vmug birmingham mar2013 trendmicro
Post on 06-Dec-2014
212 Views
Preview:
DESCRIPTION
TRANSCRIPT
Giovanni Alberici • EMEA Product Marketing
Addressing the new security challenges posed by virtualisation & cloud computing
Stage 1Consolidation
Stage 2Expansion & Desktop
Stage 3Private > Public Cloud
15%
30%
70%
85%
Servers
DesktopsVirtualization Adoption Rate
Cost-efficiency + Quality of Service + Business Agility
Data centres are evolving to drive down costs and increase business flexibility
The evolving data centre
Security challenges in the cloud
Inter-VM attacksInstant-ON gaps
Stage 1Consolidation
Stage 2Expansion & Desktop
Stage 3Private > Public Cloud
Servers
DesktopsVirtualization Adoption Rate
Cost-efficiency + Quality of Service + Business Agility
15%
30%
70%
85%
Inter-VM attacksInstant-ON gaps
Mixed Trust Level VMsResource Contention
Maintaining Compliance
Cloned
Challenge: Instant-on Gaps
Dormant Active Reactivated with
out dated security
New, reactivated and cloned VMs can have out-of-date security
Attacks can spread across VMs
Challenge: Inter-VM Attacks / Blind Spots
Not Patched
Patched
Virtualization - patching doesn’t go away
04/10/20236
Copyright 2012 Trend Micro Inc.
“…virtual machine proliferation could soon make it very difficult to maintain compliant environments.” VMware on Patch Management
Security challenges in the cloud
Inter-VM attacksInstant-ON gaps
Stage 1Consolidation
Stage 2Expansion & Desktop
Stage 3Private > Public Cloud
Servers
DesktopsVirtualization Adoption Rate
Cost-efficiency + Quality of Service + Business Agility
15%
30%
70%
85%
Inter-VM attacksInstant-ON gaps
Mixed Trust Level VMsResource Contention
Maintaining ComplianceService Provider (in)Security
Multi-tenancy
Inter-VM attacksInstant-ON gaps
Mixed Trust Level VMsResource Contention
Maintaining Compliance
Data security challenges in the cloud
Encryption rarely used: - Who can see your information?
Storage volumes and servers are mobile: - Where is your data? Has it moved?
Rogue servers might access data: - Who is attaching to your storage?
Audit and alerting modules lacking: - What happened when you weren’t looking?
Encryption keys tied to vendor:- Are you locked into a single security solution? Who has access to your keys?
Storage volumes contain residual data: - Are your storage devices recycled securely?
Classification 04/10/2023
9
Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…
Name: John DoeSSN: 425-79-0053Visa #: 4456-8732…
Challenges for public cloud
Shared StorageShared
Firewall
Virtual Servers
Shared network inside the firewall
Shared firewall – Lowest common
denominator – less fine grained control
Multiple customers on one physical server –
potential for attacks via the hypervisor
Shared storage – is customer segmentation secure against attack?
Easily copied machine images – who else has
your server?
Internet
Public Cloud: Private Security
Shared StorageShared
Firewall
Virtual Servers
Shared network inside the firewall
Shared firewall – Lowest common
denominator – less fine grained control
Multiple customers on one physical server – potential for
attacks via the hypervisor
Shared storage – is customer segmentation secure against attack?
Easily copied machine images – who else has your server?
Doesn’t matter – the edge of my virtual machine is protected
Doesn’t matter – treat the LAN as public
Doesn’t matter – treat the LAN as public
Doesn’t matter – They can start my server but only I can unlock
my data
Doesn’t matter – My data is encrypted
Internet
Copyright 2013 Trend Micro Inc.
Data Center
Physical
Enabling the Data Center (R)evolution
Virtual Private Cloud Public Cloud
Deep Security Agent/Agentless
Anti-MalwareIntegrity
MonitoringApplication
ControlLog
InspectionFirewallVirtual
Patching
Data Center Ops
Security
By 2016, 71% of server workloads
will be virtualized
Any Hypervisor
Virtualization Security - Agent Based
VMware Hypervisor
Virtualization Security - Agentless
Improves system performance1
Eases security administration2
Improves security & compliance3
Advantages of Deep Security for Virtualization
Enables workload flexibility4
15
Deep Security Virtual Appliance
Improves system performance1
50% more VDIs
20 – 30% more virtual servers
04/10/2023 16Confidential | Copyright 2012 Trend Micro Inc.
Deep Security 9 Scan Cache
• Separate cache for Anti-malware scheduled/on-demand and Integrity Monitoring
• Up to 20x improvement for Anti-malware scans between VMs
• Reduce resources and overall on-demand scan time for Anti-malware
• Reduce overall baseline time for Integrity Monitoring
• Great benefits for VDI (VMs are linked clones)
04/10/2023 17Confidential | Copyright 2012 Trend Micro Inc.
Anti-malware Scan Performance1st AM scan
2nd AM scan
(cached)
Scan time ~ 20x fasterSignificant DSVA CPU Reduction
Huge IO Volume Reduction
18
• Visibility into virtual and cloud environments– vCenter, Active Directory,
vCloud, Amazon (AWS)
• Automation & Recommendation – Identify unique security
controls required– OS, applications,
patch-levels, vulnerabilities– Automatically deploy and
activate security policies– Example: SAP server
requires 28 controls
Provisioning InfrastructurevCenter, AD, vCloud and
AWS
Virtual Appliance
Public Cloud
Deep Security• Scalable • Redundant
SAP
ExchangeServers
Oracle
Web Server
Web Server
73controls
8controls
28controls
19controls
15controls
Linux Server
Eases security administration2
04/10/2023 19Confidential | Copyright 2012 Trend Micro Inc.
Global threat intelligence from the cloud
… collects 6TB worth of data for analysis
… analyses 1.15B new threat samples
… identifies 90,000 new threats
… blocks 200M threats
EVERY
24HOURS
20
Improves security & compliance3
Patch Management is a Growing Challenge
Critical “Software Flaw” Vulnerabilities in 2012Common Vulnerabilities & Exposures (“CVE”): Score 7-101,764
Almost 7 critical vulnerabilities everyday!
04/10/2023 21Confidential | Copyright 2013 Trend Micro Inc.
“Due to the increasing volume of public vulnerability reports, the Common Vulnerabilities and Exposures (CVE) project will change the syntax of its standard vulnerability identifiers so that CVE can track more than 10,000 vulnerabilities in a
single year.” http://cve.mitre.org/news/index.html
2012 saw 26% increase in # of vulnerabilities disclosed NSS Labs
22
Virtual Patching with Deep Security
Time
Vulnerabilitydiscovered
Over 100 applications shielded including:
Operating Systems
Database servers
Web app servers
Mail servers
FTP servers
Backup servers
Storage mgt servers
DHCP servers
Desktop applications
Mail clients
Web browsers
Anti-virus
Other applications
Patchavailable
Patchtested
Patch deployed
Systems at risk!
Reduced risk!
Virtualpatch
23
Compliance with Deep Security
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Integrity Monitoring
Log Inspection
Anti-Malware
5 Protection Modules
Defence In Depth
Addressing 7 PCI requirements and 20+ sub-controls including:
(1.) Network Segmentation
(1.x) Firewall
(5.x) Anti-Malware
(6.1) Virtual Patching
(6.6) Web App. Protection
(10.6) Daily Log Review
(11.4) IDS / IPS
(11.5) Integrity Monitoring
PCI-DSS Compliance
Physical
Database
Storage
Web Server
Enterprise
Providers
Deep Security
Web Access
Enables workload flexibility4
Physical Virtual Cloud
Manageability
Glut of security products
Less security
Higher TCO
Reduce Complexity
One Security Model is Possible across Physical, Virtual, and Cloud Environments
Integrated Security: Single Management Console
Performance & Threats
Traditional security degrades performance
New VM-based threats
Increase Efficiency
Visibility & Threats
Less visibility
More external risks
Deliver Agility
04/10/2023 26Confidential | Copyright 2012 Trend Micro Inc.
Thank You!
top related