Embed Size (px)
Citation preview
2013 Trend Micro
25th Anniversary
Patrick Gada, Senior Sales Engineer 3 April 2013
2013 Trend Micro
25th Anniversary
� Challenges of Virtualization Security
� Clouditalia reference
� Deep Security deployment
Agenda
2013 Trend Micro
25th Anniversary
Inter-VM attacks/ blind spots1
Challenges of Virtualization Security
2013 Trend Micro
25th Anniversary
Active
� � � �
Dormant
� �
Reactivated with
out-of-date security
� � � �
Instant-on gaps2
Challenges of Virtualization Security
New VMs
2013 Trend Micro
25th Anniversary
Resource contention
Typical AV
Console
3:00am Scan
3
Challenges of Virtualization Security
2013 Trend Micro
25th Anniversary
Patch
agentsRollout
patterns
Provisioning
new VMs
Complexity of Management4
Reconfiguring
agents
Challenges of Virtualization Security
2013 Trend Micro
25th Anniversary
Deep Security 9.0 architecture
2013 Trend Micro
25th Anniversary
Q & AVMUG - ITCLOUDITALIA
Delio Trapani – DataCenter Director
2013 Trend Micro
25th Anniversary
PHYSICAL VIRTUAL CLOUD
IntegrityMonitoringIntegrity
MonitoringLog
InspectionLog
Inspection
Anti
Malware
Anti
MalwareFirewallFirewall
Deep Packet
Inspection
Deep Packet
Inspection
Agent-less
Deep Security Platform Overview
2013 Trend Micro
25th Anniversary10
Firewall
• Centralized management of server
firewall policy
• Pre-defined templates for common
enterprise server types
• Fine-grained filtering: IP & MAC
addresses, Ports
• Coverage of all IP-based protocols:
TCP, UDP, ICMP, IGMP …
Deep Packet Inspection
• Enables IDS / IPS, Web App Protection,
• Application Control
• Examines incoming & outgoing traffic for:
• Protocol deviations
• Content that signals an attack
• Policy violations
• Shields vulnerabilities from exploit until the
next maintenance window
Integrity Monitoring
• Monitors critical files, systems and
registry for changes
• Files, directories, ports, registry
keys and values, etc.
Log Inspection
• Collects & analyzes operating system and
application logs for security events
• Rules optimize the identification of important
security events buried in multiple log entries.
Anti Malware
• Agent-Less Real Time Scan
• Agent-Less Manual and Schedule Scan
• Zero Day Protection
• Agent-Less Remediation
• API Level Caching
Deep Security Modules
2013 Trend Micro
25th Anniversary
• vSphere preparation
vShield Manager 5.X installation:
- Network setup
- Web console setup
- vShield Endpoint installation on each host
Deep Security deployment
2013 Trend Micro
25th Anniversary
• Install Deep Security Manager• Check license & import filter driver & DSVA• Add vCenter to DSM console• Prepare ESX host• Deploy and configure DSVA• Activate DSVA• Install vShield Endpoint on VMs (VMware tools)• Activate and assign a security policy to VMs• Eicar Virus test
Deep Security deployment
2013 Trend Micro
25th Anniversary
Q & A
