[Trend Micro] Differences between Deep Security as a Service (SaaS version) and Deep Security (license version) [Security]

This is Ohara from the Technical Sales Department

Trend Micro's comprehensive server security service,"Deep Security."is about

a SaaS version called"Deep Security as a Service (hereinafter DSaaS)"and
a packaged version called"Deep Security."comes in two versions:
This explanation will detail the differences between their service models.

Please note that while Deep Security, which we handle, is offered as a DSaaS service,
such as AWS, Azure, and GCP marketplaces it can be purchased and implemented through

 Differences from DeepSecurity (package version)

One major difference between DSaaS and Deep Security (packaged version) is
customers to own or build their own management server (DSM) for Deep Security
that DSaaS has the advantage of not requiring

■ DSaaS (SaaS version)

- Customers do not need to build or operate their own management server.
- Deployment is possible on a per-seat (per OS) basis.
- The monthly billing service model supports small-scale starts.

■ Deep Security (package version)

• Customers can build their own management servers, allowing for customization.
• Two types of modules are available, enabling agentless security in a virtualized environment.
• Depending on the requirements, the packaged version may be cheaper (however, operation of a management server is required).

Key points for building DSaaS

Since DSaaS is a SaaS-type security service,
such as the requirement to ensure an internet connection
it has some system requirements that differ from Deep Security (packaged version),

■ The server on which the Deep Security Agent (DSA) is installed
must be configured to allow access to the DSaaS Management Manager.

〇 agents.deepsecurity.trendmicro.com:443
〇 relay.deepsecurity.trendmicro.com:443
*Details:http://esupport.trendmicro.com/solution/ja-JP/1104586.aspx

■ When using a proxy server, only Basic authentication is available.
Digest authentication and NTLM authentication are not supported.

■ On the server where DSA is installed,
a temporary network disconnection or
if the OS network driver is locked by another program may require an OS restart.

DSaaS system configuration

■ Ports that must be free

○ Smart scan connection from DSA to Global Smart Protection service: Port 443
○ Communication between DSM/DSR and DSA (one-way communication from DSA to DSM): Port 443
○ Communication between DSM/DSR and DSA (one-way or two-way communication from DSM to DSA): Ports 443 and 4118

■ Ports to open as needed

○ Web reputation connection from DSA to Global Smart Protection service: Port 80
○ Notification email sending from DSM: Port 25
○ Syslog sending from DSM/DSA: Port 514 (UDP)
○ DNS queries between DSM/DSR and DSA: Port 53

summary

Since DSaaS is a SaaS model,
it can be stopped immediately when the license is no longer needed, and
there are no minimum usage period restrictions for the license.

If you want to easily enhance server security and reduce the operational burden,
DSaaS has the advantage.

"Deep Security as a Service,"For inquiries regarding license implementation and initial setup of
please Beyond contact

>>>【For inquiries click here】<<<