Protecting workloads in AWS and other cloud providers has too often meant overwhelming IT staff with updates, management, and administration of security issues along with their regular duties. The choice has been tough—either overburden limited resources or sacrifice the quality of workload security.
As a solution to this dilemma, IT staff often end up burning valuable resources in an unending struggle to protect a multitude of targets from sophisticated, determined, and ever-innovating threats—all with a varying degree of success.
The IT team is asked to do more with less3 causes of overwhelmed cloud security teams
New IT infrastructure in the form of servers and other cloud technologies continues to incrementally proliferate in organizations in order to meet business needs and demands. When not managed properly, this approach leads to underutilized, expensive, and even unsecured networks that end up—ironically— putting your company at risk.
In 2016, 46% of organizations reported a shortage of cyber security skills in their staff.* IT staff who are responsible for cloud operations are increasingly tasked with an ever-expanding universe of securing physical infrastructure, software, administration, cloud management, analytics, legacy systems management, databases, device maintenance, and more.
Unless it’s a real, current expense, organizations often struggle to adopt strategic and coordinated tooling. Too many organizations continue to rely on aging or ineffective legacy systems, or a patchwork of uncoordinated tools, to manage data security operations—and therein lies the danger.
With the average data breach running millions of dollars in costs, leaving any of these challenges unaddressed creates real and costly consequences for organizations.
This product sheet will show you how Trend Micro™ Deep Security™ powered by XGen™ gives you the scalability, automation, and flexibility your organization needs when it comes to AWS workload security.
Welcome to the world of Deep SecurityThe status quo is in a state of flux
Trend Micro Deep Security powered by XGen enables you to apply, maintain, and scale security policies across all of your deployment environments—physical, virtual, cloud, and hybrid. This means lower operational costs and fewer resources to maintain effective security for your cloud workloads hosted in AWS and other leading providers. Powerful security capabilities, including the strongest host-based intrusion prevention systems (IPS), automation templates, and scripts, make Deep Security the best choice for DevSecOps organizations.
Deep Security is complete AWS workload protection that security trusts and cloud teams like.
Because Deep Security is powered by XGen, it delivers maximum protection for cloud workloads by applying a cross-generational set of security controls—blending traditional techniques and advanced threat defense, including behavioral analysis, application control, and sandbox analysis.
What Deep Security offersProtection for you. Integration for AWS. Relief for strained IT resources.
Getting valuable IT staff out of the weeds is just the beginning. Deep Security delivers the following cross-generational threat defense techniques to your AWS workloads and SecOps requirements:
- Defends against network and application attacks. Deep Security leverages proven security controls, like IPS and application control deployed on the server, to enable context-based, high-performance proactive protection across the hybrid cloud.
- Shields servers from vulnerabilities. Achieved on current and legacy environments through the ability to apply a virtual patch (via IPS) to servers and applications, protecting them until a patch can be applied.
- Keeps malware, including ransomware, off of servers. Deep Security uses sophisticated anti-malware, application control, and IPS capabilities—connected to the Trend Micro Smart Protection Network—for the latest in threat information.
- Detects suspicious system changes. Changes may be an indicator of compromise (IOC), or they may simply need to be checked on for security and compliance. Where appropriate, changes can be blocked to protect against advanced threats.
- Accelerates compliance. It’s critical for your organization to remain compliant with leading regulations like PCI DSS, HIPAA, and FedRAMP. Deep Security gives you the ability to address multiple requirements in a single offering.
- Locks down servers with application control built for the cloud. Deep Security gives you the power to prevent unauthorized software changes and stop unknown and unwanted applications from executing.
AWS and Trend Micro: A natural partnershipIt’s a shared responsibility
AWS manages and controls components from the virtualization layer down to the physical security of the facilities. You are responsible for securing content, platforms, applications, systems, and networks—as you would with an onsite data center.
Deep Security: A skilled, knowledgeable member of your team
As an Advanced Technology Partner in the AWS Partner Network (APN), Trend Micro works hard to ensure that our security tools are seamlessly integrated with AWS. This allows workloads to be protected with minimal impact on performance.
In short, Deep Security protects while staying out of IT’s way. Security is automated and built into all of your applications, not bolted on. So, no matter the speed of workload scaling, you can automatically keep up with the ever-changing environment while documenting changes, even at a minute-to-minute rate. Everything stays secure, visible, automatic, and manageable—with minimal manual effort.
While Deep Security automates scaling, it also provides a complete set of security controls delivered from a single agent. It gives you the option to manage security from a single console, API, or orchestration tool across physical, virtual, cloud, and container environments. For instance, with easy protection through Deep Security, you can defend against attacks like Shellshock by simply adding a rule, foiling a potentially damaging attacker with very little staff involvement.
To further reduce resource use, Deep Security makes data mining easier by integrating with leading environments. This provides continuous monitoring of OS and app logs, helps filter out the noise, and reduces false positives, saving time on failed login attempts.
Single solution, multiple deployments
Software as a service
With a software-as-a-service deployment, Deep Security allows you to offload security setup, management, and system updates to Trend Micro. And you can choose flexible pricing that reflects the way your organization uses the solution. Here are some of the advantages:
- Provides immediate security without system installation and configuration
- Connects instantly to cloud data center resources for rapid protection
- Automatically protects workloads with the latest features and security innovations
- Gives you downtime-free implementation of new upgrades
Trend Micro Deep Security as a Service, available in the AWS Marketplace, utilizes the following AWS products and services:
- Amazon Elastic Compute Cloud (Amazon EC2) to manage agents (which live on a customer’s Amazon EC2 instance and apply security controls to the operating system in that instance) and run auto-scaling groups.
- Amazon Elastic Load Balancing (Amazon ELB) to manage the high number of concurrent connections in your environments. And because Deep Security sits on each of your AWS workload instances using an AWS load balancer, you don’t have the limited throughput of a single gateway IDS. (A single gateway model can also cost you more when you need to scale or when you get more traffic.)
- Auto Scaling groups running Amazon Linux to save time and resources. Your security rules are automatically applied to each new instance, reducing human involvement and error.
- Amazon Relational Database Service (Amazon RDS) running the Multi-AZ series of Oracle RDS instances.
- Amazon Route 53 to assign Domain Name System (DNS) names through the API for test environments.
- Amazon Simple Storage Service (Amazon S3) for binary configurations.
In the cloud
In cloud environments such as AWS, Deep Security delivers security elastically. So, when new instances are launched, they are automatically protected with security policy you control. Automatic detection and defense of new instances allows for fast scaling without expending IT resources. Auto-generated deployment scripts for your configuration management tools let you easily bake security into your cloud environment with:
- Quick Start AWS CloudFormation templates for Deep Security that speed deployment of compliant infrastructures (like NIST)
- Host-based security for seamless auto scaling
- Protection against network attacks including IPS and firewall
- Increased visibility into sophisticated attacks through Trend Micro Connected Threat Defense
In the data center
Trend Micro Deep Security supports scalable, automated detection and protection of new virtual machines and other systems. Using event-based tasks in Deep Security, you can assign a basic security policy to virtual machines, then quickly and easily customize your settings as needed from a single console. This gives you granular control of anti-malware and web reputation, intrusion protection, and integrity monitoring settings. You can use Deep Security settings to automatically scan systems and instantly discover vulnerabilities to address. This saves IT resources and provides greater agility to:
- Defend against current and emerging network threats with IPS and host firewall
- Automatically update and patch new threats
- Support compliance for HIPAA, HITECH, NIST 800-53, and others
- Keep malware, including ransomware, off servers
- Provide multiple layers of security for protection across the data center, into the cloud, or in a hybrid deployment
Which Deep Security deployment model is
right for you?
|Software as a Service||AWS Marketplace Amazon Machine Image||Software|
|Security data and traffic||In Trend Micro Virtual Private Cloud||Stays in your Virtual Private Cloud||Stays in your data center or Virtual Private Cloud|
|Deep Security infrastructure operations and costs||Handled by Trend Micro||Your responsibility (learn more)|
|PCI DSS compliance||PCI DSS Level 1 Service Provider||Addresses many PCI DSS compliance requirements|
|Security controls||All modules (IPS, integrity monitoring, firewall, content filtering, log inspection, anti-malware, app control, behavioral analysis, sandbox analysis)|
|Automation||API, scriptable, via the console|
|Free trial||Buy now||Contact us|
Need help deciding which deployment is best for your business? Try our interactive tool.
Pricing1, 3, or 6 cents an hour
Deploy through the AWS Marketplace, and pay for Deep Security and Deep Security as a Service “auto-magically” on your AWS bill.
No vendor approvals, POs, or license negotiations required.
Calculate your total costs
How to buy Deep Security for AWSFind the optimal way for your organization to purchase and run Deep Security for AWS Whatever your criteria for protecting AWS and other systems, Trend Micro Deep Security stacks up. Get a free trial of Deep Security as a Service
Or buy in the AWS Marketplace: