Advanced targeted threats can easily evade conventional perimeter and content security, software vulnerabilities are rampant, insider threats are a constant, and consumerization and mobility open the network even further to exploitation. Stuxnet, Wikileaks, RSA, Epsilon breaches are the latest demonstration of the advanced exploits and damages facing the modern enterprise
To combat these threats Forrester calls for “Zero Trust” security using Network Analysis & Visibility tools; Gartner encourages enterprises to “lean forward” with Network Threat Monitoring, and the US NIST (National Institute of Standards and Technology) specifies “continuous monitoring”. All share the goal of going beyond the due diligence of traditional security management to embrace a proactive process of real-time threat and vulnerability management, that relies heavily on Network monitoring to detect, analyze and remediate advanced targeted threats
Trend Micro Threat Management System (TMS) is a network analysis and visibility solution that uniquely detects evasive intrusions, automates remediation, and provides the real-time visibility, insight, and control to protect a company from advanced targeted attacks. Powered by Trend Micro Smart Protection Network, an array of threat detection and analysis engines, and the latest intelligence of Trend Micro Threat Researchers, TMS provides the best and most up-to-date threat deterrence capability. TMS Components TMS protects: core datacenter resources from external infiltration, corporate endpoint and post-pc mobile devices, legacy and specialized systems and devices Trend Micro Risk Management Services put Trend Threat Researchers and Service Specialists on your team to augment your security responsiveness and expertise At your request, we can deliver a complete portfolio of proactive monitoring, remediation and strategic consulting services designed to further reduce your risk exposure and security management costs . Delete all
In a recent SANS 2010 Survey, IT Managers cited that 3 of the top 5 issues they deal with are: -Time spent or inability to search log data -Creating relevant reports of each event/attack -Using log data to make informed decisions to secure (Actionable Intelligence) The key here is that the Blue bars indicate “opportunity/Demand”, and the Red bars indicate “Currently satisfied”. This delta is illustrating our potential customer base for TIM, in that there are a large number of customers who are needing a solution, and have yet to find or implement one that fulfills their needs. Event Management challenges: Targeted Advanced Persistent Threats are on the rise Single most under-utilized source of information are EVENT LOGS All devices, servers/endpoints, applications and network devices create logs and event data Customers are affected by spending too MUCH time, or too LITTLE time, on event analysis According to 2010 CSO Magazine Survey, 70% of all security incidents are never reported. Log/Event analysis is one of the most costly and time consuming efforts a Security Team may undertake
The TIM console is a web-based console that is highly configurable, uses Role-Based administration, so each user has their own customized views of JUST the information and data they need to perform their role. Customizable by widget, by geography, by time, by administrator Administration by vertical or horizontal
Trend researchers monitor an array of sources to track vulnerabilities. They then analyze the applications to develop and test a non-intrusive patch (IDS filter, or rule). The patch is then made available to customers, who can choose to deploy it automatically via the Deep Security Control Center or OfficeScan Manager. The window of vulnerability for normal patching can be quite lengthy: Time for public disclosure (weeks to months after first explotation) + Time to patch availability (weeks or months) + Time to deploy (up to customer testing and policy, but typically another month or more)
WFBS-services 3.0 may have a tons of features. For example, it provide server management functions, such as Anti-malware Anti-spyware, Web Reputation, File Reputation, Behavior Monitoring and License Management. Talking to the client features, it has, Anti-malware, Anti-spyware, Web Reputation, File Reputation, Firewall , POP3 Mail Scan/ Anti-spam, Behavior Monitoring, Trend Protect (Wi-Fi protection, Web Site Rating), Instant Messaging Content Filtering, Intuit QuickBook Protection, Windows 7 support. (Those are the features of WFBS 6.0.)
Up until now, companies have addressed event management either by ignoring it, by leveraging Log Management solutions for event query, or to use more advanced and costy SIEM offerings for more complete event analysis. With the introduction of “Threat Intelligence” tools, a more focused analysis of malware related events can be leveraged to resolve the hidden and advanced threats.
Threat Intelligence Manager utilizes multiple graphical methods for illustrating the different facets of an event. Showing you the timing, frequency, impact geography, as well as a more sophisticated look at showing the relationship of events between one another, to more easily highlight a potential threat.
When products are tested using real-world multi-layer security tests, Trend Micro consistently outperforms the competition Products Tested Trend Micro OfficeScan v10.5.1083 Symantec Endpoint Protection v12.0.1001.95 McAfee VirusScan Enterprise v184.108.40.2060 Microsoft Forefront Client Security v1.5.1981.0 Sophos Endpoint Security and Control v9.5.3
With the Smart Protection Network, we are seeing very consistent results from multiple test labs in how effective our protection is. As you can see from this chart, we consistently perform the best in real-world protection tests, versus our competitors who tend to deviate much more widely. This can be attributed to the maturity of our protection network and the fact that it powers all of our solutions, from consumer to Enterprise.
Trend micro real time threat management press presentation
Today, Traditional Security is InsufficientEmpoweredEmployees & Wikileaks Advanced Targeted Threats De-Perimeterization i.e., Stuxnet, Epsilon, Virtualization, Cloud, Aurora, Mariposa, Zeus, Consumerization & Mobility Sony PlayStation, etc. Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Source: Forrester
The Need for Real-time Risk ManagementSource: Verizon 2011 Data Breach Report 1/3 of infections result in compromise within minutes, but most are not discovered or contained for weeks or months! 3 Copyright 2011 Trend Micro Inc.
Analysts and Influencers Urge Action “Zero-Trust” security model Use of Network Analysis and Visibility Tools “Lean Forward” proactive security strategy Use of Network Threat Monitoring Tools “Real-Time Risk Management” Use of Threat Monitoring Intelligence US Federal Risk Management Framework Calls for “Continuous Monitoring” 4 Copyright 2011 Trend Micro Inc.
Increased IT Security Priority:Vulnerability and Threat Management “Which of the following initiatives are likely to be your firm’s top IT security priorities over the next 12 months?” Since 2008, “Managing vulnerabilities and threats” has moved from #5 to #2 Source: Forrsights Security Survey, Q3 2010 5 Copyright 2011 Trend Micro Inc.
Announcing: Trend Micro Real-Time Threat Management Solutions Network-Wide Actionable Timely Vulnerability Visibility and Control Threat Intelligence Protection Threat Management System Threat Intelligence Vulnerability Mgmt. ServicesDynamic Threat Analysis System Manager Deep Security Virtual Patching Smart Protection Network Intelligence Risk Management Services • Detect, analyze and remediate advanced threats • Investigate incident events and contain their impact • Monitor and optimize security posture • Manage vulnerabilities & proactive virtual patching • Augment security staff & expertise 6 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Management System TMS is a Network Analysis and Visibility solution that provides the real-time visibility, insight, and control to protect your company from advanced persistent attacksNetwork ThreatDetection & DeterrenceAutomated RemediationMalware ForensicAnalysis PlatformMulti-Level ReportingRisk ManagementServices OfferingOver 300 Enterprise & Government Customers WW 7 Copyright 2011 Trend Micro Inc.
TMS: Visibility – Insight – Control Detailed Reports: • Incident Analysis • Executive Summary • Root-cause Analysis Command & Control Server Additional Analysis Threat Confirmed Threat Mitigator • Signature-free clean up • Root-cause analysis APT Communication Detected Threat Discovery Appliance DataCenter APT Implanted Via Web, Email, USB… 8 Copyright 2011 Trend Micro Inc.
TMS + Dynamic Threat Analysis System Integrated malware execution and forensic analysis • Sandbox execution • Malware actions & events • Malicious destinations • C&C Servers contacted • Exportable reports & PCAP files • Backend integration into TMS reporting & MitigatorThreat Discovery Direct File Other Trend Appliance Submission Products 10 Copyright 2011 Trend Micro Inc.
Event Management Customer Pain Points Wide gap between those who know they have a problem, and those who have a solution *SAN Survey Data 2010 Trend Micro Confidential 03/28/13 11 11 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Intelligence ManagerDelivers threat intelligence and impact analysis neededto identify and reduce exposure to advanced threats.Incident Analysis andSecurity PostureMonitoringReal-Time Threat Analysisand Visualization Office Scan Incident DiscoveryProvide ActionableIntelligence for activethreats Threat Discovery Appliance Threat Intelligence Suspicious Network BehaviorVisualize event Managerrelationships in an attack Threat Analysis and Response Deep Security System Integrity Consolidates threat events and uses advanced visualization and intelligence to uncover the hidden threats! 12 Copyright 2011 Trend Micro Inc.
What Threat Intelligence Manager Enables Customers can: • Identify the hidden or advanced threats • Visualize the lifecycle of an attack • Establish custom alerts for tracking future events • Customized reporting and executive reporting • Scorecards for monitoring security posture • Answer key questions: – Are there suspicious events that I am missing from my logs? – Are there outbound active connections from compromised systems? – Are there additional endpoints with similar behaviors as the compromised system? – What systems are involved in the attack, and what steps can I take to defend? 13 Copyright 2011 Trend Micro Inc.
Customizable Dashboard Access and visualization by role and responsibility 14 Copyright 2011 Trend Micro Inc.
Benefits of Trend Micro Real-Time ThreatManagement Solutions Trend expedites containment – helping identify, remediate and protect infiltrated and susceptible systems • Intelligent threat and log analysis • Automated remediation • Virtual patching ContainmentLevel ofDamagefrom APT Discovery If entry successful, Trend shortens the time to discovery – minimizing the risk and damages of actual compromise • Network-level analysis & visibility • Intelligent threat and log analysis • HIPS, virtual patching, Integrity Monitoring Trend minimizes the likelihood of APT intrusion - blocking threat exposure, vulnerability and communication • Smart Protection Network reputation intelligence • Network-level analysis & visibility • Vulnerability scanning & virtual patching Compromise Entry Hours Days / Weeks Weeks / Months Weeks / Months
New Risk Management ServicesAugment stretched IT security staffIncrease IT security responsivenessand expertisePut Trend Micro Threat Researchersand Service Specialists on your team • Proactive monitoring and alerting A complete portfolio • Threat analysis and advisory designed to further reduce • Threat remediation assistance risk exposure and security management costs • Risk posture review and analysis • Strategic security planning 17 Copyright 2011 Trend Micro Inc.
Why Trend Micro? Trend Micro is the only vendor providing integrated real-time protection and risk management against advanced targeted threats. Network-Wide Actionable Timely Vulnerability Visibility and Control Threat Intelligence Protection Threat Management System Threat Intelligence Vulnerability Mgmt. ServicesDynamic Threat Analysis System Manager Deep Security Virtual Patching Smart Protection Network Intelligence Risk Management Services“Trend Micro has always impressed me with its understanding ofwhat its customers are going through and this reiterates it again.” Richard Stiennon, IT-Harvest 18 Copyright 2011 Trend Micro Inc.
The Virtual Patching Solution Trend Micro Security Center provides Virtual Patches within Risk Mgt & Compliance hours of vulnerability disclosure • Close window of vulnerability for critical systems and applications •Automated centralized distribution •Protection available: • Protect “unpatchable” systems • Deep Security product module • Meet 30-day PCI patch requirement • With OfficeScan IDF plugin Operational Impact • Reduce patch cycle frequencyAutomatedMonitoring • Avoid ad-hoc patching Application Analysis • Minimize system downtime Filter “Patch” Development Protection Trend Micro Delivery Physical / Virtual / Cloud Endpoints Security Center Servers & Devices 20 Copyright 2011 Trend Micro Inc.
Vulnerability Management System• Vulnerability scanning – Vulnerability scanning of internal and external devices – Patch and configuration recommendations• Web application scanning – Web site crawler to detect application design vulnerabilities like SQL injection and cross-site scripting etc.• PCI compliant scanning – Vulnerability scanning with reports for PCI – Trend is an Approved Scanning Vendor• Policy compliance – Define and track compliance with device security policies• SaaS based management portal – Hosted scans of external devices – On-premise appliance for scanning internal devices managed from SaaS portal – On-demand scan 21 21 Copyright 2011 Trend Micro Inc.
Flavors of “Intelligence” Security Information & Event Management (SIEM): •The collection and advanced analysis of logs/events across all security disciplines into a central platform, for high-level status and event review. Threat Intelligence is: •Threat Intelligence is a complementary technology to SIEM, with greater focus on the “threat space” of security 22 Copyright 2011 Trend Micro Inc.
Advanced Visualization & Impact Analysis Visualize the relationship between cause and effect of each threat event, and fully understand the impact 23 Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use) Results from T+60 test 24 Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network Industry-proven real-world protection *1 ： http://www.nsslabs.com/research/endpoint-security/anti-malware/ *2 ： http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html Note: If multiple products from one vendor were *3 ： http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf evaluated, then vendor’s best performance is listed. (Dec. Test performed for Computer Shopper UK) *4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html 26 Copyright 2011 Trend Micro Inc.
Threat Management PortalInteractive drill-down dashboards• Navigate across corporate groups• Pin-point infected sources• Perform root-cause analysis• Track suspicious user behavior and application usage• Detect leakage of regulated data• Customizable event alarms• Multi-level reporting for managers and executives• Available on-premise or hostedComing 2H 2011• Improved drill down capability• Sandbox analysis workbench 27 Copyright 2011 Trend Micro Inc.
Threat Mitigator Technology:Root-cause and signature-free cleanup Cleanup request received Check forensic logs Locate which process performed malicious activity Remove malware process, file and registry entries Locate and remove parent malware Locate and remove child malware In case of failure, a custom cleanup kit is automatically generated by Trend 28 Copyright 2011 Trend Micro Inc.