This month's article is about Trend Micro's Deep Security, a comprehensive server security service.
There are two types of Deep Security: the SaaS version, Deep Security as a Service (DSaaS), and the packaged version, Deep Security.
It is important to understand the differences between the SaaS version, Deep Security as a Service (DSaaS), and the packaged version, Deep Security.
In the following section, we discuss how they differ.
The Deep Security that we handle is a DSaaS service system, and it can be used with AWS, Azure, and GCP by purchasing and deploying them from the marketplace of those vendors.
Differences from DeepSecurity (packaged version)
The major difference between DSaaS and Deep Security (packaged version) is that customers do not need to build their own management server ("DSM") for Deep Security.
■DSaaS (SaaS version)
No need for customers to build and operate their own management server.
Can be deployed in 1-seat (1 OS) units.
The monthly fee-based service system can support small startups.
■Deep Security (packaged version)
Customization is possible because customers can build their own managed servers.
Two types of modules are available, and agent-less security can be provided in a virtualized environment.
Depending on conditions, the package version may be less expensive. (However, management server operation is required.)
Key Points for Building DSaaS
DSaaS is a SaaS-type security service which can be different in system requirements from those of Deep Security (packaged version), such as the need to secure a connection to the Internet side.
■ The server on which the Deep Security Agent ("DSA") is installed must be configured to have access to the DSaaS Administration Manager.
For details, visit: https://helpcenter.trendmicro.com/en-us/
■ Only Basic authentication can be used for authentication when going through a proxy server. Digest and NTLM authentication are not supported.
■On the server where DSA is installed
If the network is temporarily disconnected or the OS network driver is locked by another program, it may be necessary to restart the OS.
System configuration for DSaaS
■There should be open ports availablethat should be available
・Smart Scan connection from DSA to Global Smart Protection service: port 443
・Communication between DSM / DSR and DSA (for one-way communication from DSA to DSM): port 443
・Communication between DSM / DSR and DSA (for DSM to DSA one-way or two-way communication): ports 443 and 4118
■ Ports to open if necessary
・Web reputation connection from DSA to Global Smart Protection service: port 80
・Sending notification emails from DSM: port 25
・Syslog transmission from DSM / DSA: port 514 (UDP)
・DNS queries between DSM / DSR and DSA: port: 53
Since DSaaS is SaaS-based, the license can be stopped as soon as it is no longer needed, and there is no minimum license term.
DSaaS has the advantages if you are looking for an easy way to enhance server security and reduce operational burden.
If you are interested in a "Deep Security as a Service" license and initial setup, please contact us at Beyond GTA for more information about Deep Security as a Service licensing and initial setup!