When Cyber Risk Consultant Simon Kellow first got involved with this public sector client, he had his work cut out. The organisation runs around 350 servers – only two of which are physical – and 800 VDI desktops, to support in the region of 1,000 users.
At that time, they were largely a McAfee house. But, the organisation was blighted by a desktop and server environment with multiple point products overlapping in functionality and support staff confused about how each constituent part fitted into the overall security picture. In fact, confusion around the security architecture was such that staff weren’t even aware if the disc encryption they had in place could meet strict public sector requirements that came into force following the massive 2008 HMRC breach.
Alongside this disjointed patchwork of tools was an under-licensing problem to deal with and the fact that many products in place were too resource-intensive – a major and common failing of legacy security products placed into virtual environments. VDIs may be able to lower IT costs, drive greater efficiencies and ease the management burden on IT, but they can also expose organisations to inter-VM and other virtual-specific attacks if the wrong security tools are deployed. In addition, resource-consuming “AV storms” can bring systems to a standstill if non “virtual-aware” security is installed.
Cyber Risk Consultant
Kellow wanted to overcome all of these challenges by consolidating onto a single vendor which could understand and complement the Regulators IT environment. ‘Defense in-depth based on multiple vendors simply doesn’t work today given the nature of the threat landscape and the complexity of organisations’ environments’ Kellow says.
So he went about looking for a vendor that could offer as many of the following capabilities in one solution as possible, manageable from a single pane of glass: anti-malware; application whitelisting; virtual patching (vulnerability shielding) for client and servers; encryption; and mail and web security gateways. Most importantly, the solution needed to include advanced malware protection for detecting and preventing the latest threats, such as ransomware.
Kaspersky Lab, McAfee and Trend Micro were deployed in a test bed to demonstrate the full gamut of capabilities then currently available. In the end Trend Micro’s expertise in virtual security and strong industry partnership with VMware proved decisive.
“I set the rule that the vendors had to show today’s technology, not vapourware. The security and ops teams were presented to by each vendor. At the end of this process, the client chose Trend Micro due to the way the solution handled the virtual platform; it was in a different league to everyone else,” says Kellow.
Cyber Risk Consultant
The client elected to consolidate on the following Trend Micro products to provide comprehensive server, email and web gateway as well as endpoint security and management.
Deep Security: Trend Micro’s flagship data centre security product for physical, virtual and cloud servers features: anti-malware with web reputation; network security including host-based firewall and intrusion detection/prevention with recommendation scan; and system security including integrity monitoring, log inspection and soon application lockdown.
Deep Discovery Inspector: Physical or virtual network appliance that monitors all traffic across physical and virtual network segments, all network ports and over 100 network protocols to identify ransomware, targeted attacks and advanced threats.
Deep Discovery Analyser: Adds advanced sandbox analysis capabilities to endpoint protection, web and email gateways, network security and more.
Smart Protection Complete with XGen™: Comprehensive endpoint protection including anti-malware, anti-ransomware, memory inspection, machine learning, behavioural analysis, firewall, device control, DLP and command and control (C&C) traffic identification and blocking. Also includes full disc and file folder encryption, vulnerability shielding, application whitelisting and mobile security and management which all integrate into a single, centralised management platform for visibility and control across the estate.
InterScan messaging: Industry leading messaging gateway product to keep targeted attacks, traditional threats, ransomware and more at bay.
InterScan web: Maximum visibility and control at web gateway with option of virtual or software appliance.
Control Manager: Ties everything together with centralised, user-centric management for threat detection and data protection.
Kellow is keen to stress the importance of Trend Micro’s virtual credentials to his client’s decision. Trend Micro has been a VMware partner for years now and designed the architecture of Deep Security for tight integration with VMware products. This means enhanced visibility and control and unbeatable security with a low impact on resources.
Deep Security’s hypervisor-based approach to security controls, like anti-malware, meant the compute platform could free up 20% of resources for superior performance in its virtual environment.
“The maturity of the product has played a huge role and stands out in the market. Other vendors are only on their first or second generation of products in this space,” he explains.
“Another key part of picking the solution was knowing that we would move towards the cloud at some point. It was about having a single pane of glass across all technologies.”
The combination of Deep Discovery Inspector and Deep Security has also been able to keep the Regulator safe from ransomware – one of the most prolific threats facing organisations today. In fact, Trend Micro’s defence-in-depth approach to security has kept over 100 million customers ransomware-free in the past six months alone.
Deep Security, the worldwide leader in server security, has API connectors for the likes of Azure, AWS and VCloud, enabling automatic and seamless security for server workloads being moved to these public cloud providers.
“Without sandboxing the data, I would have much more to worry about,” says Kellow.