Your data center is changing. Have your security strategies changed accordingly?

Copyright 2011 Trend Micro Inc. 1

John Burroughs CISSP

Solutions Architect

Your data center is changing.Have your security strategies changed accordingly?

Copyright 2011 Trend Micro Inc. 2

Security Issues and Risks for your Virtualized Data Center

What to look for in a Security Solution for your VDI environment

Copyright 2011 Trend Micro Inc.

Cross-platform Security

• New platforms don’t change the threat landscape

• Integrated security is needed across all platforms

• Each platform has unique security risks

Virtual CloudPhysical

3


Integrated security is needed across all of these platforms

• New platforms don’t change the threat landscape

• Integrated security is needed across all platforms

• Each platform has unique security risks

Virtual CloudPhysical

… with a single management console

4


Threat Environment: High Profile Cases

Fed-2011: Canadian Government compromised by foreign hackers obtaining highly classified Federal Information

Feb-2011: Hackers broke into the Web Portal Directors Desk used by 10,000 Executives of Fortune 500 Companies to share confidential information and documents

5

March-2011: Hackers stole sensitive data related to their SecureID technology … Leading to Lockheed Martin and L-3 Communications networks being compromised

April -2011: PSN hacked and 77 million records accessedJune -2011: Sony Online Entertainment hacked and 24.6 million records compromised.

April - 2011: an e-mail marketing service provider lost the email address for customers of over 50 companies including Citibank, JP Morgan Chase, Capital One, TD Ameritrade

June-2011: Citi Account Online Web portal breached, hackers seized 360,000 customer records including their names, email addresses, and account numbers


Security firm - RSA attacked using Excel flash

http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/

http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/


AdvancedTargetedThreats

EmpoweredEmployees

De-PerimeterizationVirtualization, Cloud Consumerization & Mobility

Perimeter Defense Isn’t Enough…

Source: Forrester


IT Production Business Production ITaaS

Data destruction

Diminished perimeter

Compliance / Lack of audit trail

Multi-tenancy

Data access & governance

Resource contention

Mixed trust level VMs

Data confidentiality & integrity

1

2

3

4

5

6

7

8

9

10

11

12

Virtualiz

ation

Adoption R

ate

Assessing Risk in the Cloud Journey

Inter-VM attacks

Instant-on gaps

Host controls under-deployed

Complexity of Management

08-31


Resource Contention1

Typical AV Console

3:00am Scan

Automatic antivirus scans overburden the system

VirtualizationSecurity Inhibitors

Antivirus Storm

9



Instant-on Gaps2

Active

Dormant Reactivated without-of-date security

New VMs

Cloned VMs must have a configured agent and updated pattern files


10



Attacks can spread across VMs


Inter-VM Attacks / Blind Spots3

Instant-on Gaps2

11



Complexity of Management4


Instant-on Gaps2

Patch agents

Rollout patterns

Provisioning new VMs

Reconfiguring agents

VM sprawl inhibits compliance


12



Complexity of Management4


Instant-on Gaps2

VirtualizationAddressing Security Inhibitors

Solution: Use Security solutions that are ‘virtualization aware’

Solution: Discovery and protection of VMs must be automated

Solution: Use Network Protection (FW&IDS/IPS) to inspect traffic on a per VM basis

Solution: Integration with virtualization management consoles such as VMware vCenter

13


• Integrates tightly with leading VDI vendors infrastructure

• Uses hypervisor API integration to off load security from VM

• Provides agentless option

• Allows host to be self defending

• For AV, Optimizes scanning and pattern update operations

• Solution architected to prevent resource contention

VirtualizationVirtual Desktop Security – What to Look for

14

Copyright 2011 Trend Micro Inc.Copyright 2009 Trend Micro Inc.

What is required is a virtualisation-aware security solution

Hypervisor

Security VM

Deep Packet Inspection

Firewall

Anti Virus

Log Inspection

Integrity Monitoring

Copyright 2011 Trend Micro Inc.Classification 04/08/2023 16

Tolly Report“Full Scan Storm” Load

Agent Agent


Tolly Report“Pattern Update Storm” Load

Classification 04/08/2023 17

Agent Agent

Copyright 2011 Trend Micro Inc.18

VM VM VM

The Old Way

Security Virtual Appliance

VM

With Agent-less Protection

BetterManageability

Zero AddedFootprint

FasterPerformance

StrongerSecurity

• Zero added footprint: AV, Network Protection and Integrity monitoring in the same Security Virtual Appliance

• Order of Magnitude savings in manageability• Virtual Appliance avoids performance degradation from FIM storms

Virtualization Aware SecurityAgentless Protection for AV, Network and Integrity Monitoring

VM VM VMVM


For further information on Trend Micro virtualisation and cloud security solutions, including Trend Micro Deep Securitywww.trendmicro.co.uk/virtualisation

Your data center is changing. Have your security strategies changed accordingly?

Technology

trend microinc

security issues

vms copyright

security firm rsa

load security fromvm

unique security riskscopyright

vm basis solution

compliance copyright