Exploit and Malware Protection
Exploit and malware protection technologies identify and protect against attempted and successful system attacks. Solutions for identifying attacks, system state, malware code, and sensitive data exfiltration include a wide selection of architectures and capabilities for VCE Vblock® Systems. Vendors commonly combine and integrate multiple technologies in their product packaging. The primary technologies include:
- Intrusion Detection and Prevention: Identify network-based or host-based attacks that could result in compromise.
- File Integrity Monitoring: Identify changes to specific system files that could indicate compromise.
- Endpoint Antivirus and Malware Prevention: Protect against malware that could result in compromise.
- Web Application Firewall: Protect web-based services from remote exploits.
- Data Leakage Protection: Identify sensitive data exfiltration as a result of a malicious act or compromise.
Deployment options vary greatly among the solutions and may include a combination of virtual and non-virtual components. Many solutions directly integrate with the hypervisor using VMware vCNS Endpoint for greater efficiencies and scale.
VCE™ Select Program includes products from investor companies: EMC, RSA, VMware and Cisco. Products here include:
- Cisco Sourcefire NGIPS – A leader in the Intrusion Prevention and Detection (IPS/IDS) area, Cisco Sourcefire NGIPS helps Vblock System customers meet regulatory and compliance requirements. The Sourcefire Virtual Appliances inspect traffic between virtual machines (VMs) and leverage real-time contextual awareness to automate common IPS tasks, such as impact assessment, IPS tuning, and user identification.
- RSA DLP prevents the loss of sensitive data through many risk vectors, including email, webmail, social media, virtual machines, smartphones, USB devices, and many more. It also leverages a people- and process-centric automated workflow for policy management, incident remediation, and reports management.
- RSA Security Analytics is a security monitoring platform that leverages and extends the architecture and analytics of RSA NetWitness. Security Analytics redefines SIEM by combining network monitoring, traditional log-centric SIEM, forensics, compliance, and big data management and analytics.
VCE Technology Alliance Partner (TAP) Program extends the VCE security portfolio and offers a compatible partner-solution catalog via Vblock Ready certification. Partners here include:
- Catbird vSecurity Suite provides compliance reporting for PCI, HIPPA, and FISMA for the virtualized environment. Integrating three solutions in one (VMware vShield App, Sourcefire IPS, and Saint Vulnerability Scanning), vSecurity overlays orchestrated workflow and preconfigured templates with large numbers of technical controls. Catbird vSecurity captures and analyzes security and hypervisor events, automatically maps to various compliance frameworks, and automates the quarantine of assets upon compliance policy violations. Catbird vSecurity is also fully integrated with VMware vCNS. This integration enables orchestration of the firewall, enterprise-wide access control, and the ability to dynamically update firewall controls.
- McAfee Endpoint Protection Suite – McAfee Management for Optimized Virtual Environments (MOVE) AntiVirus for virtual desktops and servers includes hardware-enhanced security against stealth attacks, behavioral anti-malware, dynamic whitelisting, antivirus, anti-spam, web security, firewall, and intrusion prevention.
- Trend Micro Deep Security – Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching. This comprehensive, centrally-managed platform helps simplify security operations while enabling regulatory compliance and accelerating the ROI of virtualization and cloud projects.