Introduction to TrendMicro Deep Security

 TrendMicro Deep Security:

--> TrendMicro Deep Security provides advanced server security for physical, virtual, and cloud-based computers and delivers multiple security techniques in a single product.

--> Deep Security makes the deployment and management of security faster and easier, simplifying the transition from physical to virtual, and to the cloud. 

--> It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.

1) Deep Security Manager:

--> Deep Security Manager is a centralized management solution which allows you to create security policies and deployment of Deep Security Agents on the physical/virtual/cloud endpoints

--> Deep Security Manager does not provide protection itself, but instead, manages the rules and policies which are distributed to the enforcement components in the system.

--> We can install Deep Security Manager on 64-bit Windows and Linux Red Hat Operating Systems.

--> Deep Security Manager also can be used to distribute security updates to servers on-demand

--> In a production environment, two Deep Security Manager nodes connected to a single database can be set up to provide increased reliability, redundant availability, virtually unlimited scalability, and better performance.

--> Deep Security Agents going to receive IP address of both Deep Security Manager nodes and they will select one of them to communicate and receive the security policy

--> Deep Security Manager will need to connect to Trend Micro update servers over the Internet

2) Deep Security Virtual Appliance

--> The Deep Security Virtual Appliance is a virtual machine that transparently enforces security policies on VMware ESXi virtual machines through NSX, allowing agentless protection through the Anti-Malware, Web Reputation, Firewall, Intrusion Prevention, and Integrity Monitoring modules.

--> The Deep Security Virtual Appliance runs as a VMware virtual machine and protects other virtual machines running on the same ESXi Server, each with its own individual set of security policies.

--> The implementation of protection modules with the Deep Security Virtual Appliance depends on limitations that exist within the licensing structure of VMWare NSX.

3) Database Server

--> Deep Security Manager requires a database for storing the information it needs to function. 

--> It can be installed on the same system as Deep Security Manager or on a different system.

--> The database must be installed and a user account with the appropriate permissions must be created before installing Deep Security Manager. 

--> Microsoft SQL Server, Oracle, or PostgreSQL databases are supported, in addition, cloud deployments using the AWS or Azure Marketplace option allow the use of the vendor’s cloud-enabled database as well.

--> The communication between Deep Security Manager and the database is not encrypted by default

4) Deep Discovery Analyzer

--> Deep Discovery Analyzer is a secure virtual environment used to analyze samples submitted by Trend Micro products. 

--> Sandbox images allow observation of file and network behavior in a natural setting without any risk of compromising the network.

--> Deep Discovery Analyzer performs static analysis and behavior simulation to identify potentially malicious characteristics. 

--> During analysis, Deep Discovery Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings which are then forwarded to Trend Micro Apex Central to build the suspicious objects list.

5) Deep Security Agent

--> The protection layer of the Deep Security system is provided through the Deep Security Agent. 

--> This software component is installed on the server to provide protection through a collection of modules, including Anti-Malware, Web Reputation, Firewall, Intrusion Prevention, Integrity Monitoring, Log Inspection, and Application Control.

--> Deep Security Agents are supported on Windows, Linux, Solaris, HP-UX, and AIX and can be installed on either physical servers, virtual machines, or cloud servers.

6) Deep Security Relay:

--> The Deep Security Relay is a Deep Security Agent with relay functionality enabled. 

--> Deep Security Relays download and distributes security and software updates from the Trend Micro Global Update Server to Deep Security Agents and Deep Security Virtual Appliances. 

--> Trend Micro recommends installing a relay-enabled agent on the same computer as Deep Security Manager to protect the host computer and to function as a local Relay.

--> You must have at least one Deep Security Relay enabled in your environment to keep your protection up-to-date.

Read More

TrendMicro Virtual Patching

 TrendMicro Virtual Patching

Trend Micro Virtual Patching is a security solution offered by Trend Micro. Unlike manual patching, virtual patching is a short-term implementation of actual patches made for known vulnerabilities.

Virtual patches can be applied without having to reboot systems, making them great interim substitutes while waiting for a vendor patch to be released.

Virtual Patching allows organizations to protect their systems from known vulnerabilities even before official patches or updates are available from software vendors.

The virtual patches are deployed in the security infrastructure, such as network-based intrusion prevention systems (IPS) or endpoint protection platforms (EPP), to detect and block any attempted exploitation of the vulnerabilities.

Reference: 

https://www.trendmicro.com/explore/omdia-research/1781-n1-en-blg

Read More

F5 Enterprise DDOS Reference Architecture

 F5 Enterprise DDOS Reference Architecture

DDoS (Distributed Denial of Service) attacks pose a significant threat to organizations, potentially causing service disruptions, financial losses, and damage to their reputation. To mitigate the impact of such attacks, implementing a well-designed DDoS reference architecture is crucial

 

An enterprise DDoS reference architecture should be designed to scale and handle increasing traffic volumes. Following Components must be included in the Architecture:

 

1) Dedicated DDOS Protection Appliance: To detect and protect from DDOS Attacks (Mostly Hardware, it can be Virtual also)

 

2) Intelligent DNS Load Balancing: Intelligent DNS Devices such as F5 GTM to be implemented with DNS Load Balancing to distribute the traffic across multiple data centers in case of DDOS attack

 

3) DDOS Protection from ISP: In case, If you are not interested to purchase DDOS Appliance, You can take subscription from ISP to protect from DDOS attacks

 

4) Traffic Steering at Perimeter: You can use BGP Routing protocol at Perimeter to steer the traffic intelligently in case of DDOS attacks

 

5) Cloud Based DDOS Protection: You can also take advantage of Cloud Based DDOS Protection solutions such as Cloud fare by redirecting traffic before entering the organization

 

6) Network/Application Layer Protection: In addition to DDOS Appliance, you must also have the Protection at the Application/Network Layer by using the devices such as F5 LTM and WAF

 

F5 is Providing Following Solutions to protect from DDOS attacks:

 

Cloud Level	i) Silverline DDOS Protection   ii) Ready Defense Subscription
Network Level	BIG IP LTM
Application Level	BIG IP AWAF
DNS Level	BIG IP GTM

Read More