Save & ShareProtection Modules
Deep Security is a comprehensive server security platform designed to protect dynamic data centers comprising physical, virtual, and cloud servers and virtual desktops. One or more of the following protection modules can be deployed to the server or virtual machine in a single Deep Security Agent. The Deep Security Agent is unified across physical and virtual environments. Anti-malware, firewall, IDS/IPS, web application protection, application control and integrity monitoring can be deployed in an agentless configuration using the Deep Security Virtual Appliance.
- Anti-malware
- Integrity Monitoring
- Intrusion Detection and Prevention
- Web Application Protection
- Application Control
- Firewall
- Log Inspection
The table below outlines key datacenter security requirements and the specific Deep Security modules used to address them.
Deep Security Modules |
|||||||
| Datacenter Requirement |
IDS/IPS | Web App Protection |
Application Control |
Firewall | Integrity Monitoring |
Log Inspection |
malware |
| Server Protection |
 |
|
|
 |
|
||
| Web Application Security |
|
|
|
|
|||
| Virtualization Security |
|
|
|
|
|
|
|
| Suspicious Behavior Detection |
|
|
|
|
|
||
| Virtual Machine Isolation |
|
||||||
| Cloud Computing Security |
|
|
|
|
|
|
|
| Compliance Reporting |
|
|
|
|
|
|
|
| Agent based |
|
|
|
|
|
|
|
| Virtual Appliance |
|
|
|
|
|
|
|
= Essential = Advantageous
Anti-malware
Deep Security integrates new VMware vShield Endpoint APIs to provide agentless anti-malware protection against viruses, spyware, Trojans, and other malware for VMware virtual machines with zero in-guest footprint. Designed to optimize security operations, this module helps avoid security brown-outs commonly seen in full system scans and pattern updates. By isolating malware from anti-malware, agentless anti-malware tamper-proofs security from sophisticated attacks.
Deep Security also provides agent-based anti-malware to protect physical servers, Hyper-V and Xen-based virtual servers, public cloud servers as well as virtual desktops in local mode. Coordinated protection with both agentless and agent-based form factors provides adaptive security to defend virtual servers as they move between the data center and public cloud. The solution leverages the web reputation capabilities of one of the largest domain-reputation databases in the world to protect systems from accessing compromised websites.
Integrity Monitoring Protection
This module monitors critical operating system and application files (files, directories, registry keys and values, etc.) to detect malicious and unexpected changes. An agentless configuration allows organizations to add greater security to virtual machines without any additional footprint. This functionality also protects the hypervisor from exploits with innovative new hypervisor integrity monitoring technology.
Key features and benefits include:
- Real-time, on-demand, or scheduled detection of change
- Extensive file property checking, including attributes (PCI 10.5.5)
- Monitor specific directories, file system modifications, and new file creations
- Monitors hypervisor integrity using Intel TPM/TXT technology
- Event tagging automatically replicates actions for similar events
- Cloud-based whitelisting reduces the number of known good events in the log
- Flexible, practical monitoring through includes/excludes
- Auditable reports
Intrusion Detection and Prevention (IDS/IPS)
By shielding vulnerabilities in operating systems and enterprise applications until they can be patched, Intrusion detection and prevention helps enterprises achieve timely protection against known and zero-day attacks. Vulnerability rules shield a known vulnerability—for example those disclosed monthly by Microsoft—from an unlimited number of exploits. Deep Security includes out-of-the-box vulnerability protection for over 100 applications, including database, web, email and FTP servers. Rules that shield newly discovered vulnerabilities are automatically delivered within hours, and can be pushed out to thousands of servers in minutes, without a system reboot. Learn more about vulnerability gaps.
Web Application Protection
Deep Security enables compliance with PCI Requirement 6.6 for the protection of web applications and the data that they process. Web application protection rules defend against SQL injections attacks, cross-site scripting attacks and other web application vulnerabilities, and shield these vulnerabilities until code fixes can be completed.
Application Control
Application control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability exposure of your servers.
Firewall Protection
The bi-directional stateful firewall provides centralized management of server firewall policy, and includes pre-defined templates for common enterprise server types.
Key features and benefits include:
- Virtual machine zoning
- Fine-grained filtering (IP & MAC addresses, Ports)
- Coverage of all IP-based protocols (TCP, UDP, ICMP, …)
- Coverage of all frame types (IP, ARP, …)
- Prevents Denial of Service (DoS) attacks
- Design policies per network interface
- Detection of reconnaissance scans
Log Inspection Protection Module
This module collects and analyzes operating system and application logs for security events. Log Inspection rules optimize the identification of important security events buried in multiple log entries. These events are forwarded to a security information and event management (SIEM) system or centralized logging server for correlation, reporting and archiving. This module leverages and enhances open-source software available at OSSEC.
Key features and benefits include:
- Suspicious behavior detection
- Collection of security-related administrative actions
- Optimized collection of security events across your datacenter
- Advanced rule creation using OSSEC rule syntax
