Mark your calendar: The 2019 Azure Cloud Security Series is being held in a city near you!

Join us for lunch at a Microsoft Technology Center in your region and become Cloud Confident with Trend Micro and Microsoft

The Azure Cloud Security Series provides an opportunity for customers, partners, developers, influencers, and Azure enthusiasts to come together and learn about how Trend Micro and Azure provide security for your cloud investment.

Whether you are looking at cloud technologies for your workloads and container environments or interested in a deeper dive into Azure and your shared security responsibility, you will hear from Microsoft and Trend Micro on the importance of securing the cloud and the capabilities used to mitigate risk and improve compliance across your business.

While older applications may remain on premise or take time to lift and shift, your business is creating new applications, and moving to the cloud offers more tools and speed to deployment than security can keep up with. Security must be a consideration from your build pipeline to runtime, protecting not only your Azure cloud platform, but also your brand and reputation.

Trend Micro and Microsoft make it easy to migrate legacy servers, both physical and virtual, to the Azure Cloud with ultimate visibility into all your workloads at any given time. You can have complete confidence in the fact that you are protected through a holistic approach with advanced automated security. Furthermore, Trend Micro compliments the Azure Security Center.

So, come and meet Microsoft Azure and Trend Micro and see how easy it is to secure, monitor, and manage the protection of your Azure workloads. You’ll walk away with valuable insight on how Trend Micro™ Deep Security for Microsoft Azure empowers you to:

  • Increase application visibility and control – Ensure visibility into applications running on your Azure cloud while detecting and blocking unauthorized software with application control. Detect applications and lock down the system so no new applications can run without being whitelisted.
  • Expand security for hybrid and cloud environments – Keep malware off your Azure Cloud and Windows workloads by protecting against increasingly complex known and unknown threats.
  • Detect and protect against intrusions – Defend against hackers who can easily exploit vulnerabilities like Shellshock and Heartbleed to gain access to sensitive information. Immediately protect your instances from these and new serious vulnerabilities with intrusion detection and prevention (IDS/IPS).
  • Get valuable information – Identify and understand indicators of compromise and improve compliance using Integrity Monitoring and Log Inspection.
  • Improve security across your software build pipeline and deployment environment – Deliver an integrated security solution that provides a substantial set of APIs allowing DevSecOps to build security into your CI/CD pipeline using automation such as Jenkins for changing cloud or container environments.

Save the date! Join us for lunch at our next event in a city near you.

  • Detroit 3/5/2019 12:00 pm – 3:00 pm
  • Reston 3/11/2019 12:00 pm – 4:00 pm
  • Boston 3/20/2019 12:00 pm – 4:00 pm
  • New York City 3/20/2019 12:00 pm – 3:00 pm
  • St. Louis 3/20/2019 1:00 pm – 4:30 pm
  • Denver 4/3/2019 12:00 pm – 3:00 pm
  • Dallas 4/9/2019 12:00 pm – 4:00 pm
Improve your Azure deployments with a set of comprehensive security capabilities automated for Microsoft Azure workloads. Learn more about Trend Micro and Microsoft Azure.

Mark your calendar, we will see you at The Azure Cloud Security Series.

Register Today for the Azure Cloud Security Series in a city near you, don’t miss out! https://resources.trendmicro.com/2019-MTC-Roadshow.html

As more and more organizations are starting to realize, hybrid cloud is already happening and will continue to evolve as we strive to find better, faster and more efficient ways to store and share data. Not unlike the great cities of our world, we often see old and new side by side – the ancient architectures of yesterday nestled next to the futuristic glass skyscrapers of tomorrow.

When it comes to securing your on-premise and virtual environments it may seem like you’ve got it all figured out, but what happens as we move along the server evolution and bring environments like the cloud and containers into the mix? In an effort to be agile and cost efficient many organizations are using these new environments but may not have the protection to match.

Bridging the hybrid cloud

We are very excited to announce the release of Deep Security 10 powered by XGen™ security. Deep Security 10 continues to embrace the challenge of hybrid cloud, delivering enhancements designed to give you even more visibility across all of your environments—physical, virtual, cloud, and now containers. You’re working to leverage these environments to support your business – and that business needs to be protected.

The first step is visibility. With the new smart folders feature, applications that span different infrastructures can be treated as one using a smart attribute-based grouping system. Now you can manage applications across vastly different infrastructure platforms as if they were one, be it physical, virtual or cloud.

Next, let’s talk about layered security.  Deep Security 10 is powered by XGen™ Security, a blend of cross-generational threat defense techniques. Deep Security leverages server-centric threat defense techniques from tried and true technologies like intrusion prevention, anti-malware, and application control right up to the most leading threat defense techniques like sandbox analysis, machine learning and behavioral analysis to guard against the most sophisticated threats.

New in Deep Security 10 we introduce behavioral monitoring capabilities, which can identify changes in installed software and/or changes in system files. These enhanced protection capabilities for Windows environments including new ransomware capabilities, protection against unauthorized encryption, and new real-time memory scanning, combine to ensure a more advanced layered security protection across Windows environments and your entire hybrid cloud.

This new release adds many integration and management enhancements, including faster connection and time to protection for Azure workloads, along with support for the latest Azure account format, Azure Resource Manager v2 (ARM). It also expands beyond server workloads to protect Docker containers, leveraging proven techniques like anti-malware, IPS and application control to protect dynamic container deployments.

Security that fits your environment, and your team.

Deep Security 10 has at its core the support for flexible deployment, hybrid policy management, support for auto-scaling, and blue/green deployments. We understand how to secure the long-standing physical servers, right up to the ephemeral servers living for mere minutes or even seconds in the cloud. This includes consumption-based licensing options for truly dynamic workloads that you can find in the Azure Marketplace and by using our Deep Security as a Service product. No matter how you manage security, Deep Security is designed to support the traditional IT security model or the latest DevSecOps – or both!

Stay tuned for the general availability of Deep Security 10 this March, and be sure to check back here often for new updates and releases about your favorite hybrid cloud security tool for Azure!

 

When you’re tasked with meeting the compliance requirements to achieve and maintain PCI DSS compliance, you’ll soon realize that minimizing the number of security tools you use can be a huge asset. When it’s time for your PCI DSS audit, you can hit the accelerator with Trend Micro Deep Security as a Service.

What do I need to know about PCI DSS?

Any organization that has applications that deal with credit or payment card data, you are required to go through a process outlined by the Payment Card Industry (PCI).

If your applications are in the cloud, like Azure, PCI compliance can be easier – as long as you choose the right service provider. Infrastructure as a Service (IaaS) providers like Microsoft Azure have Level 2 PCI DSS certification. This means they have validated their security controls, people and processes with auditors and take care of many aspects that you would be responsible for if your application was in a physical data center. If you’re using SaaS offerings for log management, monitoring or security, they need to be PCI DSS certified, even if the service doesn’t directly deal with cardholder data.

Here is the real question.

Are your SaaS products also PCI Level 1 certified? It’s time to check, as of version 3 of the standard, if you use third party Software as a Service (SaaS) offerings, they are included in the scope of your PCI audit!

We’re happy to announce that Trend MicroTM Deep Security as a ServiceTM is now a PCI DSS Level 1 Service Provider for your Azure workloads! This means you can streamline your PCI DSS certification process with a single tool!

Deep Security as a Service removes the cost and effort of running the security management stack. All of your security policies and events are stored securely and managed by Trend Micro. Best of all you can get up and going with Deep Security as a Service in just a few minutes with our 30 day free trial.

Trend Micro has saved users months of precious resource time on PCI DSS projects by meeting many of the requirements with a single tool, including critical controls that address requirements like 11.4 Intrusion Prevention, 11.5 Integrity Monitoring, 5.1 Anti-malware and many more. Here are just a couple examples,

  • For Royal Gate, Deep Security accelerated PCI DSS compliance for its payment service platform and increased security within its hybrid environment.
  • For Guess?, Inc., Deep Security helped the company segment traffic and fulfill multiple PCI requirements rapidly.

For more detailed information on how Trend Micro Deep Security can help you accelerate PCI compliance, download the detailed matrix of PCI requirements here,  written by the PCI Qualified Security Assessor (QSA) Coalfire.

I’m excited to write about the availability of Deep Security Manager Solution Template in Azure Marketplace.  You’re likely asking why we decided to provide our solution in this format versus the other options available through the Azure Marketplace. I can give you technically inclined answer but before I do that, let’s look at a traditional cloud deployment.

In the traditional way of deploying any solution in cloud you build each piece, one by one, and handle their dependencies. For example, to deploy a solution in Azure you will be looking at any number of the following;

  • Storage account and blob
  • Virtual network
  • Network Security Groups
  • Inbound and outbound Security rules
  • And so on…

This approach can be ideal for complicated deployments which would require some understanding of the deployed solution before you can start using the deployed solution.

Solution template versus traditional deployment

  1. Time: Some will say this is our most scarce resource. By automating and scripting the deployment of Deep Security in Azure, you can start protecting your Azure based workloads  immediately and focus on the tasks that really matters to you.
  2. Simplicity: Simplify the deployment of all the required resources by removing the complexities. For example, Deep Security Manager, Deep Security Relay, and other supporting infrastructure (such as a virtual network, database server, network security groups and firewall rules etc.). In this deployment option you have a complete control over Deep Security in your own environment (azure Account) and you will have the access to the data.

What solutions are available in Azure Marketplace?

Now you understand why we did it, you may be wondering what this offering is and what type of solution Trend Micro is offering in Azure Marketplace. As you may already know, Azure Marketplace supports multiple types of solutions

  • Virtual Machine Image
  • Developer Service
  • Data Service
  • Solution Template

Trend Micro offers solutions in two areas: Developer Service and Solution Template. For this blog post my focus is on the Azure Marketplace offering based on Solution Template.

What is a solution template?

A solution template is based on Microsoft Azure Resource Manager (ARM) templates. ARM templates combine the benefits of the underlying Azure Resource Manager with the adaptability and readability of JavaScript Object Notation (JSON). Through ARM templates we can deploy topologies quickly, consistently, and with multiple services along with their dependencies. Templates can include individual or multiple JSON files, you can even create a link between two templates by adding a deployment resource within the main template that points to the linked template. Pretty powerful stuff!

Deep Security Manager in Azure Marketplace

Free form vs known configuration solution templates

There are two approaches when it comes to writing solution templates; free-from and known configuration t-shirt size approach. At first, free-form configurations sound appealing but when you dig deeper it is more complex, requires careful planning and you end up having to focus on decisions that can be scripted for you.

Azure Marketplace Pricing OptionsWe decided to go with the t-shirt size, or Known configuration approach. This approach provides good, known configurations of varying sizes that are preconfigured for you. This enables you to easily select the deployment that fits your environment. Depending on the number of virtual machines you want to protect, you choose a matching Virtual Machine size configured for 25, 50, 100, 150 or 200.

If you’re wondering about protecting more than 200 workloads, we got this covered as well. It’s a matter of adding another Deep Security Virtual Machine (VM) from the Marketplace in your Azure account and picking up a “Use Existing “option for the Azure SQL database during the provisioning wizard. It’s a concept of horizontal scaling; we call such Deep Security deployments “multi-node” deployments. Alternately, you can go with the BYOL solution template and specify certain attributes of the deployment, such as VM type to go beyond the pre-configured standard offering.

Getting started with the Deep Security Solution Template for Azure

Let’s go on the journey to buy Deep Security Virtual Machine (VM) from Azure Marketplace and look at the information you’ll need to get started. Starting in the Azure Marketplace, search for the keyword “Deep Security”, which will return these results;

Azure Marketplace through Azure portal
Select Deep Security Manager to deploy and procure through the Azure Marketplace Solution Template

First you need to select your license model.Easy 7 steps

  • If you’re an existing Deep Security customer, you can leverage your existing (or new) license with Deep Security on Azure marketplace. You can simply click on “Deep Security Manager (BYOL)” option.
  • If you’re a new Deep Security customer, select the “Deep Security Manager” option to procure and deploy through the Azure Marketplace.

One you decide on the licensing model, the rest of the steps in this journey are the same. The solution template will guide you through a 7-step wizard that collects various parameter values, such as; user credentials, VM size, virtual network details and database selection.

Once you’re finished the quick 7-step wizard, you’ll have a fully optimized, connected configuration of Deep Security on a predefined network topology, ready to be used and protect your Azure workloads.

Here is what the deployment architecture will look like;

Solution Template Deployment Architecture