Evolution of Securing VMware Environments

Trend Micro has long history of providing organizations with advanced server security for physical, virtual, and cloud environments. We protect enterprise applications and data from ransomware, breaches, and business disruptions without requiring emergency patching. Trend Micro™ Deep Security™ helps simplify security operations while accelerating regulatory compliance and the ROI of virtualization and cloud projects.

You might have heard, VMware® has recently announced end of support for some of their products that will impact Deep Security customers. While these changes might have an impact on you, Trend Micro continues to be the market leader in securing VMware environments. Deep Security continues to offer a range of agentless and agent-based solutions, depending on your VMware environment.

Let's review what has changed and the options you can consider as you transition from these legacy VMware products.

Introduction of VMware NSX 6.2.4

What's new?

VMware has released NSX (6.2.4) that now has a default license that allows you to enable Deep Security anti-malware scanning and integrity monitoring capabilities without purchasing a full NSX license.

What does this mean for organizations leveraging Deep Security?

NSX now offers a range of licensing options. The following can be used with Deep Security:

  • NSX for vShield Endpoint (default license): Provides agentless anti-malware and integrity monitoring security at no additional VMware cost
  • NSX Standard Edition: Provides agentless anti-malware and integrity monitoring security at an additional VMware cost
  • NSX Advanced Edition: Provides full* agentless security at an additional VMware cost
  • NSX Enterprise Edition: Provides full* agentless security at an additional VMware cost

*Log Inspection excluded, consistent with past integrations

End of Support for VMware vCloud and Networking Security (vCNS)

What's new?

VMware vCloud Networking and Security (vCNS) 5.5 became end of general support as of September 2016. For customers using vCNS Manager specifically to manage vShield Endpoint for agentless antivirus, VMware has extended technical guidance until March 31, 2017.

What does this mean for Trend Micro customers?

The approach to securing VMware is changing:

  • For organizations looking for agentless deployment of security, the original approach has been discontinued and now requires a transition to a version of VMware NSX
  • Trend Micro understands that the transition may take time, and we will be there to support all impacted organizations through it

Options for your Organization:

1. Migrate to VMware NSX for vShield Endpoint (free default license)
Customers can migrate to NSX for vShield Endpoint with the default, free anti-malware only license.

  • In this case, customers only using anti-malware will maintain their current agentless protection
  • Agentless integrity monitoring is also supported (as a part of the Deep Security System Package)
  • For customers using network functionality (IPS) who do not wish to purchase an NSX license with the necessary capabilities, Deep Security's ”combined” mode allows for agentless anti-malware in conjunction with Deep Security Agent to perform the networking capabilities

2. Migrate to VMware NSX Standard Edition (license investment)
Customers can migrate to NSX Standard Edition to maintain agentless anti-malware and integrity monitoring. This version provides additional VMware NSX functionality. However, the Deep Security Integration is the same as with the NSX for vShield Endpoint (default license).

3. Migrate to VMware NSX Advanced or Enterprise Editions (license investment)
Customers can also migrate to the Advanced or Enterprise editions of VMware NSX to maintain the full agentless protection for multiple security controls (anti-malware, IPS, integrity monitoring, and more) they have today with vCNS, with the added benefits of micro-segmentation and policy automation with VMware NSX.

4. Move to full agent-based protection
Customers can focus on deploying agent-based security controls across their VMware environment, which is consistent with cloud deployments.

Table: Summary of Agentless and Agent-Based Options for Deep Security Controls

As you determine the best migration path for your organization, we will be there to support and enable a smooth transition.

Why Trend Micro to secure your VMware environment?

  • Has close to 10 years of experience with VMware, protecting thousands of customers and millions of servers. This has helped us to build out capabilities for security and management that first generation approaches simply can't match
  • Has the deepest and broadest technical partnership with VMware with comprehensive integrations across NSX, vSphere, vRealize Operations (we are unique here), Horizon for VDI, and vCloud
  • Best positioned to help customers with hybrid cloud security, supporting VMware with Amazon Web Services (AWS), Microsoft® Azure™, IBM, Google, and more
  • Recognizes that it will take time to transition to a new architectural approach and we are committed to ensuring our customers are able to transition smoothly while maintaining a secure, efficient environment

Related Content




All the protection you need for VMware deployments

Protect your virtual server, VDI, and private cloud deployments with security designed for the software-defined data center.




Automating virtualization security