hey what's up guys this is sohan and you are watching technical spark friends from today onwards we are going to start new series that is from the train micro and the product name would be trend micro deep security version 20. before we start with the training i just wanted to thanks all of you guys for the voting given on the community your voting is really helping me to identify the product to start the training with and so many of you guys voted for train micro deep security so here we are and thanks again to the all subscribers now let's start with the 10 micro dip security but before that one small intro video [Music] friends this is our series objective in this series we'll describe the purpose feature function and capabilities of train micro deep security as well as define and install components that make up deep security implement security by enabling protection models which mean the features available in deep security and last review all available configurations and administration option friends this is very first video of train micro deep security so i'm not going to touch anything practically so in this session we'll only understand how the deep security exactly works and what are the components are there which we can utilize now very important who can watch this video the iit professional responsible for protecting network data center and cloud resources from data breaches and targeted attacks this include those involved with operations deployment security response and compliance so if you are involved in any of the operational or administrator level tasks then you must watch this video and guys if you have basic knowledge of the following topics is also beneficial like windows servers and client firewalls and packets inspection devices vmware esxi vcenter nss these are the worst applications where we usually deploy the servers as well as amazon aws microsoft azure vmware vcloud those are the cloud-based services and the virtualization technology so i hope you all have the knowledge of this particular technologies and friends after completing this entire series you will be definitely able to identify the key business drivers for deep security list the deep security deployment option identify the roles of each of the deep security protection modules list the required and optional components of deep security installation now friends before we start the discussion of deep security let's review the security solution offered by train micro train micro provides layer content security with interconnect solution that share data so that you can protect your users network data center and cloud resources from data bridges and targeted attacks so there is a multiple products comes into this particular four segment right now we are not going to do the deep dive but we will cover all those products in different different series but if you want here is one small recap like user protection interconnected suits of security products and advanced threat depends techniques that protect users from ransomware and other threats another is network defense it's a next generation ips okay and blue detection to prevent targeted attacks advanced threats and ransomware from embedding or spreading within the network hybrid cloud comprehensive automated security solution to protect enterprise workload in the data center and the cloud from critical new threats while helping to accelerate regulatory compliance visibility control manage a comprehensive set of security capabilities from one single management console so if you have multiple train micro application then also you can manage from the single console now smart protection network it's provide up to the second threat intelligence to immediately stamp out attacks before they can harm valuable enterprise data assets now friends since we are talking about the deep security so let's understand evolution of the data center workloads in data center started off on physical servers as you know probably the very first when the companies or data centers were built so those are using physical servers and at that time people's who manages this server they have to maintain thousand thousands of servers in a data center and which was the very critical task but later on everything is moved to virtual which means in single server we can create multiple virtual operating systems for our application then again it moved to the cloud and now containers and serverless so i hope you all know what is the physical virtual cloud and containers and serverless now friends let's understand hybrid cloud services challenge nowadays it is dynamics because they are evolving infrastructure from serve physical virtual cloud and then serverless so you can see the how exactly is growing as well as the speed of app changes which means nowadays if you observe in your mobile so we are continuously getting updates or the you know and the way application works is getting completely changed and then the last one is threat sophistication because we don't know whether we really got infected or we have a malware present in our machine or not now the organization pane thread protection and audit because if you have multiple environment like your physical server virtual server cloud or serverless then at that time you have you probably need to deploy multiple antivirus from multiple vendors okay so here deep security comes into the picture deep security is supported for all this various environment deep security agent can provide you know protection to all the application as well as the server infrastructure and third is lack of resources need to simplify so here is our answer is same we have one agent which you know it serves the purpose of all your pain points x means your pain point and 10 micro deep security will solve all your problems with one single solution and friends these are the you know major pinpoint overwhelm incompatible audit too many tools zero day scan storm but with 10 micro you don't have to worry about anything and these things we are going to learn in our next videos now guys just let me tell you the deep security platform is the core of the train micro hybrid cloud security solution okay because deep security provides advanced server security for physical virtual cloud-based computers it also protect enterprise application and data from breaches and business disruption without requiring emergency patching and this is centrally managed platform consolidates security operations within a single management dashboard for all capabilities and simplify security operation while enabling regulatory compliance and accelerating the roi of virtualization and cloud project and this is deep security fi ps certified and just for your information deep security protects and servers again zero day malware and ransomware identify suspicious behavior shield the network from vulnerabilities before they can exploit and detect and stop network-based attacks while minimizing the operational impact from resource inefficiencies and emergency patching so we'll cover this practically but this is just for your information and here are some key business drivers for deep security deep security protect against data breaches and business disruption and friends if you want to read anything just pause the video and read all the pointers which is available here okay provision for full security capabilities automatically in the data centers optimize data center resources support compliance and the last one is reduce operational cost now friends let's understand what are the deployment methods or flexibility in deployment provided by trend micro so if you are on premise server you can install indus software form which means if you have any windows server in your play environment then you can simply install the deep security manager in your environment and then deploy the agent on rest of the machines and let's say if you don't have any windows server then at that time you can use software as a service which is a cloud based solution from 10 micro this also works same as like on premise but the only fact is in this very first scenario you have to manage your server in second scenario you don't have to manage infrastructure i am in your server you just have to download the agent and deploy on your node that's it and very important the third one the cloud marketplace let's say in the amazon web services and microsoft azure marketplace deep security is available as a software piece and as a service which you guys can purchase and friends these are the actual models of deep security okay on which we are going to work first is anti-malware second is web reputation third is application control for this log inspection fifth is integrity monitoring and six is firewall intelligent prevention so guys here is some basic idea of how exactly this module is going to be work like say anti-malware guys the anti-malware model detects and blocks malicious software such as viruses trojans fireware ransomware and other application intended to harm your endpoint and this anti-malware protection can be occurred in real time on demand as well as the schedule so the way you want to use this you can you have the different configuration options available in the console now next is web reputation guys whenever you browse any website in your machine okay it tracks the credibility of website to safeguard servers from malice's url which means while browsing if 10 micro web reputation found you are visiting any malicious website then it has the capability to block that website immediately now next is firewall in firewall you can block malicious traffic or let's say allow or block network traffic through a bi-directional stateful firewall which means you can view all the traffic which is coming to your server and going out from your server and basis on your requirement you can block or allow those traffic we can completely harden our server i'll demonstrate this during the policy configuration now next is intrusion prevention intrusion prevention basically examines the alt incoming and outgoing traffic at the packet level searching for protocol deviations policy violations or any content that signals an attack and it detects and blocks known and unknown as well as the zero-day attacks that target vulnerabilities and friends here is a beauty ips can be used for virtual patching virtual patching basically drops traffic attempting to leverage unpatched vulnerabilities in application or the operating system this keeps the server and endpoints protected until relevant patches can be applied friends let me explain you this in with one of the example let's say you have one of the windows server and it's identified as a vulnerable and microsoft has just now released the patches to protect that vulnerability but as per the it industry we cannot directly deploy that patch on the server until unless we complete the uat so in this situation you can protect your those server using train micro intrusion prevention module because without insulin the actual saw patches or software on your windows server trend micro can pass your that particular vulnerability virtually so this is one of the deal breaker component provided by train micro this is very much useful protocol hygiene protocol hygiene basically block traffic based on how it confirms to protocol specifications allow dss to detect packet fragment packet without flags and similar anonymous friends if you don't know about the dsa then that is also we are going to cover this is kind of a agent-less protection from 10 micro dip security now friends integrity monitoring the integrity monitoring module monitors critical operating system and application flights including directories custom files registry keys and values open ports processes and services to provide real-time detection reporting of malicious and unexpected changes and this model will track both authorized and unauthorized changes made on a server instance it has the ability to detect unauthorized changes and with this model you can get all the information which is done on that particular server whether somebody change any of the file permission or whatever is so whatever the rules you are going to configure in this okay you will get information whenever that particular action is performed based on your rule so it will detect and inform you log inspection with the log inspection module collect and analyze operating system and application locks for suspicious behavior security events and administrative events across the data center friends this module optimizes the identification of important security events buried in multiple log entries and suspicious entries or you may say events can be forwarded to sim for correlation purpose now application control this model is my favorite one because this completely lock down your entire operating system so that whatever the software is installed or you may say only approved application can execute or stop specific unwanted software from running how exactly work let me tell you when you deploy application control or let's say when you enable application control on any of the server it's basically scan your entire server and whitelist all the applications which is installed at the time of enabling the application control and once the application control is enabled in prevent mode then from that time onwards train micro blocks all the new application which is getting executed on that particular server so this is very interesting feature okay so we'll test this also now guys let's understand the train micro architecture this is our one of the architecture example and this is my server as you can see right now here is two servers are configured this is in cluster but in your environment you can put it one server or make it in a cluster in cluster also the train macro servers works as active active not the active passive it divides the load between these two servers so bases on your requirement you can decide whether you want to go with the one server or two servers the choice is yours bases on the your environment now next is database train micro support your sql server oracle postgres and cloud rds database so whatever the license you have you can go with that database now next is our deep security manager console so whatever the administrator level tasks you want to perform you can do it from your management console it's a gui based console which can be accessible from the browser and here are the servers on which you can install deep security agent to protect this servers as well as the virtual servers deep security agent is compatible for all the server types as well as the servers which is in clouds including vcloud amazon aws and azure and this is very important guys if you have one of the esxi server environment and have multiple servers so in this situation if you don't want to initial train micro deep security agent on every server due to resource utilization or whatever the reason okay so at that time you can go with the agent lens for that you just have to install one server which is deep security virtual appliance okay and this particular appliance will scan all the servers which is available in the url center or let's say esxi and here is the relay relay plays very important role guys let me tell you the functionality of this relay server when you install deep security server you must require one relay server because this relay server is improving the performance by distributing the task of delivering updates throughout your deep security installation so let's say you have installed mca deep security agent on on these are the machines okay so the definition they are going to receive that is from this particular relay server okay the same the relation is going to distribute all the definition related work so that your end server will get later definition using this relay server and you can configure no multiple release server in your environment or let's say if you have installed deep security agent on this server so you can configure this server as a relay server also that's not a problem you can make any server as a relay server so guys when you install your drip security agent on any of the machine there is one still icon appears on your taskbar okay and when you double click it says notifier which means that particular notifier communicates all the activity which is going on on your server to your deep security manager so this is how that notifier actually works we'll see that in the practical also and now smart protection network this is actually cloud based train micro smart protection network which time to time deliver signature and pattern to your deep security manager and guys this is also one of the very important part smart protection server so friends let's say you are trying to visit one of the url okay so if this is a new url then by default train micro agents go to the cloud okay and check the reputation for that particular file so if you don't want your agent to directly communicate to the uh trend micro smart protection network then you can configure one smart protection server in your environment so that next time you will browse anything or you know you if any of the malicious file found in your network it checked with the definition and if in case that didn't found then it will check reputation using this smart protection server and this smart production server will receive the updates from cloud deep security scanner deep security scanner basically integrates with your sap network platform to identify potential threat in a sap system deep discovery analyzer friends this deep discovery analyzer is a secure virtual environment used to analyze samples submitted by train micro products guys this is a sandbox image okay and it allows observation of file and network behavior in a natural setting without any risk of compromising the network normally what happens nowadays guys so many companies offer the sandboxing in the cloud okay but at that time your data goes to the uh cloud and then sandboxing will happen and then it's come with the result so to minimize the time and if you don't want your file to be go out top the network okay in those situation you can use this particular product so that your sandboxing will happen within the network now control manager friends please note nowadays the name is got change of this control manager to apex central so i forgot to do a correction here but this particular epic center is used to manage your multiple train micro products okay so this is just for the centralized management and now here is our one more point active directory so with the help of active data guys you can create a trust relationship between your endpoints and your management server as well as with the help of ad and you can create ad level authentication using this active directory when integrated with deep security friends now deep security provide 2fa to their user when login with your deep security console so if you want you can configure this also and the third one is saml identity provider simul basically is a single sign-on okay and it establish the trust relationship between two parties and as of now it's provide the support to like active directory which is say adfs octa ping one or shiboleth so guys i hope uh you have understood what are the components are there in deep security and how we can use effectively when deploying in our environment friends that's it in this video i hope you have learned little bit of new with me in train micro deep security and if in case you have any doubt question or queries please feel free to type in the comment box below i'll definitely try to answer all of your questions and if in case you are new to our channel then please don't forget to subscribe so that you will not miss my future video notification as soon as i publish the videos so thanks again this is sohan signing out i'll catch you in the next videos