You might have heard, VMware® has recently announced end of support for some of their products that will impact Deep Security customers. While these changes might have an impact on you, Trend Micro continues to be the market leader in securing VMware environments. Deep Security continues to offer a range of agentless and agent-based solutions, depending on your VMware environment.
Let's review what has changed and the options you can consider as you transition from these legacy VMware products.
Introduction of VMware NSX 6.2.4
VMware has released NSX (6.2.4) that now has a default license that allows you to enable Deep Security anti-malware scanning and integrity monitoring capabilities without purchasing a full NSX license.
What does this mean for organizations leveraging Deep Security?
NSX now offers a range of licensing options. The following can be used with Deep Security:
- NSX for vShield Endpoint (default license): Provides agentless anti-malware and integrity monitoring security at no additional VMware cost
- NSX Standard Edition: Provides agentless anti-malware and integrity monitoring security at an additional VMware cost
- NSX Advanced Edition: Provides full* agentless security at an additional VMware cost
- NSX Enterprise Edition: Provides full* agentless security at an additional VMware cost
*Log Inspection excluded, consistent with past integrations
End of Support for VMware vCloud and Networking Security (vCNS)
VMware vCloud Networking and Security (vCNS) 5.5 became end of general support as of September 2016. For customers using vCNS Manager specifically to manage vShield Endpoint for agentless antivirus, VMware has extended technical guidance until March 31, 2017.
What does this mean for Trend Micro customers?
The approach to securing VMware is changing:
- For organizations looking for agentless deployment of security, the original approach has been discontinued and now requires a transition to a version of VMware NSX
- Trend Micro understands that the transition may take time, and we will be there to support all impacted organizations through it
Options for your Organization:
1. Migrate to VMware NSX for vShield Endpoint (free default license)
Customers can migrate to NSX for vShield Endpoint with the default, free anti-malware only license.
- In this case, customers only using anti-malware will maintain their current agentless protection
- Agentless integrity monitoring is also supported (as a part of the Deep Security System Package)
- For customers using network functionality (IPS) who do not wish to purchase an NSX license with the necessary capabilities, Deep Security's ”combined” mode allows for agentless anti-malware in conjunction with Deep Security Agent to perform the networking capabilities
2. Migrate to VMware NSX Standard Edition (license investment)
Customers can migrate to NSX Standard Edition to maintain agentless anti-malware and integrity monitoring. This version provides additional VMware NSX functionality. However, the Deep Security Integration is the same as with the NSX for vShield Endpoint (default license).
3. Migrate to VMware NSX Advanced or Enterprise Editions (license investment)
Customers can also migrate to the Advanced or Enterprise editions of VMware NSX to maintain the full agentless protection for multiple security controls (anti-malware, IPS, integrity monitoring, and more) they have today with vCNS, with the added benefits of micro-segmentation and policy automation with VMware NSX.
4. Move to full agent-based protection
Customers can focus on deploying agent-based security controls across their VMware environment, which is consistent with cloud deployments.