2. 2 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
3. 3 Confidential
Securing Servers the Traditional Way
App
OS
Network
IDS / IPS
ESX Server
App
OS
App
OS
AppAV AppAV AppAV
âą Anti-virus: Local, agent-based protection
in the VM
âą IDS / IPS : Network-based device or
software solution
13. 13 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
14. 14 Confidential
14
âą More Profitable
âą $100 billion: Estimated profits from global cybercrime
-- Chicago Tribune, 2008
âą More Sophisticated
âą âBreaches go undiscovered and uncontained for
weeks or months in 75% of cases.â
-- Verizon Breach Report, 2009
âą More Frequent
âą "Harvard and Harvard Medical School are attacked
every 7 seconds, 24 hours a day, 7 days a week.â
-- John Halamka, CIO
âą More Targeted
âą â27% of respondents had reported targeted attacksâ.
-- 2008 CSI Computer Crime & Security Survey
Todayâs threat environment
16. 16 Confidential
16
# of days until
vulnerability is
first exploited,
after patch is
made available
2003
MS- Blast
28 days
2004
Sasser
18 days
2005
Zotob
10 days
2006 âŠ
WMF
Zero-day Zero-day
Exploits are happening before patches are developed
2010
IE zero-day
âMicrosoft today admitted it knew
of the Internet Explorer flaw used
in the attacks against Google and
Adobe since September last
year.â
-- ZDNet, January 21, 2010
âMicrosoft today admitted it knew
of the Internet Explorer flaw used
in the attacks against Google and
Adobe since September last
year.â
-- ZDNet, January 21, 2010
17. 17 Confidential
17
Where are you vulnerable?
Takes days to months
until patches are
available and can be
tested & deployed:
âą âMicrosoft Tuesdayâ
âą Oracle
âą Adobe
Developers not available
to fix vulnerabilities:
âą No longer with company
âą Working on other projects
Patches are no longer
being developed:
âą Red Hat 3 -- Oct 2010
âą Windows 2000 -- Jul 2010
âą Solaris 8 -- Mar 2009
âą Oracle 10.1 -- Jan 2009
Canât be patched
because of cost,
regulations, SLA
reasons:
âą POS
âą Kiosks
âą Medical Devices
18. 18 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
19. 19 Confidential
New Paradigm #1:
Hypervisor-powered Security Architectures
19
App
OS
ESX Server
App
OS
App
OS
vShield Endpoint
Anti-virus
Virtual Appliance
âą vShield Endpoint enables agentless AV scanning
âą Secures VMs from the outside, no changes to VM
20. 20 Confidential
The Opportunity with Agentless Anti-malware
Virtual
Appliance
Agent
vShield Endpoint
AgentAgent
vSphere
Today using vShield EndpointPreviously
âą More manageable: No agents to configure, update, patch
âą Faster performance: Freedom from AV Storms
âą Stronger security: Instant ON protection + tamper-proofing
âą Higher consolidation: Inefficient operations removed
21. 21 Confidential
Security Virtual ApplianceSecurity Virtual Appliance
VM
APP
OS
Kernel
Kernel
BIOS
ESX 4.1
vSphere Platform
VM
APP
OS
Kernel
Kernel
BIOS
Guest VM
OS
Anti-malware
Product
Console
Anti-malware
Product
Console
vShield Endpoint
Library
Agentless anti-malware: Architecture
Anti-malware Scanning ModuleAnti-malware Scanning Module
vShield Endpoint ESX
Module
vShield Endpoint ESX
Module
On Access ScansOn Access Scans
On Demand ScansOn Demand Scans
Vshield Guest
Driver
Vshield Guest
Driver
EPsec
Interface
VI Admin
Security
Admin
RemediationRemediation
Caching & FilteringCaching & Filtering
APPsAPPs
APPsAPPs
APPsAPPs
REST
Status
Monitor
Status
Monitor
22. 22 Confidential
Agentless Anti-malware: Process flow
VMVMGuest VM
OS
Security Virtual ApplianceSecurity Virtual Appliance
EPsec
Lib
Anti-malware
Scanning module
Anti-malware
Scanning module
On Access ScansOn Access Scans
On Demand ScansOn Demand Scans
RemediationRemediation
Caching & FilteringCaching & Filtering
APPsAPPs
APPsAPPs
APPsAPPs Vshield
Guest
Driver
Vshield
Guest
Driver
result cached?
excluded by filter?
file event
* file data request
* file data
* file data
* file data request
scan result
scan resultresult
file event
data cached?
file event
result
result
* file data
time
24. 24 Confidential
Anti-Virus âBâ
Time (Seconds)
Anti-Virus âYâ
Anti-Virus âRâ
Agentless approach uses less bandwidth
Signature update for 10 agents
Agentless
Anti-Virus âTâ
25. 25 Confidential
New Paradigm #2:
Opportunity to Beef up Server Security
ï VMsafe enables you to supplement perimeter defense
ï Agentless IDS/IPS, Firewall and application protection
App
OS
ESX Server
App
OS
App
OS
VMsafe APIs
Virtual Appliance
Firewall
IDS / IPS
Web app
Anti-Virus
26. 26 Confidential
VMsafeâą APIs
26
CPU/Memory Inspection
âą Inspection of specific memory pages
âą Knowledge of the CPU state
âą Policy enforcement through resource allocation
Networking
âą View all IO traffic on the host
âą Intercept, view, modify and replicate IO traffic
âą Provide inline or passive protection
Storage
âą Mount and read virtual disks (VMDK)
âą Inspect IO read/writes to the storage devices
âą Transparent to device & inline with ESX Storage stack
27. 27 Confidential
Fastpath Driver
Micro Firewall
(Blacklist &
Bypass)
Tap/Inline
Incoming
/
Outgoing
Packet
Pass
Drop
Stateful
Firewall
Drop
Slowpath Driver
Pass
DPI
Intrusion Defense with VMsafe
28. 28 Confidential
vSphere
App
OS
App
OS
vCenter
New Paradigm # 3
Virtualization-aware agents
ï vCenter integration makes security virtualization-aware
ï V-aware agents complement virtual appliance
ï Use cases: offline desktops, compliance, defense in depth
29. 29 Confidential
vSphere
App
OS
App
OS OS
App
New Paradigm # 4
Security that is Cloud-Ready
ï Security for datacenter VMs moves to the cloud with
application and data
ï Advanced security modules (IDS/IPS, Integrity monitoring)
protect server in multi-tenant environment
30. 30 Confidential
Agenda
Security Roadblocks in the Virtualization Journey
Threat Evolution and the Porous Perimeter
New Security Paradigms on the vSphere platform
Trend Micro: Security Built for VMware
31. 31 Confidential
Founded
Headquarters
Offices
Employees
Market
Leadership
United States, 1988
Tokyo, Japan
23 countries
4,350
Internet Content Security
US $1 Billion annual revenue 1,000+ Threat Research Experts
10 labs. 24x7 ops
Real-time alerts for new threats
nd Micro security & compliance solutions
VMware customers :
Accelerate and complete their virtualization journey
More fully leverage their VMware investments
Maximize their virtualization ROI
Security Built for VMware
32. 32 Confidential
32
Trend Micro Deep Security
Server & application protection
âą Latest anti-malware module adds to existing set of advanced protection
modules
Firewall
Web app
protection
Log
Inspection
Integrity
Monitoring
Anti-
Malware
Intrusion
Detection
Prevention
33. 33 Confidential
33
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Log
Inspection
Anti-Virus
Detects and blocks known and
zero-day attacks that target
vulnerabilities
Shields web application
vulnerabilities Provides increased visibility into,
or control over, applications
accessing the network
Reduces attack surface.
Prevents DoS & detects
reconnaissance scans
Detects malicious and
unauthorized changes to
directories, files, registry keysâŠ
Optimizes the
identification of important
security events buried in
log entries
Detects and blocks malware
(web threats, viruses &
worms, Trojans)
Trend Micro Deep Security
Server & application protection
Protection is delivered via Agent and/or Virtual Appliance
5 protection modules
Integrity
Monitoring
34. 34 Confidential
Classification 01/30/15
34
Agent-based security:
âą Comprehensive protection
within datacenter
âą Mobility â to extend protection
to public cloud
Hypervisor / vCenter integration:
âą Enables virtualization-aware security
âą Eliminates instant-on gaps
Coordinated approach:
âą Optimized protection
âą Operational efficiency
2
3
4
Inline virtual appliance:
âą AV, IDS/IPS, FW
âą Greater efficiency
âą Manageability
1
Trend Micro Deep Security
Security Built for VMware
35. 35 Confidential
Deep Security 7.5 Integrates vShield Endpoint & VMsafe
Agent-Less Real Time Scan
âą Triggers notifications to AV engine on file open/close
âą Provides access to file data for scanning
Agent-Less Manual and Schedule Scan
âą On demand scans are coordinated and staggered
âą Traverses guest file-system and triggers notifications to the AV engine
âą Integrates with vShield Endpoint (in vSphere 4.1)
âą Zero Day Protection
âą Trend Micro SPN Integration
Agent-Less Remediation
âą Active Action, Delete, Pass, Quarantine, Clean
API Level Caching
âą Caching of data and results to minimize data
traffic and optimize performance
Virtual
Appl.
vShield Endpoint
SPN
New security solutions can be developed and integrated into VMware virtual infrastructure
Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage)
Provides an unprecedented level of security for the application and the data inside the VM
Complete integration with, and awareness of VMotion, Storage VMotion, HA, etc.
CPU/Memory Inspection
Inspection of specific memory pages used by the VM or it applications
Knowledge of the CPU state
Policy enforcement through resource allocation of CPU and memory page
Networking
View all IO traffic on the host
Ability to intercept, view, modify and replicate IO traffic from any one VM or all VMâs on a single host.
Capability to provide inline or passive protection
Storage
Mount and read virtual disks (VMDK)
Inspect IO read/writes to the storage devices
Transparent to device & inline with ESX Storage stack