Issuu on Google+

Copyright 2009 Trend Micro Inc.

Trend Micro update! Senior Sales Engineer gabriel_agatiello@trendmicro.es

Gabriel Agatiello


Copyright 2009 Trend Micro Inc.

http://es.trendmicro.com/es/products/enterprise/interscan-messaging-security-virtual-appliance/index.html

http://es.trendmicro.com/es/products/enterprise/interscan-web-security-virtual-appliance/index.html

VIRTUAL APPLIANCES


Software Appliance

•Mitigate cost of proprietary hardware •Standardize hardware configurations •Provide more capacity at lower cost

Copyright 2009 Trend Micro Inc.

•Reduce Costs •Increase IT Flexibility •Improve Disaster Recovery & Business Continuity

Virtual Appliance

•Provide operational flexibility •Simplify management •Optimize IT resources •Consolidate and reduce costs

Software Virtual Appliance

Trend Micro Virtual Gateway Security

Lower Total Cost


500 – 2500

2500 - 5000

> 5000

Users

Form Factor:

Centralized HQ, Departmental use, Limited staff

Corporate campus, Load balancing, IT staff support

Distributed offices, High availability, Specialized resources

IW/IMSS

Software

Linux/Solaris/Windows

Software Virtual Appliance

IW/IMSVA

Copyright 2009 Trend Micro Inc.

Appliance

EOS

IW/IMSA

IW/IMSS on

Flexible Form Factors


Copyright 2009 Trend Micro Inc.

InterScan Messaging Security Virtual Appliance


Copyright 2009 Trend Micro Inc.

The IMSVA 7.0 Package


Anti-malware Integrated Threat Management Level 1 Anti-spam— Premium Certification

InterScan Messaging Security (IMS)

Trend Micro was awarded the prestigious West Coast Labs Checkmark Certification for:

Copyright 2009 Trend Micro Inc.

• Stops spam with links to dangerous websites • Blocks malware delivered in email that [1] Results of Anti-Spam Solution Testing, Opus One, February 2007. transmits data over the web

Important to Web Threat Protection

Stops spyware, rootkits, and bot code

Anti-Spyware:

Leverages award-winning malware protection

Antivirus:

Applies targeted technologies

Anti-Phishing:

#1 in independent tests1

Anti-Spam: Blocks more spam —

largest, and most reliable reputation service

Email Reputation: Uses the industry’s first,

Blocks spam, phishing, and malware, and includes content filtering to enforce compliance and prevent data leakage.

Trend Micro Messaging Security

Gateway Messaging Threat Protection


Multi-Tier Anti-Spam

Copyright 2009 Trend Micro Inc.

Anti-Spam Composite Engine – Guards Inbox • Stops remaining spam before it enters the inbox • Integrates statistical analysis, heuristics, signatures, whitelists, blacklists and more • Patent-pending image spam detection technology

IP Profiler – Patent-Pending Technology • Customer-specific reputation services based on company email traffic, keeps threats off network • Firewall against DHA and bounced mail attacks

Email Reputation– First Defense • Global and dynamic reputation services • Blocks up to 80% before entering the network

Highly Effective Solution


Single Firewall DMZ

Typical 2-Firewall DMZ

Behind the Firewall

Copyright 2009 Trend Micro Inc.

IMSVA Placement With Firewalls


Copyright 2009 Trend Micro Inc.

Sample Distributed Deployment


Copyright 2009 Trend Micro Inc.

The Statistics Summary screen


Copyright 2009 Trend Micro Inc.

• Migration support from previous levels of IMSVA as well as other IMSS platforms (Windows, Linux, etc.).

• Centralization of commonly used policy components such as keywords, expressions, notifications, address groups and others. This allows the admin to have a single place to create and change these components and the changes are immediately reflected in policies that use them.

• Expanded End-User Quarantine (EUQ) capabilities that can report on virtually any defined quarantine decreasing administration burden in seeking false positives for non-spam related policies.

Ease-of-Use

• Extended, more flexible Transport Layer Security (TLS) controls that can force the use of encryption and verify certificates

• Up-to-the-minute bot-net spam outbreaks using the IP-Hash technique

• Sender Authentication using industry standard DomainKeys Identified Mail

• Detect & block non-spam emails with embedded URLs that are associated with websites that have bad reputations

• Seamless integration of Hybrid Email Security

Email Threat Protection

Roadmap – IMSVA 8.0


Advance Reporting and Management

Copyright 2009 Trend Micro Inc.

InterScan Web Security Virtual Appliance


InterScan Web Security Virtual Appliance

Copyright 2009 Trend Micro Inc.

Greater Flexibility

Consolidated Security

Faster Protection

InterScan Web Security Virtual Appliance


Copyright 2009 Trend Micro Inc.

On Premise

Remediation action triggered to coordinate endpoint Damage Cleanup Services

HTTP, HTTPS, FTP

AntiMalware Scanning

Infection Layer Protection

Feedback Loop updates Smart Protection Network regarding URLs with known Malware

Web Reputation

In the Cloud

Content & Threat Intelligence from the Smart Protection Network

URL Filtering

Exposure Layer Protection

Advanced Reporting and Centralized Management

Trend Micro Web Gateway Security

Consolidated Security


Copyright 2009 Trend Micro Inc.

Detected spyware or other malware activity automatically triggers agent-less cleanup

Prevents dangerous downloads and blocks malware transmissions over the web

Anti-Spyware:

Blocks malware hidden in web pages and webmail

Antivirus:

Prevents access to phishing sites

Anti-Phishing:

Categories websites and blocks sites with a malicious nature

URL Filtering:

Blocks malicious sites before users click on them

Web Reputation:

Prevent access to malicious websites, blocks the download of Web-based spyware and viruses, and stops phishing attempts.

Trend Micro Web Security

Gateway Web Threat Protection

Anti-malware Integrated Threat Management Level 1 URL Filtering— Premium Certification

InterScan Web Security (IWS)

Trend Micro was awarded the prestigious West Coast Labs Checkmark Certification for:


– – – –

Copyright 2009 Trend Micro Inc.

User authentication in Transparent Bridge and WCCP Modes Syslog support- supports SIEM integrations New system event logging capabilities New Standard reporting functionality

• Management Enhancements

– Custom URL categories- when the existing >80 categories aren’t sufficient – URL and File Type White Lists – simplifies per policy exceptions – SafeSearch support for Google and Yahoo! – Object-level blocking per Page – addresses Web2.0 mashups – Monitor Mode

• URL Filtering Enhancements

– Choose to decrypt specific URL categories for content scanning – Option to white list categories and forego decryption and scanning

• HTTPS malware scanning

What’s New in IWSVA v5.0


Copyright 2009 Trend Micro Inc.

• Transparent proxy with WCCP – Cisco router or switch with IOS 12.4(15) or above – Cisco PIX Firewall 7.2(3) or higher

• Integration with ICAP – NetApp™ NetCache™ release 6.01 – Blue Coat Systems™ SGOS v.5 or later – Cisco CE Version 5.3

• User ID via LDAP – Windows Active Directory 2000 or 2003 – Linux Open LDAP 2.2 or 2.3 – Sun™ ONE Directory Server 5.2 (formerly iPlanet)

• Web-based management console – Internet Explorer 6, Firefox 1.5, Netscape Navigator 7.0 or newer

Integration With Remote Services


Offline

Inline

ICAP

Forward Proxy

Network Considerations

Copyright 2009 Trend Micro Inc.

WCCP

Bridge

Reverse Proxy


Copyright 2009 Trend Micro Inc.

• Policy management and synchronization for multiple units

• Custom reports with iReports

• Real-time troubleshooting

• Real-time network monitoring and drill down

• Detailed end-user activity

• Over 50 pre-defined “Quick” Reports

• State-of-the-art dynamic dashboard

Advanced Reporting and Management

• High-performance offbox reporting solution for central logging, reporting, and policy management • Unprecedented visibility into Internet activity as its happening


Copyright 2009 Trend Micro Inc.

ARM Deployment Considerations


One to six dashboard components per dashboard tab

Copyright 2009 Trend Micro Inc.

Activity Monitoring Filters target specific activities for real-time monitoring

Multiple dashboard tabs for easy grouping of monitored activity

Real-time Traffic Monitoring

Dynamic Dashboard

User customizable dashboard views through Settings


Identify user by directory name

See traffic from as recent as 60 seconds ago.

Copyright 2009 Trend Micro Inc.

Real-time User Activity Monitoring

Dynamic Dashboard

See what sites and what files are being downloaded


24

Copyright 2009 Trend Micro Inc.

• New resource management engine provides up to a 20% capacity improvement • Support for SSL Hardware Acceleration Card • Cache Integration • URL Filtering Warning Mode • New Deployment Wizard • LDAP User Identification Enhancement • Support for “X-Forward-For” Header • Link Loss support • Management & Data Interface Separation • Suppoort for Fail Open Card Control by CLI command • Link Loss Support • Integration of Latest VSAPI (Scanning Engine v.9.120) • Support for Advanced Reporting and Management (ARM) v.1.0 Service Pack 2

IWSVA 5.1 Beta will feature the following:

Roadmap – IWSVA 5.1


Copyright 2009 Trend Micro Inc.


OFFICESCAN

Copyright 2009 Trend Micro Inc.


*: Source: Osterman Research: A Cloud-Client Architecture provides Increase Security at Lower Cost, 2009

Copyright 2009 Trend Micro Inc.

Web is now #1 infection vector

• Clean-up and lost productivity costs over $70 per user *

• 2/3 of your endpoint devices will get infected by malicious code this year *

• Over 2000 new, unique malware variants every hour

The endpoint has become the most at-risk point in the network

Think Your Endpoints Are Secure? Think Again


Copyright 2009 Trend Micro Inc.

– Connecting to the Internet from home, hotels, Wifi-Hotspots – Not protected by security assets on the corporate network

• Roaming endpoints are directly exposed to threats

– 74% on the same day – 8% more than one day later

• Exploits become available shortly after disclosure

– Over 7200 vulnerabilities reported in 2008 – 89% of them are remotely exploitable over the network

• Number of vulnerabilities on the rise

Your endpoints are vulnerable almost always


Desktops Laptops Servers Macintosh computers PDAs and Smartphones Storage Appliances

Copyright 2009 Trend Micro Inc.

– On clients: Windows XP, Windows Vista, Windows 7, MacOS X – On servers: Windows Server 2003, 2008, Linux – Virtualized Systems: VMware ESX, Microsoft Hyper-V, Citrix Xenserver, Citrix Metaframe – On PDAs and Smartphones: Windows Mobile, Symbian

• Broad variety of Operating Systems

– – – – – –

• Broad variety of endpoint form factors:

Today‘s Corporate Networks Diversity is Name of the Game


• Unpredictable increase of client size

• Increase bandwidth utilization

2007

205 799

2009

1,484

2,397

2011

3,881

6,279

2013

10,160

16,438

2015

26,598

Unique threat samples PER HOUR

57

Copyright 2009 Trend Micro Inc.

• Increase impact on endpoint performance

• Increase endpoint memory footprint

Signature files are becoming too big

• Require multiple updates a day to keep up with threats, complicating signature management

• Leave a critical security gap

• Delay protection across all clients and servers

Signature file updates take too long

Traditional Endpoint Security Can’t Keep Up


Web and File Reputation in the Smart Protection Network Endpoint-centric security Multi-LayerHIPS and device control

Single Web-based management console Role-based administration Active Directory integration

Adaptive approach to changing threats Multiple device and OS support Copyright 2009 Trend Micro Inc.

Plug-in Architecture

More Flexibility

Easy Management

Less Complexity

Endpoint Defense

Immediate Protection

OfficeScan 10 Complete Endpoint Security


EMAIL

FILE

WEB

Frees resources Offloads growing patterns to the cloud

Instant feedback Immediately updates using global feedback loops

Copyright 2009 Trend Micro Inc.

Correlated Integrates web, email, and file reputation databases

GLOBAL THREAT INTELLIGENCE

Speeds protection In-the-cloud technologies are constantly updated

CLOUD-CLIENT ARCHITECTURE

Immediate Protection

OfficeScan Client-Server Suite


EMAIL

File Reputation

FILE

WEB

Web Reputation

• • • •

Copyright 2009 Trend Micro Inc.

Eliminates signature management effort Reduces resource impact on endpoints Enables accurate risk management Feeds back threat information into Smart Protection Network

Prevents users from opening infected files

• Protects both on and off the network • Supports any application • Limits exposure to today‘s threats

Blocks access to dangerous web content

Immediate Protection

OfficeScan Client-Server Suite


Immediate response

Copyright 2009 Trend Micro Inc.

Constant, real-time updates happen in the cloud

FILE REPUTATION

Local Scan Server

Immediate response

Query file signature

Corporate Network

Internet

Query file signature

Immediate Protection

OfficeScan Client-Server Suite


Smart Query Filter

X ? 

Query file signature

Copyright 2009 Trend Micro Inc.

Immediate response

Immediately determines if a file has NO potential to be bad Queries the cloud only if a file is potentially bad Receives immediate feedback Blocks or validates the safety of file in question

Ensures safety of most files without querying the cloud

Smart Query Filter

Smart Scan Server

Constant Updates

File Reputation


New Reporting Widgets on Smart Scan Server

Offers at-a-glance status reporting





Enables task delegation

Delivers streamlined management

Provides compliance reports





Active Directory integration



Copyright 2009 Trend Micro Inc.

Removes previously deployed products at install



Role-based administration

Provides easy rollout and policy management



Single web-based management console

Less Complexity Streamlined Management


No need to rip-and-replace to be protected

Anti-malware

Protects your investment

Copyright 2009 Trend Micro Inc.

MODULAR PLUG-IN ARCHITECTURE

Security for Macintosh

Extends your solution lifecycle

HIPS & Vulnerability shielding

Easily add new modules, as needed – As soon as new technologies become available – At any time your needs change

Mobile Security

Select the security you want to deploy, when, and where

OfficeScan Plug-in architecture

More Flexibility


– Smartphones and PDAs – Apple MacIntosh computers

• Adds management capabilities

Copyright 2009 Trend Micro Inc.

Plug-in Manager

– When needed, where needed – To adapt to a changing threat landscape – With seamless rollout – no reinstall

• Adds protection technology

More Flexibility Plug-ins extend the solution lifecycle

OfficeScan Console


Copyright 2009 Trend Micro Inc.

OfficeScan 10.5


Copyright 2009 Trend Micro Inc.

Why YOU should get excited about OfficeScan 10.5 and VDI


Copyright 2009 Trend Micro Inc.

Why YOU should get excited about OfficeScan 10.5 and VDI


Copyright 2009 Trend Micro Inc.

• Customers will adopt the endpoint security solution that is suited best to their VDI environment and not automatically use the incumbent desktop security solution.

• HVDs (Hosted Virtual Desktops) are poised to undergo explosive growth, and enterprises are anticipating the flexibility and other benefits that these devices will bring.

• Gartner:

Why YOU should get excited about OfficeScan 10.5 and VDI


Copyright 2009 Trend Micro Inc.

– More tightly controlled environment

• Supports Regulatory Compliance (PCI, HIPAA, etc.)

– Data never leaves the data center

• Helps with Security and Data Protection

– Windows 7 adoption funds may get assigned to VDI

• Extends Desktop Hardware Lifecycles

– Deployment, Patching, Application Provisioning

• Lower operational cost than physical hardware

Virtual Desktop Infrastructure

What‘s new in OfficeScan 10.5 VDI-awareness


Copyright 2009 Trend Micro Inc.

– VMware SE: “we hit 100% CPU when 10 or 12 machines scan at the same time” – typically customers want to run 40-80 desktops per server

• OR Customers did not achieve high consolidation rates

– Expose corporate information (data stealing malware) – Destroy security benefits

• Customers had to disable security on VDI!

– Overload the CPU and storage link (VDI-Speak: Storage IOPs)

• Scheduled/Manual scans

– several endpoints update patterns at the same time

• “The 9-AM problem”

Traditional Security breaks VDI

What‘s new in OfficeScan 10.5 VDI-awareness


– Citrix XenDesktop – VMware View

Copyright 2009 Trend Micro Inc.

• Supports the two leading VDI solutions

• Pre-scans and white-lists VDI base-images

– Leverages Base-images to further shorten scan times

• Only one VDI desktop runs scans or receives update at a time • Maintains availability and performance of VDI server • Accellerates updates and scanning

– Detects whether endpoint is physical or virtual – Serializes updates and scans per VDI-Server

• Industry‘s first VDI-aware endpoint security

What‘s new in OfficeScan 10.5 VDI-awareness


Immediate response

Copyright 2009 Trend Micro Inc.

Smart Protection Server

••Offloads WAN link OffloadsQuery WAN link CRC/URL Immediate response ••Improves Improvesuser userexperience experience

New NewLocal LocalWeb-reputation: Web-reputation: ••Addresses Addressesprivacy privacyconcerns concerns

Corporate Network

Internet

Query CRC/URL

Constant, real-time updates happen in the cloud

FILE REPUTATION WEB REPUTATION

Smart Protection Network Local File Reputation AND Web Reputation


Copyright 2009 Trend Micro Inc.

• Improved Active Directory Integration – Sync changes to AD – Improved Security compliance reports

• Improved Smart Protection Reporting – Real-time reports on load/performance – Threat reports

• Improved Role-based administration – More granular – Controls applicable to the client-tree segregate customers/regions

• Increased management scalability – 20,000 or more endpoints per management server (up from 8000) – Allows consolidation of management stations

• Unified management for physical and virtual desktops

What‘s new in OfficeScan 10.5 Management enhancements


• VMWare View 4 • Citrix XenDesktop 4

– Citrix Receiver 1.2 – VDI Specific

Copyright 2009 Trend Micro Inc.

Copyright 2009 Trend Micro Inc.

• New Virtualization Support

– Windows Embedded Enterprise – Windows Embedded POSReady 2009

• New Platforms

– Windows 2000 Professional, Server (Microsoft ends support before GA)

• Dropped Platforms

Platform Support Changes


2009 Trend Micro Inc. 7 Classification 05/03/10 Copyright Copyright 2009 Trend Micro Inc.

• Group clients by OfficeScan domain, AD, or IP address

• Behaves like Windows Explorer

– Up to 32 levels

• Multi-layered domain with sub-domains

Client Management Enhancements

49


Classification 05/18/10

Copyright 2009 Trend Micro Inc.

Copyright 2009 Trend Micro Inc.

• Domains can be synchronized hourly, daily or weekly

– For example: tw.trendnet.org and us.trendnet.org

• The IT administrator can define 1+ domains

• Active Directory synchronization can use system credentials

Active Directory Integration

9 50


Install Client Unload/Reload Client IP Address Change Enable/Disable Roaming Mode

• RTS set to scan on all disk activity • Scheduled scan disabled

Copyright 2009 Trend Micro Inc.

Copyright 2009 Trend Micro Inc.

– “Active Directory” (domain based on AD)

• RTS set to scan on all disk activity • Scheduled scan disabled • Smart Scan Enabled for low bandwidth connections

– “VPN Users” (domain based on IP Range)

• RTS set to scan on file write disk activity • Weekly scheduled scan enforced

– “File Servers” (domain based on AD subset)

• Example Rules:

– – – –

• Client mapping and policy change triggers

Automatic Client Mapping Via Rules

VDI Users

51 14

Active Directory Users

VPN Users

File Servers


2009 Trend Micro Inc. 9 Classification 05/03/10 Copyright Copyright 2009 Trend Micro Inc.

– View only, partial configuration or all configuration rights)

• Specific role & account privilege

• Per domain delegation

Role Base Administration

52


Application: iexplorer.exe Action: Deny network traffic Port(s): Specific port number: 8080 Other settings: Default

• Connection blocked

Copyright 2009 Trend Micro Inc.

Copyright 2009 Trend Micro Inc.

– User connects to a website over port 8080

• Connection permitted

– User connects to a website over port 80

• Result:

– – – –

• Example Rule (from server console):

Application Filtering

53


Copyright 2009 Trend Micro Inc.

– Consolidate management servers – Granular Role-based Administration – Leverage Active Directory

• Management Scalability

– Performance and privacy

• Local SPN

• Best security for Windows 7

– Optimized for physical and virtual desktops – Optimizes VDI Return on Investment – Pays for itself in 3 months or less

• Industry‘s first VDI-aware endpoint security solution

Summary


Copyright 2009 Trend Micro Inc.


Copyright 2009 Trend Micro Inc.


Trend Micro OfficeScan y Virtual Appliances