Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Custom defense - Blake final


Published on

Trend Micro Direction Executive Summit 2013, Seoul Korea. Custom defense - Blake final.

Published in: Technology
  • Be the first to comment

Custom defense - Blake final

  1. 1. Blake Sutherland Global Field Enablement Custom Defense in the Age of Consumerization, Cloud and new Cyber Threats 7/4/2013 Confidential | Copyright 2012 Trend Micro Inc.
  2. 2. Consumerization Cloud & Virtualization Employees IT Cyber Threats Attacker Data Center Physical Virtual Private Cloud Public Cloud
  3. 3. » 90% of breaches first discovered by a third party — Verizon 2012 Targeted Attacks – The New Norm
  4. 4. The South Korean Cyber Front • Repeated high-profile attacks on government and business • Risk prevention focus across government and industry • Latest attack cripples parts of banking and media industries…
  5. 5. The Reality • One new threat created every second 1 • A cyber intrusion happens every 5 minutes 2 • Over 90% of enterprises have malware 1 • Almost 75% have one or more bots 1 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
  6. 6. Analysts and Influencers Urge Action — Adoption of Advanced Threat Detection "You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc. "Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs." Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group "We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc.
  7. 7. Custom Defense Network Admin Security Network-wide Detection Threat Intelligence Threat Tools and Services Custom Sandboxes Advanced Threat Analysis Automated Security Updates
  8. 8. Custom Defense Network-wide Detection Threat Intelligence Threat Tools and Services Custom Sandboxes Detect malware, communications and behavior invisible to standard defenses Analyze the risk and characteristics of the attack and attacker Adapt security automatically (IP black lists, custom signatures…) Respond using the insight needed to respond to your specific attackers Enabling a Complete Lifecycle Advanced Threat Analysis Automated Security Updates Network Admin Security
  9. 9. Example Scenarios • ScanMail integration • InterScan email &web integration • All products through Command and Control Central Alerting and SPN • API integration with: – Gateways – Network Access Controls • Syslog integration with Security Information and Event Management Systems (SIEMs) • Detect the malware and adapt the defense • Capture the forensic evidence • Remediate the client • Automate with low user impact • In a VDI environment Trend Micro integration Simple 3rd party integration Sophisticated, multi- vendor product and process integration
  10. 10. Custom Sandbox ? Employees ? Custom Defense Solution ✓ Trend Micro email security products ScanMail InterScan Messaging Trend Micro Integration
  11. 11. Custom Sandbox ? ? Custom Defense Solution X Trend Micro email security products ScanMail InterScan Messaging Employees Trend Micro Integration
  12. 12. The email was flagged as suspicious and sandbox analysis identified malicious activity being performed by a Trojan downloader. Deep Discovery Detection & Analysis
  13. 13. Virtual Analysis Details The virtual analysis provided insight into the actions of the Trojan downloader such as C&C connections and details on 2nd stage components downloaded. The intel allowed IT to respond immediately. The heuristic detections provided visibility into the individuals that were targeted by the initial threat, while the virtual analysis provided the intelligence to respond through the various controls such as firewall and web gateway C&C blocking.
  14. 14. Threat Connect Intelligence 1 Threat Connect provided all Trend Micro intelligence on the systems participating in this attack and their relationship to various domains, files, URLs and malware families. With this intel all variants and sources of the attack are identified and can be blocked
  15. 15. 3rd Party Integration
  16. 16. Quarantine VLAN Production VLAN 3rd Party Integration
  17. 17. 3rd Party Integration
  18. 18. Incident Response Architecture
  19. 19. Demo
  20. 20. Automated Incident Response
  21. 21. What Sets this Solution Apart? • Detection of non-Windows malware (i.e. mobile and Mac) • Only solution with multiple customer- defined sandboxes • Only solution with advanced threat detection and global threat intelligence • Lowest TCO: Single appliance monitors across multiple ports and 80+ protocols • Only solution that enables the full lifecycle, with custom security updates to endpoints/gateways – Provides automatic protection – Current industry stops at analysis Best New Product
  22. 22. Q & A and Additional Resources • Web content: – Combating APTs – Deep Discovery – Security Intelligence Threat Research – Infographic: Targetted Attacks Via Employee Inboxes • Whitepapers: – Detecting APT Activity with Network Traffice Analysis – Typical Targeted Attack Entry Points – APT Primer: Detecting the Enemy Inside the Network • Analyst reports: – Gartner: How to Mitigate APTs – Enterprise Strategy Group: New Demands for Real-time Risk Management • Success Stories: – Motel 6, Manufacturing Case Study and many more • More Videos: – How Deep Discovery Works, IT Harvest Interview • Submit threats for analysis: –
  23. 23. Thank You!