DEEP SECURITY – TREND MICRO PROTECTS DATA CENTER MACHINES

Malware, APT, ransomware and other types of cyber attacks are clearly the most prominent challenges today for any organization, especially financial organizations such as banks due to the sensitivity of the business sector. The damage caused by these threats is immense, from very small phenomena such as pop-up advertising windows while browsing the web to disasters such as encrypted data or all customer information being stolen and widely published…

If an organization is equipped with tools and solutions to detect and prevent an attack in its early stages, it will certainly reduce or eliminate unwanted damage. Furthermore, if there are solutions to detect and immediately plug zero-day system vulnerabilities, protect endpoints regardless of whether they are servers, workstations or mobile devices, and these solutions are part of a comprehensive solution provided by a single security company, the security and investment efficiency will be much clearer.

With that in mind, Trend Micro™ has designed a suite of solutions to help customers detect threats and system vulnerabilities, protect endpoints, both inside and outside the network, with an anti-virus mechanism that has been highly rated by prestigious organizations such as Gartner, AV-Test, NSS-Labs.

Trend Micro’s suite of solutions is powered by the Trend Micro™ Smart Protection Network™ infrastructure with real-time global threat intelligence. With system visibility, internal security information is displayed on a single, centralized management screen, allowing administrators to quickly identify what and where threats exist, making day-to-day management much simpler.

Let’s see how deep security – Trend Micro protects data at Cloud VPS Cloudbase server center?

DEEP SECURITY TREND MICRO – SERVER DATA CENTER PROTECTION

Trend Micro Deep Security provides a comprehensive server security platform that simplifies security operations while increasing ROI on every virtualization and cloud project. Tightly integrated modules secure data, applications, and servers across physical, virtual, and cloud servers, as well as virtual desktops. We can customize our security by combining agentless or agent-based protection including Anti-malware, Firewall, IDS/IPS, Web Application Protection, Application Protection, Integrity Monitoring, Log inspection into a single integrated solution. The result is a comprehensive, compatible, and effective security platform that protects your data and core business applications from breaches and disruptions.

Deep Security is specifically designed for virtualized environments. Its agentless architecture helps address AV storms, reduces the complexity of security operations, and allows organizations to increase VM density and accelerate virtualization. Developed in close collaboration with VMware, Deep Security is the first product in its class to support  VMware, vSphere 6, 7  , and  VMware NSX  (Deep Security also offers compatibility with vSphere environments from version 4.1+). Deep Security Manager also supports integration with the latest versions of vCenter and vCloud – VMWare’s flagship product.

A. OUTSTANDING MODULES AND FEATURES OF DEEP SECURITY PRODUCTS

1.  Anti-Malware:

Deep Security integrates VMware vShield Endpoint APIs to provide agentless anti-malware protection against viruses, spyware, Trojans, and other malware. Designed to optimize security operations, it also avoids common anti-virus storms when performing full system scans and updating patterns. It can also be deployed as an agent to protect physical servers, Hyper-V and Xen-based virtual servers, public clouds, and virtual desktops.

2.  Web Reputation:

By integrating with VMWare Safe API, Deep Security provides the ability to prevent users from accessing malicious URLs/Websites. The database of malicious URLs/Websites is updated from the Cloud Smart Protection Network to help users be protected in real time. In addition, administrators can customize URL/Website blocking policies.

3.  Intrusion Detection and Prevention (IDS/IPS):

By protecting operating system and application vulnerabilities until they are patched, intrusion detection and prevention helps businesses defend against known or zero-day attacks. Deep Security provides vulnerability protection for more than 100 applications, including database, web, mail, and FTP servers. Policies to protect against newly discovered vulnerabilities are automatically provisioned within hours and can be applied to thousands of servers in minutes without rebooting.

4.  Web Application Protection (Included in IDS/IPS module):

Deep Security helps comply with PCI 6.6 requirements for protecting web applications and the data they handle. Web application protection helps protect against SQL injections, cross-site scripting, and other web application security vulnerabilities, protecting them until a patch is released.

5.  Application Control (Included in IDS/IPS module):

Application control policies help enhance control over applications accessing the network. They are also used to identify malware accessing the network, or to reduce the vulnerability exposure of servers.

6.  Two-way Stateful Firewall (Firewall):

This feature helps mitigate attacks on servers in all physical, cloud, and virtual environments; prevent attacks such as denial of service and detection scanning; and centrally manage firewall policies for servers.

7.  Integrity Monitoring:

This module monitors important operating system and application files, such as directories, registry keys, and values, for malicious code and unusual changes. It also protects the hypervisor from exploit attacks by providing hypervisor integrity monitoring leveraging TPM/TXT technology.

8.  Log Inspection:

This module collects and analyzes operating system and application logs for security events. These events are forwarded to a SIEM system or centralized log server for review, reporting, and archiving.

B. KEY COMPONENTS OF DEEP SECURITY SOLUTION

1. Deep Security Manager:  is a powerful centralized administration tool for managing agents or virtual appliances

2. Deep Security Agent:  a small software installed on virtual machines or physical servers to protect them

3. Deep Security Virtual Appliance:  a containerized security virtual machine that protects all other virtual machines on a VMware vSphere server, including agentless protection

4. Database:  stores system information such as agent information, configuration, etc.

C. SPECIFIC BENEFITS BRING BY DEEP SECURITY TREND MICRO:

1. Accelerate virtualization, VDI (Virtual Desktop Infrastructure):

– More convenient and easier to manage to protect VMs with the first and only agentless security architecture – anti-malware, intrusion prevention, and integrity monitoring – designed for VMware environments

– Provides agentless integrity monitoring

– Up to 11x more efficient resource utilization and support 3x more VM density than traditional anti-malware solutions

– Improve security management in VMware environments by reducing the need to frequently configure, update, and patch agents

– Protect VMware View virtual desktops in local mode with an optional agent

– Combines protection between virtual appliances and agents to enable optimal and continuous protection of virtual servers as they move from the Data Center to the Public Cloud

2. Prevent Data Breaches and  Business Disruptions:

– Detect and remove malware from virtual servers in real time with minimal performance impact

– Block malware from escaping detection by uninstalling or interrupting security programs

– Protect against known and unknown vulnerabilities in applications and operating systems

– Detect suspicious behavior, allowing proactive prevention measures

– Leverage the web reputation capabilities of one of the world’s largest reputation databases to monitor the trustworthiness of websites and protect users from accessing infected sites

– Provides hypervisor integrity monitoring for VMware vSphere leveraging TPM/TXT technology

3. PCI Compliance,  Other Regulations and Standards:

– Complies with 06 important standards in PCI data security standards, and many others

– Provide detailed, actionable reporting on Attack Prevention Documentation and policy compliance

4. Reduce operating costs:

– Optimize cost savings for virtualization or cloud computing environments by consolidating server resources

– Simplify administration with tight integration to Trend Micro, VMware, and enterprise directory management interfaces

– Protect vulnerabilities to prioritize secure coding and cost-effectively add ad hoc patches

– Eliminate the cost of deploying multiple software clients with a centrally managed, multi-functional software agent or virtual appliance

– Significantly reduce the complexity of managing file integrity monitoring with cloud-based trusted events and event whitelisting.

D. OVERALL DEPLOYMENT MODEL

The recommended deployment model for Deep Security Manager includes:

– 2 Deep Security Managers (DSMs) in the same network segment

– MS SQL server (recommended SQL Server Enterprise version) is in the same network segment with 02 DSM servers

– Deep Security Agent is deployed on servers that need protection

– Control Manager to be able to collect information centrally

– Local SPS to provide Reputation services

For the internal workings of the Deep Security solution, the model below gives us an idea of ​​the communication between the components:

Deep Security during operation will use network interfaces as shown below: