InterScan Web Security Suite 2.0

abdomendebonairSecurity

Nov 2, 2013 (3 years and 7 months ago)

145 views

Copyright 2004
-

Trend Micro, Inc.

InterScan Web Security Suite 2.0

(IWSS 2.0)

Customer presentation

with back up slides

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

2


Viruses, spyware and other malicious code can enter organizations
via HTTP when employees access their Web
-
based email accounts


Yahoo, Hotmail etc.


Typically in attachments


Web sites and FTP downloads can contain viruses, spyware and
other malicious code


Spyware and phishing
-
related threats utilize HTTP to transmit both
private and company confidential information


Data collection via keystroke logging, screenshot capture, etc.


Spyware and malicious code have other undesirable effects


Data captured can consume significant storage space


Transmission of data can slow system performance significantly


Many system crashes are now attributable to spyware
-
related complications


Can create ‘backdoors’ to load more programs and control the system;
systems become ‘zombies’ for DDoS, spamming purposes etc.

Protection for HTTP/FTP traffic is mandatory today

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

3

Web
-
based Threats Are on the Rise


Web traffic related infections are on the rise



ICSA 9
th

Annual Virus Prevalence Survey, 2004
--

20% of respondents
identified web
-
browsing or internet downloads as the means of infection for
their most recent virus incident


up from 15% in 2003


CompTIA 2
nd

Annual IT Survey
-

36.8% of respondents said they were hit
by one or more browser
-
based attacks in the last six months
--

a 25 percent
increase from last year's survey


The number of new unique phishing attacks is skyrocketing


1,125 in April 2004, a 180% increase from March


Up from just 28 in Nov. 2003, a 110% CAGR per month since then


Each attack represents
millions

of fraudulent emails


Spyware and monitoring programs now number over 300,000


May be present on up to 90% of all internet
-
connected PCs

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

4

A Conglomeration of Point Solutions is NOT the Answer!


Multiple management consoles



Day
-
to
-
day headaches


Slower, uncoordinated response to attacks


Multiple support contacts


Who do you call first?


Do they understand the whole environment?


Finger
-
pointing among vendors


Multiple maintenance agreements


More to track


More patches and updates


More expensive



Greater Administrative Burden


Higher cost of ownership


Poorer security posture

URL

A/V

Anti
-

Spy

?

Anti
-
spyware

URL

Filtering

Antivirus

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

5

The Future


Integration of Web Gateway Applications


Integration of Web security and URL Filtering
is

the future


Easier to manage, easier to get support


Faster, more coordinated response to threats


Better total cost of ownership


Point solutions are outdated, costly, and inefficient



Top industry analysts advocate this integration


Peter Firstbrook, META Group:

“Integrating multiple products required to enforce
acceptable use and security policy for all outbound browser
-
based traffic (the "Web
Gateway") is a major pain point for organizations. We expect Web Gateway tools, such
as URL filtering, antivirus/anti
-
spyware, and active content control tools, will merge in
major vendor platforms to simplify implementation of secure Internet access.”




Brian Burke, IDC
: “ IDC believes the future of IT security will be a combination of
products and policies implemented to work together and provide a company’s network
with overall protection. The next generation of EIM solutions should address the
complexity of managing multiple points in the employee computing environment…”



“EIM” = Employee Internet Management, an industry term for URL Filtering
-
related solutions


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

6

For Larger Enterprise Networks,

Combined SMTP/HTTP/FTP Products Are NOT the Answer


CPU
-
intensive SMTP scanning
can significantly increase latency

for
HTTP/FTP traffic in a combined SMTP/HTTP/FTP solution


Users are very sensitive to latency in Web page and FTP downloads


SMTP email traffic is more asynchronous


users are less sensitive to latency


Increased latency in Web downloading…


Decreases productivity and creates user dissatisfaction


Increases help desk calls


Compounds network congestion as impatient users ‘refresh’ browser often


Enterprises with greater than 500 to 1000 users require a focused
HTTP/FTP solution


Higher performance


Happier, more productive employees


Fewer help desk calls and complaints


More architectural flexibility





RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

7

Characteristics of an Effective Enterprise Web Gateway Solution


Seamless integration of multiple web security and internet
management applications into one platform


HTTP/FTP focus for enterprise
-
class performance and satisfied,
more productive users


Support for multiple deployment scenarios


Granular policy, flexible settings, rich reporting capability


Leverages existing network and user/group definitions


One point of support, one escalation path worldwide


Security expertise


Global reach, global exposure to threats


Proven, rapid responsiveness

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

8

InterScan Web Security Suite
-

Integrated Web Security Without Sacrificing Performance


Integrated, comprehensive solution


Antivirus, Anti
-
phishing, Anti
-
spyware


URL Filtering (optional)


HTTP/FTP focused


True enterprise
-
class performance


Flexible deployment and configuration options


ICAP, standalone, dependent modes


Large file handling options


Granular policy administration via LDAP/AD


From
Trend Micro


The worldwide leader in gateway antivirus solutions


Award winning Trend Labs support


Key part of Outbreak Prevention and Virus
Response Services



Preemptively stop threats
-

reduce cleanup costs

Antivirus

URL Filtering

Anti
-
Phishing

Anti
-
spyware

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

9

A Key Part of the Trend Micro Enterprise Protection Strategy

Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management

TREND MICRO CONTROL MANAGER


outbreak lifecycle management, prevention and deployment

Damage Cleanup Services

Agentless

Damage

Cleanup

Client and

Server Cleaning

Virus Response Services

Threat
-
Based

Scanning

Virus

Response SLA

Outbreak Prevention Services

Proactive Attack

Updates

Outbreak

Prevention

Policies

Analysis and

Reporting

Attack
Prevention

$$

Notification
and
Assurance

$

Pattern

File

$$

Scan and
Eliminate

$$

Assess and
Cleanup

$$$$

Restore
and Post
-
Mortem

$

Threat
Information

$

Outbreak Prevention

Virus Response

Assessment and Restoration

Outbreak
Lifecycle
Phases

Trend Micro
Services

Service
Components


Minimizes window of opportunity for new threats


Protects and shields organizations before new pattern available


IWSS examples
: Block webmail sites, URLs or URL patterns, file types & names, etc.



Reduces cleanup costs, increases ROI by stopping threats preemptively

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

10

InterScan Web Security Suite 2.0 Highlights


Integrated platform combines antivirus, anti
-
phishing, anti
-
spyware and
URL Filtering for easier administration, coordinated response to attacks


HTTP/FTP focused gateway solution for high performance, greater
employee productivity and satisfaction


Trend Micro Enterprise Protection Strategy and Control Manager support


New with version 2.0:


Anti
-
spyware and anti
-
phishing capability


Optional URL Filtering module offers simplified licensing, better TCO


Deployment options include ICAP
-
compliant caching servers, now
including Cisco ACNS


LDAP directory integration for easier user/group policy management


Large
-
file handling options provide administrative flexibility to balance
security with end user satisfaction and faster download performance


Enhanced real
-
time and scheduled graphical reports



RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

11

Anti
-
phishing Capability


Blocks
outbound

transmission to malicious URLs


Phishing related sites, malicious code distribution sites, spyware sites


Helps protect against identity theft and theft of confidential company data


Updated several times a week via Active Update


Complements more traditional
inbound

detection of phishing
-
related spam in Trend Micro’s Spam Prevention Solution


Lenient sensitivity settings or tag/deliver and quarantine rules may still
allow suspected phishing messages to reach the end user


Trend Micro is a member of the Anti
-
phishing Working Group


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

12

Anti
-
spyware Capability


Detects and blocks malicious/illicit spyware


Via the standard virus pattern file


Can be set by administrator to block legitimate but unwanted
spyware, adware, remote access tools, hacking tools and more


Via a separate spyware pattern file


Spyware
-
related URLs blocked by anti
-
phishing feature


Via anti
-
phishing pattern file

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

13

URL Filtering Module


Fully
-
integrated

optional module


Easier to manage, easier to coordinate
policies/settings


Full
-
featured solution designed for
enterprise environments


Over 50 categories, millions of websites


Policy by user/group
--

by time of day, day of
week, bandwidth quota


Real
-
time or offline analysis of unclassified sites


Simpler licensing and superior economics
vs. point solutions


One affordable charge gets it all


No premium groups, no annual subscription


Automatic updates from award
-
winning
Trend Labs


Worldwide exposure


Honeypot system

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

14

Benefits of a URL Filtering Solution


Improved network
performance


Resources used for
business purposes


Reduced exposure to
legal liability


Inappropriate content
kept out of workplace


Increased employee
productivity


Personal surfing
activity limited

And with
Trend Micro
,

it is fully integrated…

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

15

HTTP

FTP

IWSS Can Be Deployed with ICAP
-
compliant Caching Servers


Cisco, Network Appliance, Blue Coat


Performance benefits


Other configurations include:


Standalone


Dependent mode
--

with upstream proxy
servers

c

HTTP Content Server

FTP Server

ICAP

Caching

Server

FTP

HTTP

IWSS

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

16

Directory Integration


LDAP/Active Directory


Simplifies management


allows administrator to leverage
existing infrastructure and user/group definitions

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

17

Large File Handling Options


Unique options offer different levels of security


Greater administrative flexibility vs. competitive solutions

Note: Blue Coat appliance does not support these options at this time

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

18

Enhanced Reporting


Scheduled or Real Time


By user, by group


Consolidated or individual


Line charts and bar charts


Print button


Ability to export data to
external reporting
application


If URL Filtering not
activated, applicable
reports will be ‘grayed out’

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

19

Summary


HTTP/FTP focused, high performance solution addresses a growing
concern
--

browser based attacks


without sacrificing performance


Integrated platform


easier to manage, more coordinated response
to attacks, better economics/TCO, single point of support


ICAP support, flexible deployment options


New features include:


Anti
-
phishing


Anti
-
spyware


URL Filtering


Directory Integration
-

LDAP/Active Directory


Performance, pricing and integration advantages


Great complement to our SMTP
-
based InterScan



Messaging Security Suite

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

20

Back up slides


Launch schedule


Proposed Future Enhancements


Competitive Comparison Matrices


URL Filtering only


A/V + URL Filtering


High level architecture slides


IWSS Platform


Load balanced


Performance slides from IWSS 1.0 Veritest


Still valid


IWSS 2.0 metrics coming soon…

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

21

Schedule


IWSS 2.0
--

Windows release June 7
th


Announcement/Press release on June 14th


IWSS 2.0


Solaris and Linux
targeted

for early September


Solaris 8, 9


RHEL 2.1, 3.0


SuSe 8.1, 9


United Linux 1.0 (includes Turbolinux)


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

22

Future Enhancements


IWSS
proposed

enhancements:


Malicious Mobile Code protection


Finer
-
grained controls on Anti
-
spyware capability


Selectively activate protection from adware, hacking tools, remote
access tools, dialers, joke programs, password cracking apps, and
other malicious code types


Web Cache Communication Protocol (WCCP) support


ISA 2004 Integration


Reverse proxy configuration support


General improvements to LDAP, logging


Target

release
-

first half 2005


Please provide your input via your Trend Micro representative

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

23

URL Filtering Competitive Overview

Websense

SurfControl

Trend Micro

# Sites

Over 6 million

‘Many millions’

Over 5 million

# Categories

80+

40

54

Pricing Structure


$11.50 per seat @ 5000


Extra $4.50
-

8.00/seat
for key Premium Groups


Annual subscription
renewal at 100% with
small multi
-
yr discount


$8.50 per seat @ 5000


Premium Groups


unknown


Annual Subscription
renewal at 50% with multi
-
yr discount


$6.54 per seat @ 5000


Includes all categories, NO
PREMIUM GROUPS


Annual
maintenance

at ~30%
(regionally determined)

Updates

Daily

Automatic

Daily

Automatic

Daily

Automatic via Active Update

Dynamic Filtering
(unclassified sites)

-
Unknown

-
Yes, but optional, $$

-
Real
-
time, slows
performance

-

Yes, included standard

-

Can be done offline to avoid
performance impact

Comments

-
Categories too granular


many will not be used

-
Customer must pay extra
for important categories

-
Very expensive overall

-
Not integrated platform

-
No security/AV expertise

-

no security/AV expertise

-

3
rd

party AV offering

-
Not tightly integrated
platform

-

Covers ALL general categories
of other solutions

-
Simpler pricing structure

-
Integrated platform with AV+

-
Better TCO

Prices are Suggested Retail Prices

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

24

Combined Solution


Antivirus + URL Filtering

Comparative Pricing Analysis
at Suggested Retail Prices

Websense

SurfControl

Symantec

Trend Micro

AV+URL Pricing


At 1000 seats

At 5000 seats

At 10000 seats

Websense Ent. plus

3
rd

party AV (extra)

$15.00 + AV ___

$11.50 + AV ___

$10.50 + AV ___


Web Filter VS plus

3
rd

Party (McAfee)

$13.00 + AV $7 est.

$ 8.50 + AV $5 est.

$ 7.00 + AV $5 est.

Up to 40% uplift in EU

Sym. Web Security


$26.80

$10.01


11.82

$10.01


11.82


IWSS+URL


$8.80 + 8.80 = $17.60

$6.54 + 6.54 = $13.08

$5.46 + 5.46 = $10.92

Premium Groups

At 1000 seats

At 5000 seats

At 10000 seats

Three Prem. Groups

$5.00 ea, $9.00 for all

$4.50 ea, $8.10 for all

$4.00 ea, $7.20 for all

Unlikely

None

None

Licensing Model

Subscription

Renew at 100% ann.

Maint. ~20%

Subscription

Renew at 50% ann.

Maint. 25%

Subscription

Renew at 40
-
50 % ann.

Maint. extra or bundled

Purchase & Maint.

No subscr. renewals

Maint. ~30%

Multi year
discount on sub.
renewals

Very small

~10% for 2yr

15
-
25% w/ new purch.

Very small later

Very small

Not applicable


no
subscription renewals

Comments


No AV integrated


No security expertise


Higher cost, TCO


Complex pricing


No AV integrated


No security expertise


Higher cost, TCO


No LDAP on some


Poor URL product


Fewer features


Very expensive for
2000 seats or less


Integrated platform


Security expertise


Low cost, low TCO


Simple licensing

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

25

3
-
Year Total Cost of Ownership Comparison

AV+URL,1000 seats

Company

cost

Year 1

Year 2

Year 3

Total

Trend Micro

Base license

Maintenance


Websense

Base license

Prem Group

Renewal

Maintenance

SurfControl

Base license

Renewal

Maintenance

Symantec

Base license

Renewal

Maintenance

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

26

IWSS Platform

Policy and Reporting

URL

Filter

*rel 2.0

Phishtrap

*rel 2.0

MMC

*rel 2.5

Policy Store

Software ICAP

Management

Applications

Platform

IWSS

LDAP/AD

Customer

Directory

TREND MICRO CONTROL MANAGER


Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management

Anti
-

virus

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

27

Distributed Architecture


IWSS Load balance can be set
up by


using ICAP client feature


Using Layer 4 switch

IWSS
1

ICAP
client

OR

Layer
-
4
switch

IWSS
2

IWSS
3

IWSS
x

TMCM
server


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

28

IWSS 1.0 Performance

Delay Characteristics


IWSS 1.0 data

Good

Note: IWSS 2.0 performance is improved, metrics available soon

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

29

IWSS Performance
-

URLs per Second


IWSS 1.0 data

Good

Note: IWSS 2.0 performance is improved, metrics available soon

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

30

IWSS Performance
-
Throughput


IWSS 1.0 data

Good

Note: IWSS 2.0 performance is improved, metrics available soon

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

31

VeriTest Summary Highlights


IWSS 1.0 data


Performance Test
Measurement

NAI e1000
Appliance

Symantec SWS

Delay

3.8x

more delay
than IWSS


7.8x

more delay
than IWSS

URLs per Second

IWSS processes
2.5x

more URLs
per Second

IWSS processes
2.5x

more URLs
per Second

8.3x

Throughput

IWSS
2.2x

1.38x

IWSS Outperforms the Competition!

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

InterScan Web Security Suite 2.0

Copyright 2004
-

Trend Micro, Inc.

32

VeriTest Test Results
-

IWSS 1.0 data

Good

Good

Good