In today’s real-time enterprises, operations teams often have to do more with
less, and in some cases forced to take shortcuts to meet business demands.
Workload, network and cloud virtualization introduced a quantum leap in our
operational capabilities, but security often remains an after-thought, with lots of
manual tasks and add-on point solutions that lack unified controls for this era of
digital transition.
Workloads are often put into production, lacking adequate protection
and automation of security controls. This leaves unforeseen and high-risk
vulnerabilities open for exploitation.
This session will cover the native-API capabilities of Trend Micro Deep Security
and it’s strong integration with the most common frameworks. It will demonstrate
how architectures can build-in security without any additional effort and provide
“secure-by-design” solutions that will bring their environments into the new era
of network security.
Introduction to Prompt Engineering (Focusing on ChatGPT)
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro-h.a muscate
1. Securing Business Transformation:
Automated Security for the Real-time Enterprise
Hans-Achim Muscate, Principle Solution Architect
Trend Micro™ - Hybrid Cloud Security powered by Xgen™
2. Copyright 2017 Trend Micro Inc.3
With today’s speed of
business, companies are
re-evaluating how they
run their operations…
3. Copyright 2017 Trend Micro Inc.4
Organizations are taking
advantage of changes in
computing technology…
4. Copyright 2017 Trend Micro Inc.5
Enterprises run 32% of workloads in public
cloud and 43% in private cloud
85% of enterprises have a multi-cloud strategy,
up from 82% in 2016
95% of organizations are running applications or
experimenting with infrastructure-as-a-service
Source: RightScale 2017 State of the Cloud Report
Technology leaders and
architects see value
beyond the data center
6. Copyright 2017 Trend Micro Inc.7
ContainersCloudVirtualPhysical Serverless
101
010
SecondsMinutesDaysWeeks ImmediateTime to deploy
Deep Security
Protecting the server compute evolution
Teams: SecOps to DevSecOps
Applications: Changing more frequently, shorter lifespan
Threat Sophistication: Known Threats to Unknown, Targeted Threats
Licensing & Procurement: Static to Consumption-based, cross-environment
Protecting the Compute Evolution
7. Copyright 2017 Trend Micro Inc.8
Deep Security vs. Point Solutions over the
Evolving Server Threat Landscape
Firewall
Intrusion
Prevention
Application
Control
Sandbox
Analysis
Web
Reputation
Log
Inspection
Anti-Malware
System
Integrity
Virtualization
Optimized
Machine
Learning
ThreatSophistication
“History has clearly shown that no single approach will be successful for thwarting all types of malware attacks.
Organizations and solution providers have to use an adaptive and strategic approach to malware protection.”
- Gartner EPP MQ 2016 quote
8. Copyright 2017 Trend Micro Inc.9
Managing costs with effective solutions that
support change & current infrastructure
Supporting change in the business at the
speed demanded – while staying secure
Keeping the lights on…transformation is not
instantaneous nor homogeneous
A host-based security
solution is able to respond
to changing hybrid
requirements as needed
Cloud Security is Different than Traditional Security
9. Copyright 2017 Trend Micro Inc.10
Anti-Malware & Web Reputation
Intrusion Prevention (IPS) & Firewall
Integrity Monitoring & Log Inspection
Application Control
Safe files &
actions allowed
Malicious files &
actions blocked
LEGEND
Known
Good
Known
Bad
Unknown
Machine Learning
Behavioral Analysis
Custom Sandbox Analysis
Trend Micro™ Deep Security™
Cross-generational Blend of Threat Defense Techniques
10. Copyright 2017 Trend Micro Inc.11
Perimeter defenses don’t translate to the cloud
Limited bandwidth of virtual appliances (<1Gbps)
Lack of context of the guests
11. Copyright 2017 Trend Micro Inc.12
Unlimited bandwidth
No single point
of failure
Host-based controls have
context so they can apply
more focused security for
operating systems and
applications
Host-based controls best for the cloud
12. Copyright 2017 Trend Micro Inc.13
Deep Security
Securing business transformation
A single security
management console with
complete visibility across
physical, virtual, cloud and
container deployments
13. Copyright 2017 Trend Micro Inc.14
Deep SecurityDevOps API
Chef
OpsWorks
Puppet
Ansible
Powershell
Kubernetes
SecOpsAPI
Web
Optimized event stream for
deeper integrations
Security built in “By Design”
15. Copyright 2016 Trend Micro Inc.16
MaintainProtect
Risk
assessment
Context
Ongoing continuous holistic protection
Automated
virtual patching,
and App Control
Eight layers of
security and
threat protection
capabilities
Recommendation
scan for high risk
vulnerabilities
Rich data on
workload, event-
based tasks to
profile new
systems
Connectors
across virtual,
cloud and
containers for a
clear line of site
from one console
APIs
Visibility
AUTOMATED FUNCTIONALITY
16. Copyright 2017 Trend Micro Inc.17
Virtual Patching:
Preemptive Protection for “Undisclosed” Vulnerabilities
CUSTOMERS PROTECTED AHEAD OF PATCH
CUSTOMERS AT RISKOther Network
Security Vendors
92 DAYS
Average days of zero-day
filter coverage from date of
DV filter shipped to ZDI public
disclosure
51%
of all published
vulnerabilities
in 2016
17. Copyright 2017 Trend Micro Inc.18
Deep Security - Protection for the Data Center and Cloud
• Secure physical, virtual and cloud environments
• Most advanced integration with VMware
including hybrid cloud deployments
• Single solution with comprehensive set of
security capabilities
• Automated provisioning and management
• Future proof your environment for public cloud
Level 1 Service Provider
• Improve time to compliance
18. Copyright 2017 Trend Micro Inc.19
The MARKET LEADER
in server security for 7
straight years
Symantec
Intel
Other
30%
Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud
Has Transformed the Datacenter, January 2017 #US41867116
20. Copyright 2017 Trend Micro Inc.21
Part of a broad,
connected security
solution set
VISIBILITY AND
CONTROL
Hybrid Cloud Security Powered by Xgen™
www.trendmicro.com/hybridcloud
Editor's Notes
With todays speed of business, companies are re-evaluating how they run their operations, provide products and services to their customers, and grow brand recognition.
Operations teams often have to do more with less, and in some cases forced to take shortcuts to meet business demands. Workload, network and cloud virtualization introduced a quantum leap in our operational capabilities.
Organizations are taking advantage of changes in computing technology to position themselves for a more agile future.
Technology leaders and architects see value beyond the data center with new public cloud models and are keen on adopting hybrid infrastructure approaches to their compute environments.
The speed of change in the data center with virtualization was unprecedented. The promise that virtualization would only lower costs and drive consolidation didn’t end up that way…virtualization has changed the way mentality of the IT organization to a point where there are now more servers than ever, all in support of new business initiatives. Because of this unimaginable environment, the idea of simply using legacy security in the data center and cloud simply doesn’t work.
75% of server workloads are virtualized1 (Gartner)
87% using public cloud
Teams: SecOps to DevSecOps
We see a shift in skills where teams are evolving from high-security-skilled SecOps teams to smaller DevSecOps teams.
SecOps = High skilled in security, but skill gaps in Cloud, CI/CD pipelines, microservices. Primarily focused on protection and compliance. DevSecOps = Highly skilled in CI/CD pipeline, release automation, Ops automation. Lower skill in security where primary drivers are completely automating security, typically through APIs.
CISOs have a tough time getting more budget for headcount, forced to be more resourceful. When they do get budget, they have a hard time finding the skillsets
More teams are asked to protect more workloads without growing the team, forcing them to change they way they work.
Seeing trends from security teams to Ops teams with security expertise
Sensitive to helping Security professionals ‘get in front’ of Cloud Ops through best practices, leveling up their skillsets
The next gen set of security professionals expect the product to work, and when they get stuck, they can google their question and figure it out from there. No more massive admin guides, complicated installation procedures, no more layers of support. Customers now expect help immediately.
Applications: Changing More Frequently, shorter Lifespan
Legacy applications change in years, virtualized applications change in months, cloud applications in weeks/days, microservices in days/hours, serverless in minutes/seconds
Ops models are changing – from static, “locked” servers in the Data Center to cloud workloads swapped out daily (as a security policy), to immutable architectures for container environments
Many vendors focus on protecting some subject of this. We focus on protecting all of it.
As application change velocity increases, security should not get in the way, it should be invisible. Customers need a solution that embraces frequent and rapid change – from windows patches on live production servers all the way to microservices updates in Docker environments coming out of a CI/CD pipeline
Deep Security understands the security needs from legacy applications to ephemeral microservices – all in one solution
Threat Sophistication
Threats are becoming more unknown, more targeted, causing a move from signature-based controls to security controls such as application control, whitelisting, sandbox analysis, behavior analysis, and machine learning
Have a breadth of security controls protecting a set of multi-generational applications across data center and cloud in one solution is robust protection strategy
Licensing and Procurement: Static to Consumption-based, cross environment
There’s been a significant shift in enterprise buying behavior with the cloud
Paying for what you use vs. paying for your ‘worst case’ or ‘peak’
Customers now expect this for security solutions
Trend Micro is leading this charge through
Enterprise buying behavior shifting to consumption-pricing, simpler procurement
Procurement is changing – static to consumption-based
Procurement teams want fewer vendors, shorter evaluation times, less human friction, and terms that meet their business needs
Customers want to pay for what they protect, not ‘worst case or peak’
There’s a real market force out there to:
Rationalize to fewer toolsets and simplify operations
Do more without growing teams, focus on automation e.g. 1 person to 1000s of servers to protect
To delegate more security responsibility to server admins, product teams
Typically coming from the executive team
When there’s only so many security dollars to spend, point solutions (point solution on security control or compute evolution) are at more risk to more comprehensive solutions like Trend Micro Deep Security
Example of ‘points solutions on compute evolution’:
Containers, Twistlock and Aqua just do containers, not anything else
Physical and Virtualized: McAfee and Symantec have yet to struggle acquire new customers in cloud, and lack product attributes that embrace the differences of cloud
Examples of ‘points solutions of security controls’
Cylance claims that all you need is machine learning, but once customers learn more, they realize it is not a silver bullet that can simply replace all other controls, and has a high false positive rate
We hear customers wanted to replace Tripwire with our Integrity Monitoring solution to reduce cost, procurement pain, operational complexity
Customers tell us that they would never consider deploying Bit 9 in the cloud for application control
We don’t believe in a silver bullet control. We believe in layered defense with multiple controls. <Note the Gartner quote>
Businesses are looking to reduce the number of security tools and management interfaces throughout their organization. Security solutions that deliver multiple capabilities managed through a single connected dashboard with full visibility into leading environments like VMware, AWS, Microsoft Azure and Docker are key for a modern threat defense solution allowing skilled resources to focus on business goals. These three points reflect Capgemini’s own beliefs as noted by Mike Turner, Chief Operating Officer (COO) of Capgemini’s Global Cybersecurity Practice as well as Head of Cybersecurity Services in the UK Region.
Trend Micro hybrid cloud security, powered by XGen, puts protection close to your workloads, protecting your servers and applications with a cross-generational blend of threat defense techniques. Using the right technique at the right time gives you the best protection against the broadest range of threats, with the most efficient performance for each environment, whether in physical, virtual, or cloud.
A good way to illustrate this is using a funnel analogy. All the data arriving at or activity requested of your servers via the network can be classified as:
Known good, represented by the white bubbles
Known bad– represented by the black bubbles, or
Unknown – where we don’t know if it is good or bad, and this is represented by the grey bubbles
At the top of the funnel we have a wide range of powerful techniques that bat away all the known bad data and allow through the known good data. These techniques are highly accurate and efficient, with very low false positive rates. These include techniques such as
Anti-malware and Web Reputation
Intrusion Prevention and Firewall
Integrity Monitoring and Log Inspection
Application Control, with a new hybrid cloud server-focused approach
This now leaves sophisticated detection techniques – which are more computationally intensive and can have higher false positive rate— to focus only on the unknown data, delivering maximizing efficiency and performance.
The next technique is machine learning which looks at static file features to predict maliciousness. This will block some unknown threats, but a few will still make it through to behavioral analysis, which looks for behaviors that are indicators of maliciousness, including actions like the encryption of files with ransomware.
The final layer sends unknown suspicious files to a custom sandbox, for specialized analysis in a contained environment. If discovered to be malicious, that information is shared for use across the enterprise, enhancing the protection of servers AND endpoints.
Every threat protection technique has pros and cons, and there is no single technique that can detect every type of threat, particularly across multiple environments like physical, virtual, and cloud. That’s why XGen security delivers multiple threat protection techniques, to protect you against the broadest range of both known and unknown threats across the hybrid cloud.
Limited bandwidth as the traffic between VMs has to pass back and forth through the next gen firewall, virtually we are doubling our traffic.
2. Lack of context of the guests. The next gen firewall is not able to apply the most appropriate security for each VM. Different VMs have different vulnerabiities.
1. Host-based controls have context so they can apply more focused security for operating systems and applications, whereas perimeter defense has less insight to the rich context of the VM, which inevitably provides one-dimensional security.
Deep Security Manager, single solution, single visibility console for host-based security
A single Deep Security installation covers multiple environments (including traditional concepts like dev/test/prod)
That gives Security the visibility they need through either the API or the web interface
More importantly, the platform offers a high level of flexibility fitting in to the tool stack you already use. It won’t slow down the DevOps teams
This unifies your security events across your hybrid cloud deployments allowing deep integrations into your ops and security workflows
8 layers of security:
Anti-Malware
Web Reputation
Firewall
Intrusion Prevention
Integrity Monitoring
Log Inspection
Application Control
Protection for SAP systems (NW-VSI)
Visibility
First rule of security: You can’t protect what you don’t see
In today’s real-time enterprise, new workloads are generated at the click of a button
The Security Team is often not aware of those actions by the Operations Team
“During an external audit we were told that several systems were not up to the required standards”
Operations has to do “more with less”.
The labour-intensive task of patching and securing the new machines is often postponed...and forgotten
Automated detection of new systems provides visibility
Context
Second Rule of Security: Security is all about “context”
Once the workloads have been detected, they need to be analyzed
- Is it a web server or a database server
Is it a Development Machine, or a Production VM
Is it Internet facing or is it an internal computer
Or is this a VM that has just been moved from “Acceptance Testing” to “Production”
And this process needs to be automated, event-based, and in real-time
Risk Assessment
What is the risk we are running with this specific VM in this specific context
Often, newly created VMs are based on a Golden Image or a clone that has not been updated for a while
Before the VM is put in use, we want to know what our exposure is with this VM.
We need a solution that automatically scan the VM for remotely exploitable vulnerabilities
Additionally the VM can be scanned for known malware using the latest Anti-Malware patterns
Protect
We want to protect our VMs: “Protect against What?”
Remember there is no need for the Anti-Malware patterns, nor an agent, to be installed on the VM
(the patterns are on the Trend Micro Virtual Appliance and are always up to date, even if the VMs are stopped)
8 layers of security:
Anti-Malware
Web Reputation
Firewall
Intrusion Prevention
Integrity Monitoring
Log Inspection
Application Control
Protection for SAP systems (NW-VSI)Maintain
Integrity Monitoring
Monitor sensitive files
and sensitive registry keys for changes
Application Control:
“Freezes” the server and blocks new executables and scripts from running
By daily scheduling the Scan for Recommendations with the newest IPS rules, systems can be adequately protected against new zero-days
For the APIs, 80% of integration and automation capabilities are provided by Deep Security out of the box, and for the remaining 20%, APIs can be used provided by Trend Micro.
For the DevOps audience this diagram can relate to the framework of Define, Design, Implement, and Manage.
Enable the automation and seamless orchestration of security for virtual & cloud deployments, reduce operational complexity and make security easy to scale with the business and protect the organization’s investments without the risks associated with traditional security offerings.
Trend Micro shields unpatched systems (virtual patching), removing the need for expensive emergency patching and helping to align the patching process to business needs and operational realities (not enough time/people.
Deep Security also shields end of support systems (Windows XP, 2000, 2003) and applications from attack, removing the need to purchase expensive extended support contracts through virtual patching.
How is Trend Micro able to be ahead of the competition and threat landscape? At Trend Micro, we have dedicated teams of experts watching for both attacks and potential vulnerabilities. In fact, through our Zero Day Initiative, we disclosed 51% of vulnerabilities in 2016…we are on the front lines and our customers benefit from advance knowledge and rapid response to new threats.
Why do the 92 days matter? In the event of an exploit, you’re protected. Yes, you still need to patch your systems, but you can do it on YOUR schedule – not at 3am with your hair on fire. You’re in control of your patch management.
On the flip side of the coin, you also need to think about the length of the exploit campaign as well. Typically the exploits have a lifetime during which they experience the same cycle as other products. There is a beeline of malware or exploits during the initial phase. TP customers are sure to be protected against that first phase of exploits when its most likely to affect users.
Conclusion:
Deep Security is designed and optimized for the cloud:
Single platform for your cloud deployments, supporting multiple CSPs with a single security view. This includes leaders like AWS, Azure, & VMware, as well as over 20 other CSPs like Google & IBM through our Trend Ready for Cloud Service Provider program
Support for hybrid deployments, giving a single pane of glass for all environments
Deep integration with leaders like AWS, Azure, and VMware to automatically detect and protect new workloads
Deploy the way you deploy cloud workloads…fully scriptable with automated script generation and integration with leading orchestration tools
Security at the workload to provide context-aware security that scales the way the cloud scales…with no bottlenecks (like traditional security does—perimeter)
You know you are getting trusted cyber security with Trend Micro. IDC names Trend Micro the market leader for 7 years in a row.
We would like to invite you to visit our Trend Micro web sites dedicated to VMware, AWS, and Azure for all your on-prem, and hybrid cloud workload security needs. Trend Micro is easy to work with, and we are here to help make securing your server environments a seamless experience.
CONCLUDE THE PRESENTATION STAYING ON THIS SLIDE WHEN THE PRESENTATION HAS ENDED, OR QUESTIONS ARE BEING ASKED, OR PEOPLE ARE LEAVING etc.