Today, Traditional Security is InsufficientEmpoweredEmployees & Wikileaks Advanced Targeted Threats De-Perimeterization i.e., Stuxnet, Epsilon, Virtualization, Cloud, Aurora, Mariposa, Zeus, Consumerization & Mobility Sony PlayStation, etc. Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Source: Forrester
The Need for Real-time Risk ManagementSource: Verizon 2011 Data Breach Report 1/3 of infections result in compromise within minutes, but most are not discovered or contained for weeks or months! 3 Copyright 2011 Trend Micro Inc.
Analysts and Influencers Urge Action “Zero-Trust” security model Use of Network Analysis and Visibility Tools “Lean Forward” proactive security strategy Use of Network Threat Monitoring Tools “Real-Time Risk Management” Use of Threat Monitoring Intelligence US Federal Risk Management Framework Calls for “Continuous Monitoring” 4 Copyright 2011 Trend Micro Inc.
Increased IT Security Priority:Vulnerability and Threat Management “Which of the following initiatives are likely to be your firm’s top IT security priorities over the next 12 months?” Since 2008, “Managing vulnerabilities and threats” has moved from #5 to #2 Source: Forrsights Security Survey, Q3 2010 5 Copyright 2011 Trend Micro Inc.
Announcing: Trend Micro Real-Time Threat Management Solutions Network-Wide Actionable Timely Vulnerability Visibility and Control Threat Intelligence Protection Threat Management System Threat Intelligence Vulnerability Mgmt. ServicesDynamic Threat Analysis System Manager Deep Security Virtual Patching Smart Protection Network Intelligence Risk Management Services • Detect, analyze and remediate advanced threats • Investigate incident events and contain their impact • Monitor and optimize security posture • Manage vulnerabilities & proactive virtual patching • Augment security staff & expertise 6 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Management System TMS is a Network Analysis and Visibility solution that provides the real-time visibility, insight, and control to protect your company from advanced persistent attacksNetwork ThreatDetection & DeterrenceAutomated RemediationMalware ForensicAnalysis PlatformMulti-Level ReportingRisk ManagementServices OfferingOver 300 Enterprise & Government Customers WW 7 Copyright 2011 Trend Micro Inc.
TMS: Visibility – Insight – Control Detailed Reports: • Incident Analysis • Executive Summary • Root-cause Analysis Command & Control Server Additional Analysis Threat Confirmed Threat Mitigator • Signature-free clean up • Root-cause analysis APT Communication Detected Threat Discovery Appliance DataCenter APT Implanted Via Web, Email, USB… 8 Copyright 2011 Trend Micro Inc.
TMS + Dynamic Threat Analysis System Integrated malware execution and forensic analysis • Sandbox execution • Malware actions & events • Malicious destinations • C&C Servers contacted • Exportable reports & PCAP files • Backend integration into TMS reporting & MitigatorThreat Discovery Direct File Other Trend Appliance Submission Products 10 Copyright 2011 Trend Micro Inc.
Event Management Customer Pain Points Wide gap between those who know they have a problem, and those who have a solution *SAN Survey Data 2010 Trend Micro Confidential 03/28/13 11 11 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Intelligence ManagerDelivers threat intelligence and impact analysis neededto identify and reduce exposure to advanced threats.Incident Analysis andSecurity PostureMonitoringReal-Time Threat Analysisand Visualization Office Scan Incident DiscoveryProvide ActionableIntelligence for activethreats Threat Discovery Appliance Threat Intelligence Suspicious Network BehaviorVisualize event Managerrelationships in an attack Threat Analysis and Response Deep Security System Integrity Consolidates threat events and uses advanced visualization and intelligence to uncover the hidden threats! 12 Copyright 2011 Trend Micro Inc.
What Threat Intelligence Manager Enables Customers can: • Identify the hidden or advanced threats • Visualize the lifecycle of an attack • Establish custom alerts for tracking future events • Customized reporting and executive reporting • Scorecards for monitoring security posture • Answer key questions: – Are there suspicious events that I am missing from my logs? – Are there outbound active connections from compromised systems? – Are there additional endpoints with similar behaviors as the compromised system? – What systems are involved in the attack, and what steps can I take to defend? 13 Copyright 2011 Trend Micro Inc.
Customizable Dashboard Access and visualization by role and responsibility 14 Copyright 2011 Trend Micro Inc.
Benefits of Trend Micro Real-Time ThreatManagement Solutions Trend expedites containment – helping identify, remediate and protect infiltrated and susceptible systems • Intelligent threat and log analysis • Automated remediation • Virtual patching ContainmentLevel ofDamagefrom APT Discovery If entry successful, Trend shortens the time to discovery – minimizing the risk and damages of actual compromise • Network-level analysis & visibility • Intelligent threat and log analysis • HIPS, virtual patching, Integrity Monitoring Trend minimizes the likelihood of APT intrusion - blocking threat exposure, vulnerability and communication • Smart Protection Network reputation intelligence • Network-level analysis & visibility • Vulnerability scanning & virtual patching Compromise Entry Hours Days / Weeks Weeks / Months Weeks / Months
New Risk Management ServicesAugment stretched IT security staffIncrease IT security responsivenessand expertisePut Trend Micro Threat Researchersand Service Specialists on your team • Proactive monitoring and alerting A complete portfolio • Threat analysis and advisory designed to further reduce • Threat remediation assistance risk exposure and security management costs • Risk posture review and analysis • Strategic security planning 17 Copyright 2011 Trend Micro Inc.
Why Trend Micro? Trend Micro is the only vendor providing integrated real-time protection and risk management against advanced targeted threats. Network-Wide Actionable Timely Vulnerability Visibility and Control Threat Intelligence Protection Threat Management System Threat Intelligence Vulnerability Mgmt. ServicesDynamic Threat Analysis System Manager Deep Security Virtual Patching Smart Protection Network Intelligence Risk Management Services“Trend Micro has always impressed me with its understanding ofwhat its customers are going through and this reiterates it again.” Richard Stiennon, IT-Harvest 18 Copyright 2011 Trend Micro Inc.
Appendix 19 Copyright 2011 Trend Micro Inc.
The Virtual Patching Solution Trend Micro Security Center provides Virtual Patches within Risk Mgt & Compliance hours of vulnerability disclosure • Close window of vulnerability for critical systems and applications •Automated centralized distribution •Protection available: • Protect “unpatchable” systems • Deep Security product module • Meet 30-day PCI patch requirement • With OfficeScan IDF plugin Operational Impact • Reduce patch cycle frequencyAutomatedMonitoring • Avoid ad-hoc patching Application Analysis • Minimize system downtime Filter “Patch” Development Protection Trend Micro Delivery Physical / Virtual / Cloud Endpoints Security Center Servers & Devices 20 Copyright 2011 Trend Micro Inc.
Vulnerability Management System• Vulnerability scanning – Vulnerability scanning of internal and external devices – Patch and configuration recommendations• Web application scanning – Web site crawler to detect application design vulnerabilities like SQL injection and cross-site scripting etc.• PCI compliant scanning – Vulnerability scanning with reports for PCI – Trend is an Approved Scanning Vendor• Policy compliance – Define and track compliance with device security policies• SaaS based management portal – Hosted scans of external devices – On-premise appliance for scanning internal devices managed from SaaS portal – On-demand scan 21 21 Copyright 2011 Trend Micro Inc.
Flavors of “Intelligence” Security Information & Event Management (SIEM): •The collection and advanced analysis of logs/events across all security disciplines into a central platform, for high-level status and event review. Threat Intelligence is: •Threat Intelligence is a complementary technology to SIEM, with greater focus on the “threat space” of security 22 Copyright 2011 Trend Micro Inc.
Advanced Visualization & Impact Analysis Visualize the relationship between cause and effect of each threat event, and fully understand the impact 23 Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use) Results from T+60 test 24 Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network Industry-proven real-world protection *1 ： http://www.nsslabs.com/research/endpoint-security/anti-malware/ *2 ： http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html Note: If multiple products from one vendor were *3 ： http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf evaluated, then vendor’s best performance is listed. (Dec. Test performed for Computer Shopper UK) *4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html 26 Copyright 2011 Trend Micro Inc.
Threat Management PortalInteractive drill-down dashboards• Navigate across corporate groups• Pin-point infected sources• Perform root-cause analysis• Track suspicious user behavior and application usage• Detect leakage of regulated data• Customizable event alarms• Multi-level reporting for managers and executives• Available on-premise or hostedComing 2H 2011• Improved drill down capability• Sandbox analysis workbench 27 Copyright 2011 Trend Micro Inc.
Threat Mitigator Technology:Root-cause and signature-free cleanup Cleanup request received Check forensic logs Locate which process performed malicious activity Remove malware process, file and registry entries Locate and remove parent malware Locate and remove child malware In case of failure, a custom cleanup kit is automatically generated by Trend 28 Copyright 2011 Trend Micro Inc.