Deep Security 20 Training for Certified Professionals v2-1 - Student Guide

Prévia do material em texto

Trend M
Training ls
Student G
icro™ Deep Security™ 20
 for Certified Professiona
uide
Copyright © 2022 Trend Micro Incorporated. All rights reserved.
Trend Micro, the Trend Micro t-ball logo, InterScan, VirusWall, ScanMail, ServerProtect, 
and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. 
All other product or company names may be trademarks or registered trademarks of 
their owners.
Portions of this manual have been reprinted with permission from other Trend Micro 
documents. The names of companies, products, people, characters, and/or data 
mentioned herein are fictitious and are in no way intended to represent any real 
individual, company, product, or event, unless otherwise noted. Information in this 
document is subject to change without notice.
No part of this publication may be reproduced, photocopied, stored in a retrieval system, 
or transmitted without the express prior written consent of Trend Micro Incorporated.
Released: May 2, 2022
Trend Micro Deep Security 20 Software
Courseware v2.1
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Table of Contents
Lesson 1: Deep Security Overview ................................................................................................ 1
Global Threat Intelligence ............................................................................................................................... 5
Common Services .............................................................................................................................................. 5
Ecosystem Integration ..................................................................................................................................... 5
Evolution of the Data Center ................................................................................................................................. 6
Deep Security Software .......................................................................................................................................... 6
Deployment Options .........................................................................................................................................8
Deep Security Protection Modules ......................................................................................................................10
Anti-Malware .....................................................................................................................................................10
Web Reputation ................................................................................................................................................10
Firewall ................................................................................................................................................................. 11
Intrusion Prevention ......................................................................................................................................... 11
Integrity Monitoring .......................................................................................................................................... 11
Log Inspection ................................................................................................................................................... 12
Application Control .......................................................................................................................................... 12
Deep Security Components ................................................................................................................................... 13
Deep Security Manager ................................................................................................................................... 13
Database ............................................................................................................................................................. 13
Deep Security Manager Web Console .........................................................................................................14
Deep Security Agent ........................................................................................................................................14
Deep Security Relay .........................................................................................................................................14
Apex Central ......................................................................................................................................................14
Deep Security Virtual Appliance ...................................................................................................................15
Deep Security Notifier .....................................................................................................................................15
Trend Micro Smart Protection Network .....................................................................................................15
Trend Micro Smart Protection Server .........................................................................................................15
Trend Micro Cloud One ...................................................................................................................................16
Deep Security Scanner ....................................................................................................................................16
Deep Discovery Analyzer ...............................................................................................................................16
Trend Micro Vision One ................................................................................................................................... 17
Third-Party Authentication ............................................................................................................................ 17
Threat Detection ......................................................................................................................................................18
Detecting Threats at the Entry Point ..........................................................................................................18
Detecting Threats Pre-execution .................................................................................................................18
Detecting Threats at Runtime .......................................................................................................................19
Detecting Threats at the Exit Point .............................................................................................................19
Review Questions ....................................................................................................................................................20
Lesson 2: Deep Security Manager .............................................................................................. 21
Deep Security Manager ..........................................................................................................................................21
Deep Security Manager System Requirements .......................................................................................22
Operating System ............................................................................................................................................22
Database ...................................................................................................................................................................22
Database Requirements ................................................................................................................................22
Supported Databases .....................................................................................................................................23Database Communication .............................................................................................................................24
Database Sizing ...............................................................................................................................................25
Database Installation Requirements ..........................................................................................................26
Deep Security Manager Architecture ................................................................................................................28
Apache Tomcat ................................................................................................................................................28
Web Client .........................................................................................................................................................28
© 2022 Trend Micro Inc. Education i
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Manager Core ...................................................................................................................................................28
Jasper Reports .................................................................................................................................................28
Communication Ports .....................................................................................................................................29
Network Communication ...............................................................................................................................30
Configuration Settings ...................................................................................................................................30
Multiple Deep Security Manager Nodes .............................................................................................................31
High Availability ................................................................................................................................................31
Performing Operations Through the Deep Security Manager Web Console ...........................................33
Performing Operations Through a Command Line ........................................................................................33
Performing Operations Through the Windows Command Prompt .....................................................33
Performing Operations Through the Linux Terminal .............................................................................33
Command Syntax ............................................................................................................................................34
Installing Deep Security Manager 20 for Windows Server ...........................................................................36
Deep Security Pre-Installation Checklist ...................................................................................................36
Deep Security Manager Readiness Check .................................................................................................37
Installing Deep Security Manager for Windows Server .........................................................................38
Installing Deep Security Manager for Linux ............................................................................................ 48
Logging into the Deep Security Manager Web Console ............................................................................... 49
Deep Security Manager Digital Certificates ......................................................................................................51
Upgrading From Deep Security 12 ......................................................................................................................52
Upgrading From Deep Security 11 .......................................................................................................................56
Review Questions .....................................................................................................................................................61
Lesson 3: Deploying Deep Security Agents............................................................................ 63
Deep Security Agent ..............................................................................................................................................63
Deep Security Agent System Requirements ............................................................................................63
Deploying Deep Security Agents ....................................................................................................................... 64
Importing Deep Security Agent Software into Deep Security Manager ........................................... 64
Installing the Deep Security Agent ............................................................................................................ 68
Adding Physical and Virtual Servers to the Computer list .................................................................... 77
Adding Cloud Servers to the Computer list ............................................................................................. 85
Activating Deep Security Agents .............................................................................................................. 104
Deep Security Agent Heartbeat ........................................................................................................................ 107
Deep Security Manager to Agent Communication ................................................................................ 108
Review Questions .................................................................................................................................................. 109
Lesson 4: Managing Deep Security Agents............................................................................. 111
Performing Deep Security Agent Operations Through a Command Line .................................................111
Performing Operations Through the Windows Command Prompt ......................................................111
Performing Operations Through the Linux Terminal ..............................................................................111
Command Syntax .............................................................................................................................................111
Resetting Deep Security Agents .........................................................................................................................113
Protecting Deep Security Agents From Modification ................................................................................... 114
Viewing Computer Protection Status ................................................................................................................115
Computers Without a Deep Security Agent ..............................................................................................115
Computers With an Unactivated Deep Security Agent ..........................................................................115
Computers with an Activated Deep Security Agent .............................................................................. 116
Deep Security Relay ....................................................................................................................................... 116
ESXi Server .......................................................................................................................................................117
Deep Security Virtual Appliance ..................................................................................................................117
Virtual Machine ................................................................................................................................................117Server Hosting Containers ........................................................................................................................... 118
Protection Module Installation States .............................................................................................................. 118
ii © 2022 Trend Micro Inc. Education
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Viewing Deep Security Agent Tasks in Progress .................................................................................... 119
Dealing With Offline Agents .................................................................................................................................121
Cleaning Up Inactive Agents ..............................................................................................................................122
Cleaning up Inactive Agent ..........................................................................................................................122
Reactivate Unknown Agents .......................................................................................................................123
Overriding Inactive Agent Cleanup ........................................................................................................... 124
Upgrading Deep Security Agents to Deep Security 20 ............................................................................... 124
Anti-Malware Protection During Upgrades ............................................................................................. 128
Upgrading Agents on Activation ...................................................................................................................... 129
Controlling the Agent Version .......................................................................................................................... 129
Organizing Computers Using Groups .................................................................................................................131
Creating Groups ..............................................................................................................................................132
Adding Computers to a Group .....................................................................................................................133
Organizing Computers Using Smart Folders ................................................................................................. 134
Protecting Container Hosts at Runtime .......................................................................................................... 136
Protecting the Docker Host .........................................................................................................................137
Protecting Docker Containers .....................................................................................................................137
Protecting Kubernetes and Docker ............................................................................................................137
Review Questions ................................................................................................................................................... 141
Lesson 5: Keeping Deep Security Up To Date ...................................................................... 143
Security Updates ................................................................................................................................................... 143
Security Update Process ............................................................................................................................. 144
Creating Update Bundles ............................................................................................................................. 145
Software Updates ................................................................................................................................................. 145
Software Update process ............................................................................................................................ 147
Deleting Imported Agent Packages .......................................................................................................... 147
Configuring Updates for Cloud Accounts ....................................................................................................... 148
Scheduling Checks for Updates ......................................................................................................................... 148
Update Source Settings ....................................................................................................................................... 149
Deep Security Relays .......................................................................................................................................... 150
Deep Security Relay Architecture ............................................................................................................. 150
Enabling Deep Security Relays ....................................................................................................................151
Organizing Relays Into Groups .................................................................................................................. 153
Review Questions .................................................................................................................................................. 158
Lesson 6: Trend Micro Smart Protection............................................................................... 159
File Reputation Service ................................................................................................................................ 159
Web Reputation Service .............................................................................................................................. 159
Census Service ............................................................................................................................................... 160
Predictive Machine Learning Service ....................................................................................................... 160
Certified Safe Software Service ................................................................................................................ 160
Smart Feedback .............................................................................................................................................. 161
Smart Protection Sources .................................................................................................................................. 162
Trend Micro Smart Protection Network .................................................................................................. 162
Smart Protection Server ............................................................................................................................. 162
Configuring the Smart Protection Source ...................................................................................................... 163
Smart Protection Source for File Reputation Service .......................................................................... 163
Smart Protection Source for Web Reputation ....................................................................................... 164
Smart Protection Source for Census, Certified Safe Software 
 and Predictive Machine Learning ............................................................................................................... 165
Review Questions .................................................................................................................................................. 166
© 2022 Trend Micro Inc. Education iii
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Lesson7: Assigning Protection Settings Through Policies ............................................... 167
Policy Structure ..................................................................................................................................................... 169
Policy Inheritance .......................................................................................................................................... 170
Policy-Level Overrides ...................................................................................................................................171
Computer-Level Overrides ...........................................................................................................................172
Rule Inheritance ..............................................................................................................................................173
Creating Policies ................................................................................................................................................... 175
Creating a New Policy .................................................................................................................................. 175
Duplicating an Existing Policy .................................................................................................................... 176
Importing an Existing Policy From Another Installation .......................................................................177
Running Recommendation Scans ......................................................................................................................177
Assigning the Recommendations .............................................................................................................. 180
Performing Ongoing Scans ......................................................................................................................... 183
Scheduling a Recommendation Scan ....................................................................................................... 184
Creating a New Policy Based on a Recommendation Scan ................................................................ 185
Common Objects ................................................................................................................................................... 186
Rules ................................................................................................................................................................. 187
Lists ................................................................................................................................................................... 187
Contexts ........................................................................................................................................................... 188
Firewall Stateful Configurations ................................................................................................................ 190
Malware Scan Configurations ..................................................................................................................... 190
Schedules ......................................................................................................................................................... 191
Syslog Configurations ................................................................................................................................... 191
Tags ................................................................................................................................................................... 191
Review Questions .................................................................................................................................................. 192
Lesson 8: Protecting Servers from Malware ........................................................................ 193
Anti-Malware Solution Platform ........................................................................................................................ 194
Anti-Malware Scanning Methods ...................................................................................................................... 195
Virus Scanning ............................................................................................................................................... 195
Spyware and Grayware Scanning .............................................................................................................. 196
Process Memory Scanning .......................................................................................................................... 196
Behavior Monitoring ..................................................................................................................................... 197
Windows Antimalware Scan Interface (AMSI) ....................................................................................... 198
IntelliTrap ........................................................................................................................................................ 198
Predictive Machine Learning ...................................................................................................................... 198
Enabling Malware Protection ............................................................................................................................. 199
Defining a Malware Scan Configuration .................................................................................................200
Turning the Anti-Malware Module On .....................................................................................................208
Assigning the Scan Configuration to a Scan Type ................................................................................ 210
Keeping Deep Security Up To Date on Malware .................................................................................... 214
Viewing Anti-Malware-Related Events ............................................................................................................ 215
System Events ................................................................................................................................................ 215
Computer Events ........................................................................................................................................... 215
Adding Malware to the Allowed List ......................................................................................................... 216
Reviewing Files Identified as Malware ..............................................................................................................217
Restoring Identified Files ............................................................................................................................. 218
Quarantining Files on Deep Security Agents ......................................................................................... 224
Smart Scan ............................................................................................................................................................ 225
File Reputation .............................................................................................................................................. 226
Querying the File Reputation Service ..................................................................................................... 228
Review Questions ...................................................................................................................................................231
iv © 2022 Trend Micro Inc. Education
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Lesson 9: Blocking Malicious Web Sites................................................................................ 233Trend Micro URL Filtering Engine .................................................................................................................... 234
Credibility Scores ......................................................................................................................................... 235
Web Reputation Communication .............................................................................................................. 236
Enabling Web Reputation ................................................................................................................................... 236
Turning on Web Reputation protection .................................................................................................. 236
Setting the Security Level .......................................................................................................................... 238
Defining Exceptions ..................................................................................................................................... 239
Unblocking Pages ................................................................................................................................................. 242
Viewing Web Reputation-Related Events ...................................................................................................... 244
System Events ............................................................................................................................................... 244
Computer Events .......................................................................................................................................... 244
Review Questions ................................................................................................................................................. 245
Lesson 10: Filtering Traffic Using the Firewall..................................................................... 247
Enabling Firewall Protection ............................................................................................................................. 248
Turning the Firewall on ............................................................................................................................... 248
Applying Firewall Rules ............................................................................................................................... 250
Creating Custom Firewall Rules ........................................................................................................................ 251
Actions ........................................................................................................................................................... 252
Priority ............................................................................................................................................................ 255
Packet Direction ........................................................................................................................................... 256
Frame Type .................................................................................................................................................... 256
Protocol .......................................................................................................................................................... 256
Packet Source and Packet Destination ................................................................................................... 257
Recommended Firewall Policy Rules .............................................................................................................. 258
Rule Order of Analysis ........................................................................................................................................ 258
Traffic Analysis ...................................................................................................................................................... 261
Tap Mode ......................................................................................................................................................... 261
Inline Mode ..................................................................................................................................................... 262
Failure Response Behavior ........................................................................................................................ 262
Anti-Evasion Posture ................................................................................................................................... 264
Advanced Network Engine Options ......................................................................................................... 265
Order of Analysis ................................................................................................................................................. 266
Integrity Check .............................................................................................................................................. 266
Reconnaissance Scans ................................................................................................................................ 266
Check Firewall Rules .................................................................................................................................... 268
Check Stateful Configuration .................................................................................................................... 268
Decrypt SSL Traffic ...................................................................................................................................... 270
Check Intrusion Prevention Rules ............................................................................................................ 270
Important Points to Remember ................................................................................................................ 270
Port Scans ................................................................................................................................................................271
Defining Ports to Scan .................................................................................................................................272
Scan Triggers .................................................................................................................................................273
Scan Results .................................................................................................................................................. 275
Viewing Firewall-Related Events ...................................................................................................................... 276
System Events ............................................................................................................................................... 276
Computer Events ...........................................................................................................................................277
Review Questions ................................................................................................................................................. 278
© 2022 Trend Micro Inc. Education v
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Lesson 11: Protecting Servers From Vulnerabilities ........................................................... 279
Blocking Exploits Using Intrusion Prevention ...............................................................................................280
Virtual Patching ............................................................................................................................................280
Detecting Suspicious Network Activity ...................................................................................................280Blocking Traffic Through Protocol Control ............................................................................................280
Protecting Web Applications .....................................................................................................................280
Enabling Intrusion Prevention ........................................................................................................................... 281
Turning the Intrusion Prevention Module On ......................................................................................... 281
Setting the Intrusion Prevention Behavior ............................................................................................ 283
Running a Recommendation Scan ...........................................................................................................284
Applying the Intrusion Prevention Rules ................................................................................................ 287
Staying Up To Date on Rules Through Ongoing Recommendation Scans ..................................... 289
Types of Intrusion Prevention Rules ............................................................................................................... 289
Rule Groups ............................................................................................................................................................ 291
TippingPoint Equivalent Rule ID Mapping ...................................................................................................... 292
Filtering SSL-Encrypted Traffic ....................................................................................................................... 292
Viewing Intrusion Prevention-Related Events .............................................................................................. 297
System Events ............................................................................................................................................... 297
Computer Events .......................................................................................................................................... 298
Review Questions ................................................................................................................................................. 299
Lesson 12: Detecting Changes to Protected Servers .......................................................... 301
Enabling Integrity Monitoring ........................................................................................................................... 302
Turning on Integrity Monitoring ............................................................................................................... 302
Applying Integrity Monitoring Rules to a Policy or Computer .......................................................... 304
Building a Baseline for the Computer ..................................................................................................... 306
Periodically Scanning for Changes to a Computer .............................................................................. 307
Detecting Changes .............................................................................................................................................308
Viewing Integrity Monitoring-Related Events ............................................................................................... 309
System Events ............................................................................................................................................... 309
Computer Events ........................................................................................................................................... 310
Review Questions ....................................................................................................................................................311
Lesson 13: Blocking Unapproved Software............................................................................ 313
Enforcement Modes ............................................................................................................................................. 314
Enabling Application Control ............................................................................................................................. 314
Installing Approved Software ..................................................................................................................... 314
Running a Malware Scan on the Server ................................................................................................... 315
Enabling Application Control ...................................................................................................................... 315
Detecting software changes ........................................................................................................................317
Viewing Application Control-Related Events ................................................................................................. 318
System Events ................................................................................................................................................ 318
Computer Events ........................................................................................................................................... 319
Overriding Application Control Enforcement ......................................................................................... 319
Global Block .............................................................................................................................................................321
Pre-Approving Software Updates ......................................................................................................................321
Maintenance Mode .........................................................................................................................................321
Trusted Updater .............................................................................................................................................323
Trust Entities ..................................................................................................................................................323
Application Control Order of Analysis ............................................................................................................ 330
Resetting Application Control .....................................................................................................................331
Review Questions ..................................................................................................................................................332
vi © 2022 Trend Micro Inc. Education
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Lesson 14: Inspecting Logs on Protected Servers.............................................................. 333
Enabling Log Inspection ..................................................................................................................................... 334
Turning on Log Inspection ......................................................................................................................... 334
Applying Log Inspection Rules .................................................................................................................. 336
Viewing Log Inspection-Related Events .........................................................................................................340
System Events ............................................................................................................................................... 340
Computer Events ...........................................................................................................................................341
Monitoring Windows Events .............................................................................................................................. 342
Review Questions ................................................................................................................................................. 344
Lesson 15: Events and Alerts ................................................................................................... 345
Event Forwarding ................................................................................................................................................. 345
Security Information and Event Management Server ......................................................................... 346
Amazon Simple Notification Service ....................................................................................................... 346
SNMP ............................................................................................................................................................... 347
Web Services API .......................................................................................................................................... 347
Alerts ....................................................................................................................................................................... 347
Viewing Alerts in the Deep Security Manager Web Console ............................................................. 348
Email Notifications For Alerts ................................................................................................................... 350
Event Tagging ....................................................................................................................................................... 351
Manual Tagging ............................................................................................................................................. 352
Standard Auto-Tagging ............................................................................................................................... 353
Trusted Source Auto-Tagging ................................................................................................................... 355
Trend Micro Certified Safe Software Service ........................................................................................ 357
Reporting ............................................................................................................................................................... 359
Filtering Report Data ........................................................................................................................................... 361
Filtering by Tag .............................................................................................................................................. 361
Filtering by Date and Time ......................................................................................................................... 362
Filtering by Computer ................................................................................................................................. 362
Encrypting Reports ...................................................................................................................................... 363
Review Questions ................................................................................................................................................. 364
Lesson 16: Automating Deep Security Operations ............................................................. 365
Scheduled Tasks ................................................................................................................................................... 365
Creating Scheduled Tasks .......................................................................................................................... 367
Event-Based tasks ................................................................................................................................................ 367
Creating Event-Based tasks ....................................................................................................................... 368
Quick Start Templates ........................................................................................................................................ 369
Deploying Deep Security Manager in Amazon Web Services Using a 
 CloudFormation Template .......................................................................................................................... 369
Deploying Deep Security Manager in Microsoft Azure Using Quickstarts ..................................... 374
Baking the Deep Security Agent into an Amazon Machine Image ........................................................... 381
Application Programming Interface ................................................................................................................ 382
Setting up the Development Environment ............................................................................................. 383
API URL ........................................................................................................................................................... 383
Authenticating API Requests .................................................................................................................... 383
API Reference ....................................................................................................................................................... 385
API Endpoints ................................................................................................................................................ 386
Command Parameters ................................................................................................................................ 387
API URL ...........................................................................................................................................................388
Request Samples ..........................................................................................................................................388
Review Questions ................................................................................................................................................. 390
© 2022 Trend Micro Inc. Education vii
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Lesson 17: Detecting Emerging Malware Through Threat Intelligence ......................... 391
Threat Intelligence Phases ................................................................................................................................ 392
Detect .............................................................................................................................................................. 392
Respond .......................................................................................................................................................... 392
Protect ............................................................................................................................................................ 392
View and Analyze Threats .......................................................................................................................... 392
Threat Intelligence Requirements ................................................................................................................... 393
How Threat Intelligence Works ........................................................................................................................ 393
Trend Micro Apex Central ..................................................................................................................................394
Connecting Deep Security with Trend Micro Apex Central ............................................................... 395
Deep Discovery Analyzer ................................................................................................................................... 396
Suspicious Activities .................................................................................................................................... 397
Connecting Deep Discovery Analyzer to Apex Central ....................................................................... 398
Populating the Apex Central Product Directory .......................................................................................... 399
Configuring Deep Security for Threat Intelligence ...................................................................................... 401
Creating a Malware Scan Configuration .................................................................................................. 401
Configuring Deep Security to Submit Files to Deep Discovery Analyzer .......................................402
Subscribing to the Suspicious Object list ...............................................................................................403
Enabling Sandbox Analysis ........................................................................................................................404
Manually Submitting a File to Deep Discovery For Analysis .....................................................................405
Tracking the Submission ....................................................................................................................................406
Suspicious Objects ...............................................................................................................................................409
Handling Suspicious Object ......................................................................................................................... 410
Review Questions .................................................................................................................................................. 413
Lesson 18: Protecting Cloud Workloads with Trend Micro Cloud One............................ 415
Trend Micro Cloud One Applications ................................................................................................................ 415
Cloud One - Workload Security .......................................................................................................................... 416
Cloud One - Container Security ......................................................................................................................... 416
Protecting Containers With Cloud One - Container Security ............................................................. 417
Cloud One - File Storage Security ..................................................................................................................... 419
Cloud One - Application Security .....................................................................................................................420
Cloud One - Network Security ........................................................................................................................... 421
Cloud One - Conformity ...................................................................................................................................... 422
Well-Architected Framework ..................................................................................................................... 422
Compliance ..................................................................................................................................................... 423
Remediation ................................................................................................................................................... 423
Cloud One - Open Source Security by Snyk .................................................................................................. 424
Review Questions ................................................................................................................................................. 425
Lesson 19: Integrating with Trend Micro Vision One.......................................................... 427
Trend Micro XDR ..................................................................................................................................................428
Trend Micro Vision One ...................................................................................................................................... 429
Key Features ..................................................................................................................................................430
Comparing Trend Micro Vision One to Other Solutions ............................................................................. 433
Trend Micro Vision One Apps ............................................................................................................................ 435
Security Posture Apps ................................................................................................................................ 435
Assessment Apps .........................................................................................................................................438
Threat Intelligence Apps ............................................................................................................................. 439
XDR Apps ........................................................................................................................................................444
Zero Trust Secure Access Apps ................................................................................................................448
Search App .....................................................................................................................................................455
Response Management App ......................................................................................................................456
viii © 2022 Trend Micro Inc. Education
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Mobile Security Apps ...................................................................................................................................458
Inventory Management Apps ....................................................................................................................460
Administration Apps ....................................................................................................................................465
Trend Micro Managed XDR Service ................................................................................................................. 473
Expert Threat Hunting ................................................................................................................................ 473
24x7 Monitoring and Detection ................................................................................................................ 473
Rapid Investigation and Mitigation .......................................................................................................... 473
Trend Micro Vision One Licensing ................................................................................................................... 475
Trend Micro Vision One Credits ................................................................................................................ 475
Calculating Your Credit Requirements ................................................................................................... 476
Managing Credits ..........................................................................................................................................477
Redeeming Purchased Licenses as Credits ........................................................................................... 478
Connecting Deep Security Software to Trend Micro Vision One ............................................................. 479
Installing the XDR Sensor on a Server ............................................................................................................484
Installing the Endpoint Basecamp Services with the Security Agent .............................................484
Installing the Endpoint Basecamp Services Through a Script ..........................................................485
Installing the Endpoint Basecamp Service Through an Installer ......................................................486
Enabling the XDR Sensor ............................................................................................................................ 487
Detection Models .................................................................................................................................................. 491
Model Details ................................................................................................................................................. 492
Workbenches ......................................................................................................................................................... 493
Alert Details ...................................................................................................................................................494
Navigating Within a Workbench .......................................................................................................................495
From the Summary Pane ............................................................................................................................495
From the Highlights Pane ...........................................................................................................................496
From the Observable Graph Pane ............................................................................................................498
Review Questions ................................................................................................................................................. 502
Lesson 20: Migrating to Cloud One - Workload Security .................................................. 503
Benefits of using Cloud One - Workload Security ........................................................................................ 503
Migrating Deep Security Software ..................................................................................................................504
Creating a Cloud One - Workload Security Account ............................................................................505
Creating an API Key ..................................................................................................................................... 507
Prepare a Link to Workload Security ........................................................................................................ 510
Migrating Common Objects ........................................................................................................................ 512
Migrating Policies .......................................................................................................................................... 516
Migrating AWS Cloud Accounts ................................................................................................................. 519
Migrating Other Cloud Accounts .............................................................................................................. 520
Migrating Agents ........................................................................................................................................... 521
Migrating other Deep Security settings .................................................................................................. 526
Configuring Network and Communication Settings ............................................................................ 528
Review Questions ................................................................................................................................................. 530
Appendix A: Activating and Managing Multiple Tenants ................................................... 531
Segmentation using Multi-Tenancy ................................................................................................................. 532
Segmentation by Business Unit ................................................................................................................ 532
Segmentation in a Service Provider Model ............................................................................................ 533
Tenant Isolation ............................................................................................................................................ 533
Database Isolation ........................................................................................................................................ 533
Deep Security Manager Web Console For Tenants .............................................................................. 535
Enabling Multi-Tenancy ...................................................................................................................................... 536
Licensing Modes ........................................................................................................................................... 536
Creating Tenants .................................................................................................................................................. 538
© 2022 Trend Micro Inc. Education ix
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Tenant Administrator ..................................................................................................................................540
Tenant Account Confirmation .................................................................................................................... 541
Managing Tenants ................................................................................................................................................ 541
Tenant State ................................................................................................................................................... 541
Tenant Properties ........................................................................................................................................ 542
Deleting Tenants ........................................................................................................................................... 547
Diagnosing Tenant Issues ........................................................................................................................... 547
Activating Deep Security Agent on Tenants .................................................................................................548
Deep Security Relays ...................................................................................................................................548
Usage Monitoring .................................................................................................................................................548
Multi-Tenant Dashboard .............................................................................................................................549
Multi-Tenant Dashboard/Reporting .........................................................................................................550
Status Monitoring API .................................................................................................................................550
AdministeringTenants .......................................................................................................................................550
Logging into Deep Security Manager as a Tenant ................................................................................ 551
Review Questions ................................................................................................................................................. 552
Appendix B: Protecting Virtual Machines Using the Deep Security Virtual Appliance. 553
Deep Security Virtual Appliance ......................................................................................................................554
Benefits of Using the Virtual Appliance ..................................................................................................554
Virtual Appliance Deployment Models ............................................................................................................ 555
Deployments Using NSX-V for vShield Endpoint .................................................................................. 555
Deployments Using NSX-V or NSX-T Advanced or Enterprise .......................................................... 555
Deployments Without NSX ......................................................................................................................... 555
Combined Mode ............................................................................................................................................ 556
Deploying and Activating the Virtual Appliance Using NSX-V ..................................................................558
Deploying and Activating the Virtual Appliance Using NSX-T ..................................................................558
Importing the Deep Security Virtual Appliance Package into Deep Security Manager ..................... 559
Adding VMware vCenter to Deep Security Manager ................................................................................... 561
Viewing Protected Virtual Machines ...............................................................................................................564
Deep Security Virtual Appliance-Related Communication ........................................................................ 565
Traffic between the Deep Security Virtual Appliance and Deep Security Manager .................... 565
Traffic between vCenter Server and Deep Security Manager .......................................................... 565
Traffic between ESXi and Deep Security Manager .............................................................................. 565
Deep Security Manager and VMware vCenter Server ................................................................................566
Re-configuring vCenter Server Communication ...................................................................................566
Deep Security Manager and vCenter Server Synchronization .........................................................568
Event-based tasks ........................................................................................................................................569
Agentless Anti-Malware Protection ................................................................................................................569
Real-Time Scanning .....................................................................................................................................569
On-Demand Scanning .................................................................................................................................. 570
Scan Cache Settings and Concurrent Scan ........................................................................................... 570
Quarantining in Anti-Malware ................................................................................................................... 572
Agentless Integrity Monitoring Protection .................................................................................................... 572
VMware High Availability ................................................................................................................................... 572
Moving Deep Security Virtual Appliance Data ...................................................................................... 573
Review Questions ................................................................................................................................................. 575
Appendix C: Troubleshooting Common Deep Security Issues ......................................... 577
Diagnostic Logging in Deep Security Manager ............................................................................................. 577
Creating a Diagnostic Package for Deep Security Agents ................................................................. 579
Creating a Diagnostic Package for Deep Security Manager ............................................................... 581
Troubleshooting Offline Agents ....................................................................................................................... 583
x © 2022 Trend Micro Inc. Education
Trend Micro Deep Security 20 Training for Certified Professionals - Student Guide
Potential Causes ........................................................................................................................................... 583
Possible Solutions ........................................................................................................................................584
Troubleshooting Deep Security Agent Activation Failures .......................................................................586
Possible Solutions ........................................................................................................................................586
Troubleshooting High CPU usage .................................................................................................................... 587
Possible Solutions ........................................................................................................................................ 587
Troubleshooting Security Update Failures ....................................................................................................589
Possible Solutions ........................................................................................................................................589
Appendix D: What's New in Deep Security 20 ......................................................................591
Integration with Trend Micro Vision One ........................................................................................................ 591
Application Control Trust Entities .................................................................................................................... 591
Migrating to Trend Micro Cloud One - Workload Security .......................................................................... 591
Trusted Certificates Detection Exceptions ..................................................................................................... 591
Azure Certificate Authentication ..................................................................................................................... 592
Control Kernel Package Updates ..................................................................................................................... 592
Removal of Integrity Monitoring Baseline Data ........................................................................................... 592
New Action Options in the Windows Anti-Malware Scan Interface (AMSI) ........................................... 592
New Database support ....................................................................................................................................... 592
Predictive Machine Learning Support