of virtual environments
Optimal protection for the company at a time when the environment is changing fast.
General Information

Protection against attacks dedicated to physical servers, virtual servers and servers located in cloud data centers of critical importance for the organisation.

It is difficult to imagine a modern Data Center in which virtual environments based on VMware, Microsoft or Citrix are not implemented. Unfortunately, in most cases, those environments are somehow detached from the network layer and security systems, that are unaware of the existence of virtualised environment using the physical server infrastructure. In practice, we observe:

  • decrease of data and transmission security – the traffic within the vswitch often is not visible from the point of view of the LAN or security devices such as firewall or IPS,
  • increase of workload and duration of changes – migration of the virtual machine (e.g. based on vmotion) to another physical server may require changes in the configuration of the access port on the switch and in the security systems. As a result, the fast migration process at virtual environment level is delayed by waiting for manual changes in the network layer and security systems.

Virtualisation of not only the server layer but also the LAN and security systems, so that all these three elements work together and form a coherent system, becomes a critical element when designing the environments in the Data Center. Another issue related to Data Center virtualisation is the possibility of sharing the infrastructure with many independent clients:

  • independent IP addresses and routing tables – application of the VRF or VRF lite mechanism,
  • independent management of security systems – each client has the possibility to manage and monitor security zones covering their own physical and logical infrastructure and is unaware of the existence of resources of other clients (separation),
  • access to common resources for many clients (e.g. DNS server, NTP, Gateway Internet) without the option of direct traffic between the clients' systems – private VLAN.

Trend Micro Deep Security is a comprehensive server and application protection solution that enables the self-defence of physical, virtual, and cloud computing environments. Regardless of whether this solution is implemented as software, virtual device or hybrid, it reduces costs, facilitates management and enhances the protection of virtual machines, without disrupting normal operation. Deep Security also meets a number of regulatory compliance requirements, including six main requirements of compliance with PCI standard – thanks to firewall at web application layer level, IDS/IPS systems, file integrity monitoring and network segmentation.

  • Deep Security Manager - serves as a centralised management point for the entire solution. It allows administrators to create security profiles and apply them to servers, monitor warnings and take preventive actions in response to threats, send security updates to servers and create reports. The new event tagging feature makes it easy to manage a large number of events,
  • Deep Security Agent – this small piece of software installed on a protected server or virtual machine implements security rules (IDS/IPS, web applications protection, application control, firewall, integrity monitoring, and log control),
  • Security Center – a qualified team of security specialists that helps users to protect themselves against the latest threats by creating and delivering security updates protecting against newly discovered threats. The Portal for Clients provides access to Deep Security Manager updates,
  • Deep Security Virtual Appliance – a virtual device that allows the implementation of security rules for virtual machines in the VMware vSphere environment. DSVA uses the VMsafe API interface to protect other virtual machines running in this environment. It provides protection – like an agent installed on a virtualised system – by means of a system of intrusion detection and prevention (IDS/IPS), Internet applications protection, application control, and firewall.
Usefull knowledge

Exactly 100% of the Fortune 500 companies and 98% of the Fortune Global 500 companies have virtual data centers.

Deep Packet Inspection (in-depth checking of data packets)

  • checks inbound and outbound traffic for protocol deviations, attack signalling content or rules violations. It operates in detection or prevention mode in order to protect operating systems and eliminate gaps in applications security at the company. It protects against attacks at the application layer level as well as against inserting code into databases and inserting scripts into websites. It provides valuable data, for example, on the perpetrator of the attack, the time of the attack and what gaps the attacker attempted to use. Automatically notifies administrators of the event,
  • detecting and fighting intruders. It protects against known and newest attacks by protecting against using known gaps. It provides protection against newly detected threats automatically in a few hours and provides protection for thousands of servers in a few minutes without the need to reboot the system. It provides immediate protection for over 100 applications, databases, web servers, e-mail and FTP servers. Smart rules protect against the latest unknown threats that attack undetected gaps by detecting abnormal protocol data containing malicious code,
  • Web applications protection. Ensures compliance with regulations (PCI DSS 6.6) to protect web applications and the data they process. It protects against inserting code into SQL databases, inserting scripts into websites and other gaps in web application security. Provides protection against gaps in security until the code is corrected,
  • applications control. It provides insight into applications that gain access to the network and control over such applications. It uses application control rules to identify malware that gains access to the network. It reduces the risk of attacks on servers.


  • bi-directional stateful firewall reduces the range of attacks on physical servers, cloud environments and virtual servers.
  • centrally managed with firewall rules for servers, it contains ready-made templates for popular types of servers. Provides detailed filtering functions (IP and MAC addresses, ports), design rules for network cards, location recognition. Prevents DoS-type attacks and detects scanning for reconnaissance purposes. Covers all protocols based on IP (TCP, UDP, ICMP, etc.) and all types of frames (IP, ARP, etc.).

Cohesion monitoring

  • monitors critical files of the operating system and applications such as directories, registry keys as well as values to detect harmful and unexpected changes,
  • detects modifications to existing file systems and the creation of new files and reports them in real time,
  • offers detection: on-demand, scheduled or real-time, as well as checks the properties of files (PCI 10.5.5) and monitors specific directories,
  • provides flexible and practical monitoring through inclusion and exclusion reports that can be easily edited.

Inspection of logs

  • Collects and analyses operating system log entries and applications log entries concerning safety-related events.
  • Provides compliance with regulations (PCI DSS 10.6) to optimise the identification of important safety-related events contained in multiple log entries.
  • Forwards events to a SIEM system or to a centralised log server for the purpose of correlation, reporting and archiving.
  • Detects suspicious behaviours, collects security-related events and administrative actions in a data centre and creates advanced rules using the OSSEC syntax.

Protection against malware

  • enables the system to be scanned in order to find all types of malware using SPN resources,
  • enables the scanning of virtual machines' drives when suspended or stopped in order to find hostile content,
  • thanks to advanced scheduling, it makes it possible to avoid blocking/exhausting resources in virtual environments,
  • this protection function is available in DSVA. Deep Security outperforms the competition in a test of the efficiency of protection against malware for virtual environments.

Security agents are available on many system platforms (not only Windows but also Linux, Solaris, Unix (Hp-UX, AIX). The software also has Common Criteria EAL3+ certificates and a certificate confirming compliance with PCI (PCI Suitability Testing for HIPS) standards from NSS Labs.


The implementation of the proposed technologies will allow for:

  • preventing data security violations and disruptions in the operation of a business,
  • protection of virtual environments, taking into account changes in such environment (failure, VMotion, DRS),
  • helping in ensuring compliance with norms (e.g. PCI) and other laws and standards,
  • virtual patching and reduction of exposure to risk in the time between the release of the patch and the moment of its installation,
  • reduction in operating costs.
Our partners in the field of Security of Virtual Environments
See also