File Integrity Management for Today's Data Center ... - Trend Micro
File Integrity Management for Today's Data Center ... - Trend Micro
File Integrity Management for Today's Data Center ... - Trend Micro
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong><br />
Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and<br />
Cloud Environments<br />
An ENTERPRISE MANAGEMENT ASSOCIATES ® (EMA) White Paper<br />
Prepared <strong>for</strong> <strong>Trend</strong> <strong>Micro</strong><br />
September 2011<br />
IT & DATA MANAGEMENT RESEARCH,<br />
INDUSTRY ANALYSIS & CONSULTING
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
Table of Contents<br />
Executive Summary..............................................................................................................................................1<br />
<strong>File</strong> <strong>Integrity</strong> Monitoring: What It Is, Why It’s Important............................................................................2<br />
The Challenges of Traditional FIM Solutions.................................................................................................3<br />
Overcoming FIM Challenges: <strong>Trend</strong> <strong>Micro</strong> Deep Security..........................................................................4<br />
An Integrated Approach................................................................................................................................4<br />
Designed <strong>for</strong> Virtualization...........................................................................................................................5<br />
Responding to Compliance Requirements.................................................................................................6<br />
EMA Perspective...................................................................................................................................................6<br />
About <strong>Trend</strong> <strong>Micro</strong>...............................................................................................................................................7<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
Executive Summary<br />
One of the most important disciplines <strong>for</strong> managing a wide range of<br />
IT risk is the control of change. ENTERPRISE MANAGEMENT<br />
ASSOCIATES ® (EMA) survey results point to the value of<br />
change management in improving the stability and reliability of IT,<br />
which enables IT to better serve the business. Change control directly<br />
benefits security as well, mitigating threats to valuable in<strong>for</strong>mation<br />
assets posed by unexpected or unauthorized IT change, such as that<br />
brought about by malware or malicious actions.<br />
One of the most important<br />
disciplines <strong>for</strong> managing a<br />
wide range of IT risk is the<br />
control of change. For many<br />
organizations, file integrity<br />
monitoring (FIM) has become a<br />
centerpiece of change control.<br />
For many organizations, <strong>File</strong> <strong>Integrity</strong> Monitoring (FIM) has<br />
become a centerpiece of change control, monitoring and alerting<br />
organizations to changes in sensitive IT resources, and in<strong>for</strong>ming a more effective response with<br />
granular detail regarding what, when, and where change occurred. This, in turn, has led to a general<br />
consensus on the need <strong>for</strong> FIM adoption, from recommended security standards and practices to<br />
regulatory mandates that require its use to protect sensitive in<strong>for</strong>mation.<br />
Standalone file integrity monitoring tools, however, may require organizations to embrace an<br />
additional management plat<strong>for</strong>m with its own requirements <strong>for</strong> expertise in deployment, operations<br />
and maintenance. This may pose a particular concern <strong>for</strong> the virtualized data center if the solution<br />
is not virtualization aware and requires a separate agent <strong>for</strong> each virtual machine. Not only would<br />
this pose a drain on physical host resources that limit the productivity expected from virtualization,<br />
it could also create problems of its own—such as resource-consumption “storms.” This happens<br />
when a FIM solution is not designed <strong>for</strong> a virtual environment and strangles availability when each<br />
autonomous in-guest VM agent on a shared physical host per<strong>for</strong>ms the same scan, or the same update,<br />
all at the same time. When agents must be deployed across all virtual machines there is also additional<br />
administrative complexity required to configure and update these agents. However, some use cases<br />
require an agent, necessitating flexible deployment options to protect across the data center.<br />
<strong>Trend</strong> <strong>Micro</strong> answers these concerns with the integration of essential file integrity monitoring with<br />
its Deep Security solution <strong>for</strong> physical, virtual, and Cloud servers. This integration combines the<br />
FIM capability many organizations need—and which many regulatory requirements demand—with<br />
extensive server security technology that recognizes the unique requirements of virtualization and<br />
the Cloud. It aligns with Deep Security’s “agentless” approach to security <strong>for</strong> virtualized servers and<br />
provides agent-based protection when needed. Deep Security consolidates the management of a wide<br />
range of server security in all Deep Security agentless and agent-based deployments—in physical,<br />
virtual, and Cloud servers—all managed through one console.<br />
In this paper, EMA explores the values of <strong>Trend</strong> <strong>Micro</strong> Deep Security <strong>for</strong> delivering essential FIM<br />
capability with server security that answers these requirements without the need <strong>for</strong> standalone tools,<br />
extending thought leadership that continues to set <strong>Trend</strong> <strong>Micro</strong> apart in technologies <strong>for</strong> securing the<br />
modern, virtualized data center.<br />
Page 1<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 1
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
<strong>File</strong> <strong>Integrity</strong> Monitoring: What It Is, Why It’s Important<br />
Few aspects of IT management are more vital than the management of change. Unless handled well,<br />
changes made to IT systems can lead to significant per<strong>for</strong>mance and availability problems. Outages<br />
and service disruptions due to IT change events can directly impact the business. Unauthorized or<br />
unexpected IT change can also signal an attack in progress, which could directly threaten the security<br />
of sensitive in<strong>for</strong>mation systems—and the confidential data they handle.<br />
These are the reasons why those who excel in managing both IT security and IT per<strong>for</strong>mance to<br />
serve the business place high emphasis on change monitoring, as evidenced in an EMA survey of<br />
over 200 organizations worldwide. 1 In this study, EMA asked both large enterprises and small to<br />
medium-sized businesses about their level of maturity in multiple aspects of both systems and security<br />
management. Respondents were asked about the lengths to which they had gone in achieving four<br />
successive milestones:<br />
• Defining their management objectives (with a written definition of security policy, <strong>for</strong> example);<br />
• Actually implementing those objectives in practice;<br />
• Monitoring their environment <strong>for</strong> adherence to those objectives and to detect deviations when<br />
they occur; and<br />
• Responding to monitored events as they arise.<br />
Respondents were also asked about their percentage of security-related IT incidents that they regarded<br />
as “disruptive” (such as those requiring an unplanned response to remediate). When comparing<br />
percentages of disruptive security incidents to survey responses in other areas, an interesting pattern<br />
emerged:<br />
• Those who achieved all four milestones above had roughly half the median incidence of disruptive<br />
security events compared to others in the study.<br />
• This group also had lower rates of unplanned IT work, generally higher server-to-systemadministrator<br />
ratios, and more IT projects completed on time, within budget, and with expected<br />
features. In other words, not only did this group tend to do better in terms of security outcomes,<br />
they did better in serving the business overall.<br />
These high per<strong>for</strong>mers placed significant emphasis on technologies such as FIM, a detective control<br />
that monitors critical operating system and application files, directories, registry keys and values, and<br />
other objects.<br />
• FIM offers alerting and reporting capabilities to notify IT operations and security teams when<br />
changes to sensitive in<strong>for</strong>mation resources have occurred.<br />
• FIM provides evidence of authorized changes, confirming that proper controls such as security<br />
patches were deployed across all targets as expected.<br />
• FIM helps correlate per<strong>for</strong>mance problems or service outages with specific changes made to IT,<br />
which can significantly improve root cause analysis and IT’s per<strong>for</strong>mance in maintaining uptime<br />
and availability.<br />
1<br />
IT Risk <strong>Management</strong>: Five Aspects of High Per<strong>for</strong>mers that Set Them Apart, EMA Advisory Note, July 2011<br />
Page 2<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 2
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
• FIM also alerts IT security and operations management teams when unexpected, unauthorized, or<br />
malicious changes have occurred, providing detailed indication not only of a security event, but the<br />
specifics of what was affected—system components as well as sensitive in<strong>for</strong>mation—improving the<br />
accuracy of response and providing highly granular detail on threats to sensitive confidential data.<br />
For these reasons FIM is required by some data privacy mandates <strong>for</strong> its role in helping to assure that<br />
sensitive data is kept secure.<br />
• The use of FIM is either required or recommended by a variety of regulatory mandates and<br />
other widely accepted guidance. This includes the Payment Card Industry (PCI) <strong>Data</strong> Security<br />
Standard (Requirement 11.5), NIST Special Publication 800-53 (Control SI-4), and the SANS<br />
Consensus Audit Guidelines (CAG 3.7). Recommended or mandated FIM controls include alerting<br />
when changes are made to critical system files, configuration files, or content files. Some require<br />
per<strong>for</strong>mance of critical file comparisons at least weekly.<br />
• The PCI DSS further requires FIM or change-detection software to assure that log data cannot be<br />
modified without generating an alert 2 (Requirement 10.5.5).<br />
• NIST SP 800-53 also requires the detection of unauthorized changes to software and in<strong>for</strong>mation<br />
(Control SI-7) and protection <strong>for</strong> the confidentiality and integrity of backup in<strong>for</strong>mation (Control<br />
CP-9).<br />
FIM is also deployed to support compliance with other regulatory requirements, such as the Sarbanes-<br />
Oxley Act and related corporate governance initiatives, both in the U.S. and abroad. FIM provides<br />
this support by assuring that controls on separations of duties in IT are not altered and remain in<br />
<strong>for</strong>ce as required. The relevance of FIM to these objectives is reflected in guidance often adopted<br />
in pursuit of corporate governance in IT such as COBIT (Control Objectives <strong>for</strong> In<strong>for</strong>mation and<br />
Related Technology) FIM is particularly relevant to COBIT domains of Acquire and Implement (AI)<br />
and Deliver and Support (DS). FIM is also used to help assure confidentiality <strong>for</strong> sensitive data required<br />
under mandates and standards such as:<br />
• HIPAA (Health Insurance Portability and Accountability Act) provisions <strong>for</strong> protecting healthcare<br />
patient data in the U.S.,<br />
• The ISO 27000-series family of in<strong>for</strong>mation security management systems standards,<br />
• Financial industry requirements such as the Gramm-Leach-Bliley Act (GLBA), and<br />
• Other initiatives to assure confidentiality and privacy <strong>for</strong> sensitive data.<br />
There are many other global regulations and guidelines that are supported by FIM solutions as part of<br />
security best practices and comprehensive risk management.<br />
The Challenges of Traditional FIM Solutions<br />
In order to embrace the potential of file integrity monitoring, however, organizations must often<br />
consider adding another management tool to their environment—which runs the risk of increasing<br />
IT complexity. A FIM-specific tool may have its own deployment and configuration requirements in<br />
addition to those of existing IT management plat<strong>for</strong>ms. Successful deployment may demand expertise<br />
specific to the tool. It may also require its own agents on managed systems, which can add to resource<br />
demands on endpoints and servers where FIM is deployed.<br />
2<br />
The requirement allows log data to be added to log files without generating an alert.<br />
Page 3<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 3
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
This complexity multiplies in virtualized environments, which is a concern with virtualization increasing<br />
across business data centers. Virtualization does indeed optimize under-utilized IT resources—yet<br />
virtualization itself adds significant complexity to the data center, combining multiple systems and<br />
adding layers of software abstraction to the physical environment. This, however, only heightens the<br />
need <strong>for</strong> resources to monitor and verify the integrity of these complex systems and the expanded<br />
attack surface they expose—but without further complicating the<br />
virtualized environment. FIM tools that meet this need must be<br />
In weighing the need <strong>for</strong> FIM,<br />
many organizations may want to<br />
ask themselves a few questions<br />
about their FIM requirements.<br />
aware of the potential changes unique to virtualized environments,<br />
such as hypervisor issues, activity both within and between Virtual<br />
Machines (VMs) on a shared host, and VM sprawl.<br />
In weighing the need <strong>for</strong> FIM against these concerns, many<br />
organizations may want to ask themselves a few questions about<br />
their FIM requirements:<br />
• Will adding another management tool to address file integrity monitoring also add to IT complexity<br />
Organizations concerned about this issue may want to consider solutions in which FIM capabilities<br />
are consolidated with tools that serve additional functions, such as those that monitor and defend<br />
against unauthorized or malicious IT change as part of systems management or security defense.<br />
• How much functionality does a FIM solution need to support the company’s security, compliance,<br />
and business objectives Some FIM tools offer elaborate feature sets <strong>for</strong> defining and assessing file<br />
integrity, managing and remediating change issues, or multiple templates <strong>for</strong> compliance reporting<br />
and analysis which may be more than the enterprise needs. Many organizations that define their<br />
change management objectives may find that their requirements may be addressable by more<br />
focused offerings that meet their needs while limiting complexity.<br />
Overcoming FIM Challenges: <strong>Trend</strong> <strong>Micro</strong> Deep Security<br />
<strong>Trend</strong> <strong>Micro</strong> addresses these concerns with its Deep Security solution, a server security plat<strong>for</strong>m<br />
designed to support physical, virtual, and Cloud servers. By offering file integrity monitoring in the<br />
context of a broader solution—including antivirus, firewall, intrusion prevention Web application<br />
protection, and log inspection—Deep Security provides an integrated approach to FIM that overcomes<br />
the issues of traditional tools.<br />
An Integrated Approach<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security FIM provides file integrity monitoring<br />
as part of a single integrated server security plat<strong>for</strong>m. With FIM<br />
included, no added deployment or operational complexity is<br />
required in order to leverage needed FIM capability with Deep<br />
Security. With a simple license key switch, FIM can be enabled<br />
across all Deep Security servers, and managed by the same Deep<br />
Security console that is already managing antivirus, firewall, and<br />
other Deep Security technologies.<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security FIM<br />
provides file integrity monitoring<br />
as part of a single integrated<br />
server security plat<strong>for</strong>m.<br />
Deep Security FIM monitors critical operating system and application files, directories, registry keys<br />
and values, and other system components to detect and report malicious and unexpected changes in<br />
real time. It reduces administrative overhead with trusted event tagging that automatically replicates<br />
Page 4<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 4
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
actions <strong>for</strong> similar events across the entire data center. Deep Security simplifies FIM administration<br />
through automatic Cloud-based whitelisting enabled by <strong>Trend</strong> <strong>Micro</strong>’s presence on millions of systems<br />
worldwide. This capability gives Deep Security the ability to distinguish legitimate, unmodified software<br />
by recognizing its acceptance across <strong>Trend</strong> <strong>Micro</strong>’s large installed base. For Deep Security FIM, this<br />
translates into greatly reducing the number of questionable changes in the event log.<br />
Designed <strong>for</strong> Virtualization<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security is designed with the virtualized environment explicitly in mind. Competing<br />
solutions that fail to recognize the distinctive differences between virtualized and non-virtualized<br />
environments may require a separate instance of an agent to run within each virtual machine, even if<br />
several VMs run on a shared physical host. This redundancy can lead to needless resource exhaustion,<br />
limitations on the numbers of VMs a virtualized physical host can support (which reduces the ability<br />
of virtualization to optimize the physical environment), and issues such as resource overloads (or<br />
“storms”) caused when similar agents on multiple VMs all execute the same process at the same time,<br />
such as system scanning or updates.<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security FIM overcomes these issues with a single dedicated security VM (or<br />
“virtual appliance”) on each physical host that coordinates or staggers scans and updates across all<br />
guest VMs. To provide this virtual appliance, Deep Security integrates with VMware vShield APIs and<br />
leverages the VMTool driver to communicate with each guest VM. This approach uses only the small<br />
footprint VMTool driver instead of separate, individual FIM agents on each guest VM. This eliminates<br />
the need to deploy, configure, and update redundant FIM agents <strong>for</strong> each VM—often required <strong>for</strong><br />
management solutions that are not virtualization aware—substantially improving the per<strong>for</strong>mance<br />
of virtualization while reducing administrative complexity. This approach to FIM is an extension of<br />
Deep Security’s agentless approach to virtualized server security with agentless anti-malware, firewall,<br />
intrusion prevention, and Web application protection. For FIM, this approach enables Deep Security<br />
to coordinate FIM activities across each VM, eliminating the risk of resource storms, maximizing<br />
virtualization resources, and reducing management complexity. <strong>Trend</strong> <strong>Micro</strong> also recognizes that<br />
virtual machines may be added or taken offline much more fluidly than physical systems. With the<br />
dedicated virtual appliance, Deep Security FIM automatically covers new VMs when brought online,<br />
as well as inactive guests when reactivated.<br />
Some FIM deployments require agent-based protection, such as non-virtualized physical servers, virtual<br />
environments not using vShield, or virtual machines in public Clouds in which the user does not have<br />
hypervisor control that would allow the security virtual appliance to monitor guest VMs. In these cases,<br />
Deep Security FIM can be deployed as an agent-based solution using a single agent that integrates<br />
anti-malware, firewall, intrusion prevention, and all other selected Deep Security technologies. Also,<br />
in virtual data centers or private Clouds, select VMs can be custom-protected with in-guest agents,<br />
allowing <strong>for</strong> flexible protection. (For example, at this time, registry changes can only be detected with<br />
agent-based deployments.)<br />
The Deep Security virtual appliance coordinates with the guest VMs in both agentless and agent-based<br />
deployments. The virtual appliance coordinates scans to prevent activity storms and ensures that VMs<br />
are monitored even if an agent were to disappear when a VM is reconfigured. Agent-based FIM can<br />
also protect VMs as they move back and <strong>for</strong>th between the data center and a public Cloud, providing<br />
data center flexibility and supporting hybrid Cloud deployments.<br />
Page 5<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 5
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
With a combination of deployment options, enterprises can deploy agentless FIM on virtual machines<br />
and in private Clouds, using a dedicated virtual appliance to optimize resources and reduce administrative<br />
complexity, and deploy agent-based FIM on physical servers, select virtual and private Cloud VMs, and<br />
in the public Cloud, <strong>for</strong> flexible protection. Regardless of how Deep Security FIM is implemented,<br />
Deep Security provides one management console that consolidates visibility across both agentless and<br />
agent-based FIM deployments on physical, virtual, and Cloud servers.<br />
For further support of virtual and private Cloud environments, <strong>Trend</strong> <strong>Micro</strong> Deep Security FIM also<br />
delivers strong integrity monitoring <strong>for</strong> the hypervisor. Deep Security leverages capabilities such as<br />
the Trusted Computing Group’s Trusted Plat<strong>for</strong>m Module (TPM) specification or Intel’s Trusted<br />
Execution Technology (TXT) to enable strong validation of the hypervisor and hypervisor integrity<br />
monitoring <strong>for</strong> VMware vSphere environments. This capability is vital to protecting enterprises against<br />
hypervisor tampering, which could potentially lead to compromise of guest VMs.<br />
Responding to Compliance Requirements<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security delivers FIM capabilities to support the compliance regulations, data<br />
privacy mandates, and internal governance standards mentioned earlier, including the need to detect<br />
change and alert IT operations and security teams when action is needed. Some examples of key<br />
regulatory requirements or standards and guidelines that mandate or recommend the use of FIM and<br />
are addressed by Deep Security FIM include:<br />
• PCI DSS Requirements 10.5.5 and 11.5,<br />
• NIST SP 800-53 and associated FISMA requirements,<br />
• The SANS Consensus Audit Guidelines, and<br />
• Many other mandates, standards, and recommendations, such as NERC CIP requirements to<br />
detect and respond to the introduction of malicious code, limit the propagation of malicious code,<br />
and implement processes to test and update malicious code protections.<br />
Deep Security FIM integrates defense with essential visibility into IT change, delivering more complete<br />
awareness of the state of security and compliance, and alerting IT operations and security teams<br />
when a response is required. As part of an integrated server security plat<strong>for</strong>m, Deep Security FIM<br />
also coordinates with other security technologies to provide more comprehensive compliance support<br />
while simplifying administration.<br />
EMA Perspective<br />
The highest per<strong>for</strong>mers in EMA survey results in both security and<br />
IT operational efficiency have demonstrated a strong commitment<br />
to the value of change discipline in IT. <strong>File</strong> integrity monitoring has<br />
become a vital aspect of this discipline <strong>for</strong> many organizations. It has<br />
been embraced by regulators <strong>for</strong> increasing awareness of changes<br />
that could threaten highly sensitive in<strong>for</strong>mation, and has become a<br />
centerpiece of both operations and security management in many<br />
enterprises as a result.<br />
At the same time, however, the benefits of FIM should be weighed<br />
against the cost of increasing operational burdens or risk. Standalone<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security<br />
offers a particularly salient<br />
example of an integrated<br />
solution. Deep Security delivers<br />
FIM in a solution designed <strong>for</strong><br />
physical, virtual, and Cloud<br />
servers with virtualizationaware<br />
server security<br />
Page 6<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 6
<strong>File</strong> <strong>Integrity</strong> <strong>Management</strong> <strong>for</strong> Today’s <strong>Data</strong> <strong>Center</strong>: Change Control<br />
Optimized <strong>for</strong> Physical, Virtual, and Cloud Environments<br />
solutions may add complexity to the IT environment, or may offer more features than the enterprise<br />
requires to meet its FIM objectives, unnecessarily burdening administration. Organization should<br />
there<strong>for</strong>e weigh their requirements <strong>for</strong> FIM in light of today’s wide spectrum of offerings, including<br />
those that deliver needed FIM capability integrated with broader solutions. For those requiring<br />
essential capabilities of monitoring critical operating system and application files, an integrated<br />
solution that unifies and streamlines multiple aspects of server security, compliance, and operational<br />
risk management may be preferred.<br />
<strong>Trend</strong> <strong>Micro</strong> Deep Security offers a particularly salient example of such an integrated solution. Deep<br />
Security delivers FIM in a solution designed <strong>for</strong> physical, virtual, and Cloud servers with virtualizationaware<br />
server security and is deployed with a simple license activation. By delivering essential FIM<br />
capability that protects critical operating system and application files and components, Deep Security<br />
answers many requirements <strong>for</strong> file integrity monitoring, offering a unified approach that combines<br />
FIM with widely accepted security technologies.<br />
As such, Deep Security FIM represents an extension of <strong>Trend</strong> <strong>Micro</strong> thought leadership. One of the<br />
first major security vendors to embrace significant investment in securing the virtualized data center<br />
and Cloud environments, <strong>Trend</strong> <strong>Micro</strong> continues to expand that lead by becoming one of the first<br />
vendors to integrate file integrity monitoring with host firewall, intrusion detection and prevention,<br />
antivirus/anti-malware and other widely accepted technologies to defend today’s mixed server<br />
environments—physical, virtual, and Cloud. By doing so, the <strong>Trend</strong> <strong>Micro</strong> solution helps organizations<br />
simplify and optimize the management of a wide spectrum of risk that benefits not only the security<br />
and compliance posture, but also provides more granular protection <strong>for</strong> sensitive in<strong>for</strong>mation while<br />
helping the modern data center to deliver on its promise to better serve the business.<br />
About <strong>Trend</strong> <strong>Micro</strong><br />
<strong>Trend</strong> <strong>Micro</strong> Incorporated, an innovator in Cloud security worldwide, aims to create a world safe <strong>for</strong><br />
exchanging digital in<strong>for</strong>mation with its Internet content security and threat management solutions<br />
<strong>for</strong> businesses and consumers. A pioneer in server security with over 20 years’ experience, <strong>Trend</strong><br />
<strong>Micro</strong> delivers client, server, and Cloud-based security that fits its customers’ and partners’ needs,<br />
quickly stops new threats, and protects data in physical, virtualized, and Cloud environments.<br />
Powered by the industry-leading <strong>Trend</strong> <strong>Micro</strong> Smart Protection Network Cloud-based security<br />
infrastructure and supported by over 1,000 threat intelligence experts around the globe, <strong>Trend</strong><br />
<strong>Micro</strong> products and services stop threats where they emerge – from the Internet. For additional<br />
in<strong>for</strong>mation, visit www.trendmicro.com.<br />
Page 7<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com<br />
Page 7
About Enterprise <strong>Management</strong> Associates, Inc.<br />
Founded in 1996, Enterprise <strong>Management</strong> Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum<br />
of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices,<br />
and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research,<br />
analysis, and consulting services <strong>for</strong> enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or<br />
blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook.<br />
This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission<br />
of Enterprise <strong>Management</strong> Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change<br />
without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. “EMA” and<br />
“Enterprise <strong>Management</strong> Associates” are trademarks of Enterprise <strong>Management</strong> Associates, Inc. in the United States and other countries.<br />
©2011 Enterprise <strong>Management</strong> Associates, Inc. All Rights Reserved. EMA, ENTERPRISE MANAGEMENT ASSOCIATES ® , and the<br />
mobius symbol are registered trademarks or common-law trademarks of Enterprise <strong>Management</strong> Associates, Inc.<br />
Corporate Headquarters:<br />
5777 Central Avenue, Suite 105<br />
Boulder, CO 80301<br />
Phone: +1 303.543.9500<br />
Fax: +1 303.543.7687<br />
www.enterprisemanagement.com<br />
2327.090811