virtual, and Cloud Environments
PLATFORM-SPECIFIC SECURITY RISKS
Integrated Security: Single Management Console
Manageability
Glut of security products
Less security
Higher TCO
Reduce Complexity
Performance & Threats
Traditional security degrades performance
New VM-based threats
Increase Efficiency
Visibility & Threats
Less visibility
More external risks
Deliver Agility
Consolidate Physical Security REDUCE COMPLEXITY
One Server Security PlatformREDUCE COMPLEXITY
Firewall HIPS / Virtual Patching
Web Application Protection
Antivirus Integrity Monitoring
Log Inspection
AdvancedReporting Module
Single ManagementConsole
Server and DesktopVirtualization Security
INCREASE EFFICIENCY
Challenge: Resource ContentionVIRTUALIZATION SECURITY
Typical AV
Console3:00am Scan
Antivirus Storm
Automatic security scans overburden the system
Challenge: Instant-on GapsVIRTUALIZATION SECURITY
Dormant Active
Cloned
Challenge: Instant-on GapsVIRTUALIZATION SECURITY
Active Reactivated without dated security
Reactivated and cloned VMs can have out-of-date security
Challenge: Complexity of ManagementVIRTUALIZATION SECURITY
VM sprawl inhibits compliance
Patch agents
Rollout patterns
Provisioning new VMs
Reconfiguring agents
Attacks can spread across VMs
Challenge: Inter-VM Attacks / Blind Spots
VIRTUALIZATION SECURITY
ESX
vSphere Platform
Guest VM’s
OS
Trend MicroDeep Security
Manager
Agent-less Security Architecture
vShield Endpoint ESX Module
vCenter
VM tools
vShield Manager
Trend Microproduct
components
Trend Microproduct
components
vShield Endpoint
Components
VMware Platform
VI Admin
Security Admin
APPsAPPsAPPsAPPs
APPsAPPs
Trend Micro Deep Security Virtual Appliance
Anti-Malware
- Real-time
Scan- Scheduled &
Manual
Scan
Network Security
- IDS/IPS- Web App
Protection- Application
Control- Firewall
Trend Microfilter driver
Trend Microfilter driver
VMsafe-net API
vShield Endpoint API
Legend
What is the Solution?Layered, Virtualization-Aware Security in One Platform
VIRTUALIZATION SECURITY
Security Virtual Appliance
VM VM VM
With Agentless Security
VM
VM VM VM VMVM VM
Deep Security Integrated Modules:
• Antivirus• Integrity Monitoring• Intrusion Prevention• Web Application Protection• Application Control• Firewall• Log Inspection
HigherDensity
OptimizedResources
SimplifiedManagement
StrongerSecurity
Maximizes Performance and ROI
Agentless Anti-malwareCity of Oulu, Finland
CASE STUDY
Industry Municipal Government
Number of Employees 10,000
Challenge
• Merge infrastructures of four surrounding cities in less than one year
• Extend the lives of existing PCs that cannot be upgraded to Windows 7
• Minimize the start-up efforts for the infrastructure merger
• Avoid complexity that would slow systems or increase workload
Solution
• vShield Endpoint and Trend Micro Deep Security, for agentless protection of virtual desktop infrastructure (VDI)
Business Results
• Protection that is easy to deploy, administer, and scale
• Agentless security that is more resource
• Instant protection of new VMs at time of spin-up
Cloud Deploymentsand Security
DELIVER AGILITY
Cloud Models: Who Has Control?CLOUD SECURITY
Servers Virtualization & Private Cloud
Public CloudIaaS
Public CloudPaaS
Public CloudSaaS
End-User (Enterprise) Service Provider
Who is responsible for security?
With IaaS the customer is responsible for VM-level security
With SaaS or PaaS the service provider is responsible for security
Shared resources creates a mixed trust level environment
Challenge: Multi-tenancy / Mixed Trust Level VMsCLOUD SECURITY
There can be less visibility and control of cloud data
Challenge: Data Access and GovernanceCLOUD SECURITY
When data is moved, unsecured data remnants can remain
Challenge: Data DestructionCLOUD SECURITY
100110111000101
100110111000101
10011 000101
Sensitive Research Results
• Unreadable for unauthorized users
• Control of when and where data is accessed
• Server validation
• Custody of keys
Data SecurityEncryption
with Policy-based Key Management
Server & App Security Modular Protection
• Self-defending VM security
• Agentless and agent-based
• One management portal for all modules, all deployments
22
vSphere & vCloud
Integration ensures servers have up-to-date security before encryption keys are released
What is the Solution? Data ProtectionCLOUD SECURITY
23
VM VM VM VMVM VM VM VMVM VM VM VM
VMware vCloud
VMware vSphere
Encryption throughout your cloud journey—data protection for virtual & cloud environments
Enterprise Key
Key Service Console
Trend Micro SecureCloud
Data Center Private Cloud Public Cloud
Fitting Encryption into a VMware EcosystemCLOUD SECURITY
Test Test
Deep Security / Secure Cloud Example
VMware Vsphere ESX
CustomerCustomer
Customer 1 Customer 2
Unix/Win
Server
Specialized Protectionfor Physical, Virtual, and Cloud
Physical Virtual Cloud
TREND MICRO DEEP SECURITY
Only fully integrated server security platform
First hypervisor-integrated agentless antivirus
First agentless file integrity monitoring (FIM)
Only solution in its category to be EAL4+and FIPS certified
Only solution to offer agentless:AntivirusIntegrity monitoringIntrusion detection & preventionWeb application protection Firewall
2011 Technology Alliance Partner of the YearTREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER
Improves Securityby providing the most secure virtualization
infrastructure, with APIs, and certification programs
Improves Virtualizationby providing security solutions architected to fully
exploit the VMware platform
2008 2009 2011
Feb: Join VMsafe program
RSA: Trend Micro VMsafe demo, announces
Coordinated approach & Virtual pricing
RSA: Trend Micro announces virtual appliance
2010:>100 customers >$1M revenue
VMworld: Announce Deep Security 8w/ Agentless FIM
1000 Agentless customers
VMworld: Trend virtsec customer, case study,
webinar, video
May: Trend acquires
Third Brigade
July:CPVM
GA
Nov: Deep Security 7with virtual appliance
RSA: Trend Micro Demos Agentless
2010
Q4: Joined EPSEC vShield
Program
VMworld: Announce
Deep Security 7.5
Sale of DS 7.5 Before GA
Dec: Deep Security 7.5w/ Agentless Antivirus
RSA: Other vendors
“announce” Agentless
Trend is No.1 in Server and Virtualization Security
Physical Virtual Cloud
VIRTUALIZATION AND CLOUD SECURITY
Trend Micro23.7%
Trend Micro13%
Source: IDC, 2011 - Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: 2011 Technavio – Global Virtualization Security Management Solutions