Trend Micro™ Deep Security™ provides comprehensive security in a single solution that is purpose-built for virtual, cloud, and container environments. Deep Security allows for consistent security, regardless of the workload. It also provides a rich set of application programming interfaces (APIs), so security can be automated and won’t impact your teams.
Full Life Cycle Container Security
Deep Security delivers advanced runtime protection for containers. Layered security defends against attacks on the host, the container platform (Docker®), the orchestrator (Kubernetes®), the containers themselves, and even the containerized applications. Designed with a rich set of APIs, Deep Security allows IT Security to protect containers with automated processes for critical security controls. DevOps can leverage security as code by baking security into the CI/CD pipeline, reducing the friction that comes with applying security in rapidly changing and evolving infrastructures. With Trend Micro™ Deep Security™ Smart Check’s build pipeline image scanning, Deep Security provides full protection across the container life cycle.
Automated Cloud Security
Deep Security works seamlessly to secure dynamic workloads in the cloud, with automated discovery of workloads across cloud providers including AWS, Microsoft® Azure®, Google Cloud™, and more. Deep Security’s single management console enables unified visibility over all of your workloads and automated protection across a multi-cloud environment with consistent, context-aware policies. RESTful APIs allow for integrated security with your existing toolset for automated security deployment, policy management, health checks, compliance reporting, and more.
Virtualization and Data Center Security
Deep Security brings advanced protection to physical and virtual servers, enabling easy deployment and management of security across multiple environments through automatic policy management and in the case of VMware®, hypervisor-integrated agentless security. Deep Security protects virtual desktops and servers against zero-day malware, including ransomware, cryptocurrency mining attacks, and network-based attacks while minimizing operational impact from resource inefficiencies and emergency patching.
Architecture
- Deep Security Agent
Enforces the environment’s security policy (application control, anti-malware, IPS, firewall, integrity monitoring, and log inspection) via a small software component deployed on the server or VM being protected (can be automatically deployed with leading operational management tools like Chef, Puppet®, Ansible, and AWS OpsWorks). - Deep Security Manager
Powerful, centralized management console: Role-based administration and multi-level policy inheritance allows for granular control. Task-automating features such as recommendation scan and event tagging and event-based tasks simplify ongoing security administration. Multi-tenant architecture enables isolation of individual tenant policies and delegation of security management to
tenant administrators. - Deep Security Virtual Appliance
Transparently enforces security policies on VMware vSphere® VMs. For VMware NSX® environments, this provides agentless anti-malware, web reputation, IPS, integrity monitoring, and firewall protection. A combined mode can be used where the virtual appliance is used for agentless anti-malware and integrity monitoring and an agent for IPS, application control, firewall, web
reputation, and log inspection. - Global Threat Intelligence
Deep Security integrates with the Smart Protection Network to deliver real-time protection from emerging threats by continuously evaluating and correlating global threat and reputation intelligence for websites, email sources, and files.