Custom defense  - Blake final
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Custom defense - Blake final

on

  • 593 views

Trend Micro Direction Executive Summit 2013, Seoul Korea. Custom defense - Blake final.

Trend Micro Direction Executive Summit 2013, Seoul Korea. Custom defense - Blake final.

Statistics

Views

Total Views
593
Views on SlideShare
538
Embed Views
55

Actions

Likes
0
Downloads
2
Comments
0

3 Embeds 55

http://127.0.0.1 41
http://mcle8.tk 10
http://mcle8.wordpress.com 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Custom defense - Blake final Presentation Transcript

  • 1. Blake Sutherland Global Field Enablement Custom Defense in the Age of Consumerization, Cloud and new Cyber Threats 7/4/2013 Confidential | Copyright 2012 Trend Micro Inc.
  • 2. Consumerization Cloud & Virtualization Employees IT Cyber Threats Attacker Data Center Physical Virtual Private Cloud Public Cloud
  • 3. » 90% of breaches first discovered by a third party — Verizon 2012 Targeted Attacks – The New Norm
  • 4. The South Korean Cyber Front • Repeated high-profile attacks on government and business • Risk prevention focus across government and industry • Latest attack cripples parts of banking and media industries…
  • 5. The Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
  • 6. Analysts and Influencers Urge Action — Adoption of Advanced Threat Detection "You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc. "Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs." Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group "We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc.
  • 7. Custom Defense Network Admin Security Network-wide Detection Threat Intelligence Threat Tools and Services Custom Sandboxes Advanced Threat Analysis Automated Security Updates
  • 8. Custom Defense Network-wide Detection Threat Intelligence Threat Tools and Services Custom Sandboxes Detect malware, communications and behavior invisible to standard defenses Analyze the risk and characteristics of the attack and attacker Adapt security automatically (IP black lists, custom signatures…) Respond using the insight needed to respond to your specific attackers Enabling a Complete Lifecycle Advanced Threat Analysis Automated Security Updates Network Admin Security
  • 9. Example Scenarios • ScanMail integration • InterScan email &web integration • All products through Command and Control Central Alerting and SPN • API integration with: – Gateways – Network Access Controls • Syslog integration with Security Information and Event Management Systems (SIEMs) • Detect the malware and adapt the defense • Capture the forensic evidence • Remediate the client • Automate with low user impact • In a VDI environment Trend Micro integration Simple 3rd party integration Sophisticated, multi- vendor product and process integration
  • 10. Custom Sandbox ? Employees ? Custom Defense Solution ✓ Trend Micro email security products ScanMail InterScan Messaging Trend Micro Integration
  • 11. Custom Sandbox ? ? Custom Defense Solution X Trend Micro email security products ScanMail InterScan Messaging Employees Trend Micro Integration
  • 12. The email was flagged as suspicious and sandbox analysis identified malicious activity being performed by a Trojan downloader. Deep Discovery Detection & Analysis
  • 13. Virtual Analysis Details The virtual analysis provided insight into the actions of the Trojan downloader such as C&C connections and details on 2nd stage components downloaded. The intel allowed IT to respond immediately. The heuristic detections provided visibility into the individuals that were targeted by the initial threat, while the virtual analysis provided the intelligence to respond through the various controls such as firewall and web gateway C&C blocking.
  • 14. Threat Connect Intelligence 1 Threat Connect provided all Trend Micro intelligence on the systems participating in this attack and their relationship to various domains, files, URLs and malware families. With this intel all variants and sources of the attack are identified and can be blocked
  • 15. 3rd Party Integration
  • 16. Quarantine VLAN Production VLAN 3rd Party Integration
  • 17. 3rd Party Integration
  • 18. Incident Response Architecture
  • 19. Demo
  • 20. Automated Incident Response
  • 21. What Sets this Solution Apart? • Detection of non-Windows malware (i.e. mobile and Mac) • Only solution with multiple customer- defined sandboxes • Only solution with advanced threat detection and global threat intelligence • Lowest TCO: Single appliance monitors across multiple ports and 80+ protocols • Only solution that enables the full lifecycle, with custom security updates to endpoints/gateways – Provides automatic protection – Current industry stops at analysis Best New Product
  • 22. Q & A and Additional Resources • Web content: – Combating APTs – Deep Discovery – Security Intelligence Threat Research – Infographic: Targetted Attacks Via Employee Inboxes • Whitepapers: – Detecting APT Activity with Network Traffice Analysis – Typical Targeted Attack Entry Points – APT Primer: Detecting the Enemy Inside the Network • Analyst reports: – Gartner: How to Mitigate APTs – Enterprise Strategy Group: New Demands for Real-time Risk Management • Success Stories: – Motel 6, Manufacturing Case Study and many more • More Videos: – How Deep Discovery Works, IT Harvest Interview • Submit threats for analysis: – http://analyzethat.trendmicro.com/
  • 23. Thank You!