際際滷

際際滷Share a Scribd company logo
Giovanni Alberici  EMEA Product Marketing
Addressing the new security
challenges posed by virtualisation &
cloud computing
Stage 1
Consolidation
Stage 2
Expansion & Desktop
Stage 3
Private > Public Cloud
15%
30%
70%
85%
Servers
Desktops
Cost-efficiency  + Quality of Service  + Business Agility 
Data centres are evolving to drive down
costs and increase business flexibility
The evolving data centre
Security challenges in the cloud
Inter-VM attacks
Instant-ON gaps
Stage 1
Consolidation
Stage 2
Expansion & Desktop
Stage 3
Private > Public Cloud
Servers
Desktops
Cost-efficiency  + Quality of Service  + Business Agility 
15%
30%
70%
85%
Inter-VM attacks
Instant-ON gaps
Mixed Trust Level VMs
Resource Contention
Maintaining Compliance
Cloned

Challenge: Instant-on Gaps
 
 
Dormant
Active
Reactivated with
out dated security
 
New, reactivated and cloned VMs can have out-of-date
security
Attacks can spread across VMs
Challenge: Inter-VM Attacks / Blind Spots
Not Patched
 
Patched
    
Virtualization - patching doesnt go away
8/12/2022
6
Copyright 2012 Trend Micro Inc.
virtual machine proliferation could soon make it very difficult to maintain
compliant environments. VMware on Patch Management
Security challenges in the cloud
Inter-VM attacks
Instant-ON gaps
Stage 1
Consolidation
Stage 2
Expansion & Desktop
Stage 3
Private > Public Cloud
Servers
Desktops
Cost-efficiency  + Quality of Service  + Business Agility 
15%
30%
70%
85%
Inter-VM attacks
Instant-ON gaps
Mixed Trust Level VMs
Resource Contention
Maintaining Compliance
Service Provider (in)Security
Multi-tenancy
Inter-VM attacks
Instant-ON gaps
Mixed Trust Level VMs
Resource Contention
Maintaining Compliance
Data security challenges in the cloud
Encryption rarely used:
- Who can see your information?
Storage volumes and servers are mobile:
- Where is your data? Has it moved?
Rogue servers might access data:
- Who is attaching to your storage?
Audit and alerting modules lacking:
- What happened when you werent looking?
Encryption keys tied to vendor:
- Are you locked into a single security solution?
Who has access to your keys?
Storage volumes contain residual data:
- Are your storage devices recycled securely?
Classification
8/12/2022
9
Name: John Doe
SSN: 425-79-0053
Visa #: 4456-8732
Name: John Doe
SSN: 425-79-0053
Visa #: 4456-8732
Challenges for public cloud
Shared
Storage
Shared
Firewall
Virtual
Servers
Shared network inside
the firewall
Shared firewall 
Lowest common
denominator  less fine
grained control
Multiple customers on
one physical server 
potential for attacks via
the hypervisor
Shared storage  is
customer segmentation
secure against attack?
Easily copied machine
images  who else has
your server?
Internet
Public Cloud: Private Security
Shared
Storage
Shared
Firewall
Virtual
Servers
Shared network inside
the firewall
Shared firewall 
Lowest common
denominator  less fine
grained control
Multiple customers on one
physical server  potential for
attacks via the hypervisor
Shared storage  is
customer segmentation
secure against attack?
Easily copied machine images
 who else has your server?
Doesnt matter  the edge of my
virtual machine is protected
Doesnt matter  treat
the LAN as public
Doesnt matter  treat
the LAN as public
Doesnt matter  They can start
my server but only I can unlock
my data
Doesnt matter  My
data is encrypted
Internet
Copyright 2013 Trend Micro Inc.
Data Center
Physical
Enabling the Data Center (R)evolution
Virtual Private Cloud Public Cloud
Deep Security Agent/Agentless
Anti-Malware
Integrity
Monitoring
Application
Control
Log
Inspection
Firewall
Virtual
Patching
Data Center Ops
Security
By 2016, 71% of server workloads
will be virtualized
Any Hypervisor
Virtualization Security - Agent Based
VMware Hypervisor
Virtualization Security - Agentless
Improves system performance
1
Eases security administration
2
Improves security & compliance
3
Advantages of Deep Security for Virtualization
Enables workload flexibility
4
15
Deep Security Virtual Appliance
Improves system performance
1
50% more VDIs
20  30% more virtual servers
Deep Security 9 Scan Cache
 Separate cache for Anti-malware scheduled/on-demand
and Integrity Monitoring
 Up to 20x improvement for Anti-malware scans between
VMs
 Reduce resources and overall on-demand scan time for
Anti-malware
 Reduce overall baseline time for Integrity Monitoring
 Great benefits for VDI (VMs are linked clones)
8/12/2022 16
Confidential | Copyright 2012 Trend Micro Inc.
Anti-malware Scan Performance
8/12/2022 17
Confidential | Copyright 2012 Trend Micro Inc.
1st AM
scan
2nd AM
scan
(cached)
Scan time ~ 20x faster
Significant DSVA CPU
Reduction
Huge IO Volume
Reduction
18
 Visibility into virtual and cloud
environments
 vCenter, Active Directory,
vCloud, Amazon (AWS)
 Automation & Recommendation
 Identify unique security
controls required
 OS, applications,
patch-levels, vulnerabilities
 Automatically deploy and
activate security policies
 Example: SAP server
requires 28 controls
Provisioning
Infrastructure
vCenter, AD,
vCloud and
AWS
Virtual
Appliance
Public
Cloud
Deep Security
 Scalable
 Redundant
SAP
Exchange
Servers
Oracle
Web
Server
Web
Server
73
controls
8
controls
28
controls
19
controls
15
controls
Linux Server
Eases security administration
2
8/12/2022 19
Confidential | Copyright 2012 Trend Micro Inc.
Global threat intelligence from the cloud
 collects 6TB worth
of data for analysis
 analyses 1.15B
new threat samples
 identifies 90,000
new threats
 blocks 200M
threats
EVERY
24
HOURS
20
Improves security & compliance
3
Patch Management is a Growing Challenge
Critical Software Flaw Vulnerabilities in 2012
Common Vulnerabilities & Exposures (CVE): Score 7-10
1,764
Almost 7 critical vulnerabilities everyday!
8/12/2022 21
Confidential | Copyright 2013 Trend Micro Inc.
Due to the increasing volume of public vulnerability reports, the Common
Vulnerabilities and Exposures (CVE) project will change the syntax of its standard
vulnerability identifiers so that CVE can track more than 10,000 vulnerabilities in a
single year. http://cve.mitre.org/news/index.html
2012 saw 26% increase in # of vulnerabilities disclosed
NSS Labs
22
Virtual Patching with Deep Security
Time
Vulnerability
discovered
Over 100 applications
shielded including:
Operating Systems
Database servers
Web app servers
Mail servers
FTP servers
Backup servers
Storage mgt servers
DHCP servers
Desktop applications
Mail clients
Web browsers
Anti-virus
Other applications

Patch
available

Patch
tested

Patch
deployed
Systems at risk!
Reduced risk!
Virtual
patch
Compliance with Deep Security
23
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Integrity
Monitoring
Log
Inspection
Anti-Malware
5 Protection Modules
Defence In Depth
Addressing 7 PCI requirements
and 20+ sub-controls including:
 (1.) Network Segmentation
 (1.x) Firewall
 (5.x) Anti-Malware
 (6.1) Virtual Patching
 (6.6) Web App. Protection
 (10.6) Daily Log Review
 (11.4) IDS / IPS
 (11.5) Integrity Monitoring
PCI-DSS Compliance
Physical
Database
Storage
Virtual
Web
Server
Mail
Server
Web
Server
Enterprise
Providers
Deep Security
Web
Access
Enables workload flexibility
4
Physical Virtual Cloud
Manageability
Glut of security products
Less security
Higher TCO
Reduce Complexity
One Security Model is Possible
across Physical, Virtual, and Cloud Environments
Integrated Security: Single Management Console
Performance & Threats
Traditional security
degrades performance
New VM-based threats
Increase Efficiency
Visibility & Threats
Less visibility
More external risks
Deliver Agility
Thank You!
8/12/2022 26
Confidential | Copyright 2012 Trend Micro Inc.

More Related Content

Vmug birmingham mar2013 trendmicro

  • 1. Giovanni Alberici EMEA Product Marketing Addressing the new security challenges posed by virtualisation & cloud computing
  • 2. Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud 15% 30% 70% 85% Servers Desktops Cost-efficiency + Quality of Service + Business Agility Data centres are evolving to drive down costs and increase business flexibility The evolving data centre
  • 3. Security challenges in the cloud Inter-VM attacks Instant-ON gaps Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Servers Desktops Cost-efficiency + Quality of Service + Business Agility 15% 30% 70% 85% Inter-VM attacks Instant-ON gaps Mixed Trust Level VMs Resource Contention Maintaining Compliance
  • 4. Cloned Challenge: Instant-on Gaps Dormant Active Reactivated with out dated security New, reactivated and cloned VMs can have out-of-date security
  • 5. Attacks can spread across VMs Challenge: Inter-VM Attacks / Blind Spots
  • 6. Not Patched Patched Virtualization - patching doesnt go away 8/12/2022 6 Copyright 2012 Trend Micro Inc. virtual machine proliferation could soon make it very difficult to maintain compliant environments. VMware on Patch Management
  • 7. Security challenges in the cloud Inter-VM attacks Instant-ON gaps Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Servers Desktops Cost-efficiency + Quality of Service + Business Agility 15% 30% 70% 85% Inter-VM attacks Instant-ON gaps Mixed Trust Level VMs Resource Contention Maintaining Compliance Service Provider (in)Security Multi-tenancy Inter-VM attacks Instant-ON gaps Mixed Trust Level VMs Resource Contention Maintaining Compliance
  • 8. Data security challenges in the cloud Encryption rarely used: - Who can see your information? Storage volumes and servers are mobile: - Where is your data? Has it moved? Rogue servers might access data: - Who is attaching to your storage? Audit and alerting modules lacking: - What happened when you werent looking? Encryption keys tied to vendor: - Are you locked into a single security solution? Who has access to your keys? Storage volumes contain residual data: - Are your storage devices recycled securely? Classification 8/12/2022 9 Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732 Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732
  • 9. Challenges for public cloud Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall Lowest common denominator less fine grained control Multiple customers on one physical server potential for attacks via the hypervisor Shared storage is customer segmentation secure against attack? Easily copied machine images who else has your server? Internet
  • 10. Public Cloud: Private Security Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall Lowest common denominator less fine grained control Multiple customers on one physical server potential for attacks via the hypervisor Shared storage is customer segmentation secure against attack? Easily copied machine images who else has your server? Doesnt matter the edge of my virtual machine is protected Doesnt matter treat the LAN as public Doesnt matter treat the LAN as public Doesnt matter They can start my server but only I can unlock my data Doesnt matter My data is encrypted Internet
  • 11. Copyright 2013 Trend Micro Inc. Data Center Physical Enabling the Data Center (R)evolution Virtual Private Cloud Public Cloud Deep Security Agent/Agentless Anti-Malware Integrity Monitoring Application Control Log Inspection Firewall Virtual Patching Data Center Ops Security By 2016, 71% of server workloads will be virtualized
  • 12. Any Hypervisor Virtualization Security - Agent Based VMware Hypervisor Virtualization Security - Agentless
  • 13. Improves system performance 1 Eases security administration 2 Improves security & compliance 3 Advantages of Deep Security for Virtualization Enables workload flexibility 4
  • 14. 15 Deep Security Virtual Appliance Improves system performance 1 50% more VDIs 20 30% more virtual servers
  • 15. Deep Security 9 Scan Cache Separate cache for Anti-malware scheduled/on-demand and Integrity Monitoring Up to 20x improvement for Anti-malware scans between VMs Reduce resources and overall on-demand scan time for Anti-malware Reduce overall baseline time for Integrity Monitoring Great benefits for VDI (VMs are linked clones) 8/12/2022 16 Confidential | Copyright 2012 Trend Micro Inc.
  • 16. Anti-malware Scan Performance 8/12/2022 17 Confidential | Copyright 2012 Trend Micro Inc. 1st AM scan 2nd AM scan (cached) Scan time ~ 20x faster Significant DSVA CPU Reduction Huge IO Volume Reduction
  • 17. 18 Visibility into virtual and cloud environments vCenter, Active Directory, vCloud, Amazon (AWS) Automation & Recommendation Identify unique security controls required OS, applications, patch-levels, vulnerabilities Automatically deploy and activate security policies Example: SAP server requires 28 controls Provisioning Infrastructure vCenter, AD, vCloud and AWS Virtual Appliance Public Cloud Deep Security Scalable Redundant SAP Exchange Servers Oracle Web Server Web Server 73 controls 8 controls 28 controls 19 controls 15 controls Linux Server Eases security administration 2
  • 18. 8/12/2022 19 Confidential | Copyright 2012 Trend Micro Inc.
  • 19. Global threat intelligence from the cloud collects 6TB worth of data for analysis analyses 1.15B new threat samples identifies 90,000 new threats blocks 200M threats EVERY 24 HOURS 20 Improves security & compliance 3
  • 20. Patch Management is a Growing Challenge Critical Software Flaw Vulnerabilities in 2012 Common Vulnerabilities & Exposures (CVE): Score 7-10 1,764 Almost 7 critical vulnerabilities everyday! 8/12/2022 21 Confidential | Copyright 2013 Trend Micro Inc. Due to the increasing volume of public vulnerability reports, the Common Vulnerabilities and Exposures (CVE) project will change the syntax of its standard vulnerability identifiers so that CVE can track more than 10,000 vulnerabilities in a single year. http://cve.mitre.org/news/index.html 2012 saw 26% increase in # of vulnerabilities disclosed NSS Labs
  • 21. 22 Virtual Patching with Deep Security Time Vulnerability discovered Over 100 applications shielded including: Operating Systems Database servers Web app servers Mail servers FTP servers Backup servers Storage mgt servers DHCP servers Desktop applications Mail clients Web browsers Anti-virus Other applications Patch available Patch tested Patch deployed Systems at risk! Reduced risk! Virtual patch
  • 22. Compliance with Deep Security 23 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Integrity Monitoring Log Inspection Anti-Malware 5 Protection Modules Defence In Depth Addressing 7 PCI requirements and 20+ sub-controls including: (1.) Network Segmentation (1.x) Firewall (5.x) Anti-Malware (6.1) Virtual Patching (6.6) Web App. Protection (10.6) Daily Log Review (11.4) IDS / IPS (11.5) Integrity Monitoring PCI-DSS Compliance
  • 24. Physical Virtual Cloud Manageability Glut of security products Less security Higher TCO Reduce Complexity One Security Model is Possible across Physical, Virtual, and Cloud Environments Integrated Security: Single Management Console Performance & Threats Traditional security degrades performance New VM-based threats Increase Efficiency Visibility & Threats Less visibility More external risks Deliver Agility
  • 25. Thank You! 8/12/2022 26 Confidential | Copyright 2012 Trend Micro Inc.

Editor's Notes

  1. The data centre is evolving. This is a depiction of a customers typical virtualization journey from physical to cloud via virtualization.In stage 1, orgs have begun virtualization all of their low hanging fruit web servers, file and print servers, some app servers, and begun to realize the hardware consolidation and operational management benefits that result in lower CAPX and OPEX costs.In stage 2, they have begun virtualizing more of their tier 1 apps and mission critical servers now. They are also leveraging some of the more advanced capabilities of virtualization such as automatic live migration, disaster recovery and software fault tolerance. Many stage 2 orgs have also started deploying virtual desktops as well.Benefits in stage 2 are even more cost efficiencies plus also higher QoS from the higher level virtualization capabilities.
  2. Next well cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected. [click]Again the solution is a dedicated security virtual appliance that can ensure that guest VMs on the same host have up-to-date security if accessed or reactivated, and can make sure that newly provisioned VMs also have current security. This security virtual appliance should include layered protection that integrates multiple technologies such as antivirus, integrity monitoring, intrusion detection and prevention, virtual patching, and more. .
  3. Id now like to highlight a couple of additional virtualization challenges. The next one well discuss today is inter-VM attacks and blind spots. [click]When a threat penetrates a virtual machine, the threat can then spread to other virtual machines on the same host. Traditional security such as hardware-based firewalls might protect the host, but not the guest virtual machines. And cross-VM communication might not leave the host to be routed through other forms of security, creating a blind spot. [click]For the solution, protection must be applied on an individual virtual machine level, not host level, to ensure security. And integration with the virtualization platform, such as VMware, provide the ability to communicate with the guest virtual machines. Also, virtual patching ensures that VMs stay secure until patches can be deployed.
  4. Patching is one of the most significant pain points for every IT department, and it also needs to be addressed in virtual datacenters. Patch cycles, virtual machine proliferation could soon make it very difficult to maintain compliant environments. http://www.vmware.com/virtualization/advantages/virtualization-management/patching.html VMware vCenter Update Manager lets you:Reduce the risks associated with patching hosts by allowing fast rollbacks to a pre-patch stage Eliminate application downtime related to VMware ESX host patching Increase IT administrator productivity with unique automation capabilities Increase flexibility by allowing delayed reboot of virtual machines VMware vCenter Update Manager is a fully integrated module of VMware vCenter Server. It does not require a complex installation or additional infrastructure.
  5. In stage 3, organizations have started leveraging private and public clouds. The IT dept has transformed itself into acting as a service provider with charge-back type processes where consumers of IT are in effect renting computing space and time from IT. Benefits are further cost efficiencies, QoS and faster business agility.As orgs considered their move to stage 3, security was top of mind IDC survey data shows that it is the #1 issue why orgs will not move to the cloud.
  6. To address the risks of evolving your data center, we have a single platform and administration that secures your physical, virtual and cloud environments.Our solution is open, automated and highly scalable, fitting your existing infrastructure, seamlessly integrating with key applications like VMWare or cloud environments like Amazon Web Services.Like our end user protection solution, this solution is plug-and-play in nature allowing you to extend and grow your solution as your business needs change.Block and remove malicious software with Anti-Malware.Protect against known and zero-day vulnerabilities with Intrusion Prevention. This provides you with virtual patching -- protecting you before you patch.Achieve segmentation of systems and reduce the attack surface with a host-based Firewall.Identify expected and unexpected (malicious) system changes with Integrity Monitoring.Gain additional visibility and correlation of system and application events with Log Inspection. This can be integrated with your existing SIEM for further insight.Protect sensitive data, particularly when using cloud service providers with Encryption.<click>And just like our other solutions, it is powered by our Smart Protection Network, protecting against real-world threats faster.Our Cloud and Data Center Solution protects you on your journey to the cloud now and in the future.
  7. Lets look at the example here:Lets imagine a VMware ESX host with 15 virtual servers running on it, each of which has a locally installed security agent providing e.g. AM, Web Threat Protection, FW, DPI, IM. So whats the problem with this approach? Simultaneous scanning, updates, network traffic analysis and so on lead to increased resource usage on each VM, and a cumulative resource impact on the ESX host which can be disastrous and lead to outages of the host and therefore all of the VMs running on that host. This is turn can result in a combination of the following:Less VMs per ESX hostReduced security on each VMNo security on each VMSo how does Deep Security solve this problem? Deep Securitys agentless protection abilities mean you can drastically increase the amount of VMs per ESX host all without reducing the security posture of the VM. Which means one thing for VMware customers increased ROI (and security!) in their virtual infrastructure.Savings on improved VM density:VDI: 50% more VDIsVirtual servers: 20 30% more virtual serversSavings during initial deployment:Where Deep Security saves significant setup time is when customers need to install multiple separate point security solutions for example, for separate solutions such as anti-virus, host firewall, host IPS, and integrity monitoring. By providing these technologies in a single integrated virtual appliance, Deep Security reduces overall setup time relative to other market alternatives that deploy multiple agent-based solutions.Savings in on going management:Faster deployment on new VMsVirtual patching
  8. Datacenter extension into the cloud Workloads like Web or mail. Challenges with visibility and policy with the workloads and extension of networkDS Allowing visibility into physical, virtual, cloud assetsBeing able to assign and enforce security policies across these workloads.
  9. Each of these platforms has unique security concerns. With physical machines, the manageability of various security solutions can be an issue.There can be a glut of security productseither through excessive layering or overly specialized products. This increases hardware and software costs. Also, management across the different products can be difficult causing security gaps. And collectively these issues create a higher Total Cost of Ownership.The solution is to reduce complexity by consolidating security vendors and correlating protection.[click]With virtualization, the risks pertain to both performance and threats specific to virtual environments. There is a concern that security will reduce performance, which reduces the ROI of a virtual infrastructure. Also there are unique virtual machine attacks, such as inter-VM threats. Here the solution is increased efficiencysecurity that optimizes performance while also defending against traditional as well as virtualization-specific threats. [click]With cloud services, the risks pertain to less visibility and cloud-specific threats. Companies are concerned about having less visibility into their applications and data. And they are concerned about increased external threats, especially in multi-tenant environments.For the cloud, businesses need security that allows them to use the cloud to deliver IT agility. Data must be able to safely migrate from on-premise data centers to private clouds to public clouds so organizations can make the best use of resources. [click]As well see later, all of these concerns can be addressed. And through protection that is provided in an integrated security solution all managed through one console. With cross-platform security, youll stay protected as your data center and virtual or cloud deployments evolve, allowing you to leverage the benefits of each platform while defending against the threats unique to each environment.