Download - Server Security Press Presentation
Copyright 2009 Trend Micro Inc.
Harish Agastya, Director Server Security Product Marketing
Server SecurityPress Presentation
Copyright 2009 Trend Micro Inc.
Deep Security: Securing the New Server
2
Physical
Servers under attack
Servers virtual and in motion
Virtualized
Cloud
Servers in the open
04/22/23 2Internal Training
Copyright 2009 Trend Micro Inc.
Threat EnvironmentMore profitable
$100 billion: Estimated profits from global cybercrime -- Chicago Tribune, 2008
More sophisticated, malicious & stealthy “95% of 285 million records stolen in 2008, were the result of highly skillful attacks” “Breaches go undiscovered and uncontained for weeks or months in 75% of cases.” -- Verizon Breach Report, 2009
More frequent "Harvard and Harvard Medical School are attacked every 7 seconds, 24 hours a day, 7 days a week.” -- John Halamka, CIO
More targeted “27% of respondents had reported targeted attacks”. -- 2008 CSI Computer Crime & Security Survey
3
Copyright 2009 Trend Micro Inc.
“99.9% of records were compromised from servers and applications”
2009 Data Breach Investigations Report conducted by Verizon Business RISK Team
04/22/23 4
Copyright 2009 Trend Micro Inc.
High profile breaches
May-2008: Security breach cost $12.6 million so far, including legal costs and fines from MasterCard and Visa. More >>
Dec-2008: PII of 1.5M customers& 1.1M Social Security Numbers. More >>
Aug-2007: Hackers placed software on the company’s network, and steal 45 M credit card #’s. Costs soar to $256 M.
More >>
Dec-2008: DNS hijacking puts 5,000,000 check processing accounts at risk.
More >>
May-2009: Hackers broke into 2 databases over a 6 month period, and exposed the data of 160,000+ students. More >>
Mar-2009: Hackers hijack PII for 45,000 employees & retirees. More >>
Copyright 2009 Trend Micro Inc.
Verizon 2009 Data Breach Investigations
04/22/23 6
Copyright 2009 Trend Micro Inc.
Compliance Imperative
7
More standards: • PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
More specific security requirements• Virtualisation, Web applications, EHR, PII…
More penalties & fines• HITECH, Breach notifications, civil litigation
DMZ consolidation using virtualisation will be a "hot spot” for auditors, given the greater risk of misconfiguration and lower
visibility of DMZ policy violation. Through year-end 2011, auditors will challenge virtualized deployments in the DMZ more than
nonvirtualized DMZ solutions.
Neil MacDonald, Gartner, June 2009”“
Copyright 2009 Trend Micro Inc.
Virtual Machines Need Specialized Protection 1. Same threats in virtualized servers as physical:
– OS & Application vulnerabilities and Configuration errors allow Malware to attack & infect
2. Plus Dynamics of virtualisation causes some new challenges:
– Dormant VMs– Resource contention– VM Sprawl– Inter-VM traffic– vMotion
AppAppApp
ESX Server
Active VMsDormant VMs
App App
8
Copyright 2009 Trend Micro Inc.
Trend Micro Server Security Value Proposition
For (target
customer)
organizations whose server security architecture must address the dynamic nature of their datacenter, including virtualisation and cloud computing,
That(statement of
need)
need to continue to protect confidential data, ensure application availability, and meet compliance requirements, while recognizing perimeter defenses alone are no longer sufficient
Trend Micro Server Security
(category)
is advanced server security software that comprehensively protects the server including the operating system, applications and data and allows systems to become self-defending.
It(benefits)
Prevents data breaches and business disruptions, and enables compliance and operational cost reductions.
Unlike(competitors)
vendors whose technology focus is solely limited to physical servers or the server file system
Trend Micro(differentiators)
addresses the challenging operational, security and compliance needs of today’s dynamic datacenter with superior platform support, comprehensive protection, greater operational efficiency, and tighter integration with existing investments.04/22/23 9
Copyright 2009 Trend Micro Inc.
Trend Micro Deep Security
10
PHYSICAL VIRTUAL CLOUD
Deep Packet Inspection
IDS / IPS Web App.Protection
ApplicationControl
Firewall IntegrityMonitoring
LogInspection
Advanced Server & application protection for:
Malware Protection
Copyright 2009 Trend Micro Inc.
Why They Buy: Plays for Deep Security• Compliance
– Reason to do it today– Internal compliance, security policy– External compliance, like PCI, FISMA, NERC, FDIC, SAS 70…– Detailed reporting, audit support
• Virtualisation Security– Reason to revisit security practices– Provides security necessary to achieve100% virtualisation– Enables mobility and evolution to cloud computing
• Defense in Depth / Business Continuity– Best practice– Preventing data breach and business disruption– Zero-day protection and virtual patching– Detecting suspicious activity
04/22/23 11Confidential
Copyright 2009 Trend Micro Inc.
Deep Security 7 Modules
04/22/23 12
Internal Training
Deep Packet InspectionEnables IDS / IPS, Web App Protection, Application Control
Examines incoming & outgoing traffic for:• Protocol deviations• Content that signals an attack• Policy violations.
Log Inspection
• Collects & analyzes operating system and application logs for security events. • Rules optimize the identification of important security events buried in multiple log entries.
Integrity Monitoring• Monitors critical files, systems and
registry for changes• Critical OS and application files (files,
directories, registry keys and values)• Flexible, practical monitoring
through includes/excludes
• Auditable reports
Firewall• Centralized management of server firewall policy• Pre-defined templates for common enterprise server types• Fine-grained filtering: IP & MAC addresses, Ports• Coverage of all IP-based protocols: TCP, UDP, ICMP, IGMP …
Copyright 2009 Trend Micro Inc.
Deep Security: Key benefits
13
Prevents Data Prevents Data Breaches & Breaches & Business Business
DisruptionsDisruptions
Enables Enables ComplianceCompliance
Supports Supports Operational Operational
Cost Cost ReductionsReductions
Shield vulnerabilities in web apps, enterprise apps OSs
Detect & block suspicious activity
Internal policies
PCI & other requirements
Detailed reports document prevented attacks & compliance status
Prioritize secure coding efforts
Manage unscheduled patching
Provides security necessary to realize virtualisation savings
Increased value from SIEM investments
Copyright 2009 Trend Micro Inc.
Laura Maio Harish [email protected] [email protected]+1 613-270-5531 +1 408-850-1082
Questions?