Comprehensive protection of servers with Deep Security

15.01.2020
Security
Author: Atman

Atman has decided to make it easier for its clients to ensure the security of their server environments, and included the comprehensive and flexible Deep Security solution in its offer.

Deep Security stands for a Trend Micro toolkit designed to protect servers of any kind: bare metal, virtual, cloud, container, and other. The solution can be used by a company of any size since you only need to protect one server against cyber threats, such as hacking with the use of network vulnerabilities or malware attacks.

Deep Security overview

Deep Security architecture

Deep Security tools are grouped into three modules:

1. Network Security
  • Intrusion Prevention / Virtual Patching
  • Host Firewall
2. Malware Prevention
  • Anti-Malware
  • Web Reputation
3. System Security
  • Application Control
  • Integrity Monitoring
  • Log Inspection

Deep Secutrity toolkit

 

The solution allows you to choose a single module, any two of the modules or all three – depending on your needs. You can also decide which servers should be fully protected, and with regard to which only a selected type of security should be used.

Benefits

The Deep Security tools work in an automated and real-time manner, without resulting in system slowdowns. The installation is easy and fast (agent model), and the management is simple and convenient (single panel).

Using Deep Security significantly increases the level of security of your company’s IT infrastructure, while saving its time, resources and money thanks to:

  • Avoiding unplanned downtime in operational work
  • Limiting the “manual” performance of cybersecurity work
  • Avoiding potentially large financial losses in the event of data loss or leakage, among others

The issue of unsupported systems

MS Windows Server 2008 and Server 2008 R2

The issue of effective server security against vulnerabilities should be taken extremely seriously if its operating system has ceased (or will soon cease) to be supported by the manufacturer.

A recent example is Windows Server 2008 and Server 2008 R2, the support of which ceased to be provided by Microsoft on 14 January 2020. What does this mean for companies using these systems?  No MS response to newly found vulnerabilities, i.e. no new patches that could prevent cybercriminals or malware from exploiting these vulnerabilities.

If a company using Windows Server 2008 decides for some reason to continue working on this system for some time, it should positively implement appropriate security. Even if there is a decision to make a quick switch to a supported platform, the company should ensure effective protection of resources before, during and after migration. As a rule, unsupported operating systems are the target of many cyber criminals who try to find – and exploit – as many security gaps as possible.

 

Virtual Patching and Anti-Malware are of key importance when it comes to solving this problem and are generally the most popular among the Deep Security tools. Let’s take a closer look at them.

Reliable Virtual Patching

Virtual Patching basically means applying a virtual patch that protects the server until the installation of the proper, official update, or – in the case of unsupported systems – as long as it is required. It involves running multilayer filtering rules in the network which prevent attempts to access a specific vulnerability and exploit it.

Patching is triggered automatically. Information about the detection of a given vulnerability is provided by the recommendation scanner, which regularly monitors fully trusted sources, such as the Zero Day Initiative.

Let’s imagine that the information about the detection of a new vulnerability of the X application has just been published, and its producer has released a patch. Either a company working on X will find out about it with a delay of several days (servers do not receive notifications about available updates), or its IT specialist will catch it quickly – and face a dilemma. Should they stop server operation immediately, exposing the company to financial loss as a result of downtime? Or maybe they should plan a service slot for one night in a few days, by which time it would expose the company’s IT systems to an attack and so even greater financial loss?

In the same situation, companies using Virtual Patching have uninterrupted protection, while avoiding the cumbersome problem of updating the system at an inconvenient moment.

Professional Anti-Malware

It is a widespread claim that an average antivirus software is able to catch only 45% of all attacks. This is mainly due to the continuous evolution of cybersecurity threats. A dozen years ago, the biggest headache in the IT industry was a computer virus. Today, there are many types of malware across the Internet, such as spyware, cryptojacking or ransomware, among others, which require the right tools to combat them.

One of such tools is Anti-Malware by Trend Micro, which uses a complete set of methods:

  • Extremely rich and constantly updated malware database
  • Verification of known code fragments
  • Testing the suspicious software with the option of rolling back the changes made

Currently, it is one of the most serious tools providing comprehensive protection against malware.

Everything under control

By purchasing the Deep Security service, the you receive access to an intuitive console in which you can independently manage the necessary options, and enable or disable the modules. At any time, you can also generate reports that clearly show the effectiveness of a given tool. A great example is the Recommendation Report which informs what patches are missing on a given server or server group.

Undoubtedly, the implementation of all Deep Security modules is the solution that provides comprehensive protection. However, even using only one of them definitely increases the level of security by upgrading the quality of the security used to a whole new, higher level.