Présentation PowerPoint by PKE
Transcription
Présentation PowerPoint by PKE
07 décembre 2016 ADVANCED PERSISTENT THREATS & RANSOMWARES Agenda • • • • Accueil Présentation COMPUTERLAND APT & Ransomwares Comportements suspects Filtrage multicouches • Protection des postes de travail et serveurs virtuels TrendMicro et VMware • Q&A 8h00 8h20 8h40 9h15 9h55 Faisons connaissance ! https://youtu.be/3yGQNn22Wd4 COMPUTERLAND Incontournable pour vos projets business & IT ! 190 33 600 4 190 personnes qualifiées et expérimentées 33 millions d’euros de chiffre d’affaires consolidé plus de 600 clients fidèles et satisfaits 4 sites de proximité: Liège, Hainaut, West-Vlaanderen, Esch-Sur-Alzette COMPUTERLAND Apporte une réponse concrète et personnalisée à l’ensemble de vos besoins business Besoins applicatifs Logiciels de gestion intégrés ERP - Enterprise Resource Planning Besoins en support Administration quotidienne d’une infrastructure IT SUPPORT INFRASTRUCTURE Support IT et Business SUPPORT UTILISATEURS Analyse & Reporting BI - Business Intelligence Besoins infrastructure Gestion de contenu Gestion de la relation client Installer ou faire évoluer une infrastructure IT hébergeant des applications CRM - Customer Relationship Management PROJETS INFRASTRUCTURE Développements sur-mesure Délocaliser tout ou partie des services IT dans un environnement à haute disponibilité ECM - Enterprise Content Management DEVELOPPEMENTS - Sur-mesure CLOUD Agenda • • • • Accueil Présentation COMPUTERLAND APT & Ransomwares Comportements suspects Filtrage multicouches • Protection des postes de travail et serveurs virtuels TrendMicro et VMware • Q&A 8h00 8h20 8h40 9h15 9h55 APT et Ransomwares • Pourquoi ? • Ce que l’on va couvrir … • … et ce qu’on ne couvre pas ! Notre vision Quelle est LA solution ? DES solutions : 1. 2. 3. 4. 5. Un Mail Relay avec antivirus / antispam Un gateway efficace Un poste de travail protégé Des serveurs sécurisés Dernière ligne de défense : vos backups ! Agenda • • • • Accueil Présentation COMPUTERLAND APT & Ransomwares Comportements suspects Filtrage multicouches • Protection des postes de travail et serveurs virtuels TrendMicro et VMware • Q&A 8h00 8h20 8h40 9h15 9h55 10 WatchGuard Technologies Eléonore Delvigne Channel Account Manager BeLux - WatchGuard John Lavendy Account Manager - Data Communication Business Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 11 Quels sont les défis? Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Agenda Sécurité informatique : Comment se protéger face aux menaces actuelles ? 2016 = déjà de nouveaux records en quelques mois Comment identifier les activités? Les couches de protection APT Blocker et l’émulation de code Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 13 Sécurité informatique : Comment se protéger face aux menaces actuelles ? (Hacking, Ransomwares, etc…) Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 14 Qu’est ce qu’un ransomware? Un Ransomware = Un Malware avancé Chiffre les données Demande une rançon Les vecteurs d’infection : Email avec le downloader (pas le Crypto lui-même) – Document Word avec macro de téléchargement – Javascript dans un ZIP pour téléchargement – Lien dans un PDF – Etc… Drive by download – Surf sur une page infectée Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 15 Qui a cliqué sur un Cryptowall? Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 16 Les conséquences d’une attaque Des coûts importants : – Temps d'indisponibilité de l'outil informatique – Coûts humains – Un problème de fraicheur des données restaurées Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 17 Les vagues les plus actives Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Cryptowall Cryptolocker CBT-Locker TeslaCrypt Icepol (Gendarmerie) Locky Cerber 18 La raison : Ils sont Polymorphes 90% des malwares changent de variante régulièrement pour échapper aux solutions à base de signatures *Malwise - An Effective and Efficient Classification System for Packed and Polymorphic Malware, Deakin University, Victoria, June 2013 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 19 Les Antivirus détectent les Ransomwares … mais souvent trop tard ! Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 20 Déjà de nouveaux records en quelques mois Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 21 DDOS – attaque par déni de service Certains organes de presse ont vu leurs sites web bloqués, inaccessibles au public Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Groupe Rossel – Le Soir et SudPresse 2015, TV5 Monde 2016, Enseignement.be Juillet 2016, Tax-on Web Octobre 2016 : RTBF 22 Ransomware – la plus courante et lucrative des attaques actuelles Union des Classes Moyennes Demande de rançon Coût en terme de reinstallation des backups Perte de données non sauvegardées Catégorisé comme “bon payeur” Video: http://www.rtl.be/info/magazine/hi-tech/gare-a-cette-forme-de-piratage-informatiquede-plus-en-plus-repandue-c-est-vraiment-une-demande-de-rancon--797574.aspx Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 23 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 24 Vol de données – « Data is the new oil » Par exfiltration Peu d’exemple 6 mois s’écoulent entre une faille exploitée et sa découverte Directive européenne GDPR : obligation de notifier les pertes de données – mai 2018 Par phishing Méthode classique de vol de données via email (code carte de banque, de crédit,…) Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 25 Retour d’expérience de l’Agence France Presse Une excellente analyse du RSSI de l’AFP : Source : http://blogs.afp.com/makingof/?post/le-diable-se-cache-dans-la-piece-jointe Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 28 Pourquoi la fréquence des attaques augmente ? Une activité extrêmement lucrative : – Estimation = 3 à 4% des personnes payeraient une rançon – Des gains énormes : Cryptolocker = 27 M$ de gains en 2 mois Source : http://www.silicon.fr/ransomware-un-retour-sur-investissement-tres-lucratif-118761.html Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 29 A propos des Bitcoins Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 30 Comment identifier les activités? Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 31 Identifier les activités diminue les risques Identifier et consolider instantanément les principaux problèmes, menaces et tendances affectant la sécurité de votre réseau. Définissez des stratégies de sécurité efficaces. CARTOGRAPHIE DES STRATÉGIES FIREWATCH Repérez les usages non autorisés avant qu’ils ne posent problème. CARTE DES MENACES Une représentation géographique vous aide à isoler le traffic Web, les attaques IPS, les paquets bloqués, etc… La visualisation des flux de trafic vous permet de détecter les erreurs de configuration. RAPPORTS PERIODIQUES Personnalisez des dizaines de rapports afin de diffuser les synthèses des événements, RAPPORTS DE SANTE TABLEAU DE BORD GLOBAL Monitorer le gaspillage de bande passante ou les gains de productivité possibles Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Identifier simplement les problemes de performances de votre équipement 32 Exemples d’actions grâce à cette visibilité Laisser le service Marketing accéder à Facebook mais pas au Chat ni aux jeux Facebook Tolérer YouTube mais en le limitant à X% de la bande passante maximum Laisser l'accès au Peer2Peer mais avec un débit ridicule pour dégoûter les utilisateurs Garantir qu'un maximum de la bande passante soit réservée aux applicatifs métiers Accorder un quota d'internet aux utilisateurs tout en laissant un accès libre au contenu métier Une synthèse mensuelle reçue par email Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 37 Les couches de protection Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 38 Proxy SMTP & Antispam Suppression des spams peut enlever une partie des emails vecteurs de malwares et des downloaders de Cryptolockers Proxy SMTP peut supprimer les javascripts dans les zip ou vérifier qu’un pdf n’est pas un .exe caché Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 39 IPS Peut prémunir contre un exploit permettant le drive by download d’un cryptolocker Ex : CryptoDefense avec un exploit Java 2000+ Signatures Buffer Overflow SQL Injection CrossSite Scripting Dos / DDos Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 40 Webblocker 130 Catégories 20 pour la Securité Screenshot de Dimension Demo Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 41 Application Control Bloque les applications et categories d’applications non sécurisées Exemples: • Tor • Bittorrent • eMule • Crypto admin x Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 42 Reputation Enabled Defense Bloque les sites infectés récemment x Exemple: http://193.124.181 .169_BAD_/main.php Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 43 Data Loss Prevention Eviter l’envoi de données sensibles Exemple: - Liste de clients - Liste de prix - … x Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Les forces de WatchGuard Son infrastructure Gestion basée sur des règles Architecture modulaire Partenariats OEM forts Firmware unique Plateformes performantes Red boxes = WatchGuard IP Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 45 APT Blocker et l’émulation de code Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 46 Etape 1 – Réception du fichier • • • • FTP SMTP HTTP HTTPS (via Inspection) Cloud Lastline Réseau d’entreprise Internet ¨Ordinateur / Tablette / Smartphone Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 47 Etape 2 – Hash du Fichier et vérification locale • Création d’un Hash MD5 du fichier et comparaison avec la base en cache local Réseau d’entreprise Cloud Lastline Hash MD5 Internet ¨Ordinateur / Tablette / Smartphone Check de la base locale Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 48 Etape 3 – Envoie du Hash dans le cloud Lastline • Si non présent dans le cache local, envoie du Hash chez Lastline pour comparaison avec tout ce qui a été analysé au niveau mondial Réseau d’entreprise Check de la base Cloud Cloud Lastline Internet ¨Ordinateur / Tablette / Smartphone Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 49 Etape 3 Bis – Suppression de la menace • A ce stade si le fichier est connu, il est supprimé (selon son niveau de menace) avec log dans WatchGuard Dimension (DashBoard Sécurité & Rapport APT ) Réseau d’entreprise Cloud Lastline Internet ¨Ordinateur / Tablette / Smartphone Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 50 Etape 4 – Envoie du fichier chez Lastline • Si le fichier n’est pas connu par son hash, il est envoyé chez Lastline pour analyse dans une Sandbox • A ce stade, le fichier sera transmis au destinataire Réseau d’entreprise Cloud Lastline Internet ¨Ordinateur / Tablette / Smartphone Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 51 Etape 5 – Résultat d’analyse dans la sandbox • Une fois l’analyse faite dans la sandbox (quelques minutes), le boiter est prévenu s’il s’agit d’une menace avec log dans WatchGuard Dimension (Dashboard Executive & Rapport APT Zero Day) Réseau d’entreprise Cloud Lastline Internet ¨Ordinateur / Tablette / Smartphone Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 52 APT Blocker Industry leader dans le rapport NSS Labs Breach Detection Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 53 Ad Blocking Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Réponse de WatchGuard aux problèmatiques du marché Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved 55 Quelques conseils : Prévention au sein du personnel Prévention IT … PEBKAC? Last but not least… Have a good backup ! Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Thank you Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved Agenda • • • • Accueil Présentation COMPUTERLAND APT & Ransomwares Comportements suspects Filtrage multicouches • Protection des postes de travail et serveurs virtuels TrendMicro et VMware • Q&A 8h00 8h20 8h40 9h15 9h55 XGen Endpoint Security Olivier BERTRAND EUROPOL Report - www.europol.europa.eu (End of September 2016) IOCTA 2016 INTERNET ORGANISED CRIME THREAT ASSESSMENT Key findings : - Cryptoware is the most important type of malware, and is now bigger than data stealing malware and banking Trojans. - Strong development of CaaS (Crime-as-a-Service) - Increase of volume but mainly of the quality (alleged authenticity) of targeted phishing aimed at high value targets - CEO fraud spear phishing is on the raise - Targeting personal data such as medical records is trending to become as frequent as compromise of Financial credentials Those compromised data are no longer stolen for their immediate value but as a first step mean to conduct more complex fraud, ask for ransom or extortion - Bitcoin is the preferred payment method for C2C and the standard solution for extortion payments 60 Malware trends confirmed by Europol : - Ransomware : Cryptowall, Cryptolocker, Teslacrypt, Locky - Information stealers Dridex, Citadel, Zeus, Dyre - Mobile Threats Remote Access Trojans Exploit kits Droppers 61 Focus on Ransomware :Locky you ;-) 62 There is no silver bullet… “History has clearly shown that no single approach will be successful for thwarting all types of malware attacks. Organizations and solution providers have to use an adaptive and strategic approach to malware protection.” - Gartner EPP Magic Quadrant 2016 63 Copyright 2016 Trend Micro Inc. Innovative and Timely Response to Evolving Threat Landscape High-Fidelity Machine Learning Sandbox Analysis Exploit Prevention Behavioral Analysis Whitelisting Check Data Loss Prevention Antimalware Antispyware Personal Firewall 64 Web Reputation Host-based IPS Copyright 2016 Trend Micro Inc. File Reputation Data Encryption Variant Protection Investigation & Forensics (EDR) Application Control Census Check 25+ years of innovation Behavior Monitoring Device Control Malware Sandbox Investigation DLP Encryption Copyright 2016 Trend Micro Inc. File Reputation Web Reputation Application Control Email Reputation Machine Learning 65 Network Inspection Vulnerability Shielding / HIPS Host Firewall Memory Inspection Anti-Malware Response & Containment Storage protection Web Gateway Email Gateway or Server SharePoint Server Office 365 Network IPS Microsoft Vulnerabilities Microsoft Acknowledgments 2006 - YTD 600 500 400 300 200 100 0 2006 66 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Pros & Cons of New Threat Techniques Application Whitelisting Behavior Analysis Blocks all unknown apps Recognizes behavior Only stops EXEs CPU intensive Exploit Protection Blocks vulnerabilities that threats exploit Can’t block threats that don’t exploit app/OS vulnerabilities Machine Learning EXE file detection Higher false positives, needs to be trained with specific file types No silver bullet; combine techniques to get best of all worlds 67 Copyright 2016 Trend Micro Inc. Importance of Blocking non-EXE Malware Trend Micro 100% detected Only machine learning Most Ransomware Attachment Types not .EXE or .RAR 8% detected Source: TrendLabs 2016 1H Security Roundup, August 2016 68 Copyright 2016 Trend Micro Inc. LEGEND The Right Technique at the Right Time Known Good Data Known Bad Data Unknown Data Noise Cancellation With its cross-generational blend of threat defense techniques including high-fidelity machine learning, Trend Micro™ XGen endpoint security is always adapting to identify and defeat new ransomware and other unknown threats. Web & File Reputation Exploit Prevention Application Control Variant Protection Pre-execution Machine Learning Behavioral Analysis Safe files allowed 69 Copyright 2016 Trend Micro Inc. Runtime Machine Learning Malicious files blocked Gartner Magic Quadrant for Endpoint Protection Platforms Feb 2016 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from https://resources.trendmicro.com/Gartner-Magic-QuadrantEndpoints.html Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Connected Threat Defense: Better, Faster Protection Assess potential vulnerabilities and proactively protect endpoints, servers and applications Enable rapid response through shared threat intelligence and delivery of real-time security updates PROTECT RESPOND Gain centralized visibility across the system, and analyze and assess impact of threats Detect advanced malware, behavior and communications invisible to standard defenses DETECT 71 Copyright 2016 Trend Micro Inc. Lower the Burden on IT Central Visibility and Control • Single console across endpoints and gateways – on-premise or in the cloud • Graphic dashboards give you a holistic view and help you prioritize actions • User-centric threat timelines and forensics tools simplify threat investigation Central Visibility and Automation • Single console across endpoints and gateways – on-premise or in the cloud • Graphic dashboards give you a holistic view and help you prioritize actions • User-centric threat timelines and forensics tools simplify threat investigation Prioritized view of alerts across the environment 74 Copyright 2016 Trend Micro Inc. Copyright 2015 Trend Micro Inc. 74 User-based visibility, investigation & management 75 Copyright 2016 Trend Micro Inc. Unified and automated multi-layer threat defense 3rd party products Non-Trend Micro products Signatures Detection Rules Web / File / App / Email reputations Suspicious Objects Indication of Compromise Suspicious Objects Indications of Compromise Control Manager Suspicious Objects / file and web rep. Indications of Compromise Control / Updates Actions Endpoint Protection Block Endpoint Sensor IOC Web protection (IWSVA) Mail Protection (IMSVA) Block Block Deep Discovery product family Custom Defense Server Mail server Protection Protection Block Block Network Inspection Detect & Block …. rd Trend Micro Enterprise Security System SERVERS USERS NETWORKS CENTRALIZED VISIBILITY & CONTROL Party SIEM, Provisioning, & Operational Management Unified Dashboard User-Based Visibility Forensics & Analytics Policy Management SECURITY CAPABILITIES Encryption & DLP Anti-Malware & Content Filtering Behavior Monitoring & Sandboxing Application Control Intrusion Prevention Integrity Monitoring SHARED THREAT INTELLIGENCE 3rd Party Threat Information 77 Copyright 2016 Trend Micro Inc. Local Threat Intelligence Threat Activity Recording Response & Containment Complete protection suite… 78 Copyright 2016 Trend Micro Inc. Recognized as a leader since years… 79 Copyright 2016 Trend Micro Inc. XGen Endpoint Security Maximum Protection Cross-generational blend of threat defense techniques 80 Copyright 2016 Trend Micro Inc. Minimum Impact Central visibility & control, lower false positives and efficient threat defense Proven Security Partner Innovative and timely response to changing threat landscape Proven Security Partner • • • • • Security Innovator 81 Copyright 2016 Trend Micro Inc. 1st to integrate high fidelity machine learning, with blend of techniques 1st to deliver connected threat defense 1st to integrate with AWS and Azure cloud environments 1st to integrate virtualization security with VMware 1st to deliver threat intelligence from the cloud Trend Micro is : - Cyber security company since 28 Years - Full suite of detection capabilities for every vector of infection (Multi-layer approach) - Exclusively focusing on Cyber Security : Expertise / Partnership - Global footprint around the globe for threats trends sharing - 1300 experts focusing on Threat research - Threat intelligence service - Billions of sensors / One of the largest sensor installed based 82 VMware NSX Trend Micro Deep Security Serveurs virtuels : assurer la protection au niveau de l’hyperviseur VMware NSX Trend Micro Deep Security Frederick Verduyckt Olivier Bertrand [email protected] CISSP, Sr. Specialist Systems Engineer, Networking & Security [email protected] Sales Engineer, Hybrid Cloud Security VMware NSX The Platform for Network Virtualization © 2015 VMware Inc. All rights reserved. What VMware does best… Server Virtualisation “MANY” App App App VM VM VM Server Virtualization x86 “ANY” … L3 LB FW … VPN Physical Network has not evolved. Static Services remain unchanged last decade(s) IPS L2 Create + Snapshot + Store + Move + Delete + Restore -----------------------------------------------------= Automated and Programmatical Model Operational Overhead: - to link the Automated with Static - to secure the Automated with Static - to extend the Automated with Static DHCP Physical Network The foundation remains unchanged; Everything needed for end-to-end, secure communications is static and not programmable 86 What VMware does best… applied to network services Network Virtualisation “MANY” App App App VM VM VM IPS LB VPN L2 L3 FW Network and Server Virtualization Create + Snapshot + Store + Move + Delete + Restore -----------------------------------------------------= Automated and Programmatical Network x86 … “ANY” … Physical Network Pooled compute and network capacity Vendor and topology independent Simplified configuration & Management Intelligence in the Virtualization Layer !! …No longer tied to a box…!! An SDN platform to enable true SDDC 87 Virtual Networks – Like Virtual Machines for the Network Internet VMware NSX: Virtualize the Network Logical Switching Logical Routing Layer 2 over Layer 3, decoupled from the physical network Routing between virtual and physical networks Load Balancing Application Load Balancing for VMs or entire networks Physical to Virtual Bridging physical workloads with virtual ones (VXLAN <> VLAN) Firewalling & Security Distributed Firewall, Kernel Integrated, High Performance, 3rd Party integration VPN Distributed Firewall, Kernel Integrated, High Performance, 3rd Party integration API RESTful API for integration and consumption from any Cloud Management Platform Ground-breaking use cases Enterprises can often justify the cost of NSX through a single use case Security IT automation Application continuity IT optimization Micro segmentation IT automating IT Disaster recovery Server asset utilization DMZ anywhere Developer cloud Metro pooling Hardware lifecycle Secure end user Multi-tenant infrastructure Hybrid cloud networking Price | performance $ 90 Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Members = {Tag = ‘ANTI_VIRUS.VirusFound’} Policy Definition Security Group = Standard Standard Policy Anti-Virus – Scan Quarantined Policy Firewall – Block all except security tools Anti-Virus – Scan and remediate 91 Trend Micro Deep Security CONFIDENTIAL 92 What do we need at the endpoint? 5. “Tampering” protection: CCTV 6. Tracking/Logging: CCTV 4. Deeper Security: Safe 1. Authorized Access: Room Key 2. Intrusion Detection: Motion Sensor 3. “Bug” Removal How does this map to Data Center Security? 1. Authorized Access = Micro-Segmentation 2. Intrusion Prevention = Host IPS 3. Bug Removal = Anti-Virus / Malware Removal 4. Deeper Security = Next-Gen Firewall and sandboxing 5. Tampering Protection = File Integrity Management 6. Tracking/Logging = Log Inspection 7. Virtual Patching = Protection of unpatched OSs 94 You have NSX – why do you need Trend Micro? NSX Deep Security Micro-Segmentation Host IPS Anti-Virus / Malware Removal Next-Gen Firewall File Integrity Management Log Inspection Virtual Patching Advanced Services Insertion – Trend Micro Deep Security 9.6 Security Policy Internet Traffic Steering Deep Security for VMware® NSX Auto Logical Switching Deployment Plug-and-play Logical Routing Security Logical Load Balancer Extends Micro-segmentatio Logical VPN NSX Logical Firewall Deep Security 9.6 Automation Through Tagging Multi-vector protection + Multi-cloud integration = Best in class security for SDDC environments System Security Anti-malware: Detect and prevent malware Network Security Intrusion Prevention: Virtually patch vulnerabilities and defend web applications Integrity Monitoring: Detect unauthorized or out-of-policy changes Web Reputation: Prevent malware and command and control traffic Vulnerability and Software Scan: Detect Vulnerabilities and Software to apply the appropriate policy HITECH ACT Address key compliance needs with one security platform Avoid security sprawl with too many disconnected security solutions Multiple point security solutions Trend Micro Deep Security Platform Integrated solution Disconnected solutions with limited working together across clouds data sharing Integration gaps can introduce inefficiencies and new vulnerabilities Threat data, reports & dashboards Smarter protection Seamless data sharing between modules with system & network introspection Anti Malware IPS Resource intensive Uncorrelated Firewall Vuln. Mgmt. Separate policies and provisioning leads to huge management overhead Repetition of basic underlying activities Optimized performance & Event correlation for resource efficient better threat intel Efficient mgmt., simplified provisioning, single dashboard, unified reporting VMware vSphere 6 • vSphere 6 introduced significant architectural changes • Deep Security supports multiple modes of deployment • Full automation of the deployment and management of security Hypervisor Hypervisor Combined Mode (Hypervisor + Smart Agent) + + + vSphere 6 vSphere 6 Anti-Malware Full Security Full security Comprehensive Security for VMware Deployments Public Cloud End User Computing Operations vCloud Air vRealize Operations Management Horizon Virtual Desktop Infrastructure (VDI) Deep Security vSphere Software-Defined Data Center (Private Cloud) NSX Bringing together the best of both worlds to infuse security into the datacenter fabric Deep Security Stronger threat defense with NSX micro• Granular, unit-level Datacenter security through Microsegmentation • Faster provisioning, deployment, distribution of advanced services • Automated operations through tagging and service chaining • Scalable control without compromising on throughputs segmentation and advanced security controls for system and network security Elastic protection through automated policy and security controls Consistent policies and unified operations across physical, private and public environments No-compromise and non-disruptive Scale securely without compromising on performance, using existing tools & processes • Multi-vector protection through integrated System and Network security solutions in a single platform • Optimized performance for virtual environments • Seamless interoperability w/physical, virtual and cloud • Automated, scalable and instanton security purpose built for agile borderless datacenters Benefits of Taking a Software Defined Data Center Approach Security Value IT Automation Application Continuity Micro-segmentation IT Automating IT Disaster Recovery Secure infrastructure at 1/3 the cost Reduce infrastructure provisioning time from weeks to minutes Reduce RTO by 80% DMZ Anywhere Developer Cloud Metro Pooling Secure End User Multi-tenant Infrastructure Hybrid Cloud Networking 103 Des questions ?