It is well known that the main drivers for organizations to embrace virtualization and cloud computing are for the ease of use, cost savings and efficiencies that these platforms provide. Lately, organizations are also coming to understand the value of virtualization-aware security. There are extended benefits and efficiencies organizations can achieve by adopting security solutions that are purpose-built for virtualization and cloud, and most realize the advantages over trying to retro-fit their existing security solution into a virtualized environment.
One problem facing organizations in how they manage and secure their virtualized infrastructures is the ability to holistically see what is going on throughout the data center. From an infrastructure and security perspective, the ability for operations to be shown in a “single pane of glass” is paramount. Additionally security should be automatically managed to allow rapid response and address the underlying root causes of security issues.
In larger organizations, the infrastructure and security operations teams are separated organizationally with different reporting structures and different objectives and SLAs. The infrastructure team usually reports to the CIO and is tasked with ensuring business continuity/minimum downtime. The security team is tasked with minimizing security risks. When a security event occurs within an organization, different actions are often taken by these two teams in trying to remediate the problems. The information asymmetry between the infrastructure and security operations teams can make it difficult to identify and remediate threats that may be persisting and propagating throughout the data center.
When a security event occurs both teams will start working on the same problem from two different perspectives. From an infrastructure perspective the operations team may try to remediate the issue by moving virtual machines or rebooting them. The Security team may decide to enforce more strict security policies on the machine and block access that may be required by the operations team. When the actions of the two teams conflict with each other, they may further exacerbate the issue and cause confusion between the teams when actions are occurring. This can lead to the teams taking a longer time to identify the root cause and the cost of the investigation increases because multiple teams are working on the same problem.
To help alleviate this problem the infrastructure operations team requires the ability to quickly identify and assess situations that may indicate a threat. The operations team can then work with the security team to provide a greater chance of mitigating the incident with minimal impact.
As a solution to this problem, Trend Micro and VMware have partnered to deliver the first integrated security and operations management solution. The joint solution will help organizations to:
- Get increased visibility into security events on virtual machines protected by Trend Micro Deep Security
- Be more effective in responding to security incidents
- Save hours or days of debugging and prevent costly downtime of decommissioned virtual machines
The Trend Micro Deep Security Management Pack for vRealize Operations gives the virtualization operations team the ability to see both infrastructure and security statuses for virtual machines in their data center from the same unified dashboard. This is the enabler to allow the operations team to address problems in the data center holistically with a combined view of infrastructure and security. This solution offers organizations a way to remove the walls between the operations and security teams and is a step towards a more unified and efficient operation by offering:
- Coordinated operations and security views: vRealize Operations heat map views allow organizations to quickly see which machines are under attack at any given time. This offers a visual medium to quickly assess the security posture of the data center environment and allows the operations and security teams to take appropriate measures. Expanding the operations dashboard allows the operations team to also look at security events so they can be more informed about the incident and fully understand any security implications before taking action.
- Correlation between security and infrastructure events: This integration also lets organizations correlate security event activity with performance activity. When a security event (such as an intrusion attempt) causes a jump in CPU demand, the infrastructure team can now correlate the two and inform the security team to examine those machines in detail from a security point of view.
- Automated alert workflow: The response to security events can be automated through operational workflows. These workflows can help reduce the time for discovering and remediating the root cause of incidents and allow machines to be re-provisioned automatically and quickly avoiding costly downtime.
Bringing the combined view of infrastructure and security to the operations team will reduce cost and increase efficiency when security events occur within a data center. This will lead to a higher quality of overall operation and a lower time to remediate and resolve security issues.
The Trend Micro and VMware combined solution consists of:
vRealize Operations: VMware’s solution to proactively ensure performance, utilization, and availability of infrastructure and applications running on vSphere, Hyper-V, Amazon, or hardware—using predictive analytics and policy-based automation.
Trend Micro Deep Security: The market leader in server security is specifically designed for virtual and cloud environments. Its agentless architecture delivers comprehensive protection from advanced threats, minimizes operational complexity, improves business continuity, and allows organizations to accelerate virtualization and cloud adoption.
Trend Micro Deep Security Management Pack for vRealize Operations: A vRealize Operations management pack plug-in that allows the operations team to see the security status, security related events, and overall health of the virtual data center from a single view. This allows the operations team to correlate system activity with security activity and address problems in the virtual data center holistically.
If you’re interested in learning more, please visit: www.trendmicro.com/vmware.