On this blog many times I wrote about Trend Micro Deep Security, I believe this product to be one of the most interesting on the market. Deep Security provides a comprehensive protection to VMware vSphere. Here we have agents and agentless anti-virus protection, HIDS, IPS, inspection logs, and the newly introduced, application control. Trend Micro develops its product in a sustainable manner, new versions appear not too often but quite regularly. In this post I will try to describe briefly what’s new in Trend Micro Deep Security 10.
The most important change in the Deep Security that it is based on XGen Security, it is a Trend Micro proprietary solution which you can read here. XGen solution combines many Trend Micro products into one cohesive ecosystem, for example, Deep Security 10 integrates with Deep Discovery. It is a hardware-based solution that can analyze (eg. the detected virus) in an isolated virtual environment (Sandbox). The latest version of Deep Security introduces even greater integration with cloud-based services, Amazon Web Services, Microsot Azure and VMware vCloud, hence, there was support for the Docker containers. There was also a new, intuitive interface consistent with other Trend Micro products. Also now we have new look in download center.
Upgrade version 9.6 to 10 takes place normally and entails no problems, the installer itself checks whether all the components are compatible.
After logging in, the system widgets is preserved with this as it was in the previous version, the new interface looks very neat.
Use and service Deep Security 10 is exactly the same as the previous version. The most obvious interface change is the addition of the Application Control. In this moment only supported operating systems is Red Hat and CentOS linux, in the future it is planned to extend this functionality to other Linux and Windows systems. Application Control is a creative development of SeLinux mechanism (Security Linux). It works exactly the same (detects changes in the operating system), and behaves the same (blocks not approved changes). With this small difference that we do not have anything to do with the VM console, all performed operations is at the level of the Deep Security interface.
The application control gives us insight into what is going on inside the VM, we see new applications, we can approve or reject. While in the Linux system this is not a novelty, it its introduction in Windows will be quite revolutionary. Security department will have total control over what is happening in the protected area.
As you can see, if you monitor apache web server, you also monitor all page files.
Another novelty which boasts Trend Micro is a so-called Smart Folders. This is a functionality based on vCenter attributes (Custom Attributes) and allows you to construct a specific search folders under Computers. Search is based on the attributes added to VM from the vSphere Web Client.
Attribute mapping on the Deep Security side.
Useful? This funcjonality automates the views which, combined with a variety of roles at Deep Security, enables efficient access allocation to environments for each Deep Security user. In conclusion, Trend Micro Deep Security 10 is a step in the right direction, a lot of news but without revolutionary changes.