Baixe o app para aproveitar ainda mais
Prévia do material em texto
Trend M Training ls Student G icro™ Deep Security™ 20 for Certified Professiona uide Copyright © 2022 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, InterScan, VirusWall, ScanMail, ServerProtect, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Portions of this manual have been reprinted with permission from other Trend Micro documents. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Information in this document is subject to change without notice. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Released: May 2, 2022 Trend Micro Deep Security 20 Software Courseware v2.1 Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Table of Contents Lesson 1: Deep Security Overview ................................................................................................ 1 Global Threat Intelligence ............................................................................................................................... 5 Common Services .............................................................................................................................................. 5 Ecosystem Integration ..................................................................................................................................... 5 Evolution of the Data Center ................................................................................................................................. 6 Deep Security Software .......................................................................................................................................... 6 Deployment Options .........................................................................................................................................8 Deep Security Protection Modules ......................................................................................................................10 Anti-Malware .....................................................................................................................................................10 Web Reputation ................................................................................................................................................10 Firewall ................................................................................................................................................................. 11 Intrusion Prevention ......................................................................................................................................... 11 Integrity Monitoring .......................................................................................................................................... 11 Log Inspection ................................................................................................................................................... 12 Application Control .......................................................................................................................................... 12 Deep Security Components ................................................................................................................................... 13 Deep Security Manager ................................................................................................................................... 13 Database ............................................................................................................................................................. 13 Deep Security Manager Web Console .........................................................................................................14 Deep Security Agent ........................................................................................................................................14 Deep Security Relay .........................................................................................................................................14 Apex Central ......................................................................................................................................................14 Deep Security Virtual Appliance ...................................................................................................................15 Deep Security Notifier .....................................................................................................................................15 Trend Micro Smart Protection Network .....................................................................................................15 Trend Micro Smart Protection Server .........................................................................................................15 Trend Micro Cloud One ...................................................................................................................................16 Deep Security Scanner ....................................................................................................................................16 Deep Discovery Analyzer ...............................................................................................................................16 Trend Micro Vision One ................................................................................................................................... 17 Third-Party Authentication ............................................................................................................................ 17 Threat Detection ......................................................................................................................................................18 Detecting Threats at the Entry Point ..........................................................................................................18 Detecting Threats Pre-execution .................................................................................................................18 Detecting Threats at Runtime .......................................................................................................................19 Detecting Threats at the Exit Point .............................................................................................................19 Review Questions ....................................................................................................................................................20 Lesson 2: Deep Security Manager .............................................................................................. 21 Deep Security Manager ..........................................................................................................................................21 Deep Security Manager System Requirements .......................................................................................22 Operating System ............................................................................................................................................22 Database ...................................................................................................................................................................22 Database Requirements ................................................................................................................................22 Supported Databases .....................................................................................................................................23Database Communication .............................................................................................................................24 Database Sizing ...............................................................................................................................................25 Database Installation Requirements ..........................................................................................................26 Deep Security Manager Architecture ................................................................................................................28 Apache Tomcat ................................................................................................................................................28 Web Client .........................................................................................................................................................28 © 2022 Trend Micro Inc. Education i Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Manager Core ...................................................................................................................................................28 Jasper Reports .................................................................................................................................................28 Communication Ports .....................................................................................................................................29 Network Communication ...............................................................................................................................30 Configuration Settings ...................................................................................................................................30 Multiple Deep Security Manager Nodes .............................................................................................................31 High Availability ................................................................................................................................................31 Performing Operations Through the Deep Security Manager Web Console ...........................................33 Performing Operations Through a Command Line ........................................................................................33 Performing Operations Through the Windows Command Prompt .....................................................33 Performing Operations Through the Linux Terminal .............................................................................33 Command Syntax ............................................................................................................................................34 Installing Deep Security Manager 20 for Windows Server ...........................................................................36 Deep Security Pre-Installation Checklist ...................................................................................................36 Deep Security Manager Readiness Check .................................................................................................37 Installing Deep Security Manager for Windows Server .........................................................................38 Installing Deep Security Manager for Linux ............................................................................................ 48 Logging into the Deep Security Manager Web Console ............................................................................... 49 Deep Security Manager Digital Certificates ......................................................................................................51 Upgrading From Deep Security 12 ......................................................................................................................52 Upgrading From Deep Security 11 .......................................................................................................................56 Review Questions .....................................................................................................................................................61 Lesson 3: Deploying Deep Security Agents............................................................................ 63 Deep Security Agent ..............................................................................................................................................63 Deep Security Agent System Requirements ............................................................................................63 Deploying Deep Security Agents ....................................................................................................................... 64 Importing Deep Security Agent Software into Deep Security Manager ........................................... 64 Installing the Deep Security Agent ............................................................................................................ 68 Adding Physical and Virtual Servers to the Computer list .................................................................... 77 Adding Cloud Servers to the Computer list ............................................................................................. 85 Activating Deep Security Agents .............................................................................................................. 104 Deep Security Agent Heartbeat ........................................................................................................................ 107 Deep Security Manager to Agent Communication ................................................................................ 108 Review Questions .................................................................................................................................................. 109 Lesson 4: Managing Deep Security Agents............................................................................. 111 Performing Deep Security Agent Operations Through a Command Line .................................................111 Performing Operations Through the Windows Command Prompt ......................................................111 Performing Operations Through the Linux Terminal ..............................................................................111 Command Syntax .............................................................................................................................................111 Resetting Deep Security Agents .........................................................................................................................113 Protecting Deep Security Agents From Modification ................................................................................... 114 Viewing Computer Protection Status ................................................................................................................115 Computers Without a Deep Security Agent ..............................................................................................115 Computers With an Unactivated Deep Security Agent ..........................................................................115 Computers with an Activated Deep Security Agent .............................................................................. 116 Deep Security Relay ....................................................................................................................................... 116 ESXi Server .......................................................................................................................................................117 Deep Security Virtual Appliance ..................................................................................................................117 Virtual Machine ................................................................................................................................................117Server Hosting Containers ........................................................................................................................... 118 Protection Module Installation States .............................................................................................................. 118 ii © 2022 Trend Micro Inc. Education Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Viewing Deep Security Agent Tasks in Progress .................................................................................... 119 Dealing With Offline Agents .................................................................................................................................121 Cleaning Up Inactive Agents ..............................................................................................................................122 Cleaning up Inactive Agent ..........................................................................................................................122 Reactivate Unknown Agents .......................................................................................................................123 Overriding Inactive Agent Cleanup ........................................................................................................... 124 Upgrading Deep Security Agents to Deep Security 20 ............................................................................... 124 Anti-Malware Protection During Upgrades ............................................................................................. 128 Upgrading Agents on Activation ...................................................................................................................... 129 Controlling the Agent Version .......................................................................................................................... 129 Organizing Computers Using Groups .................................................................................................................131 Creating Groups ..............................................................................................................................................132 Adding Computers to a Group .....................................................................................................................133 Organizing Computers Using Smart Folders ................................................................................................. 134 Protecting Container Hosts at Runtime .......................................................................................................... 136 Protecting the Docker Host .........................................................................................................................137 Protecting Docker Containers .....................................................................................................................137 Protecting Kubernetes and Docker ............................................................................................................137 Review Questions ................................................................................................................................................... 141 Lesson 5: Keeping Deep Security Up To Date ...................................................................... 143 Security Updates ................................................................................................................................................... 143 Security Update Process ............................................................................................................................. 144 Creating Update Bundles ............................................................................................................................. 145 Software Updates ................................................................................................................................................. 145 Software Update process ............................................................................................................................ 147 Deleting Imported Agent Packages .......................................................................................................... 147 Configuring Updates for Cloud Accounts ....................................................................................................... 148 Scheduling Checks for Updates ......................................................................................................................... 148 Update Source Settings ....................................................................................................................................... 149 Deep Security Relays .......................................................................................................................................... 150 Deep Security Relay Architecture ............................................................................................................. 150 Enabling Deep Security Relays ....................................................................................................................151 Organizing Relays Into Groups .................................................................................................................. 153 Review Questions .................................................................................................................................................. 158 Lesson 6: Trend Micro Smart Protection............................................................................... 159 File Reputation Service ................................................................................................................................ 159 Web Reputation Service .............................................................................................................................. 159 Census Service ............................................................................................................................................... 160 Predictive Machine Learning Service ....................................................................................................... 160 Certified Safe Software Service ................................................................................................................ 160 Smart Feedback .............................................................................................................................................. 161 Smart Protection Sources .................................................................................................................................. 162 Trend Micro Smart Protection Network .................................................................................................. 162 Smart Protection Server ............................................................................................................................. 162 Configuring the Smart Protection Source ...................................................................................................... 163 Smart Protection Source for File Reputation Service .......................................................................... 163 Smart Protection Source for Web Reputation ....................................................................................... 164 Smart Protection Source for Census, Certified Safe Software and Predictive Machine Learning ............................................................................................................... 165 Review Questions .................................................................................................................................................. 166 © 2022 Trend Micro Inc. Education iii Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Lesson7: Assigning Protection Settings Through Policies ............................................... 167 Policy Structure ..................................................................................................................................................... 169 Policy Inheritance .......................................................................................................................................... 170 Policy-Level Overrides ...................................................................................................................................171 Computer-Level Overrides ...........................................................................................................................172 Rule Inheritance ..............................................................................................................................................173 Creating Policies ................................................................................................................................................... 175 Creating a New Policy .................................................................................................................................. 175 Duplicating an Existing Policy .................................................................................................................... 176 Importing an Existing Policy From Another Installation .......................................................................177 Running Recommendation Scans ......................................................................................................................177 Assigning the Recommendations .............................................................................................................. 180 Performing Ongoing Scans ......................................................................................................................... 183 Scheduling a Recommendation Scan ....................................................................................................... 184 Creating a New Policy Based on a Recommendation Scan ................................................................ 185 Common Objects ................................................................................................................................................... 186 Rules ................................................................................................................................................................. 187 Lists ................................................................................................................................................................... 187 Contexts ........................................................................................................................................................... 188 Firewall Stateful Configurations ................................................................................................................ 190 Malware Scan Configurations ..................................................................................................................... 190 Schedules ......................................................................................................................................................... 191 Syslog Configurations ................................................................................................................................... 191 Tags ................................................................................................................................................................... 191 Review Questions .................................................................................................................................................. 192 Lesson 8: Protecting Servers from Malware ........................................................................ 193 Anti-Malware Solution Platform ........................................................................................................................ 194 Anti-Malware Scanning Methods ...................................................................................................................... 195 Virus Scanning ............................................................................................................................................... 195 Spyware and Grayware Scanning .............................................................................................................. 196 Process Memory Scanning .......................................................................................................................... 196 Behavior Monitoring ..................................................................................................................................... 197 Windows Antimalware Scan Interface (AMSI) ....................................................................................... 198 IntelliTrap ........................................................................................................................................................ 198 Predictive Machine Learning ...................................................................................................................... 198 Enabling Malware Protection ............................................................................................................................. 199 Defining a Malware Scan Configuration .................................................................................................200 Turning the Anti-Malware Module On .....................................................................................................208 Assigning the Scan Configuration to a Scan Type ................................................................................ 210 Keeping Deep Security Up To Date on Malware .................................................................................... 214 Viewing Anti-Malware-Related Events ............................................................................................................ 215 System Events ................................................................................................................................................ 215 Computer Events ........................................................................................................................................... 215 Adding Malware to the Allowed List ......................................................................................................... 216 Reviewing Files Identified as Malware ..............................................................................................................217 Restoring Identified Files ............................................................................................................................. 218 Quarantining Files on Deep Security Agents ......................................................................................... 224 Smart Scan ............................................................................................................................................................ 225 File Reputation .............................................................................................................................................. 226 Querying the File Reputation Service ..................................................................................................... 228 Review Questions ...................................................................................................................................................231 iv © 2022 Trend Micro Inc. Education Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Lesson 9: Blocking Malicious Web Sites................................................................................ 233Trend Micro URL Filtering Engine .................................................................................................................... 234 Credibility Scores ......................................................................................................................................... 235 Web Reputation Communication .............................................................................................................. 236 Enabling Web Reputation ................................................................................................................................... 236 Turning on Web Reputation protection .................................................................................................. 236 Setting the Security Level .......................................................................................................................... 238 Defining Exceptions ..................................................................................................................................... 239 Unblocking Pages ................................................................................................................................................. 242 Viewing Web Reputation-Related Events ...................................................................................................... 244 System Events ............................................................................................................................................... 244 Computer Events .......................................................................................................................................... 244 Review Questions ................................................................................................................................................. 245 Lesson 10: Filtering Traffic Using the Firewall..................................................................... 247 Enabling Firewall Protection ............................................................................................................................. 248 Turning the Firewall on ............................................................................................................................... 248 Applying Firewall Rules ............................................................................................................................... 250 Creating Custom Firewall Rules ........................................................................................................................ 251 Actions ........................................................................................................................................................... 252 Priority ............................................................................................................................................................ 255 Packet Direction ........................................................................................................................................... 256 Frame Type .................................................................................................................................................... 256 Protocol .......................................................................................................................................................... 256 Packet Source and Packet Destination ................................................................................................... 257 Recommended Firewall Policy Rules .............................................................................................................. 258 Rule Order of Analysis ........................................................................................................................................ 258 Traffic Analysis ...................................................................................................................................................... 261 Tap Mode ......................................................................................................................................................... 261 Inline Mode ..................................................................................................................................................... 262 Failure Response Behavior ........................................................................................................................ 262 Anti-Evasion Posture ................................................................................................................................... 264 Advanced Network Engine Options ......................................................................................................... 265 Order of Analysis ................................................................................................................................................. 266 Integrity Check .............................................................................................................................................. 266 Reconnaissance Scans ................................................................................................................................ 266 Check Firewall Rules .................................................................................................................................... 268 Check Stateful Configuration .................................................................................................................... 268 Decrypt SSL Traffic ...................................................................................................................................... 270 Check Intrusion Prevention Rules ............................................................................................................ 270 Important Points to Remember ................................................................................................................ 270 Port Scans ................................................................................................................................................................271 Defining Ports to Scan .................................................................................................................................272 Scan Triggers .................................................................................................................................................273 Scan Results .................................................................................................................................................. 275 Viewing Firewall-Related Events ...................................................................................................................... 276 System Events ............................................................................................................................................... 276 Computer Events ...........................................................................................................................................277 Review Questions ................................................................................................................................................. 278 © 2022 Trend Micro Inc. Education v Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Lesson 11: Protecting Servers From Vulnerabilities ........................................................... 279 Blocking Exploits Using Intrusion Prevention ...............................................................................................280 Virtual Patching ............................................................................................................................................280 Detecting Suspicious Network Activity ...................................................................................................280Blocking Traffic Through Protocol Control ............................................................................................280 Protecting Web Applications .....................................................................................................................280 Enabling Intrusion Prevention ........................................................................................................................... 281 Turning the Intrusion Prevention Module On ......................................................................................... 281 Setting the Intrusion Prevention Behavior ............................................................................................ 283 Running a Recommendation Scan ...........................................................................................................284 Applying the Intrusion Prevention Rules ................................................................................................ 287 Staying Up To Date on Rules Through Ongoing Recommendation Scans ..................................... 289 Types of Intrusion Prevention Rules ............................................................................................................... 289 Rule Groups ............................................................................................................................................................ 291 TippingPoint Equivalent Rule ID Mapping ...................................................................................................... 292 Filtering SSL-Encrypted Traffic ....................................................................................................................... 292 Viewing Intrusion Prevention-Related Events .............................................................................................. 297 System Events ............................................................................................................................................... 297 Computer Events .......................................................................................................................................... 298 Review Questions ................................................................................................................................................. 299 Lesson 12: Detecting Changes to Protected Servers .......................................................... 301 Enabling Integrity Monitoring ........................................................................................................................... 302 Turning on Integrity Monitoring ............................................................................................................... 302 Applying Integrity Monitoring Rules to a Policy or Computer .......................................................... 304 Building a Baseline for the Computer ..................................................................................................... 306 Periodically Scanning for Changes to a Computer .............................................................................. 307 Detecting Changes .............................................................................................................................................308 Viewing Integrity Monitoring-Related Events ............................................................................................... 309 System Events ............................................................................................................................................... 309 Computer Events ........................................................................................................................................... 310 Review Questions ....................................................................................................................................................311 Lesson 13: Blocking Unapproved Software............................................................................ 313 Enforcement Modes ............................................................................................................................................. 314 Enabling Application Control ............................................................................................................................. 314 Installing Approved Software ..................................................................................................................... 314 Running a Malware Scan on the Server ................................................................................................... 315 Enabling Application Control ...................................................................................................................... 315 Detecting software changes ........................................................................................................................317 Viewing Application Control-Related Events ................................................................................................. 318 System Events ................................................................................................................................................ 318 Computer Events ........................................................................................................................................... 319 Overriding Application Control Enforcement ......................................................................................... 319 Global Block .............................................................................................................................................................321 Pre-Approving Software Updates ......................................................................................................................321 Maintenance Mode .........................................................................................................................................321 Trusted Updater .............................................................................................................................................323 Trust Entities ..................................................................................................................................................323 Application Control Order of Analysis ............................................................................................................ 330 Resetting Application Control .....................................................................................................................331 Review Questions ..................................................................................................................................................332 vi © 2022 Trend Micro Inc. Education Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Lesson 14: Inspecting Logs on Protected Servers.............................................................. 333 Enabling Log Inspection ..................................................................................................................................... 334 Turning on Log Inspection ......................................................................................................................... 334 Applying Log Inspection Rules .................................................................................................................. 336 Viewing Log Inspection-Related Events .........................................................................................................340 System Events ............................................................................................................................................... 340 Computer Events ...........................................................................................................................................341 Monitoring Windows Events .............................................................................................................................. 342 Review Questions ................................................................................................................................................. 344 Lesson 15: Events and Alerts ................................................................................................... 345 Event Forwarding ................................................................................................................................................. 345 Security Information and Event Management Server ......................................................................... 346 Amazon Simple Notification Service ....................................................................................................... 346 SNMP ............................................................................................................................................................... 347 Web Services API .......................................................................................................................................... 347 Alerts ....................................................................................................................................................................... 347 Viewing Alerts in the Deep Security Manager Web Console ............................................................. 348 Email Notifications For Alerts ................................................................................................................... 350 Event Tagging ....................................................................................................................................................... 351 Manual Tagging ............................................................................................................................................. 352 Standard Auto-Tagging ............................................................................................................................... 353 Trusted Source Auto-Tagging ................................................................................................................... 355 Trend Micro Certified Safe Software Service ........................................................................................ 357 Reporting ............................................................................................................................................................... 359 Filtering Report Data ........................................................................................................................................... 361 Filtering by Tag .............................................................................................................................................. 361 Filtering by Date and Time ......................................................................................................................... 362 Filtering by Computer ................................................................................................................................. 362 Encrypting Reports ...................................................................................................................................... 363 Review Questions ................................................................................................................................................. 364 Lesson 16: Automating Deep Security Operations ............................................................. 365 Scheduled Tasks ................................................................................................................................................... 365 Creating Scheduled Tasks .......................................................................................................................... 367 Event-Based tasks ................................................................................................................................................ 367 Creating Event-Based tasks ....................................................................................................................... 368 Quick Start Templates ........................................................................................................................................ 369 Deploying Deep Security Manager in Amazon Web Services Using a CloudFormation Template .......................................................................................................................... 369 Deploying Deep Security Manager in Microsoft Azure Using Quickstarts ..................................... 374 Baking the Deep Security Agent into an Amazon Machine Image ........................................................... 381 Application Programming Interface ................................................................................................................ 382 Setting up the Development Environment ............................................................................................. 383 API URL ........................................................................................................................................................... 383 Authenticating API Requests .................................................................................................................... 383 API Reference ....................................................................................................................................................... 385 API Endpoints ................................................................................................................................................ 386 Command Parameters ................................................................................................................................ 387 API URL ...........................................................................................................................................................388 Request Samples ..........................................................................................................................................388 Review Questions ................................................................................................................................................. 390 © 2022 Trend Micro Inc. Education vii Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Lesson 17: Detecting Emerging Malware Through Threat Intelligence ......................... 391 Threat Intelligence Phases ................................................................................................................................ 392 Detect .............................................................................................................................................................. 392 Respond .......................................................................................................................................................... 392 Protect ............................................................................................................................................................ 392 View and Analyze Threats .......................................................................................................................... 392 Threat Intelligence Requirements ................................................................................................................... 393 How Threat Intelligence Works ........................................................................................................................ 393 Trend Micro Apex Central ..................................................................................................................................394 Connecting Deep Security with Trend Micro Apex Central ............................................................... 395 Deep Discovery Analyzer ................................................................................................................................... 396 Suspicious Activities .................................................................................................................................... 397 Connecting Deep Discovery Analyzer to Apex Central ....................................................................... 398 Populating the Apex Central Product Directory .......................................................................................... 399 Configuring Deep Security for Threat Intelligence ...................................................................................... 401 Creating a Malware Scan Configuration .................................................................................................. 401 Configuring Deep Security to Submit Files to Deep Discovery Analyzer .......................................402 Subscribing to the Suspicious Object list ...............................................................................................403 Enabling Sandbox Analysis ........................................................................................................................404 Manually Submitting a File to Deep Discovery For Analysis .....................................................................405 Tracking the Submission ....................................................................................................................................406 Suspicious Objects ...............................................................................................................................................409 Handling Suspicious Object ......................................................................................................................... 410 Review Questions .................................................................................................................................................. 413 Lesson 18: Protecting Cloud Workloads with Trend Micro Cloud One............................ 415 Trend Micro Cloud One Applications ................................................................................................................ 415 Cloud One - Workload Security .......................................................................................................................... 416 Cloud One - Container Security ......................................................................................................................... 416 Protecting Containers With Cloud One - Container Security ............................................................. 417 Cloud One - File Storage Security ..................................................................................................................... 419 Cloud One - Application Security .....................................................................................................................420 Cloud One - Network Security ........................................................................................................................... 421 Cloud One - Conformity ...................................................................................................................................... 422 Well-Architected Framework ..................................................................................................................... 422 Compliance ..................................................................................................................................................... 423 Remediation ................................................................................................................................................... 423 Cloud One - Open Source Security by Snyk .................................................................................................. 424 Review Questions ................................................................................................................................................. 425 Lesson 19: Integrating with Trend Micro Vision One.......................................................... 427 Trend Micro XDR ..................................................................................................................................................428 Trend Micro Vision One ...................................................................................................................................... 429 Key Features ..................................................................................................................................................430 Comparing Trend Micro Vision One to Other Solutions ............................................................................. 433 Trend Micro Vision One Apps ............................................................................................................................ 435 Security Posture Apps ................................................................................................................................ 435 Assessment Apps .........................................................................................................................................438 Threat Intelligence Apps ............................................................................................................................. 439 XDR Apps ........................................................................................................................................................444 Zero Trust Secure Access Apps ................................................................................................................448 Search App .....................................................................................................................................................455 Response Management App ......................................................................................................................456 viii © 2022 Trend Micro Inc. Education Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Mobile Security Apps ...................................................................................................................................458 Inventory Management Apps ....................................................................................................................460 Administration Apps ....................................................................................................................................465 Trend Micro Managed XDR Service ................................................................................................................. 473 Expert Threat Hunting ................................................................................................................................ 473 24x7 Monitoring and Detection ................................................................................................................ 473 Rapid Investigation and Mitigation .......................................................................................................... 473 Trend Micro Vision One Licensing ................................................................................................................... 475 Trend Micro Vision One Credits ................................................................................................................ 475 Calculating Your Credit Requirements ................................................................................................... 476 Managing Credits ..........................................................................................................................................477 Redeeming Purchased Licenses as Credits ........................................................................................... 478 Connecting Deep Security Software to Trend Micro Vision One ............................................................. 479 Installing the XDR Sensor on a Server ............................................................................................................484 Installing the Endpoint Basecamp Services with the Security Agent .............................................484 Installing the Endpoint Basecamp Services Through a Script ..........................................................485 Installing the Endpoint Basecamp Service Through an Installer ......................................................486 Enabling the XDR Sensor ............................................................................................................................ 487 Detection Models .................................................................................................................................................. 491 Model Details ................................................................................................................................................. 492 Workbenches ......................................................................................................................................................... 493 Alert Details ...................................................................................................................................................494 Navigating Within a Workbench .......................................................................................................................495 From the Summary Pane ............................................................................................................................495 From the Highlights Pane ...........................................................................................................................496 From the Observable Graph Pane ............................................................................................................498 Review Questions ................................................................................................................................................. 502 Lesson 20: Migrating to Cloud One - Workload Security .................................................. 503 Benefits of using Cloud One - Workload Security ........................................................................................ 503 Migrating Deep Security Software ..................................................................................................................504 Creating a Cloud One - Workload Security Account ............................................................................505 Creating an API Key ..................................................................................................................................... 507 Prepare a Link to Workload Security ........................................................................................................ 510 Migrating Common Objects ........................................................................................................................ 512 Migrating Policies .......................................................................................................................................... 516 Migrating AWS Cloud Accounts ................................................................................................................. 519 Migrating Other Cloud Accounts .............................................................................................................. 520 Migrating Agents ........................................................................................................................................... 521 Migrating other Deep Security settings .................................................................................................. 526 Configuring Network and Communication Settings ............................................................................ 528 Review Questions ................................................................................................................................................. 530 Appendix A: Activating and Managing Multiple Tenants ................................................... 531 Segmentation using Multi-Tenancy ................................................................................................................. 532 Segmentation by Business Unit ................................................................................................................ 532 Segmentation in a Service Provider Model ............................................................................................ 533 Tenant Isolation ............................................................................................................................................ 533 Database Isolation ........................................................................................................................................ 533 Deep Security Manager Web Console For Tenants .............................................................................. 535 Enabling Multi-Tenancy ...................................................................................................................................... 536 Licensing Modes ........................................................................................................................................... 536 Creating Tenants .................................................................................................................................................. 538 © 2022 Trend Micro Inc. Education ix Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Tenant Administrator ..................................................................................................................................540 Tenant Account Confirmation .................................................................................................................... 541 Managing Tenants ................................................................................................................................................ 541 Tenant State ................................................................................................................................................... 541 Tenant Properties ........................................................................................................................................ 542 Deleting Tenants ........................................................................................................................................... 547 Diagnosing Tenant Issues ........................................................................................................................... 547 Activating Deep Security Agent on Tenants .................................................................................................548 Deep Security Relays ...................................................................................................................................548 Usage Monitoring .................................................................................................................................................548 Multi-Tenant Dashboard .............................................................................................................................549 Multi-Tenant Dashboard/Reporting .........................................................................................................550 Status Monitoring API .................................................................................................................................550 AdministeringTenants .......................................................................................................................................550 Logging into Deep Security Manager as a Tenant ................................................................................ 551 Review Questions ................................................................................................................................................. 552 Appendix B: Protecting Virtual Machines Using the Deep Security Virtual Appliance. 553 Deep Security Virtual Appliance ......................................................................................................................554 Benefits of Using the Virtual Appliance ..................................................................................................554 Virtual Appliance Deployment Models ............................................................................................................ 555 Deployments Using NSX-V for vShield Endpoint .................................................................................. 555 Deployments Using NSX-V or NSX-T Advanced or Enterprise .......................................................... 555 Deployments Without NSX ......................................................................................................................... 555 Combined Mode ............................................................................................................................................ 556 Deploying and Activating the Virtual Appliance Using NSX-V ..................................................................558 Deploying and Activating the Virtual Appliance Using NSX-T ..................................................................558 Importing the Deep Security Virtual Appliance Package into Deep Security Manager ..................... 559 Adding VMware vCenter to Deep Security Manager ................................................................................... 561 Viewing Protected Virtual Machines ...............................................................................................................564 Deep Security Virtual Appliance-Related Communication ........................................................................ 565 Traffic between the Deep Security Virtual Appliance and Deep Security Manager .................... 565 Traffic between vCenter Server and Deep Security Manager .......................................................... 565 Traffic between ESXi and Deep Security Manager .............................................................................. 565 Deep Security Manager and VMware vCenter Server ................................................................................566 Re-configuring vCenter Server Communication ...................................................................................566 Deep Security Manager and vCenter Server Synchronization .........................................................568 Event-based tasks ........................................................................................................................................569 Agentless Anti-Malware Protection ................................................................................................................569 Real-Time Scanning .....................................................................................................................................569 On-Demand Scanning .................................................................................................................................. 570 Scan Cache Settings and Concurrent Scan ........................................................................................... 570 Quarantining in Anti-Malware ................................................................................................................... 572 Agentless Integrity Monitoring Protection .................................................................................................... 572 VMware High Availability ................................................................................................................................... 572 Moving Deep Security Virtual Appliance Data ...................................................................................... 573 Review Questions ................................................................................................................................................. 575 Appendix C: Troubleshooting Common Deep Security Issues ......................................... 577 Diagnostic Logging in Deep Security Manager ............................................................................................. 577 Creating a Diagnostic Package for Deep Security Agents ................................................................. 579 Creating a Diagnostic Package for Deep Security Manager ............................................................... 581 Troubleshooting Offline Agents ....................................................................................................................... 583 x © 2022 Trend Micro Inc. Education Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide Potential Causes ........................................................................................................................................... 583 Possible Solutions ........................................................................................................................................584 Troubleshooting Deep Security Agent Activation Failures .......................................................................586 Possible Solutions ........................................................................................................................................586 Troubleshooting High CPU usage .................................................................................................................... 587 Possible Solutions ........................................................................................................................................ 587 Troubleshooting Security Update Failures ....................................................................................................589 Possible Solutions ........................................................................................................................................589 Appendix D: What's New in Deep Security 20 ......................................................................591 Integration with Trend Micro Vision One ........................................................................................................ 591 Application Control Trust Entities .................................................................................................................... 591 Migrating to Trend Micro Cloud One - Workload Security .......................................................................... 591 Trusted Certificates Detection Exceptions ..................................................................................................... 591 Azure Certificate Authentication ..................................................................................................................... 592 Control Kernel Package Updates ..................................................................................................................... 592 Removal of Integrity Monitoring Baseline Data ........................................................................................... 592 New Action Options in the Windows Anti-Malware Scan Interface (AMSI) ........................................... 592 New Database support ....................................................................................................................................... 592 Predictive Machine Learning Support
Compartilhar