Founded in 1988, Trend Micro is a global leader in corporate server and cloud security, and delivers proven cloud security solutions for protecting AWS-hosted applications and servers. The company's cloud security offerings for protecting instances, OS, data and applications complement the inherent security of AWS and fit within the shared responsibility model of AWS. Trend Micro offers its solutions as software on AWS Marketplace and through existing channels, as well as software as a service hosted on AWS. The company works with thousands of companies across a number of verticals, including government, financial services, and healthcare organizations. Trend Micro is an Advanced Technology Partner in the AWS Partner Network (APN), and has been an APN Partner since 2012. The company is also an AWS Security Competency Partner.
“The main driver to extend to the AWS cloud was our customer base,” explains Mark Nunnikhoven, Vice President of Cloud and Emerging Technologies at Trend Micro. Similar to AWS, Trend Micro focuses on what its customers tell the company is important. Customer feedback drives much of its roadmap development. As Trend Micro developed, launched, and continued to iterate its Deep Security product (a centralized security control management platform) in traditional server deployments and in private cloud virtual stacks, the benefits of moving to AWS became an increasingly prevalent discussion point in conversations with customers.
Nunnikhoven explains, “Our customers began moving onto the AWS platform, and we wanted to help them fight through the FUD to understand the security benefits of the AWS cloud. More importantly, we wanted to show our customers that we were walking the walk by deploying a Deep Security solution on AWS. We wanted to demonstrate to our customers, and to the industry, that it is easy to deploy a very secure service on AWS; in fact, it’s easy to beat your existing security performance by working with AWS.” Hoping to leverage the speed, flexibility, cost-savings and automation benefits of AWS, Trend Micro decided to build a Deep Security as a Service offering for customers in conjunction with Version 9 of its core Deep Security platform.
Trend Micro evaluated the maturity in the cloud computing market, and chose to deploy its Deep Security as a Service offering entirely on the AWS platform. “AWS very much defines the public cloud space,” says Nunnikhoven. The Trend Micro team began with an internal analysis to ensure the team could design a service on AWS in the way they wanted, to leverage AWS in the best manner possible for its customer base and to meet its stringent internal security requirements. The company then worked closely with internal AWS teams after a proof of concept was in place. Nunnikhoven explained that internal AWS technical resources provided the Trend Micro team with technical guidance, as well as the clarity and reassurance that the team was going down the right technical path.
In order to develop a service that could be managed efficiently and could provide customers with a scalable, cost-effective, and reliable service, Trend Micro designed its Deep Security as a Service offering by utilizing the following AWS products and services:
- Amazon Elastic Compute Cloud (Amazon EC2) to manage Agents (which live on a customer’s Amazon EC2 instance and apply security controls to the operating system in that instance), and to run auto scaling groups
- Amazon Elastic Load Balancer (Amazon ELB) to manage the high number of concurrent connections in their customer environments
- Auto Scaling groups running Amazon Linux
- Amazon Relational Database Service (Amazon RDS) running Multi-AZ series of Oracle RDS instances
- Amazon Route 53, to assign DNS names through the API for test environments
- Amazon Simple Storage Service (Amazon S3) for binary configurations
- AWS Trusted Advisor, for configuration recommendations and checks
- AWS Premium Support, for technical assistance
The solution Trend Micro designed has been very successful for the company and for its customers. In particular, Nunnikhoven highlighted the success Trend Micro has had in using Amazon RDS. All of the data that Trend Micro stores and its protection configurations are in Amazon RDS. The biggest benefit in utilizing Amazon RDS with multi-AZ availability, Nunnikhoven explains, is the backup capability. While, in almost two years of running the service, the company has never had the need to require a restore for production loads, the team constantly runs fire drills to ensure they can restore the service if an event so requires. On Amazon RDS, they can restore a backup in conjunction with production, verify that the backup is restored correctly, and then flip over to the backup with very little to no downtime. “To have that level of assurance for us is amazing,” says Nunnikhoven. “Data protection is at the core of what we do. AWS allows us to not lose sleep over that. We know the data is safe, and that we’ve taken every level of precaution that we can. Further, we know we have a constant level of restore. If needed, we could restore the service at a specific point in time, within an hour. That’s just not possible with a traditional data center.”
One of the big advantages in developing the service on AWS in concert with the core product was that Trend Micro was able to spin up new test environments and run significantly more complicated test cases throughout its development process that weren’t feasible on its own infrastructure. This allowed the company to improve the quality of its code, having caught more than 40 performance and complex stability issues in addition to standard QA testing. Having AWS integrated in the backend of the development process allowed the company to improve not only the end product for customers before it launched live, but has helped improve its own development cycle. According to Nunnikhoven, the company now has much stronger test and Q & A controls in place because of the visibility working with the solution on AWS affords the product team. “We’re understanding how things work at scale and the different challenges faced inside and out, because we have better visibility into how the service is behaving. This is something we could have never pulled off on our own, without the help of AWS,” Nunnikhoven explains.
Trend Micro has experienced a 2.5 percent growth in their customer base every week since launching the service on AWS in 2013, and has provided millions of protection hours for customers. Of the 2.5 percent growth, about one half comes from AWS Test Drive, which provides Trend Micro with an efficient platform to introduce customers to the solution through a hands-on experience. Nunnikhoven explains that AWS Test Drive allows the company to explain the value and benefits of Deep Security to customers in an educational manner. Customers, he says, “quickly understand how the solution provides value to their main business focuses.”
The team has also experienced a significantly reduced time for product updates and time to deployment for customers. Since launching Deep Security as a Service and having integrated AWS in the backend of the development process, the team has been able to expand platform support across over 1600 different kernels supported across Windows and 7 different Linux distributions. The normal time for updates has gone from weeks, on average, to around one to two days. Trend Micro can also stand up the solution in a much shorter timeframe for its customers on AWS. Within 10 minutes, the team can have the solution up and running, a huge benefit for customers and for those initially exploring Deep Security as a proof of concept.
Finally, both Nunnikhoven and Partha Panda, VP of Strategy/Business Development for Trend Micro, discussed the great experience Trend Micro has had working with the APN team and with the AWS field teams. “It’s been phenomenal working with AWS, in particular the AWS field teams who have been very easy to work with,” says Panda. Nunnikhoven highlighted the business opportunities being an APN Partner has opened up to Trend Micro, such as involvement in the AWS Test Drive program and involvement in the AWS Activate program.
As a large AWS Customer in their own right, Nunnikhoven said that Trend Micro plans to continue to move the majority of its internal workloads to AWS, as the cost benefits and the flexibility of the AWS platform are significant for the company. As an APN Partner, one can expect to see Trend Micro continue to innovate and transform the Security as a Service space, according to Panda: “AWS is leading edge, and is constantly pushing the envelope. Our customers are asking us to do the same, and we’ll continue to develop and launch new services that provide our customers with innovative security solutions for their AWS deployments.”
For more information about Trend Micro, please see the company's listing in the AWS Partner Directory.