Copyright 2009 Trend Micro Inc.

Harish Agastya, Director Server Security Product Marketing

Server SecurityPress Presentation

Copyright 2009 Trend Micro Inc.

Deep Security: Securing the New Server

2

Physical

Servers under attack

Servers virtual and in motion

Virtualized

Cloud

Servers in the open

04/22/23 2Internal Training

Copyright 2009 Trend Micro Inc.

Threat EnvironmentMore profitable

$100 billion: Estimated profits from global cybercrime -- Chicago Tribune, 2008

More sophisticated, malicious & stealthy “95% of 285 million records stolen in 2008, were the result of highly skillful attacks” “Breaches go undiscovered and uncontained for weeks or months in 75% of cases.” -- Verizon Breach Report, 2009

More frequent "Harvard and Harvard Medical School are attacked every 7 seconds, 24 hours a day, 7 days a week.” -- John Halamka, CIO

More targeted “27% of respondents had reported targeted attacks”. -- 2008 CSI Computer Crime & Security Survey

3

Copyright 2009 Trend Micro Inc.

“99.9% of records were compromised from servers and applications”

2009 Data Breach Investigations Report conducted by Verizon Business RISK Team

04/22/23 4

Copyright 2009 Trend Micro Inc.

High profile breaches

May-2008: Security breach cost $12.6 million so far, including legal costs and fines from MasterCard and Visa. More >>

Dec-2008: PII of 1.5M customers& 1.1M Social Security Numbers. More >>

Aug-2007: Hackers placed software on the company’s network, and steal 45 M credit card #’s. Costs soar to $256 M.

More >>

Dec-2008: DNS hijacking puts 5,000,000 check processing accounts at risk.

More >>

May-2009: Hackers broke into 2 databases over a 6 month period, and exposed the data of 160,000+ students. More >>

Mar-2009: Hackers hijack PII for 45,000 employees & retirees. More >>

Copyright 2009 Trend Micro Inc.

Verizon 2009 Data Breach Investigations

04/22/23 6

Copyright 2009 Trend Micro Inc.

Compliance Imperative

7

More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…

More specific security requirements• Virtualisation, Web applications, EHR, PII…

More penalties & fines• HITECH, Breach notifications, civil litigation

DMZ consolidation using virtualisation will be a "hot spot” for auditors, given the greater risk of misconfiguration and lower

visibility of DMZ policy violation. Through year-end 2011, auditors will challenge virtualized deployments in the DMZ more than

nonvirtualized DMZ solutions.

Neil MacDonald, Gartner, June 2009”“

Copyright 2009 Trend Micro Inc.

Virtual Machines Need Specialized Protection 1. Same threats in virtualized servers as physical:

– OS & Application vulnerabilities and Configuration errors allow Malware to attack & infect

2. Plus Dynamics of virtualisation causes some new challenges:

– Dormant VMs– Resource contention– VM Sprawl– Inter-VM traffic– vMotion

AppAppApp

ESX Server

Active VMsDormant VMs

App App

8

Copyright 2009 Trend Micro Inc.

Trend Micro Server Security Value Proposition

For (target

customer)

organizations whose server security architecture must address the dynamic nature of their datacenter, including virtualisation and cloud computing,

That(statement of

need)

need to continue to protect confidential data, ensure application availability, and meet compliance requirements, while recognizing perimeter defenses alone are no longer sufficient

Trend Micro Server Security

(category)

is advanced server security software that comprehensively protects the server including the operating system, applications and data and allows systems to become self-defending.

It(benefits)

Prevents data breaches and business disruptions, and enables compliance and operational cost reductions.

Unlike(competitors)

vendors whose technology focus is solely limited to physical servers or the server file system

Trend Micro(differentiators)

addresses the challenging operational, security and compliance needs of today’s dynamic datacenter with superior platform support, comprehensive protection, greater operational efficiency, and tighter integration with existing investments.04/22/23 9

Copyright 2009 Trend Micro Inc.

Trend Micro Deep Security

10

PHYSICAL VIRTUAL CLOUD

Deep Packet Inspection

IDS / IPS Web App.Protection

ApplicationControl

Firewall IntegrityMonitoring

LogInspection

Advanced Server & application protection for:

Malware Protection

Copyright 2009 Trend Micro Inc.

Why They Buy: Plays for Deep Security• Compliance

– Reason to do it today– Internal compliance, security policy– External compliance, like PCI, FISMA, NERC, FDIC, SAS 70…– Detailed reporting, audit support

• Virtualisation Security– Reason to revisit security practices– Provides security necessary to achieve100% virtualisation– Enables mobility and evolution to cloud computing

• Defense in Depth / Business Continuity– Best practice– Preventing data breach and business disruption– Zero-day protection and virtual patching– Detecting suspicious activity

04/22/23 11Confidential

Copyright 2009 Trend Micro Inc.

Deep Security 7 Modules

04/22/23 12

Internal Training

Deep Packet InspectionEnables IDS / IPS, Web App Protection, Application Control

Examines incoming & outgoing traffic for:• Protocol deviations• Content that signals an attack• Policy violations.

Log Inspection

• Collects & analyzes operating system and application logs for security events. • Rules optimize the identification of important security events buried in multiple log entries.

Integrity Monitoring• Monitors critical files, systems and

registry for changes• Critical OS and application files (files,

directories, registry keys and values)• Flexible, practical monitoring

through includes/excludes

• Auditable reports

Firewall• Centralized management of server firewall policy• Pre-defined templates for common enterprise server types• Fine-grained filtering: IP & MAC addresses, Ports• Coverage of all IP-based protocols: TCP, UDP, ICMP, IGMP …

Copyright 2009 Trend Micro Inc.

Deep Security: Key benefits

13

Prevents Data Prevents Data Breaches & Breaches & Business Business

DisruptionsDisruptions

Enables Enables ComplianceCompliance

Supports Supports Operational Operational

Cost Cost ReductionsReductions

Shield vulnerabilities in web apps, enterprise apps OSs

Detect & block suspicious activity

Internal policies

PCI & other requirements

Detailed reports document prevented attacks & compliance status

Prioritize secure coding efforts

Manage unscheduled patching

Provides security necessary to realize virtualisation savings

Increased value from SIEM investments

Copyright 2009 Trend Micro Inc.

Laura Maio Harish Agastyalaura_maio@trendmicro.com harish_agastya@trendmicro.com+1 613-270-5531 +1 408-850-1082

Questions?