Marko Djordjevic

1
Selfdefending Networks Managed Antivirus
Strategy

• Marko Djordjevic
• Product Manager EEUR

2
Agenda

• Trendmicro Overview
• What means NAC ?
• Trendmicro Solution and Difference
• Summary

3
Trendmicro Overview

• Fastest growing antivirus vendor in the world.
• Founded in the US in 1988. Corporate headquarters
  in Tokyo, Japan. Publicly traded on NASDAQ(TMIC)
  and Tokyo Stock Exchange (4704)
• Antivirus and content security software and
  services provider to enterprise, small and medium
  business, and consumer segments
• Transnational company with 2000 employees,
  operations, and representation in over 30
  countries worldwide
• 2004 revenues
• US584 Million

Antivirus Software 2002 A Segmentation of the
Market (IDC)
4
Trendmicro Overview

• Global Leader in Internet Gateway and Mail Server
  Virus Protection
• 1 in the Internet gateway antivirus market for
  fourth consecutive year
• 1 in the mail server antivirus market for third
  consecutive year
• 1 growth rate in the file server antivirus
  market

• Over the years, Trend Micro has proven to be an
  enterprise technology market leader in the
  security space with the kind of vision and
  innovation needed to address evolving Internet
  threats.
• Brian Burke
• Research Manager, IDC

Based on IDC Market Analysis Worldwide
Antivirus and Software Forecast and Analysis,
2003-2007
5
Industry Firsts
Revenue in Millions
6
Threats Are Evolving
18,284 new virus patterns in 2004 as of Oct
2003 SQLSlammer RED, Love gate YELLOW, Mydoom
YELLOW, MSBlaster RED, Sobig YELLOW, Deluder
YELLOW, McAlister RED 2004 Sasser YELLOW, Sober
YELLOW, Bagle YELLOW
Number of Scan Patterns
7
Threats Are Evolving

• Viruses and worms can infect millions in minutes
  without action by end users
• Virus writers are becoming more creative and the
  damage from malware can soar into the billions
  (USD)
• Infected emails may appear to come from
  legitimate sources
• Differences between viruses, malware, spam, and
  spyware are blurring

8
Problems with IT-Security

• Viruses and worms continue to disrupt business
• Day-zero attacks make current solutions less
  effective
• Point technologies preserve clients, rather than
  network availability and enterprise continuity
• Non-compliant servers and desktops are common,
  but difficult to detect and contain
• Locating and isolating infected systems is time
  and resource intensive

9
Challenge - Networks are dynamic
Todays enterprise Networks are more dynamic
Extranet Partners
Mobile Workers Contractors
Remote Offices
Will they always comply with security policy?
10
Todays situation
Infected machine with non-existant or outdated
AV
11
Todays situation
Infection spreads to other PCs and Servers on
the network
12
Todays situation
AV software detects, removes and cleans all
policy compliant devices on the LAN
13
Todays situation
But the network remains vulnerable to
re-infection and the non-compliant machine has
still not been isolated
14
Policy Enforcement
Does PC comply With Policy?
Direct to update
NO
YES
Grant Access
By Cisco Network Admission Control (NAC) enabled
Deviceas client requests access to network
15
OfficeScan 7
Enhanced antivirus Desktop Server
Enterprise Client Firewall
Cisco NAC Policy Enforcement
EPS, OPS, Automated DCS
Network Virus Scanning
Intrusion Detection
Network Session Monitoring
Integrated, centrally managed protection from
todays multiple threats
16
Cisco NAC Overview

• Components of an OfficeScan network
• using Cisco NAC
• OfficeScan client with a Cisco Trust Agent (CTA)
  installed
• Network access device (NAD)
• Cisco Access Control Server (ACS)
• Trend Micro Policy Server
• OfficeScan server

TM Cisco
Trendmicro
Cisco
17
OfficeScan Server

• The following can be configured on OfficeScan
  management console
• Communication between the ACS Policy Server
• Client certificate
• CTA deployment

18
Policy Server

• Responsible for evaluating client credentials
  against ACS
• Available comparison criteria in rules
• real-time scan ? enable/disable
• engine version ? update to date/out of date
• pattern ? version OR release date comparison
• Available remediation actions
• enable real-time scan
• update now
• cleanup now
• cleanup now scan now
• notification msg

19
The TrendMicro Difference ?

• Integrated Security Enforcement through Cisco NAC
• Trend Micros Solution
• Cisco NAC support includes Posture Plugin and
  Policy Server
• Ability to deploy CTA
• Posture can be validated from external Policy
  Server
• Competitive Solutions
• Cisco NAC support includes only Posture Plugin
• No CTA deployment capability
• ACS can only do local policy validation

20
NAC Summary

• Reduced IT costs by preventing external and
• internal threats
• Proactive protection to ensure all devices
• comply with security policies
• Prevents contagious endpoints from
• infecting network reduced downtime due to
• worms and viruses
• Leverages existing Cisco, antivirus, and
• endpoint investments
• Increased network availability, resilience,
• and productivity

21
Q A

• For detailed Information please visit our booth!