[Trend Micro] Difference between Deep Security as a Service (SaaS version) and Deep Security (licensed version) [Security]
table of contents
This is Ohara from the technical sales department.
is about Trend Micro's comprehensive server security service ``Deep Security.''
There are two types of
Deep Security: the SaaS version "Deep Security as a Service (hereinafter referred to as DSaaS)" and
the package version "Deep Security" we will explain the differences between each service system.
The Deep Security we handle DSaaS service system,
it can be purchased and installed on marketplaces such as AWS, Azure, and GCP
Differences with DeepSecurity (packaged version)
The major difference between DSaaS and Deep Security (packaged version)
is that the customer does not have to own or construct a management server (DSM) for Deep Security on
■ DSaaS (SaaS version)
- There is no need for the customer to build and operate a management server.
- Can be installed in units of 1 seat (1 OS).
・We can support small starts with a monthly billing service system.
■ Deep Security (packaged version)
・Customization is possible because customers can build their own management server.
- There are two types of modules available, and agentless security can be provided in virtualized environments.
・Depending on the conditions, the packaged version may be cheaper. (However, operation of the management server is required)
Key points for building DSaaS
DSaaS is a SaaS-type security service, so
some system requirements differ from Deep Security (packaged version), such as the need to secure a connection to the Internet
■ Settings that allow access to the DSaaS management manager from the server where the Deep Security Agent (DSA) will be installed
are required.
〇 agents.deepsecurity.trendmicro.com:443
〇 relay.deepsecurity.trendmicro.com:443
* Details: http://esupport.trendmicro.com/solution/ja-JP/1104586.aspx
■ Only Basic authentication can be used for authentication when going through a proxy server.
Digest authentication and NTLM authentication are not supported.
the network is temporarily disconnected or the OS network driver
is locked by another program on the server where DSA is installed,
DSaaS system configuration
■ Ports that must be free
〇 Smart scan connection from DSA to Global Smart Protection service: Port 443
〇 Communication between DSM / DSR and DSA (for one-way communication from DSA to DSM): Port 443
〇 Communication between DSM / DSR and DSA (from DSM to DSA) For one-way or two-way communication): Port 443/4118
■ Ports that can be opened as needed
〇 Web reputation connection from DSA to Global Smart Protection service: Port 80
〇 Sending notification email from DSM: Port 25
〇 Sending Syslog from DSM/DSA: Port 514 (UDP)
〇 DNS query between DSM/DSR and DSA: Port :53
summary
Since DSaaS is a SaaS type,
you can stop the license as soon as it is no longer needed, and
there is no minimum usage period for the license.
If you want to easily strengthen server security or reduce the operational load,
we believe that DSaaS has an advantage.
If you have any requests for license installation or initial settings for
“Deep Security as a Service,” please contact Beyond
>>>[Click here for inquiries]<<<