News Categories

Trend Micro discusses security for the virtual environment

By Ashley Lucas - on 11 Mar 2015, 11:05am

Trend Micro discusses security for the virtual environment

 From L-R: Ulysses D. Liao, Sr. Pre-Sales Consultant of Trend Micro, and Ian V. Felipe, Business Manager of Trend Micro.

With a vision to create a world safe for exchanging digital information, Trend Micro has shared with us how it provides security for servers and networks against cyber-attacks and targeted attacks.

In an interview, Ulysses D. Liao and Ian V. Felipe of Trend Micro explained its security products, including the Deep Security and the Deep Discovery that are aimed to provide protection for virtual machine (VM) as well as the network.

According to Liao, Sr. Pre-Sales Consultant of Trend Micro, Deep Security is designed to work not just in a physical server, but also in a virtual environment. It can also protect those from the cloud. The main strong point of Deep Security, however, is on the virtualization because it can do “agentless.”

What is agentless?
In virtualization, we call it virtualized because we see one hardware, but there are a lot of operating systems that work. The traditional way to protect the virtual machines is to install one antivirus per VM, which consumes a lot of resources. But with Deep Security virtual appliance, which is built inside an ESX server, there’s only one security that runs to protect all the VMS.

An example of this, based on Liao’s presentation, is when if you have 20 virtual machines, the traditional way is to have 20 antivirus. But with agentless, there's only one needed to protect all the virtual machines inside the hardware.

“With Deep Security, you are using VMware, so you will only have two licenses on the host server and it will protect all the VMs whether you increase or decrease the virtual machines,” Ian V. Felipe, Business Manager of Trend Micro, said.

How does Deep Security work?
One way of attacking the customer is through zero-day vulnerability. Our operating system, normally when they produce it, is not perfectly working. There will be a time that there are experts who will discover that the software has a bug or a hole where they can penetrate the system. There’s always a vulnerability that is detected on the operating systems, as well as applications.

What is Virtual Patching?
With deep security, we also have the virtual patching. It’s a temporary solution to protect the servers of customers from the vulnerabilities without installing the patch. We have rules under the deep security manager to address the vulnerability.

Based on the market, according to Felipe, since the start of cyber-attacks, companies have become more focused, giving more priority to security.

“I’ve been in the company for two years, and since I’ve been in the company, all companies are really crazy, asking about the virtual patching, because they realize that the traditional antivirus is not really sufficient to protect their servers. In Trend Micro, we believe that servers have different needs compared to our desktop and laptop,” Felipe said.

“The Deep Security solution plays a very important role in cyber-attacks, because it protects the servers and applications of the companies that are somehow unpatched. If you’re using a traditional antivirus, then you have to patch it to protect your server,” he added.

Aside from the Deep Security, another product of Trend Micro is the Deep Discovery, which analyzes and detects traffic and is responsible for the overall network security. There is also the newly developed engine that addresses the zero-day malware.

What is Advanced Threat Engine?
The way the attacker attack the network is through zero-day malware. They attach it, the malware/payload to a document file, and our antivirus now cannot detect that payload. That’s why Trend Micro developed this engine to detect the payload inside the document file, built for unknown malware.

In line with this, Liao said that the Deep Security can also integrate in VMware’s new technology called the NSX, which makes network equipment into virtual environment, and can run even the networks are already virtualized.

Trend Micro claims to be the only one with the full integration in the VMware NSX. Apparently, it is also the only company that can provide all anti-malware, firewall, intrusion prevention, and integrity monitoring products.