Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching. This comprehensive, centrally managed platform helps you simplify security operations while enabling regulatory compliance and accelerating the ROI of virtualization and cloud projects. The following tightly integrated modules easily expand the platform to ensure server, application, and data security across physical, virtual, and cloud servers, as well as virtual desktops.
Vulnerability Protection provides advanced server security for your computers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching. This comprehensive, centrally managed platform helps you simplify security operations. The following tightly integrated modules easily expand the platform to ensure server, application, and data security across your computers.
Integrates with VMware environments for agentless protection, or provides an agent to defend physical servers and virtual desktops.
Integrates new VMware vShield Endpoint APIs to provide agentless anti-malware protection for VMware virtual machines with zero in-guest footprint. Helps avoid security brown-outs commonly seen in full system scans and pattern updates. Also provides agent-based anti-malware to protect physical servers, Hyper-V and Xen-based virtual servers, public cloud servers as well as virtual desktops in local mode. Coordinates protection with both agentless and agent-based form factors to provide adaptive security to defend virtual servers as they move between the data center and public cloud.
Trend Micro Web Reputation Service blocks access to malicious web sites.
Trend Micro assigns a reputation score based on factors such as a website's age, change history, and indications of suspicious activities discovered through malware behavior analysis.
The Web Reputation Service:
Detects and reports malicious and unexpected changes to files and systems registry in real time.
Provides administrators with the ability to track both authorized and unauthorized changes made to the instance. The ability to detect unauthorized changes is a critical component in your cloud security strategy as it provides the visibility into changes that could indicate the compromise of an instance.
Decreases the attack surface of your physical and virtual servers.
Centralizes management of server firewall policy using a bidirectional stateful firewall. Supports virtual machine zoning and prevents denial of service attacks. Provides broad coverage for all IP-based protocols and frame types as well as fine-grained filtering for ports and IP and MAC addresses.
Shields known vulnerabilities from unlimited exploits until they can be patched.
Helps achieve timely protection against known and zero-day attacks. Uses Intrusion Prevention rules to shield a known vulnerability -- for example those disclosed monthly by Microsoft -- from an unlimited number of exploits. Offers out-of-the-box Intrusion Prevention rules for over 100 applications, including database, web, email and FTP servers. Automatically delivers rules that shield newly discovered vulnerabilities within hours, and can be pushed out to thousands of servers in minutes, without a system reboot.
Defends against web application vulnerabilities.
Enables compliance with PCI Requirement 6.6 for the protection of web applications and the data that they process. Defends against SQL injections attacks, cross-site scripting attacks, and other web application vulnerabilities. Shields vulnerabilities until code fixes can be completed.
Identifies malicious software accessing the network.
Increases visibility into, or control over, applications accessing the network. Identifies malicious software accessing the network and reduces the vulnerability exposure of your servers.
Provides visibility into important security events buried in log files.
Optimizes the identification of important security events buried in multiple log entries across the data center. Forwards suspicious events to a SIEM system or centralized logging server for correlation, reporting and archiving. Leverages and enhances open-source software available at OSSEC.
Deep Security consists of the following set of components that work together to provide protection:
Vulnerability Protection consists of the following set of components that work together to provide protection:
Deep Security Manager ("the Manager") is a powerful, centralized web-based management system that allows security administrators to create and manage comprehensive security policies and track threats and preventive actions taken in response to them. The Manager integrates with different aspects of the datacenter including: VMware vCenter, Microsoft Active Directory and has a web services API for integration with datacenter automation environments.
Vulnerability Protection Manager ("the Manager") is a powerful, centralized web-based management system that allows security administrators to create and manage comprehensive security policies and track threats and preventive actions taken in response to them. Vulnerability Protection Manager integrates with different aspects of the datacenter including Microsoft Active Directory, and has a web services API for integration with datacenter automation environments.
Policies are policy templates that specify the security rules to be configured and enforced automatically for one or more computers. These compact, manageable rule sets make it simple to provide comprehensive security without the need to manage thousands of rules. Default Policies provide the necessary rules for a wide range of common computer configurations.
The customizable, web-based UI makes it easy to quickly navigate and drill down to specific information. It provides:
Role-based access allows multiple administrators (Users), each with different sets of access and editing rights, to edit and monitor different aspects of the system and receive information appropriate to them. Digital signatures are used to authenticate system components and verify the integrity of rules. Session encryption protects the confidentiality of information exchanged between components.
The Vulnerability ProtectionDeep Security Agent ("the Agent") is a high performance, small footprint, software component installed on a computer to provide protection.
The Deep Security Virtual Appliance ("the Appliance") runs as a VMware virtual machine and protects the other virtual machines on the same ESXi server, each with its own individual security policy.
The Deep Security Relay is a server which relays Deep Security Updates from the Trend Micro global update server to the Deep Security system. By using Relays you can improve performance by distributing the task of delivering updates to the Manager, Appliances, and Agents of your Deep Security installation.
The Vulnerability Protection Relay can improve performance by distributing the task of delivering updates to the Manager and Agents of your Vulnerability Protection installation.
The Deep Security Notifier is a Windows System Tray application that communicates the state of the Deep Security Agent to client machines. The Notifier displays pop-up user notifications when the Deep Security Agent begins a scan, or blocks malware or access to malicious web pages. The Notifier also provides a console utility that allows the user to view events and configure whether pop ups are displayed. The Notifier has a small footprint on the client machine, requiring less than 1MB of disk space and 1MB of memory.
Deep Security as a Service provides a complete set of security capabilities for the cloud. These capabilities are tightly integrated with cloud providers, making it faster and easier to meet security requirements.
Designed to run on and with cloud providers including Amazon Web Services, Microsoft Azure, VMware vCloud and others, the Deep Security service makes it fast and easy to secure cloud instances:
Central management of security is performed from a single, integrated administrative console that automatically provides an up-to-date view of your cloud environment.
Deep Security delivers a full set of security capabilities to secure server instances.
Integrates with VMware environments for agentless protection, or provides an agent to defend physical servers and virtual desktops in local mode.
Integrates new VMware vShield Endpoint APIs to provide agentless anti-malware protection for VMware virtual machines with zero in-guest footprint. Helps avoid security brown-outs commonly seen in full system scans and pattern updates. Also provides agent-based anti-malware to protect physical servers, Hyper-V and Xen-based virtual servers, public cloud servers as well as virtual desktops in local mode. Coordinates protection with both agentless and agent-based form factors to provide adaptive security to defend virtual servers as they move between the data center and public cloud.
Trend Micro Web Reputation Service blocks access to malicious web sites.
Trend Micro assigns a reputation score based on factors such as a website's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis.
The Web Reputation Service:
Detects and reports malicious and unexpected changes to files and systems registry in real time.
Provides administrators with the ability to track both authorized and unauthorized changes made to the instance. The ability to detect unauthorized changes is a critical component in your cloud security strategy as it provides the visibility into changes that could indicate the compromise of an instance.
Decreases the attack surface of your physical and virtual servers.
Centralizes management of server firewall policy using a bidirectional stateful firewall. Supports virtual machine zoning and prevents denial of service attacks. Provides broad coverage for all IP-based protocols and frame types as well as fine-grained filtering for ports and IP and MAC addresses.
Shields known vulnerabilities from unlimited exploits until they can be patched.
Helps achieve timely protection against known and zero-day attacks. Uses vulnerability rules to shield a known vulnerability -- for example those disclosed monthly by Microsoft -- from an unlimited number of exploits. Offers out-of-the-box vulnerability protection for over 100 applications, including database, web, email and FTP servers. Automatically delivers rules that shield newly discovered vulnerabilities within hours, and can be pushed out to thousands of servers in minutes, without a system reboot.
Defends against web application vulnerabilities.
Enables compliance with PCI Requirement 6.6 for the protection of web applications and the data that they process. Defends against SQL injections attacks, cross-site scripting attacks, and other web application vulnerabilities. Shields vulnerabilities until code fixes can be completed.
Identifies malicious software accessing the network.
Increases visibility into, or control over, applications accessing the network. Identifies malicious software accessing the network and reduces the vulnerability exposure of your servers.
Provides visibility into important security events buried in log files.
Optimizes the identification of important security events buried in multiple log entries across the data center. Forwards suspicious events to a SIEM system or centralized logging server for correlation, reporting and archiving. Leverages and enhances open-source software available at OSSEC.
To ease administration, these security functions are managed via a set of customizable policy templates and rules through a single administrative console.
Deep Security as a Service makes managing security for the cloud easy.
The integrated administrative console combined with tight cloud provider integration makes providing the security needed for the cloud fast and easy.