Secure Your Virtualized

EnvironmentProtection from

Advanced Persistent Threats (APTs)

Agenda:

Rob TannerDeep Security

Jay Kammerer Deep Discovery

Jamie Haggett Mobile Security

Q&A

What's new from Trend Micro

Server and Desktop Virtualization Security

• Trend Micro Deep Security#1 Security Platform for Virtualization and the cloud

• Trend Micro Deep DiscoveryCombating Advanced Persistent Treats (APT’s)

• Trend Micro Mobile SecurityManage and control your mobile devices (BYOD)

304/07/2023 Copyright 2012 Trend Micro Inc.

Rob TannerSr. Manager, Channel Sales

Trend Micro

Rethinking Datacenter Security

Virtualization is shrinking

the datacenter

04/07/2023 5

but what about shrinking

security overhead?

vCenter and vCloud are accelerating

VM provisioning

04/07/2023 6|Copyright 2012 Trend Micro Inc.

Is you security provisioning keeping pace?

Source: Gartner, Forecast Analysis: Data Center, Worldwide, 2010-2016,1Q12 Update, Jonathon Hardcastle, 16 May, 2012

By 2016, 71% of server workloads

will be virtualized*

Confidential | Copyright 2012 Trend Micro Inc.

Data Center

CloudPhysical Virtual

• Increased business agility • Instant scalability• Lower capital and operational costs

Confidential | Copyright 2012 Trend Micro Inc.

Data Center

CloudPhysical Virtual

Security Challenges

Manage RiskEnsure complianceProtect the brand

Reduce CostsPerformance impactManagement overhead

04/07/2023 9Copyright 2012 Trend Micro Inc.

Virtualization SecurityChallenge: Resource Contention

Typical AV

Console3:00am Scan

Antivirus Storm

Automatic security scans overburden the system

04/07/2023 10Copyright 2012 Trend Micro Inc.

Virtualization SecurityChallenge: Instant-on Gaps

Reactivated and cloned VMs can have out-of-date security

Dormant

Active

Reactivated without dated security Cloned

Attacks can spread across VMs

1104/07/2023 Copyright 2012 Trend Micro Inc.

Virtualization SecurityChallenge: Inter-VM Attacks / Blind Spots

VM sprawl inhibits compliance

Patch agents

Rollout patterns

Provisioning new VMs

Reconfiguring agents

1204/07/2023 Copyright 2012 Trend Micro Inc.

Virtualization SecurityChallenge: Complexity of Management

EasierManageability

HigherDensity

FewerResources

StrongerSecurity

VM VM VM

The Old Way

Security Virtual Appliance

VM VM VM

With Deep Security

VM VM

More VMs

FirewallAnti-MalwareIntegrityMonitoring

WebReputation

IntrusionPrevention

Lower Costs with Agent-less SecurityTrend Micro Deep Security

Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011; Saving estimate based on VMware ROI calculations

Traditional AV

Agentless AV

0 10 20 30 40 50 60 70 80

VM servers per host

75

25 3X higher VDI VM consolidation ratios

3-year Savings on 1000 VDI VMs = $539,600

1404/07/2023 Copyright 2012 Trend Micro Inc.

Virtualization SecurityIncreased ROI with Agentless SecurityExample: Agentless Antivirus

Trend Micro Confidential-NDA Required

Deep Security 9Deeper Integration with VMware Platform

• Support for latest vSphere and vShield platform capabilities– 4th-generation enhancements across broadest agentless security

suite

• Improved performance– Antivirus and integrity scan caching/de-dupe across VMs

• Significant storage I/O benefits for further VDI consolidation– Tuning of IPS policies to guest

application

• Stronger protection– Hypervisor boot integrity – chain of

trust from VM file integrity to H/W

2095 Critical “Software Flaw” Vulnerabilities in 2010

• Common Vulnerabilities & Exposures (“CVE”): Score 7-10

NVD Statistical DataYear # Vulns % Total1997 145 57.541998 134 54.471999 424 47.432000 452 44.312001 773 46.092002 1,004 46.572003 678 44.402004 969 39.532005 2,038 41.322006 2,760 41.772007 3,159 48.502008 2,841 50.442009 2,722 47.482010 2,095 45.162011* 1,658 43.877 critical alerts every day!

Vulnerabilities and Patching - under control?

17

Keep your virtual systems, applications, and data secure

Rules are developed and delivered automatically to protect• Before patches are available

• Unsupported OSs and apps

• Legacy web applications

• Devices that are difficult to patch—ATM kiosk, point of sale, medical devices, etc.

Prevent business disruption and data breach.

Virtual

Patching

1704/07/2023 Copyright 2012 Trend Micro Inc.

Virtualization SecurityWhat is the Solution? Virtual Patching

04/07/2023 18Confidential | Copyright 2013 Trend Micro Inc.

Security Vulnerability in Java 7Already targeted by hacker tools

Details

• In early January 2013, a vulnerability was discovered in Java 7, impacting Windows, Mac, and Linux users

• The vulnerability is being exploited in toolkits like: – Blackhole Exploit Kit (BHEK) – Cool Exploit Kit (CEK)

• The toolkits distribute malware, most notably ransomware that locks systems and requires fees (~$200-$300) to unlock

• Oracle made a patch available on Sunday, January 13, 2013

• However, the Department of Homeland Security and other security consultants still advise disabling Java unless running the software is business critical

http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-in-the-wild-spreading-ransomware/

http://blog.trendmicro.com/trendlabs-security-intelligence/java-zero-day-exploit-and-ruby-on-rails-vulnerabilities/

04/07/2023 19Confidential | Copyright 2013 Trend Micro Inc.

Trend Micro Customers are Already ShieldedDeep Security

The Power of Virtual Patching in Deep Security• Deep Security Labs obtains information about this vulnerability from

public information sources

• Trend Micro protects users from this zero-day vulnerability via its Deep Security update (DSRU13-002) and rule 1005177 (Rule: Restrict Java Bytecode File (Jar/Class) Download)

• The rule blocks the .JAR and class files, preventing users from downloading all related malware

• At first a patch was not available from Oracle for this vulnerability

• This Trend Micro update provided immediate vulnerability shielding for Deep Security and OfficeScan customers

• Oracle released a patch on Sunday, January 13, 2013

• Trend Micro customers can roll out the actual Oracle patch during a regularly scheduled maintenance update

Cloud

Private, Hybrid &

Public Cloud

Physical

Dedicated Server Desktop & Server Virtualization

Virtual

Automated Security Reduces CostsTrend Micro Deep Security

Firewall

Log Inspection

Anti-Malware

IntegrityMonitoring

WebReputation

IntrusionPrevention

Deep Security Manager

vSphere & vCloud

Instant and Automated Protection for Virtual and Cloud workloads

21

Automate Security

• Discover VMs & servers requiring protection– vSphere and vCloud– Amazon Web Services

• Identify and Implement unique security controls required– OS, applications,

patch-levels, vulnerabilities

Provisioning Infrastructure

vSpherevCloud

Virtual Appliance

Public Cloud

Deep Security• Scalable • Redundant

SAP

ExchangeServers

Oracle

Web Server

Web Server

73controls

8controls

28controls

19controls

15controls

22

Web Server

Automate Security

• Refresh security profiles after patching to remove unnecessary rules

• Example, SAP now requires only 5 controls

Provisioning Infrastructure

vSpherevCloud

Virtual Appliance

Public Cloud

Deep Security• Scalable • Redundant

ExchangeServers

Web Server

SAPOracle

73 24controls

8 7controls

28 5controls

19 12controls

15 7controls

What Sets our Solution Apart?

Only true server security platform:

• Comprehensive, modular security controls

• Optimized for virtualization and cloud– Higher density, better performance– Truly agentless– Multi-tenant management

• Automated management– Enforced policy based on OS, applications– Policy follows VM– Consistent policies across physical,

virtual, cloud

Only true server security platform: gain freedom and confidence for your cloud journey!

24

• Automate tedious and costly security provisioning

• Add Confidence to virtualization and cloud deployments

• Accelerate deployment of virtualization and cloud

As Virtualization Security Leader, We Can Help You

04/07/2023 25Copyright 2012 Trend Micro Inc.

How does it work?

Worldwide Corporate Endpoint Server Security Revenue Share by Vendor, 2011 Source: IDC, 2012

IDC: Trend Micro Leader with 27% Global share

Top ratings for Virtualization Security

Only Enterprise Class Security product validated on Cisco UCS

First Content security solution certified on VCE Vblock in April 2012

Confidential | Copyright 2012 Trend Micro Inc.

VirtualPatching

Virtualization Compliance Defense in Depth

Over 1500 Customers: Differing Security Priorities

Trend Micro: VMware #1 Security Partner and 2011 Technology Alliance Partner of the Year

Improves Securityby providing the most

secure virtualization infrastructure, with APIs, and certification programs

Improves Virtualizationby providing security solutions

architected to fully exploit the VMware platform

2011201020092008

Feb: Join VMsafe program

RSA: Trend Micro announces Coordinated approach & Virtual pricingAnd shows Vmsafe demo

VMworld: Trend Micro virtsec customer

May: Trend acquires Third Brigade

RSA: Trend Micro announces virtual appliance

July:CPVMGA

Nov: Deep Security 7with virtual appliance

Q4: Joined EPSEC vShield Program

Dec: Deep Security 7.5w/ Agentless AntiVirus

2010:>100 customers >$1M revenue

Q1: VMware buys Deep Security for Internal VDI Use

RSA: Other vendors “announce” Agentless

RSA: Trend Micro Demos Agentless

Sale of DS 7.5 Before GA

VMworld: Announce Deep Security 7.5

Vmworld: Announce Deep Security 8w/ Agentless FIM

Thank you!

Deep Discovery and The Custom Defense| Jay Kammerer

APTs &Targeted Attacks

Empowered

Employees

Elastic Perimeter

Copyright 2012 Trend Micro Inc.

APTs & Targeted Attacks“The New Norm” — IDC

Traditional Security Protection is Insufficient

APTs and Targeted Attacks -- The New Norm - IDC

A Cyber IntrusionEvery 5 Minutes…according to US-CERT

RSA, Sony, Mitsubishi,

CitiGroup, Zappos …

show power of targeted

attacks

Stuxnet, DUQU, and

100’s of attacks on

company IP around

the globe…

Trend Micro findsover 90% ofenterprise networks contain active malicious malware

Wikileaks & Anonymous– – Who’s Next?

GhostNet: Vast Spy System Loots

Computers in 103 Countries

Copyright 2012 Trend Micro Inc.

Most Targeted Industries

Most common industry targets of APT-related spear phishing

Trend Micro Custom DefenseA complete lifecycle to combat the attacks that matter to you

Attack profiles and network-wide event intelligence guide rapid containment & remediation

Respond

DetectSpecialized threat detection capability at network and protection points

AdaptCustom security blacklists & signatures block further attack at network, gateway, endpoints

AnalyzeDeep analysis uses custom sandboxing & relevant global intel to fully assess threats

Deep Discovery

Deep Discovery Inspector

Deep Discovery provides the network-wide

visibility, insight and control needed to

protect your company against APTs and targeted attacks

35

Network Inspection Platform

Network Visibility, Analysis & Control

Deep Discovery

• Visualization• Analysis• Alarms• Reporting

Network Inspection Platform

ThreatDetection

Virtual Analyzer

WatchList

Threat Connect

SIEMConnect

Malicious Content

Suspect Communication

Attacker Behavior

Threat Analyzer Custom Sandbox Simulation & Analysis

• Tracking of malicious actions & events

• Detection of malicious destinations

and connections to C&C servers

• Specific detection rules for Office,PDF and Flash docs

• General detection rules for all executables

• Exportable reports & PCAP filesFully Customizable Attack Surface using standard VMware tools

- Operating system, Office version, Service Packs- Browsers and standard applications- Custom applications

Deep Discovery – How It Works

Identify Attack Behavior & Reduce False Positives

Detect MaliciousContent &

Communication

Visibility – Real-time DashboardsInsight – Risk-based AnalysisAction – Remediation Intelligence

Real-Time

Inspection

Deep

Analysis

Actionable

Intelligence

ThreatConnect

Watch List

GeoPlotting

Alerts, Reports,Evidence Gathering

Simulate

Correlate

Detect

Out of band feed of all network

traffic

04/07/2023 37Confidential | Copyright 2012 Trend Micro Inc.

Threat ConnectInformation Portal

Threat profile: What are the characteristics, origins and variants of this malware.

Related IPs/Domains: What are the known C&C comms for this attack.

Attack Group/Campaign: Who and what is behind this threat.

Containment and remediation: What to look for, how to remediate and eradicate.

Deep Discovery AdvisorThreat Intelligence Center

• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events

• Integrated Threat Connect Intelligence included in analysis results

• Enhanced Threat Investigation and Visualization capabilities

• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep

Discovery Inspector units

Threat ConnectIntelligence

DeepDiscoveryInspector

Deep DiscoveryAdvisor

Detect

Analyze

Adapt

RespondAdvancedProtectionSolutions

SecurityUpdates

Forensics, Containment,Remediation

Deep Discovery Advisor Completing the Custom Defense Lifecyle

Why Deep Discovery

Detection• Beyond MSFT & sandboxing

– Mobile, Mac, …• Custom sandboxing• Beyond malware

– Attacker behavior, lateral movement, …

Intelligence• Smart Protection Network

& Researchers• Threat Connect Portal

TCO• Single appliance• Flexible form factors• Competitive pricing

04/07/2023

The Bigger Picture• Custom Defense Solution• Services & strategic value• Trend commitment to customer

success

Deep Discovery

VisibilityInsightControl

Deep Discovery

Thank You

42

Empowering the Mobile Workforcein the Age of Consumerization, Cloud and Cyber Threats

Acrodex/ Public Sector

Edmonton, February 2013

Jamie Haggett (@jhaggett)

Global Architect – Enterprise Mobility

Copyright 2012 Trend Micro Inc.

Source: ReadWriteWeb, March 2012

9Days

9Months

9Years

1 Million Users

Source: Asymco.com, June 2012

Windows PC ++ MS Office

Email

Hard DriveFile

Server

LANDialup+

2000

WindowsMaciOS

AndroidVDI

++ MS OfficeEmail

Hard DriveCloud

LANVPNWi-Fi

CellularCloud

+2012

How do youempower the business

while managing risk?

ConsumerizationCloud & Virtualization

Cyber Threats

Personal Productivity Impacting User Expectations and Demands at Work

I want to be …• Always connected...• Using the devices and

apps that I like…• In a way that is fast & easy!

can leak sensitive dataDevices and Apps

Compliance is challenging

CRIMEWARE

DA

MA

GE

CA

US

ED

Changing Threat Landscape

Worm Outbreaks

Vulnerabilit ies

SpamMass

Mailers

Spyware

IntelligentBotnets

Web Threats

Evolution to Cybercrime

2001 2003 2004 2005 2007 2010 2012

TargetedAttacks

MobileAttacks

• Now it’s personal!• Financially motivated• Targeting most valuable

information

WebEmail &

Messaging

File/Folder &Removable

Media

Social Networking

Collaboration(SharePoint, Cloud/Sync)

Mobile

Solution: Complete End User Protection

Centralized Policy | Simple Administration

Anti-MalwareIntrusion

PreventionEncryption

Data Loss PreventionMobile Security

Trend Micro Mobile Security 8.0

Manage Device Management• Device Discovery• Device Enrollment• Device Provisioning• Asset Tracking• S/W Management• Remote Control• Reporting• Summary Views

• Summery Reports

Mobile Device Security• Anti-Malware• Firewall • Web Threat Protection • Call Filtering• SMS/WAP Anti-Spam• Jail break detection

Data Protection

• Encryption Enforcement• Remote Wipe• Selective Wipe• Remote Lock• Feature Lock• Password Policy

Application Management• App Black Listing• App White Listing• App Push• Required• Optional

• App Inventory

Centralized Policy Management – Single PlatformIntegrates directly into OfficeScan as a Plug in

SimpleSpecialized solutions that are easy to deploy and manage

SmartReal-time protection powered by innovative solutions, big data analytics and deep threat expertise

Security That FitsSeamless integration with your ecosystem – maximizing existing investments, not replacing them

DATA CENTER& CLOUDSECURITY

CUSTOMDEFENSE

COMPLETEEND USER

PROTECTION

Secure Your Virtualized EnvironmentProtection from

Advanced Persistent Threats (APTs)

software@acrodex.com