Automated Infrastructure Security in One Solution

Since the time of VMware and HyperV on-prem IaaS services, it was becoming apparent that the flexibility to easily run server workloads was creating security gaps at the same time. For example, VMs spawned from golden images or from old snapshots could contain vulnerabilities or be completely missed by administrators and therefore having no antimalware agent installed.

Nowadays, the multi-cloud PaaS and IaaS resources provide us with previously unimaginable levels of speed, agility and availability of application deployment. This new flexibility creates new security gaps and opportunities for attackers. The ability to have complete visibility of unmanaged workloads and IaaS/PaaS resources has never been more important.

Multi-Cloud Security Coverage Complexity

Security solutions always had problems being a specialized, gapped (separate data silo) and platform specific product, while the multi-cloud abstractions require just the opposite. Working with multiple security vendors has become difficult to manage, thus the need for a single solution that covers all your workloads across diverse infrastructure.

Incorporating security into your workloads

Deployment Scripts

Running a set of scripts at virtual machine provisioning time is a standard way of installing the software and their dependencies. This ability can easily be leveraged to install security agents and policies to workloads using DevOps tools like Puppet, Chef or SSH. Incorporating the deployment scripts will assure all your workloads become security enabled, and rapid workload provisioning like horizontal scaling will be secured asynchronously.

Baked-In Agents

Usage of cloned images is typical for private cloud.  Installing a security agent to you Golden Image provides with baked-in security. The ability to use security agent on cloned images often leads to agent registration issues. However, the Cloud One Workload Security was built to address this issue.

Unmanaged endpoints

Unmanaged endpoint visibility is provided with API. Cloud One Workload Security integrates with your cloud provider, thus giving you an overview of all running instances (managed and unmanaged by security agent). It also automatically frees up licenses by de-registering deprovisioned instances.

Since your infrastructure is now expanding across multiple cloud providers, that expansion is happening faster. Trying to race with application deployment is impossible, thus choosing the right solution that can integrate security before deployment and give unmanaged visibility is the only way to address this agile times. Trend Micro Cloud One is built for fast changes.

Interested in more information? Contact us.