Trend Micro Deep Security Multi Factor Authentication

If you’re running the latest version of Trend Micro Deep Security you can now take advantage of a great feature, multi-factor authentication (MFA). This is also known as two factor authentication (2FA).

Why is this a good thing? Well these days it’s rare that a week goes by without us hearing about another company being breached and having their password database dumped on the Internet. There is increasing understanding that more than one authentication factor is required to enhance security.

What sort of factors can we have for MFA? Well usually we consider there to be 3 –

  • Something you know – e.g a password
  • Something you have – e.g a phone
  • Something you are – e.g a retinal scan

The idea of MFA is to combine factors such that the exposure of one does not compromise the protected system.

Configure MFA

The first step is to logon to the Deep Security management console and browse to the ‘Users’ menu. This is found under Administration –> User Management.

Deep Security User Management Users

 

In my example there are only two users – the default MasterAdmin account and another account named ‘ab’. This is the account I will configure for MFA. To do this we open the ‘Properties’ menu for the account, at the bottom of the pop-up window is a button to enable MFA.

Deep Security User Properties

 

A new wizard window will open, as it states you will need to have an MFA application either on a mobile device or PC. Typically a user will install something like Google Authenticator on their phone. In this way logons require the users password and that they have the mobile phone with it’s code. This is where we get our multiple factors – something we know (the password) and something we have (the phone). In this way a malicious threat actor requires both the password and the phone to gain access to the system.

Enable Multi-Factor Authentication Wizard

 

The first step is to either scan the QR code displayed on the screen with the MFA application or to enter the secret key code manually. Again typically the user will do this via their phones camera through the MFA application.

Enable Multi-Factor Authentication Wizard

Enable Multi-Factor Authentication Wizard

 

Once we have the MFA application configured clicking next will present us with a prompt to enter an authentication code  from the app. The reason the system asks this is to ensure the MFA app is synchronised correctly and that our code works.

Enable Multi-Factor Authentication Wizard

 

Assuming that everything is synchronised and the code was accepted the wizard will indicate the successful configuration of MFA for this account.

Enable Multi-Factor Authentication Wizard

 

OK so we’ve setup the account, now let’s take a look at the logon prompt for Deep Security. As you can see there is a tick box option to enable the MFA box.

Deep Security Logon Prompt with MFA

 

I can then check my MFA app, in this case Google Authenticator for the current code.

Google Authenticator

 

Assuming all is good I am granted access. If we take another look at the ‘Users’ menu the system provides a column that shows which users have MFA enabled.

Deep Security User Management Users

 

Removing MFA

If you want to remove MFA from a user account it’s a simple process of opening that users Properties window and clicking the ‘Disable MFA…’ button.

Disable MFA

Disable MFA

 


 

Hopefully this is useful to you – I think this is a fantastic addition to the Trend Micro Deep Security product, I’m really hopeful they will extend this to other products in the Trend line-up. I would very much like to see other suppliers offer similar native functionality, I dream of the day Microsoft Active Directory and Microsoft operating systems have this as a native feature without requiring third party software and plugins.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.