Understand the security issues and risks for your virtualised data centre and find out ways to enhance your server defenses, implement security solutions that are virtualisation aware and leverage Vmsafe-based solutions to ensure stronger security, faster performance and better manageability.
A presentation given by Trend Micro at the IDC Summit in London, Feb 2012
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Your data center is changing. Have your security strategies changed accordingly?
1. Your data center is changing.
Have your security strategies
changed accordingly?
John Burroughs CISSP
Solutions Architect
Copyright 2011 Trend Micro Inc. 1
2. Security Issues and Risks for your Virtualized Data Center
What to look for in a Security Solution for your VDI environment
Copyright 2011 Trend Micro Inc. 2
3. Cross-platform Security
Physical Virtual Cloud
• New platforms don‟t change the threat landscape
• Integrated security is needed across all platforms
• Each platform has unique security risks
Copyright 2011 Trend Micro Inc. 3
4. Integrated security is needed across all of
these platforms
Physical Virtual Cloud
• New platforms don‟t change the threat landscape
• Integrated security is needed across all platforms
• Each platform has unique security risks
… with a single management console
Copyright 2011 Trend Micro Inc. 4
5. Threat Environment: High Profile Cases
June-2011: Citi Account Online Web portal
breached, hackers seized 360,000 customer records
including their names, email addresses, and account
numbers
April -2011: PSN hacked and 77 million records accessed
June -2011: Sony Online Entertainment hacked and 24.6
million records compromised.
April - 2011: an e-mail marketing service provider lost the
email address for customers of over 50 companies including
Citibank, JP Morgan Chase, Capital One, TD Ameritrade
March-2011: Hackers stole sensitive data related to their
SecureID technology … Leading to Lockheed Martin and L-3
Communications networks being compromised
Feb-2011: Hackers broke into the Web Portal Directors
Desk used by 10,000 Executives of Fortune 500 Companies
to share confidential information and documents
Fed-2011: Canadian Government compromised by foreign
hackers obtaining highly classified Federal Information
Copyright 2011 Trend Micro Inc.
5
6. Security firm - RSA attacked using
Excel flash
http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/
Copyright 2011 Trend Micro Inc.
8. Assessing Risk in the Cloud Journey
IT Production Business Production ITaaS
Data destruction 12
Multi-tenancy 11
Diminished perimeter 10
Data access & governance 9
Data confidentiality & integrity 8
Compliance / Lack of audit trail 7
Complexity of Management 6
Resource contention 5
Mixed trust level VMs 4
Instant-on gaps 3
Inter-VM attacks 2
Host controls under-deployed 1
Copyright 2011 Trend Micro Inc.
08-31
9. Virtualization
Security Inhibitors Typical AV
Console
3:00am Scan
1 Resource Contention
Antivirus Storm
Automatic antivirus scans
overburden the system
Copyright 2011 Trend Micro Inc. 9
10. Virtualization
Security Inhibitors
Reactivated with
1 Resource Contention Active out-of-date security New VMs
Dormant
2 Instant-on Gaps
Cloned VMs must have a configured
agent and updated pattern files
Copyright 2011 Trend Micro Inc. 10
11. Virtualization
Security Inhibitors
1 Resource Contention
2 Instant-on Gaps
3 Inter-VM Attacks / Blind Spots
Attacks can spread across VMs
Copyright 2011 Trend Micro Inc. 11
12. Virtualization
Security Inhibitors
Provisioning Reconfiguring Rollout Patch
new VMs agents patterns agents
1 Resource Contention
2 Instant-on Gaps
3 Inter-VM Attacks / Blind Spots
4 Complexity of Management
VM sprawl inhibits compliance
Copyright 2011 Trend Micro Inc. 12
13. Virtualization
Addressing Security Inhibitors
Solution: Use Security solutions that
1 Resource Contention
are „virtualization aware‟
Solution: Discovery and protection
2 Instant-on Gaps
of VMs must be automated
Inter-VM Attacks / Blind Spots Solution: Use Network Protection
3 (FW&IDS/IPS) to inspect traffic on
a per VM basis
Solution: Integration with
4 Complexity of Management
virtualization management
consoles such as VMware vCenter
Copyright 2011 Trend Micro Inc. 13
14. Virtualization
Virtual Desktop Security – What to Look for
• Integrates tightly with leading VDI vendors infrastructure
• Uses hypervisor API integration to off load security from
VM
• Provides agentless option
• Allows host to be self defending
• For AV, Optimizes scanning and pattern
update operations
• Solution architected to prevent resource contention
Copyright 2011 Trend Micro Inc. 14
15. What is required is a virtualisation-
aware security solution
Deep Packet Inspection
Firewall
Security
Anti Virus VM
Log Inspection
Hypervisor
Integrity Monitoring
Copyright 2011 Trend Micro Inc.
Copyright 2009 Trend Micro
Inc.
18. Virtualization Aware Security
Agentless Protection for AV, Network and Integrity Monitoring
The Old Way With Agent-less Protection
Security
VM VM VM Virtual
Appliance
VM VM VM VM VM
Zero Added Faster Better Stronger
Footprint Performance Manageability Security
• Zero added footprint: AV, Network Protection and Integrity monitoring
in the same Security Virtual Appliance
• Order of Magnitude savings in manageability
• Virtual Appliance avoids performance degradation from FIM storms
18 Copyright 2011 Trend Micro Inc.
19. For further information on Trend Micro virtualisation
and cloud security solutions, including Trend Micro
Deep Security
www.trendmicro.co.uk/virtualisation
Copyright 2011 Trend Micro Inc.
Notas del editor
The outside-in approach is still important, but, alone, is not sufficient in today’s evolving data center. Disgruntled employees are already within the perimeter. Advanced Persistent Threats are unique attacks that will not be stopped by many traditional perimeter defenses. And the changing nature of IT is causing deperimeterization with new technologies like virtualization, cloud computing, and consumerization. New security approaches must be added to the traditional outside-in protection.
As you can see as you progress further along you journey the security risks become more. Even in stage 2 where you are deploying Business critical apps in VMs or rolling out VDI security and compliance are key factors.
Next we’ll cover instant-on gaps. [click]Unlike a physical machine, when a virtual machine is offline, it is still available to any application that can access the virtual machine storage over the network, and is therefore susceptible to malware infection. However, dormant or offline VMs do not have the ability to run an antimalware scan agent. [click]Also when dormant VMs are reactivated, they may have out-of-date security. [click]One of the benefits of virtualization is the ease at which VMs can be cloned. However, if a VM with out-of-date security is cloned the new VM will have out-of-date security as well. New VMs must have a configured security agent and updated pattern files to be effectively protected.
Now let’s summarize the solutions to the virtualization security inhibitors we just discussed.First, resource contention can be avoided with agent-less AV scans. The dedicated scanning virtual machines can coordinate staggered scans across VMs to preserve host resources. We’ll talk about agent-less AV in more detail a bit later. [click]Second, dedicated scanning virtual machines coordinated with real-time agents within each virtual machine can prevent instant-on gaps. This ensures that virtual machines are secure when dormant and ready to go with the latest pattern updates whenever activated. [click]Third, inter-VM attacks and blind spots can be prevented with VM-aware security that is provided on the virtual machine level, independent of the host machine. [click]Fourth, management complexity can be reduced when VM security is tightly integrated with virtualization management consoles such as VMware vCenter.With integrated, comprehensive, virtualization-aware security, virtualization environments can be as secure as dedicated physical servers. And virtual servers and desktops can be secure without sacrificing performance.