1 Trend Micro xSP license model Security for Service ProvidersZ en S Vincent van den Heuvel Channel Account Manager Tel:

2 Agenda Trend Micro Mission and Vision Smart Protection NetworkTrend Micro xSP license model Securing Your Virtualized Datacenter Agenda nog aanpassen Trend Micro mission and vision The changing landscape The Benefits of Virtualisation How To Start 4/16/2017

3 EVA CHEN CEO and Co-FounderTrend Micro A global leader in Internet content security advancing threat management technology to secure data against a wide range of threats EVA CHEN CEO and Co-Founder MISSION Innovate to provide the best content security that fits into the IT infrastructure VISION A world safe for exchanging digital information Founded United States in 1988 Headquarters Tokyo, Japan Employees 4,350 Market Content Security Locations Operations in 23 Countries $1 Billion Annual Revenue Largest Security Company Headquartered Outside US Top 3 in Messaging, Web and Endpoint Security A Leader in Virtualization and Cloud Computing Security For more than 20 years, Trend Micro has focused solely on content security and delivering innovative security solutions to meet the ever-changing needs of our customers. Trend Micro’s CEO, Eva Chen, co-founded the company in 1988 and continues to drive the company into the future. Today, we’re one of the largest security companies in the world. Trend Micro ranks in the Top 3 in web, messaging, and endpoint security #2 in web and messaging security #3 in endpoint We are a leader in cloud-based security. Trend Micro has more than 4,000 employees located around the globe Annual revenues of $1B USD We are headquartered in Tokyo and traded on the Tokyo Stock Exchange. Trend Micro is a transnational company and has 23 offices globally, more than 1,000 threat experts in TrendLabs and 9 global R&D centers 1000+ Threat Experts Classification 4/16/2017

4 Continuous InnovationOur #1 goal is to create value for our customers through continuous innovation Integrated Gateway Content Security InterScan Messaging Security Suite Data Leak Prevention LeakProof™ Trend Micro Smart Protection Network Virtualization Deep Security Threat Lifecycle Management Strategy Enterprise Protection Strategy (EPS) Trend Micro and Cisco Integrated Security in the Network LAN Server Virus Protection ServerProtect™ Server-based Virus Protection ScanMail™ 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 Gateway Virus Protection InterScan™ Web Filtering InterScan WebManager 2-Hour Virus Response SLA Door steeds veranderende marktontwikkelingen moet Trend Micro innovatief blijven. Een overzicht van een aantal recente innovaties Cloud 9 Deep Security SPN Cloud Security ‘Cloud 9’ Reputation Services Web-based Centralized Management Trend Micro Control Manager Software as a Service SecureCloud™ Web Threat Protection Web Reputation Network Access Control Network VirusWall™ 4/16/2017

5 Threat Environment More profitable$100 billion: Estimated profits from global cybercrime -- Chicago Tribune, 2008 More sophisticated, malicious & stealthy “95% of 285 million records stolen in 2008, were the result of highly skillful attacks” “Breaches go undiscovered and uncontained for weeks or months in 75% of cases.” -- Verizon Breach Report, 2009 More frequent "Harvard and Harvard Medical School are attacked every 7 seconds, 24 hours a day, 7 days a week.” -- John Halamka, CIO More targeted “27% of respondents had reported targeted attacks”. CSI Computer Crime & Security Survey Profit-driven Cybercrime Underground economy: well-established rates for malware, bank account info… Motivation is simple—online crime pays. For example, the average salary for a Russian professional is approximately $640 per month yet cyber-crime gangs are offering computer programming graduates from Moscow’s technical universities up to $5,000 to $7,000 a month.6 As in the past, Russia continues to be a hotspot for cyber crime. Russian malware is bought and sold for as much as $15,000 and rogue Russian Internet service providers charge $1,000 a month for bulletproof server access.7 More sophisticated & malicious While it may be true that the majority of breaches are not the result of highly skillful attacks, an alternate view of the data suggests that the really high-value targets require extensive effort. As Figure 23 plainly and powerfully demonstrates, these relatively few highly difficult attacks compromised 95 percent of the 285 million records across our caseload—a truly stunning statistic and one that is part of a larger story. Examples of sophisticated attacks include SQL Injection, XSS, Buffer overflow Blended threats, multiple threat vectors More frequent 1500 unique malware samples per hour, up from 600/hour in (TrendLabs) More targeted Fully Targeted: The victim was first chosen as the target and then the attacker(s) determined a way to exploit them. According to Verizon, targeted attacks accounted for 90% of all compromised records.

6 Smart Protection NetworkWEB REPU0ATION REPUTATION FILE REPUTATION Threats Threat Collection Management SaaS/Managed Cloud Partners ISPs Routers Etc. Endpoint Off Network Gateway Messaging Classification 4/16/2017 6

7 Memory impact is significantly reducedAlmost no growth compared with traditional virus scanning solutions.

8 Smart Scan and Conventional Scan comparisonsWe monitored all the possible traffic we can see between OSCE servers/clients & Scan Servers (i.e. not just pattern update)….. From the chart you can see the traffic for Smart Scan is more steady; Conventional will have a spike during pattern update…. Classification 4/16/2017

9 Correlation - Smart Protection NetworkWEB REPUTATION A lot can happen in a minute Fake news by . A compromised web site One click in a link. TROJ_CHOST.E REPUTATION FILE REPUTATION A fake video One of Trend Micro’s unique advantages is that we own all of the threat protection available with the smart protection network and our ability to correlate all threat information we receive. Let me explain how this works. [Click to bring up TrendLabs image] TrendLabs is host to over 1000 researchers and automated systems that analyze all the different threat information we receive. [Click 3x to bring up the 3 reputation images] The solutions to these threats are added to our multiple reputation databases. [Click to bring up rotating arrows] All of the threat information is correlated together since most threats today have multiple components to make up an entire threat. Let me give you an example of how this correlation works. [Click to bring up message] Many threats first start out as a spam message from a botnet controlled by a cybercriminal. [Click to send message to Reputation] Trend Micro’s first line of defense is to check our Reputation database to determine if this is coming from a spam source and if so we will block it. But we don’t stop there. [Click to bring up embedded links] The you may have noticed had some embedded links. Most spam today use embedded links to entice the user into clicking. [Click to show URLs] [Click to send links to Web Reputation database] We extract those embedded links and check them against our Web Reputation database to see if they are malicious or not. But we don’t just stop there. If we have not seen these links before we automatically start a web crawling process that analyzes every new URL we see. [Click to bring up file image] From this process we are able to source many new files that are downloaded from these web pages. [Click to send file image to File Reputation database] Anytime we detect a new file we check it against our File Reputation database to determine if it is malicious or not. If we have not seen a file before TrendLabs will analyze it to determine if it is good or bad and add it to our whitelist or blacklist (virus pattern) [Click to show Trojan image] In this example you’ll see we detected a Trojan. [Click to bring up notepad image] You’ll see that in analyzing this trojan file we are able to find new IPs and domains that the cybercriminal will be using in their attack. [Click to send image to web reputation] We extract this threat information and add them to our Web Reputation database to block any new attempts to access these IPs and domains that we know are malicious. [Click to bring up red circle] So as you can see, we are able through our analysis of each threat we can provide protection for all aspects of a threat, from , to web to file and add protection for our customers using any of our solutions that support the Smart Protection Network. In today’s threat landscape, the attack process does not take long. Even one minute of being unprotected can compromise security and infect the user. [Click to start build process] Users today can be infected by a number of methods. One click on a link in an , falling for a phishing , clicking on a legitimate site that’s been compromised or even clicking on a video link can provide an avenue for cybercrimals to steal data. But with Trend Micro Smart Protection Network and our correlation process we’re able to identify and analyze all components of an attack and provide immediate protection to our customers wherever they connect. It’s security made smarter. Classification 4/16/2017

10 NSS Labs Corporate Report ResultsSource: NSS Labs Corporate Report, FILE REPUTATION Why are there differences between the consumer results and the corporate results from every vendor? Vendors typically have integrated their multiple technologies into their products at different rates. Therefore one product may have more or less ability to block based on what technologies they offer in their different products. Vendors also configure their consumer and corporate products differently due to the differences in their customer’s requirements. Trend Micro’s big difference is in the “Caught on Execution” layer where OfficeScan performed less than TIS. This is due to the fact that OfficeScan does not support our behavior-based scanning technology that TIS does. This will be added with Service Pack 1 for OfficeScan WEB REPUTATION

11 Trend Micro xSP License modelClassification 4/16/2017

12 What is a Service Provider?Definition: Organizations that provide services (like security solutions) to other businesses and end users “A Service Provider (SP) is an entity that provides services to other entities. Usually this refers to a business that provides subscription or a Web service to other businesses or individuals.” – Wikipedia Service to 3rd party SP Signed Contract SP owns license 4/16/2017 Classification

13 xSP Pricing and Licenses modelPricing structure for SP is designed for maximum flexibility to match the various requirements of SPs. “year over year pricing” License Ownership SPs own the license, not their customer. They can lease the license to their customers, adding to the range of options/services they give their customers. Bulk Purchase Since SP owns the license, they can purchase an upfront volume of licenses at a discounted price and have total freedom of leasing the license out to their customers on their own price and time conditions. This allows them to maximize the margins they can generate from providing such services. For more information regarding pricing, you can get in touch with Insight your Trend Micro xSP Partner. If user-based pricing is not applicable, other models can be used: CPU-based Bandwidth-based Link speed-based Volume-based

14 Service Provider Partner BenefitsDiversify your revenue stream by adding sustainable security service revenue with minimum financial risk Offer your customers a flexible security service that will adapt to current and future needs With 93% retention observed from current Trend Micro customers, your recurring revenue is optimized As a Service Provider, bulk licensing purchase ensures you maximum margins Whether your customer base grows or declines monthly, you’ll only pay the licenses you service Revenue Flexibility Retention Aggregation Pay-as-you-grow Great to have sustainable Service revenue on the books 93% retention observed at current Trend Micro Customers. Customer get’s a monthly bill so doesn’t get that yearly reminder that he can look around Aggregation good for Trend Micro and good for Partner as it encourages the growth of business Need partners to have a vested interest in your growth 4/16/2017

15 Reporting Tool 4/16/2017

16 Some References Sago Networks:From its headquarters in Tampa and offices in Miami and Atlanta, Sago Networks has implemented rapidly deployable, high-speed fiber and wireless networks that can meet the capacity needs of the largest Internet companies. To protect its business, Sago Networks has chosen Trend Micro Enterprise Security solutions including: • PC and File Server Protection: Trend Micro OfficeScan™ Client/Server Edition • Corporate Server Protection: Trend Micro ScanMail™ for Microsoft Exchange • Anti-Spam and Protection: Trend Micro InterScan™ Messaging Hosted Security Sago Networks has also licensed the rights to resell the complete Trend Micro solution portfolio, including home and home office solutions, small and medium business solutions, and enterprise solutions. BT Global Services: Today, it offers its customers the complete range of Trend Micro Internet and content security solutions: • Endpoint security for servers • Network security to catch and remediate threats before they penetrate network systems • Messaging security to protect messaging and collaboration platforms and applications • Web security to block attacks originating on the Internet • Centralised management and monitoring solutions 4/16/2017

17 Securing Your Virtualized Datacenter Virtualization Creates, Security ChallengesClassification 4/16/2017

18 Challenge 1: Dormant VMs are unprotectedDormant VMs includes VM templates and backups: Cannot run scan agents yet still can get infected Stale AV signatures Dormant VMs Active VMs App App AV App AV App App AV App App App AV App App AV OS OS OS OS OS ESX Server

19 Challenge 2: Full System ScansResource Contention with Full System Scans Existing AV solutions are not VM aware Simultaneous full AV scans on same host causes severe performance degradation 3:00am Scan AV App Typical AV Console OS ESX Server

20 ESX Server Challenge 3: VM SprawlManaging VM Sprawl Security weaknesses replicate quickly Security provisioning creates bottlenecks Lack of visibility into, or integration with, virtualization console increases management complexity Dormant Active New ESX Server 4/16/2017

21 Challenge 4: Inter-VM TrafficNIDS / NIPS blind to intra-VM traffic First-generation security VMs require intrusive vSwitch changes Dormant Active AV App App AV App AV App AV OS OS OS OS Network IDS / IPS vSwitch vSwitch 4/16/2017

22 Challenge 5: VM MobilityvMotion & vCloud: Reconfiguration required: cumbersome VMs of different sensitivities on same server VMs in public clouds (IaaS) are unprotected Dormant OS App AV Active AV App App AV OS OS Network IDS / IPS vSwitch vSwitch 4/16/2017

23 Security Considerations for VirtualizationBecause of the rush to adopt virtualization for server consolidation efforts, many of the issues are overlooked, best practices aren‘t applied or, in some cases, the tools and technologies for addressing the security issues with virtualization are immature or nonexistent. As a result, through 2009, 60% of production VMs will be less secure than their physical counterparts. 60% of production VM’s will be less secure then their physical counterparts

24 Trend Micro VMsafe integrationProtect the VM by inspection of virtual components Unprecedented security for the app & data inside the VM Complete integration with, and awareness of, vMotion, Storage VMotion, HA, etc. Trend Micro offers: Anti Malware Firewall IDS/IPS inspection & Virtual Patching Monitoring of log and system files VA VM1 App1 OS1 VM2 App2 OS2 VM3 App3 OS3 VM4 App4 OS4 VM5 App5 OS5 VM6 App6 OS6 VA Hypervisor with Vmsafe API

25 Trend Micro Deep Security Server & Application ProtectionPHYSICAL VIRTUAL CLOUD Deep Packet Inspection Anti Malware Firewall Integrity Monitoring Log Inspection IDS / IPS Web App. Protection Application Control

26 Deep Security Product ComponentsPHYSICAL VIRTUAL CLOUD Deep Security Agent Deep Security Virtual Appliances Security Profiles IT Infrastructure Integration vCenter SIEM Active Directory Log correlation Web services Alerts Deep Security Manager Security Center Reports Security Updates 26

27 Trend Micro VMsafe Anti-malware scanningCore Protection Scanning Virtual Machine Anti-malware scanning for target VMs from outside Integrates VMsafe VDDK APIs to mount VM disk files Full scans of dormant & active VMs from scanning VM Automatically updates realtime agent in dormant VM

28 Deep Security Virtual applianceVMware vSphere 4 Virtual Appliance Deep Security VA provides Firewall IDS/IPS Virtual Patching Application Control Web Application protection (Q3 Anti-Malware) Uses VMware’s VMsafe-NET API to intercept network traffic at the hypervisor. 28

29 How To Start - 6 Step ApproachBezoek de Workshops. Step 2 Kom naar de Stand op de InfoMarkt en krijg een Voice Recorder Step 3 Bepaal de beste oplossing voor u! Step 4 Vraag bij Insight een offerte aan. Step 5 Teken het Trend Micro xSP contract. Step 6 Start Selling Trend Micro Security for Service Providers!

30 ? Bezoek onze stand op de InfoMarkt