You are here: Home / PARTNERS / TREND MICRO DEEP SECURITY

TREND MICRO DEEP SECURITY

 

Trend Micro Deep Security provides advanced security for physical, virtual, and cloud servers and virtual desktops. Whether implemented as software, virtual appliance, or in a hybrid approach, this solution minimizes overhead, streamlines management, and provides strong agentless security for virtual machines. Deep Security also helps meet a wide range of compliance requirements, including seven major PCI compliance requirements with multiple protection modules in one
consolidated solution.

Deep Security Architecture

Deep Security Virtual Appliance. Transparently enforces security policies on VMware vSphere virtual machines for agentless anti-malware, IDS/IPS, web application protection, application control, and firewall protection—coordinating with Deep Security Agent, if desired, for integrity monitoring and log inspection.

Deep Security Agent. This small software component deployed on the server or virtual machine being protected enforces the datacenter’s security policy (IDS/IPS, web application protection, application control, firewall, integrity monitoring, and log inspection).

Deep Security Manager. Powerful, centralized management enables administrators to create security profiles and apply them to servers, monitor alerts and preventive actions taken in response to threats, distribute security updates to servers, and generate reports. New Event Tagging functionality streamlines the management of high-volume events.

Security Center. Our dedicated team of security experts helps you stay ahead of the latest threats by rapidly developing and delivering security updates that address newly discovered vulnerabilities.A customer portal gives you access to security updates that are delivered to Deep Security Manager for deployment.

Smart Protection Network. Deep Security integrates with this next-generation cloud-client infrastructure to deliver real-time protection from emerging threats by continuously evaluating and correlating threat and reputation intelligence for websites, email sources, and files.

Deployment and Integration

Deep Security supports rapid deployment and leverages existing information technology and security investments.

  • Integration with vShield Endpoint and VMsafe™ APIs as well as VMware vCenter enables rapid deployment on ESX servers as a virtual appliance to immediately and transparently protect vSphere virtual machines
  • Detailed, server-level security events are provided to a SIEM system, including ArcSight™, Intellitactics, NetIQ, RSA Envision, Q1Labs, Loglogic, and other systems through multiple integration options
  • Directory integration with enterprise-scale directories, including Microsoft Active Directory
  • Agent software can be deployed easily through standard software distribution mechanisms such as Microsoft® SMS, Novel Zenworks, and Altiris

Protection Modules

In order to protect dynamic data centers, one or more of the following Protection Modules can be deployed to the server or virtual machine in a single Deep Security Agent. The Deep Security Agent is unified across physical and virtual environments.

Agentless Anti-malware Module

Agentless anti-malware for VMware environments integrates new VMware vShield Endpoint APIs to protect VMware virtual machines against viruses, spyware, Trojans and other malware with zero in-guest footprint. This module is designed to optimize security operations to avoid security brown-outs commonly seen in full system scans and pattern updates. By isolating malware from anti-malware, agentless anti-malware tamper-proofs security from sophisticated attacks.

Deep Packet Inspection (DPI) Protection Module

The high-performance deep packet inspection engine examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, or policy violations. It can operate in detection and prevention modes to protect operating systems and enterprise application vulnerabilities. It protects web applications from application-layer attacks including SQL injection and cross-site scripting. Detailed events provide valuable information, including who attacked, when they attacked and what they attempted to exploit. Administrators can be automatically notified via alerts when an incident has occurred. Deep packet inspection is used for intrusion detection and prevention, web application protection, and application control.

Intrusion Detection and Prevention (IDS/IPS) – By shielding vulnerabilities in operating systems and enterprise applications until they can be patched, Intrusion detection and prevention helps enterprises achieve timely protection against known and zero-day attacks. Vulnerability rules shield a known vulnerability—for example those disclosed monthly by Microsoft—from an unlimited number of exploits. Deep Security includes out-of-the-box vulnerability protection for over 100 applications, including database, web, email and FTP servers. Rules that shield newly discovered vulnerabilities are automatically delivered within hours, and can be pushed out to thousands of servers in minutes, without a system reboot.

Web Application Protection – Deep Security enables compliance with PCI Requirement 6.6 for the protection of web applications and the data that they process. Web application protection rules defend against SQL injections attacks, cross-site scripting attacks and other web application vulnerabilities, and shield these vulnerabilities until code fixes can be completed.

Application Control – Application control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability exposure of your servers.

Firewall Protection Module

The bi-directional stateful firewall provides centralized management of server firewall policy, and includes pre-defined templates for common enterprise server types.

Key advantages include:

  • Virtual machine zoning
  • Fine-grained filtering (IP & MAC addresses, Ports)
  • Coverage of all IP-based protocols (TCP, UDP, ICMP, …)
  • Coverage of all frame types (IP, ARP, …)
  • Prevents Denial of Service (DoS) attacks
  • Design policies per network interface
  • Detection of reconnaissance scans

Integrity Monitoring Protection Module

This module monitors critical operating system and application files (files, directories, registry keys and values, etc.), this module detects malicious and unexpected changes.

Key advantages include:

  • Real-time, on-demand, or scheduled detection of change
  • Extensive file property checking, including attributes (PCI 10.5.5)
  • Monitor specific directories, file system modifications, and new file creations
  • Flexible, practical monitoring through includes/excludes
  • Auditable reports

Log Inspection Protection Module

This module collects and analyzes operating system and application logs for security events. Log Inspection rules optimize the identification of important security events buried in multiple log entries. These events are forwarded to a security information and event management (SIEM) system or centralized logging server for correlation, reporting and archiving. This module leverages and enhances open-source software available at OSSEC.

Key advantages include:

  • Suspicious behavior detection
  • Collection of security-related administrative actions
  • Optimized collection of security events across your data center
  • Advanced rule creation using OSSEC rule syntax

The table below outlines key data center security requirements and the specific Deep Security modules used to address them.

If you have a question or a comment, or would like more information or a demonstration, please let us know by completing the Contact Us box on the upper right side of this page.