Your SlideShare is downloading. ×

Trend Micro - Targeted attacks: Have you found yours?

516

Published on

Andy Dancer, CTO EMEA Trend Micro spoke at the CIO Event (dot) com

Andy Dancer, CTO EMEA Trend Micro spoke at the CIO Event (dot) com

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
516
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Traditional Security works against Traditional Threats. It’s not designed to cope with Targeted attacks. Partly because they are unique and so harder to spot. Partly because charges in how we are using IT such as cloud and mobile make the perimeter less effective than it used to be.
  • But… Don’t throw the baby out with the bath water! Spotting a targeted attack on your network is like finding a needle in a haystack. The way to do it isn’t to start with the biggest haystack possible and throw in lots of pins that look very like needles to confuse the situation. It’s all about filtering. Eliminate standard threats as close to source as you can to make it easier to spot the really clever stuff.
  • Deep Discovery specialized threat detection focuses on 3 key areas to discovery attacks during every phase of activity Malicious Content (steps 2,3): Deep Discovery detects zero-day and advanced malware – including document exploits and drive-by downloads – used during the initial compromise or later C&C downloadsSuspect Communications (step 3):Deep Discovery detects the C&C communications used by modern malware, as well as backdoor manipulations by remote attackers Attack Behavior (steps 4,5,6): Deep Discovery detects both malware and hacker network behaviors that indicate propagation, scanning, irregular activity, and suspect data access and transmission  Today you hear of products that find malware by sandboxing executables or detecting some botnet traffic, but only Deep Discovery indentifies the malicious content, communications and behaviors of malware and human attacker activity across all phases of the attack cycle.
  • We need a switch of mental approach
  • Centralized management of all deployed Deep Discovery units provides consolidated threat management and enhanced analysis and reportingin a single console.Centralized Visibility and Reporting over multiple instances of Deep DiscoveryEnhanced Threat Investigation and Visualization capabilitiesHighly Customizable Dashboard, Reports & AlertsContext-based Risk Assessment by enriching events with location and asset severity information
  • This one shows which bits like to what – need to keep either this one or the previous one but not both.
  • Can we get this one drawn into the same style as the rest of the deck please. It links to the section of slide 18 that I’ve copied off to the right of the slide. If we can show that linkage that would be great 
  • Transcript

    • 1. Targeted Attacks| Have you found yours?Andy DancerCTO EMEA
    • 2. Traditional Security is Insufficient Advanced Empowered Elastic Persistent Threats Employees PerimeterTrend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Copyright 2012 Trend Micro Inc.
    • 3. Copyright 2012 Trend Micro Inc. 3
    • 4. Custom Attacks • Today’s most dangerous attacks are those targeted 01010010 directly and specifically 100101001 10001100 at an organization — 00101110 1010101 its people, its systems, its vulnerabilities, its data.10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 4
    • 5. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 5
    • 6. APT Activity Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, tool downloads. • Data exfiltration communication
    • 7. Switch of mental approach• Terrorist Paradox • Advanced Threats – We have to win all the – Many steps have to time to defend execute in turn to steal – They only have to get it my data right once to win – I only need to spot one step to thwart them Copyright 2012 Trend Micro Inc. 7
    • 8. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Attack Analysis & Intelligence10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 8
    • 9. Automated Analysis Bandwidth Live Cloud Lookup Advanced Heuristics ThreatIntelligence Sandbox Analysis Focused Manual Investigation Output to SIEM Copyright 2012 Trend Micro Inc. 9
    • 10. Deep Discovery Advisor Threat Intelligence Center• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events• Integrated Threat Connect Intelligence included in analysis results• Enhanced Threat Investigation and Visualization capabilities• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence
    • 11. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Adaptive Security Updates Containment & Remediation Attack Analysis & Intelligence10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 11
    • 12. The Custom Defense Specialized Threat Deep analysis Custom security Context-relevant Detection at network based on custom blacklists & views & intel guide and protection sandboxing and signatures block rapid remediation points relevant global intel further attack response10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 12
    • 13. The Custom Defense In Action Advanced Email Protection InterScan Messaging Security or ScanMail Anti-spam Threat Threat Security Analyzer Intelligence Update Anti-phishing Center Server Web Reputation Deep Discovery Advisor Anti-malware • Blocking of targeted spear phishing emails and document exploits via Advanced Threat Detection custom sandboxing • Central analysis of detections • Automated updates of malicious quarantine IP/Domains • Search & Destroy function10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 13
    • 14. So what does that look like in context? Outer Perimeter Valuable Server Inner Perimeters Valuable Server Endpoint Valuable Server Endpoint
    • 15. Deep Discovery Simulate Analyze Out of band network data feed of all Correlatenetwork traffic Detect Malicious Content and Communication Identify Attack Behaviour & Reduce False Positives Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence
    • 16. DeepSecurityInner Perimeter for valuable assets Deep Packet Inspection Firewall Security Anti-Virus VM VM VM VM VM VM Log Inspection Hypervisor Integrity Monitoring
    • 17. Thanks for listening......any questions? Confidential | Copyright 2012 Trend Micro Inc.

    ×