Transcript Deep Security 6 RAM Training, Atlanta & Arlington

Server Security
Press Presentation
Harish Agastya, Director Server Security Product Marketing
Copyright 2009 Trend Micro Inc.
Deep Security: Securing the New Server
Cloud
Virtualized
Physical
Servers in the open
Servers virtual and in motion
Servers under attack
2
Copyright 2009 Trend Micro Inc.
Internal Training
7/18/2015
2
Threat Environment
More profitable
$100 billion: Estimated profits from global cybercrime
-- Chicago Tribune, 2008
More sophisticated, malicious & stealthy
“95% of 285 million records stolen in 2008, were the
result of highly skillful attacks”
“Breaches go undiscovered and uncontained for
weeks or months in 75% of cases.”
-- Verizon Breach Report, 2009
More frequent
"Harvard and Harvard Medical School are attacked
every 7 seconds, 24 hours a day, 7 days a week.”
-- John Halamka, CIO
More targeted
“27% of respondents had reported targeted attacks”.
-- 2008 CSI Computer Crime & Security Survey
Copyright 2009 Trend Micro Inc.
3
“99.9% of records
were compromised
from servers and
applications”
2009 Data Breach Investigations Report
conducted by Verizon Business RISK Team
7/18/2015
Copyright 2009 Trend Micro Inc.
4
High profile breaches
May-2008: Security breach cost $12.6
million so far, including legal costs and
fines from MasterCard and Visa. More >>
Dec-2008: DNS hijacking puts 5,000,000
check processing accounts at risk.
Dec-2008: PII of 1.5M customers
& 1.1M Social Security Numbers.
More >>
Mar-2009: Hackers hijack PII for 45,000
employees & retirees. More >>
Aug-2007: Hackers placed software on
the company’s network, and steal 45 M
credit card #’s. Costs soar to $256 M.
May-2009: Hackers broke into 2 databases
over a 6 month period, and exposed the data
of 160,000+ students. More >>
More >>
More >>
Copyright 2009 Trend Micro Inc.
Verizon 2009 Data Breach Investigations
7/18/2015
Copyright 2009 Trend Micro Inc.
6
Compliance Imperative
More standards:
• PCI, SAS70, HIPAA, ISO 27001, FISMA / NIST 800-53, MITS…
More specific security requirements
• Virtualisation, Web applications, EHR, PII…
More penalties & fines
• HITECH, Breach notifications, civil litigation
“
DMZ consolidation using virtualisation will be a "hot spot” for
auditors, given the greater risk of misconfiguration and lower
visibility of DMZ policy violation. Through year-end 2011, auditors
will challenge virtualized deployments in the DMZ more than
nonvirtualized DMZ solutions.
”
Neil MacDonald, Gartner, June 2009
Copyright 2009 Trend Micro Inc.
7
Virtual Machines Need Specialized Protection
1. Same threats in virtualized servers as physical:
– OS & Application vulnerabilities and Configuration errors allow Malware to
attack & infect
2. Plus Dynamics of virtualisation causes some new
challenges:
–
–
–
–
–
Dormant VMs
Resource contention
VM Sprawl
Inter-VM traffic
vMotion
Dormant VMs
App
App
Active VMs
App
App
ESX Server
Copyright 2009 Trend Micro Inc.
8
App
Trend Micro Server Security Value
Proposition
For organizations whose server security architecture must
(target address the dynamic nature of their datacenter, including
customer) virtualisation and cloud computing,
That need to continue to protect confidential data, ensure application
(statement of availability, and meet compliance requirements, while
need) recognizing perimeter defenses alone are no longer sufficient
Trend Micro is advanced server security software that comprehensively
Server Security protects the server including the operating system, applications
(category) and data and allows systems to become self-defending.
It Prevents data breaches and business disruptions, and enables
(benefits) compliance and operational cost reductions.
Unlike vendors whose technology focus is solely limited to physical
(competitors) servers or the server file system
Trend Micro addresses the challenging operational, security and compliance
(differentiators) needs of today’s dynamic datacenter with superior platform
support, comprehensive protection, greater operational
efficiency, and tighter integration with existing investments.
7/18/2015
Copyright 2009 Trend Micro Inc.
9
Trend Micro Deep Security
Advanced Server & application protection for:
PHYSICAL
VIRTUAL
CLOUD
Deep Packet Inspection
IDS / IPS
Web App. Application
Protection
Control
Firewall
Copyright 2009 Trend Micro Inc. 10
Integrity
Monitoring
Log
Inspection
Malware
Protection
Why They Buy: Plays for Deep Security
• Compliance
–
–
–
–
Reason to do it today
Internal compliance, security policy
External compliance, like PCI, FISMA, NERC, FDIC, SAS 70…
Detailed reporting, audit support
• Virtualisation Security
– Reason to revisit security practices
– Provides security necessary to achieve100% virtualisation
– Enables mobility and evolution to cloud computing
• Defense in Depth / Business Continuity
–
–
–
–
Best practice
Preventing data breach and business disruption
Zero-day protection and virtual patching
Detecting suspicious activity
Copyright 2009 Trend Micro Inc.
Confidential
7/18/2015
11
Deep Security 7 Modules
Deep Packet Inspection
Integrity Monitoring
Enables IDS / IPS, Web App Protection,
Application Control
Examines incoming & outgoing traffic for:
• Protocol deviations
• Content that signals an attack
• Policy violations.
• Monitors critical files, systems and
registry for changes
• Critical OS and application files (files,
directories, registry keys and values)
• Flexible, practical monitoring
through includes/excludes
• Auditable reports
Firewall
Log Inspection
• Centralized management of server
firewall policy
• Pre-defined templates for common
enterprise server types
• Fine-grained filtering: IP & MAC
addresses, Ports
• Coverage of all IP-based protocols:
TCP, UDP, ICMP, IGMP …
• Collects & analyzes operating system
and application logs for security
events.
• Rules optimize the identification of
important security events buried in
multiple log entries.
7/18/2015
Copyright 2009 Trend Micro Inc. 12
Deep Security: Key benefits
 Shield vulnerabilities in web
apps, enterprise apps OSs
 Detect & block
suspicious activity
 Internal policies
Prevents Data
Breaches &
Business
Disruptions
 Prioritize secure
coding efforts
 PCI & other
requirements
Enables
Compliance
Supports
Operational
Cost
Reductions
 Manage unscheduled
patching
 Detailed reports
document
prevented
attacks &
compliance
status
 Provides security
necessary to realize
virtualisation savings
 Increased value from SIEM
investments
Copyright 2009 Trend Micro Inc. 13
Questions?
Laura Maio
Harish Agastya
[email protected]
+1 613-270-5531
[email protected]
+1 408-850-1082
Copyright 2009 Trend Micro Inc.