Let‘S really be careful, not to fall into the APT trap. APT nowadays is a new name for malware – and is used by every company to sell their old stuff under a new name.In attacks like the Sony data exfiltration last year, a server was hacked and the traffic forked to a third party – malware was not involved at all! But the attacker had skills and know what he was looking for. So it was a targeted attack, the term I prefer to describe tehse kind of attacks!
Targeted attack via E-Mail, the attachment had executable code in it, the malware gets full admin access onto the system, transfers the data out and replicates.
Cloud computing is revolutionizing the way businesses and people consume, share and use digital information, making access to information and computing power easier, faster and more affordable for people everywhere. Businesses are moving to the cloud to save money, increase flexibility and operational efficiency, and to enable access to data, anytime, anywhere, from any device. The catch, of course, is taking advantage of everything the cloud has to offer while maintaining control over all the data. Migrating to the cloud is a process, and everyone’s journey to the cloud is unique. Trend Micro is the perfect partner for those wanting to take this journey from physical to virtual to cloud because Trend Micro is a leader in cloud security and we provide protection every step of the way. Trend Micro provides real-time protection for your data wherever it resides – on premise, virtually, and in the cloud—from Trend Micro™ Smart Protection Network™ to our leading server security and extensive data protection and encryption technologies. From the endpoint to the cloud and everywhere in between, Trend Micro is securing your journey.
So, what can enterprises do to actually benefit from Consumerization and make it work to their advantage? Well, the first thing Trend suggests is to accept the fact that consumerization is happening. It can’t be stopped - and it doesn’t make sense to try. You can embrace Consumerization in order to unlock its full business potential.So how do you go about it?Trend Micro recommends a three-step approach to embrace consumerization: 1--Have a plan. Take a strategic approach to Consumerization. IT cannot do this in a vacuum: engage your lines of business owners (marketing, sales, HR, product development), involve your early adopters in the company, ask them what they use, what they like, and what they find most useful to support their work activities. Pull from their consumer experience rather than push your IT perspective onto them.2--Say yes…but not to everything…and not to everyone. Develop a set of policies that clearly define which technologies are fully supported vesus tolerated or prohibited. Profile your internal users based on their role, line of business and location. Then map technologies to user profiles and define an Service Level Agreement (SLA) for each intersection. 3--Put the right infrastructure into place. Deploy enterprise-grade tools and infrastructure specifically designed to secure and manage consumer technology in the enterprise. No single vendor can provide one solution that covers all functional requirements across all platforms. And several vendors from adjacent product segments offer overlapping core functionality. For a start, you will probably have to look at security vendors for Internet content security, mobile anti-malware and mobile data protection. And look to Mobile Device Management vendors for system provisioning and application management. And to Telecom Expense Management solutions for procurement, support and cost control of voice and data services.Additional resources:Go to Trend Micro Global Sales Toolkit (GST) for access to the internal-only Gartner reports on mobile data protection and mobile device management: http://sales.trendmicro.com/pr/tm/en-us/assets/view-document.aspx?rid=139894Trend Micro Mobile Security (TMMS) assets on GST:http://sales.trendmicro.com/pr/tm/en-us/assets/home.aspx?s21574=20::25189
Here we’ll show you how the encryption key process actually works. Again we have the key server deployed as either a SaaS or on-site deployment. [click]And for this example, we’ll use a cloud service provider environment, although, as we mentioned before, this can also apply to data stored in virtual machines or a private cloud. [click]The process starts with a virtual machine application that wants to access the encrypted data. The application will make a key request to the key server. Note the arrow goes both ways. The VM application makes the request, the key server then uses identity- and integrity-based rules to validate the server. Only if the server passes these validation tests will a key be released. And additional policy-based rules can be applied to ensure that the data is only accessed when and where the business specifies. This helps to support internal governance and compliance requirements.[click]If all of these rules are met, the virtual machine application housed by the service provider can access and decrypt the data stored by the service provider. Again the arrow goes both ways. The key is delivered to the storage volume and the data is released to the application.
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, AWS Summit 2012 - NYC
Securing your Journey to the Cloud John Maddison GM Data Center Business Unit April 20124/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 1
Trend Micro A global cloud security leader that creates a world safe for businesses and consumers exchanging digital information, through content security and threat management EVA CHENCEO and Co-Founder Founded $1 Billion Annual Revenue / VISION United States $1.7 Billion Total Assets in 1988 A world safe for exchanging Headquarters #1 in Server Security digital information Tokyo, Japan Employees 4,846 #1 in Virtualization MISSION Innovate to Market Security provide the best Content Security and content security Threat Management 1000+ Threat Experts that fits into the IT infrastructure Locations #1 in Cloud Security 28 Offices Worldwide
Trend Micro is the Largest Independent Security Company Trend Micro Global 500 Penetration • • 10 of the top 10 Automotive companies • 10 of the top 10 Telecom companies • 8 of the top 10 Banks • 9 of the top 10 Oil companies Trust Trend Micro security solutions* Trend Micro Trend Micro Trend Micro Trend Micro Trend Micro protects protects protects protects protects 96% of the top 50 100% of the top 100% of the top 80% of the top 90% of the top global 10 automotive 10 telecom 10 banks. 10 oil companies. corporations. companies. companies. * In calculating the above data, the percentage use of Trend Micro products include usage by parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service.
APT Definition ―Advanced Persistent Threat‖ was first coined by the US Air Force in 2006 to describe complex cyber attacks against specific targets over long periods of time. Originally, the term was used to describe nation- states stealing data or causing damage to other nation-states for strategic gain I prefer ―Targeted Attacks‖
APT Phases 1. Intelligence Gathering Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack. 2. Point of Entry (Infiltration) The initial compromise is typically malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. 3. Command & Control (C&C) Communication Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases. 4. Lateral Movement Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control. 5. Asset/Data Discovery Several techniques and tools are used to identify the noteworthy servers and the services that house the data of interest. 6. Data Exit (Exfiltration) Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations.
A Recent Example - ShadowNet• Less than 200 computers compromised, almost all in India• Recovered data included Secret, Confidential and Restricted Indian Gov’t documents• Social engineering + malware embedded in malicious documents + tiered C&C infrastructure Exploit Target Root Spread Control Steal C&C
Journey to the CloudAccess data, anytime, anywhere, from any device PUBLIC CLOUD (SaaS, IaaS, PaaS): Flexibility and operational efficiency Delivers agility by anticipating and meeting business needs VIRTUALIZATION Desktop / server consolidation PLATFORM using virtual machines PHYSICAL: On premise desktop / server
Virtualization & Cloud Computing One security platform across physical, virtual, and cloud environments Physical Virtual Cloud Firewall Antivirus Agentless Encryption HIPS Web ProtectionVulnerability Shielding File Integrity One Security Platform
Security Tools and Threat Firewall White List Full function centrally managed Malware protection for virtual servers network and application firewall Deep Packet Inspection Web Reputation Services Provides IDS / IPS, Web App Malware protection for virtual servers Protection, Application Control Integrity Monitoring IP Reputation Full System Monitoring in real-time; Malware protection for virtual servers Scheduled & on-demand scanning Log Inspection Collects & analyzes OS and application logs for security events Antivirus Malware protection for virtual servers
Recommendation Scans Voted Number 1 Feature by Customers• The server being protected is analyzed to determine: – OS, service pack and patch level – Installed applications and version – DPI rules are recommended to shield the unpatched vulnerabilities from attacks – As patches, hotfixes, and updates are applied over time, the Recommendation Scan will: • Recommend new rules for assignment • Recommend removal of rules no longer required after system patching – Recommendations for DPI, Integrity Monitoring, and Log Inspection rules are supported
Microsoft Active ProtectionsProgram• Microsoft Active Protections Program (MAPP) – Program for security software vendors – Members receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update – Members use this information to deliver protection to their customers after the Microsoft Security Bulletins have been published• Trend Micro’s protection is delivered to customers within 2 hours of Microsoft Security Bulletins being published – This enables customers to shield their vulnerable systems from attack – Systems can then be patched during the next scheduled maintenance window
Certifications • Common Criteria • In evaluation for Level 4 Augmented (EAL 4+) – All protection modules (Firewall, DPI, Integrity Monitoring, Log Inspection, Anti Malware) – All platforms (Windows, Linux, Solaris, HPUX, AIX, VMware - Virtual Appliance) • NSS Labs – Third Brigade Deep Security is the first product to pass NSS Labs’ PCI Suitability testing for Host Intrusion Prevention Systems (HIPS). 1
Data Protection - SecureCloud Enterprise Datacenter or SaaS Offering VM Corporate VM VM VM App Hypervisor Trend Micro SecureCloud Console Shared Storage Enterprise Key My Data
Deep Security for PCI compliance Addressing 7 PCI Regulations and 20+ Sub-Controls Including: Deep Packet Inspection (1.) Network Segmentation IDS / IPS (1.x) Firewall Web Application Protection (5.x) Anti-virus* Application Control (6.1) Virtual Patching** Firewall Integrity Monitoring (6.6) Web App. Protection (10.6) Daily Log Review Log Anti-Virus Inspection (11.4) IDS / IPS (11.5) File Integrity Monitoring * Available for VMware only Q3 2010 ** Compensating Control
PCI DSS 2.0 Virtualization Guidelines Function Solution Hypervisor Environment in Scope - Deep Security DPI and FIM One Function per Server - Deep Security Firewall Separation of Duty - Deep Security Manager Mixing VM’s of different trust levels - Deep Security Firewall and IDS/IPS Dormant VM’s and VM Snapshots - Deep Security Firewall and IDS/IPS Immaturity of monitoring solutions - Deep Security IDS/IPS, Integrity Monitoring & Log Insp. Information Leakage - Deep Security (all modules) Defense in Depth - Deep Security (all modules) VM Hardening - Virtualization Vendors Cloud Computing - Cloud Vendor + Deep Security and SecureCloud4/26/2012 Confidential | Copyright 2012 Trend Micro Inc. 22
Trend Micro VisionUse Case: Correlated Data &Threat Protection Data Protection Threat Protection Deep Security SecureCloud Context Aware Credit Card Payment Server Security Platform SensitiveMedicalNumbers Social Security Records Patient Research Results Encryption with Policy- Information based Key Management Server security validation prior to releasing keys Server security information On-going checks can revoke or reinstate keys at any time Physical Virtual Cloud Classification 4/26/2012 2 3
Cloud & Virtualization Computing Leadership Server Security—Unique from Desktop • Servers require a different security strategy than desktops • Paper calls out the need for many technologies provided in Deep Security“Some of the vendors are well ahead in their virtualization-optimized solutions—for example, Trend Micro.” “Also, when server-based VM’s…move out from behind perimeter security…Protection capabilities such as host-based encryption (for example, Trend Micro’s SecureCloud… become extremely important”
Trend Micro #1: Securing YourJourney to the Cloud Trend Micro 13–17% Source: 2012 Technavio – Global Cloud Security Software Market Trend Micro Trend Micro 23.7% 13% Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: IDC, 2011 Source: 2011 Technavio – Global Virtualization Security Management Solutions