Trend Micro Handles VM Security Sans Agents
Trend Micro's new Deep Security 7.5 is able to detect malware and intrusions in virtual machines without the use of agents -- the tiny pieces of lightweight software traditional security and monitoring utilities plant within the utilities they're operating. The company has also opened its SecureCloud as a public beta.
Aug 31, 2010 8:00 AM PT
Trend Micro on Tuesday announced an agentless antimalware module for VMware virtual environments in its Deep Security 7.5 product.
The company also announced on Tuesday that it's throwing open its Trend Micro SecureCloud beta to the public.
Both products will protect data in the virtual environment as well as in the cloud.
Get Lost, 007
Deep Security 7.5 combines agentless antimalware with agentless intrusion detection and agentless Web application protection.
Traditionally, security, monitoring and other apps that watch a computing environment plant a small agent -- a bit of software -- into the apps they are watching. This sends back reports on the monitored app's status to the IT console. However, agents consume I/O (input/output) and network resources, and although each agent may be lightweight, enough of them can slow down a system perceptibly. The move in recent years has been toward agentless monitoring.
Deep Security 7.5 is integrated with the latest VMware vShield Endpoint API and with VMsafe APIs. This enables its rapid deployment on VMware ESX servers as a virtual appliance.
A virtual appliance is a packaged virtual machine running on the hypervisor. The agentless virtual appliance in Deep Security 7.5 is the first of its kind for antimalware protection, said VMware executive Harish Agastya.
The agentless antimalware capability in Deep Security 7.5 can monitor virtual and physical environments as well as the cloud.
Smershing Through Security Problems
Agentless security appears to offer several benefits to enterprises.
"The cloning of virtual machines is one of the great benefits of virtualization -- it lets you come up to speed with a new machine in minutes instead of the weeks you'd need to provision a physical server," Agastya told TechNewsWorld. "However, there's been no ability to automatically provision virtual machines with security at once; typically you provision the right level of security after the virtual machine comes up."
That creates a time gap, which leads to a security gap. Taking the virtual appliance approach will eliminate these gaps, Agastya indicated.
Another major attraction of virtual machines (VMs) for IT is that VMs can be put away until they're needed again. However, this leads to yet another security problem -- that the security agent on the VM is out of date, Agastya said. A virtual appliance is always kept up to date, so a VM called out of storage will automatically get the latest protections.
Yet another problem with security on VMs is the possibility of a security brownout occurring. This happens when security operations running concurrently on several VMs on a physical server compete for the same resources such as input/out and memory, Agastya explained.
"We serialize and stagger operations in our virtual appliance so it serves the needs of full system scanning for one virtual machine after another," Agastya said.
The appliance further saves physical server resources when it comes to updating the antimalware to deal with the latest attacks. "We don't need pattern updates for each virtual machine any more, we just do pattern updates on the virtual appliance and these apply to each virtual machine," Agastya remarked.
Get Hands-On With SecureCloud
Trend Micro also threw open its SecureCloud beta to the public Tuesday. The beta had previously been limited to early tech adopters.
"We're saying, 'Come play with the thing and tell us it's better than play dough," Todd Thiemann, Trend Micro's senior director of data center security, told TechNewsWorld.
SecureCloud uses a patent-pending technology that integrates policy-based key management, industry-standard encryption and virtual-server authentication to deploy data into public or private cloud environments.
This lets cloud users secure sensitive information without having to install a complex secure file infrastructure. Users can choose and manage their own security solution because they can choose where to store the encryption keys.
A Little Distance Is a Good Thing
SecureCloud separates key management from encryption and decryption. Users can either get key management as a service, or they can put the key management module in a data center by provisioning a server and then manage those keys for their cloud servers from within the data center, Thiemann said. Traditionally encryption keys are stored in a server provided by the security vendor or cloud vendor for a fee.
This separation of key management from encryption gives users portability between cloud service providers, Thiemann pointed out.
"You can move your security with your apps," he explained. "Also, you're not dependent on the cloud service provider's security architecture."
The separation of keys from encryption could also come in handy in an IT audit, Thiemann said.
"When you have an audit of IT, you can reduce the scope of the audit -- they only have to audit your key management policies," Thiemann commented.
Further, the separation enables the separation of duties, one of the core concepts of security. Separation of duties creates a system of checks and balances; perhaps the easiest instance is seen in a business's accounting department, where billing and payments are carried out by separate departments.
"When an application owner wants to fire up a cloud server, you could set the IT department as the ones who man the security, for example," Thiemann said.
Trend Micro is working to bring its agentless antimalware capability to Citrix, Agastya said. Microsoft users will have to wait a while, however.
"Microsoft is the latest to the virtualization party, and you still need agent-based protection for Microsoft environments," Agastya added.