Secure Your Virtualized
EnvironmentProtection from
Advanced Persistent Threats (APTs)
Agenda:
Rob TannerDeep Security
Jay Kammerer Deep Discovery
Jamie Haggett Mobile Security
Q&A
What's new from Trend Micro
Server and Desktop Virtualization Security
• Trend Micro Deep Security#1 Security Platform for Virtualization and the cloud
• Trend Micro Deep DiscoveryCombating Advanced Persistent Treats (APT’s)
• Trend Micro Mobile SecurityManage and control your mobile devices (BYOD)
304/07/2023 Copyright 2012 Trend Micro Inc.
Rob TannerSr. Manager, Channel Sales
Trend Micro
Rethinking Datacenter Security
Virtualization is shrinking
the datacenter
04/07/2023 5
but what about shrinking
security overhead?
vCenter and vCloud are accelerating
VM provisioning
04/07/2023 6|Copyright 2012 Trend Micro Inc.
Is you security provisioning keeping pace?
Source: Gartner, Forecast Analysis: Data Center, Worldwide, 2010-2016,1Q12 Update, Jonathon Hardcastle, 16 May, 2012
By 2016, 71% of server workloads
will be virtualized*
Confidential | Copyright 2012 Trend Micro Inc.
Data Center
CloudPhysical Virtual
• Increased business agility • Instant scalability• Lower capital and operational costs
Confidential | Copyright 2012 Trend Micro Inc.
Data Center
CloudPhysical Virtual
Security Challenges
Manage RiskEnsure complianceProtect the brand
Reduce CostsPerformance impactManagement overhead
04/07/2023 9Copyright 2012 Trend Micro Inc.
Virtualization SecurityChallenge: Resource Contention
Typical AV
Console3:00am Scan
Antivirus Storm
Automatic security scans overburden the system
04/07/2023 10Copyright 2012 Trend Micro Inc.
Virtualization SecurityChallenge: Instant-on Gaps
Reactivated and cloned VMs can have out-of-date security
Dormant
Active
Reactivated without dated security Cloned
Attacks can spread across VMs
1104/07/2023 Copyright 2012 Trend Micro Inc.
Virtualization SecurityChallenge: Inter-VM Attacks / Blind Spots
VM sprawl inhibits compliance
Patch agents
Rollout patterns
Provisioning new VMs
Reconfiguring agents
1204/07/2023 Copyright 2012 Trend Micro Inc.
Virtualization SecurityChallenge: Complexity of Management
EasierManageability
HigherDensity
FewerResources
StrongerSecurity
VM VM VM
The Old Way
Security Virtual Appliance
VM VM VM
With Deep Security
VM VM
More VMs
FirewallAnti-MalwareIntegrityMonitoring
WebReputation
IntrusionPrevention
Lower Costs with Agent-less SecurityTrend Micro Deep Security
Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations
Traditional AV
Agentless AV
0 10 20 30 40 50 60 70 80
VM servers per host
75
25 3X higher VDI VM consolidation ratios
3-year Savings on 1000 VDI VMs = $539,600
1404/07/2023 Copyright 2012 Trend Micro Inc.
Virtualization SecurityIncreased ROI with Agentless SecurityExample: Agentless Antivirus
Trend Micro Confidential-NDA Required
Deep Security 9Deeper Integration with VMware Platform
• Support for latest vSphere and vShield platform capabilities– 4th-generation enhancements across broadest agentless security
suite
• Improved performance– Antivirus and integrity scan caching/de-dupe across VMs
• Significant storage I/O benefits for further VDI consolidation– Tuning of IPS policies to guest
application
• Stronger protection– Hypervisor boot integrity – chain of
trust from VM file integrity to H/W
2095 Critical “Software Flaw” Vulnerabilities in 2010
• Common Vulnerabilities & Exposures (“CVE”): Score 7-10
NVD Statistical DataYear # Vulns % Total1997 145 57.541998 134 54.471999 424 47.432000 452 44.312001 773 46.092002 1,004 46.572003 678 44.402004 969 39.532005 2,038 41.322006 2,760 41.772007 3,159 48.502008 2,841 50.442009 2,722 47.482010 2,095 45.162011* 1,658 43.877 critical alerts every day!
Vulnerabilities and Patching - under control?
17
Keep your virtual systems, applications, and data secure
Rules are developed and delivered automatically to protect• Before patches are available
• Unsupported OSs and apps
• Legacy web applications
• Devices that are difficult to patch—ATM kiosk, point of sale, medical devices, etc.
Prevent business disruption and data breach.
Virtual
Patching
1704/07/2023 Copyright 2012 Trend Micro Inc.
Virtualization SecurityWhat is the Solution? Virtual Patching
04/07/2023 18Confidential | Copyright 2013 Trend Micro Inc.
Security Vulnerability in Java 7Already targeted by hacker tools
Details
• In early January 2013, a vulnerability was discovered in Java 7, impacting Windows, Mac, and Linux users
• The vulnerability is being exploited in toolkits like: – Blackhole Exploit Kit (BHEK) – Cool Exploit Kit (CEK)
• The toolkits distribute malware, most notably ransomware that locks systems and requires fees (~$200-$300) to unlock
• Oracle made a patch available on Sunday, January 13, 2013
• However, the Department of Homeland Security and other security consultants still advise disabling Java unless running the software is business critical
http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-in-the-wild-spreading-ransomware/
http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-and-ruby-on-rails-vulnerabilities/
04/07/2023 19Confidential | Copyright 2013 Trend Micro Inc.
Trend Micro Customers are Already ShieldedDeep Security
The Power of Virtual Patching in Deep Security• Deep Security Labs obtains information about this vulnerability from
public information sources
• Trend Micro protects users from this zero-day vulnerability via its Deep Security update (DSRU13-002) and rule 1005177 (Rule: Restrict Java Bytecode File (Jar/Class) Download)
• The rule blocks the .JAR and class files, preventing users from downloading all related malware
• At first a patch was not available from Oracle for this vulnerability
• This Trend Micro update provided immediate vulnerability shielding for Deep Security and OfficeScan customers
• Oracle released a patch on Sunday, January 13, 2013
• Trend Micro customers can roll out the actual Oracle patch during a regularly scheduled maintenance update
Cloud
Private, Hybrid &
Public Cloud
Physical
Dedicated Server Desktop & Server Virtualization
Virtual
Automated Security Reduces CostsTrend Micro Deep Security
Firewall
Log Inspection
Anti-Malware
IntegrityMonitoring
WebReputation
IntrusionPrevention
Deep Security Manager
vSphere & vCloud
Instant and Automated Protection for Virtual and Cloud workloads
21
Automate Security
• Discover VMs & servers requiring protection– vSphere and vCloud– Amazon Web Services
• Identify and Implement unique security controls required– OS, applications,
patch-levels, vulnerabilities
Provisioning Infrastructure
vSpherevCloud
Virtual Appliance
Public Cloud
Deep Security• Scalable • Redundant
SAP
ExchangeServers
Oracle
Web Server
Web Server
73controls
8controls
28controls
19controls
15controls
22
Web Server
Automate Security
• Refresh security profiles after patching to remove unnecessary rules
• Example, SAP now requires only 5 controls
Provisioning Infrastructure
vSpherevCloud
Virtual Appliance
Public Cloud
Deep Security• Scalable • Redundant
ExchangeServers
Web Server
SAPOracle
73 24controls
8 7controls
28 5controls
19 12controls
15 7controls
What Sets our Solution Apart?
Only true server security platform:
• Comprehensive, modular security controls
• Optimized for virtualization and cloud– Higher density, better performance– Truly agentless– Multi-tenant management
• Automated management– Enforced policy based on OS, applications– Policy follows VM– Consistent policies across physical,
virtual, cloud
Only true server security platform: gain freedom and confidence for your cloud journey!
24
• Automate tedious and costly security provisioning
• Add Confidence to virtualization and cloud deployments
• Accelerate deployment of virtualization and cloud
As Virtualization Security Leader, We Can Help You
04/07/2023 25Copyright 2012 Trend Micro Inc.
How does it work?
Worldwide Corporate Endpoint Server Security Revenue Share by Vendor, 2011 Source: IDC, 2012
IDC: Trend Micro Leader with 27% Global share
Top ratings for Virtualization Security
Only Enterprise Class Security product validated on Cisco UCS
First Content security solution certified on VCE Vblock in April 2012
Confidential | Copyright 2012 Trend Micro Inc.
VirtualPatching
Virtualization Compliance Defense in Depth
Over 1500 Customers: Differing Security Priorities
Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year
Improves Securityby providing the most
secure virtualization infrastructure, with APIs, and certification programs
Improves Virtualizationby providing security solutions
architected to fully exploit the VMware platform
2011201020092008
Feb: Join VMsafe program
RSA: Trend Micro announces Coordinated approach & Virtual pricingAnd shows Vmsafe demo
VMworld: Trend Micro virtsec customer
May: Trend acquires Third Brigade
RSA: Trend Micro announces virtual appliance
July:CPVMGA
Nov: Deep Security 7with virtual appliance
Q4: Joined EPSEC vShield Program
Dec: Deep Security 7.5w/ Agentless AntiVirus
2010:>100 customers >$1M revenue
Q1: VMware buys Deep Security for Internal VDI Use
RSA: Other vendors “announce” Agentless
RSA: Trend Micro Demos Agentless
Sale of DS 7.5 Before GA
VMworld: Announce Deep Security 7.5
Vmworld: Announce Deep Security 8w/ Agentless FIM
Thank you!
Deep Discovery and The Custom Defense| Jay Kammerer
APTs &Targeted Attacks
Empowered
Employees
Elastic Perimeter
Copyright 2012 Trend Micro Inc.
APTs & Targeted Attacks“The New Norm” — IDC
Traditional Security Protection is Insufficient
APTs and Targeted Attacks -- The New Norm - IDC
A Cyber IntrusionEvery 5 Minutes…according to US-CERT
RSA, Sony, Mitsubishi,
CitiGroup, Zappos …
show power of targeted
attacks
Stuxnet, DUQU, and
100’s of attacks on
company IP around
the globe…
Trend Micro findsover 90% ofenterprise networks contain active malicious malware
Wikileaks & Anonymous– – Who’s Next?
GhostNet: Vast Spy System Loots
Computers in 103 Countries
Copyright 2012 Trend Micro Inc.
Most Targeted Industries
Most common industry targets of APT-related spear phishing
Trend Micro Custom DefenseA complete lifecycle to combat the attacks that matter to you
Attack profiles and network-wide event intelligence guide rapid containment & remediation
Respond
DetectSpecialized threat detection capability at network and protection points
AdaptCustom security blacklists & signatures block further attack at network, gateway, endpoints
AnalyzeDeep analysis uses custom sandboxing & relevant global intel to fully assess threats
Deep Discovery
Deep Discovery Inspector
Deep Discovery provides the network-wide
visibility, insight and control needed to
protect your company against APTs and targeted attacks
35
Network Inspection Platform
Network Visibility, Analysis & Control
Deep Discovery
• Visualization• Analysis• Alarms• Reporting
Network Inspection Platform
ThreatDetection
Virtual Analyzer
WatchList
Threat Connect
SIEMConnect
Malicious Content
Suspect Communication
Attacker Behavior
Threat Analyzer Custom Sandbox Simulation & Analysis
• Tracking of malicious actions & events
• Detection of malicious destinations
and connections to C&C servers
• Specific detection rules for Office,PDF and Flash docs
• General detection rules for all executables
• Exportable reports & PCAP filesFully Customizable Attack Surface using standard VMware tools
- Operating system, Office version, Service Packs- Browsers and standard applications- Custom applications
Deep Discovery – How It Works
Identify Attack Behavior & Reduce False Positives
Detect MaliciousContent &
Communication
Visibility – Real-time DashboardsInsight – Risk-based AnalysisAction – Remediation Intelligence
Real-Time
Inspection
Deep
Analysis
Actionable
Intelligence
ThreatConnect
Watch List
GeoPlotting
Alerts, Reports,Evidence Gathering
Simulate
Correlate
Detect
Out of band feed of all network
traffic
04/07/2023 37Confidential | Copyright 2012 Trend Micro Inc.
Threat ConnectInformation Portal
Threat profile: What are the characteristics, origins and variants of this malware.
Related IPs/Domains: What are the known C&C comms for this attack.
Attack Group/Campaign: Who and what is behind this threat.
Containment and remediation: What to look for, how to remediate and eradicate.
Deep Discovery AdvisorThreat Intelligence Center
• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events
• Integrated Threat Connect Intelligence included in analysis results
• Enhanced Threat Investigation and Visualization capabilities
• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep
Discovery Inspector units
Threat ConnectIntelligence
DeepDiscoveryInspector
Deep DiscoveryAdvisor
Detect
Analyze
Adapt
RespondAdvancedProtectionSolutions
SecurityUpdates
Forensics, Containment,Remediation
Deep Discovery Advisor Completing the Custom Defense Lifecyle
Why Deep Discovery
Detection• Beyond MSFT & sandboxing
– Mobile, Mac, …• Custom sandboxing• Beyond malware
– Attacker behavior, lateral movement, …
Intelligence• Smart Protection Network
& Researchers• Threat Connect Portal
TCO• Single appliance• Flexible form factors• Competitive pricing
04/07/2023
The Bigger Picture• Custom Defense Solution• Services & strategic value• Trend commitment to customer
success
Deep Discovery
VisibilityInsightControl
Deep Discovery
Thank You
42
Empowering the Mobile Workforcein the Age of Consumerization, Cloud and Cyber Threats
Acrodex/ Public Sector
Edmonton, February 2013
Jamie Haggett (@jhaggett)
Global Architect – Enterprise Mobility
Copyright 2012 Trend Micro Inc.
Source: ReadWriteWeb, March 2012
9Days
9Months
9Years
1 Million Users
Source: Asymco.com, June 2012
Windows PC ++ MS Office
Hard DriveFile
Server
LANDialup+
2000
WindowsMaciOS
AndroidVDI
++ MS OfficeEmail
Hard DriveCloud
LANVPNWi-Fi
CellularCloud
+2012
How do youempower the business
while managing risk?
ConsumerizationCloud & Virtualization
Cyber Threats
Personal Productivity Impacting User Expectations and Demands at Work
I want to be …• Always connected...• Using the devices and
apps that I like…• In a way that is fast & easy!
can leak sensitive dataDevices and Apps
Compliance is challenging
CRIMEWARE
DA
MA
GE
CA
US
ED
Changing Threat Landscape
Worm Outbreaks
Vulnerabilit ies
SpamMass
Mailers
Spyware
IntelligentBotnets
Web Threats
Evolution to Cybercrime
2001 2003 2004 2005 2007 2010 2012
TargetedAttacks
MobileAttacks
• Now it’s personal!• Financially motivated• Targeting most valuable
information
WebEmail &
Messaging
File/Folder &Removable
Media
Social Networking
Collaboration(SharePoint, Cloud/Sync)
Mobile
Solution: Complete End User Protection
Centralized Policy | Simple Administration
Anti-MalwareIntrusion
PreventionEncryption
Data Loss PreventionMobile Security
Trend Micro Mobile Security 8.0
Manage Device Management• Device Discovery• Device Enrollment• Device Provisioning• Asset Tracking• S/W Management• Remote Control• Reporting• Summary Views
• Summery Reports
Mobile Device Security• Anti-Malware• Firewall • Web Threat Protection • Call Filtering• SMS/WAP Anti-Spam• Jail break detection
Data Protection
• Encryption Enforcement• Remote Wipe• Selective Wipe• Remote Lock• Feature Lock• Password Policy
Application Management• App Black Listing• App White Listing• App Push• Required• Optional
• App Inventory
Centralized Policy Management – Single PlatformIntegrates directly into OfficeScan as a Plug in
SimpleSpecialized solutions that are easy to deploy and manage
SmartReal-time protection powered by innovative solutions, big data analytics and deep threat expertise
Security That FitsSeamless integration with your ecosystem – maximizing existing investments, not replacing them
DATA CENTER& CLOUDSECURITY
CUSTOMDEFENSE
COMPLETEEND USER
PROTECTION
Secure Your Virtualized EnvironmentProtection from
Advanced Persistent Threats (APTs)