Downloaded 32 times
Uploaded byGlobal Business Events
Trend Micro - Targeted attacks: Have you found yours?
The document discusses advanced persistent threats and how traditional security methods are insufficient for dealing with them. It introduces Trend Micro's Deep Discovery and custom defense solutions, which use specialized threat detection, deep analysis, threat intelligence, and adaptive security updates to detect and block targeted attacks. This is done by monitoring networks for malicious content and communications, analyzing behaviors, and gaining insights to rapidly respond to and remediate threats.
More Related Content
Similar to Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
- 1. Targeted Attacks| Haveyou found yours? Andy Dancer CTO EMEA
- 2. Traditional Security isInsufficient Advanced Empowered Elastic Persistent Threats Employees Perimeter Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Copyright 2012 Trend Micro Inc.
- 3. Copyright 2012 TrendMicro Inc. 3
- 4. Custom Attacks • Today’s most dangerous attacks are those targeted 01010010 directly and specifically 100101001 10001100 at an organization — 00101110 1010101 its people, its systems, its vulnerabilities, its data. 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 4
- 5. Deep Discovery &The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 5
- 6. APT Activity Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, tool downloads. • Data exfiltration communication
- 7. Switch of mentalapproach • Terrorist Paradox • Advanced Threats – We have to win all the – Many steps have to time to defend execute in turn to steal – They only have to get it my data right once to win – I only need to spot one step to thwart them Copyright 2012 Trend Micro Inc. 7
- 8. Deep Discovery &The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Attack Analysis & Intelligence 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 8
- 9. Automated Analysis Bandwidth Live Cloud Lookup Advanced Heuristics Threat Intelligence Sandbox Analysis Focused Manual Investigation Output to SIEM Copyright 2012 Trend Micro Inc. 9
- 10. Deep Discovery Advisor Threat Intelligence Center • In-Depth Contextual Analysis including simulation results, asset profiles and additional security events • Integrated Threat Connect Intelligence included in analysis results • Enhanced Threat Investigation and Visualization capabilities • Highly Customizable Dashboard, Reports & Alerts • Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence
- 11. Deep Discovery &The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Adaptive Security Updates Containment & Remediation Attack Analysis & Intelligence 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 11
- 12. The Custom Defense Specialized Threat Deep analysis Custom security Context-relevant Detection at network based on custom blacklists & views & intel guide and protection sandboxing and signatures block rapid remediation points relevant global intel further attack response 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 12
- 13. The Custom DefenseIn Action Advanced Email Protection InterScan Messaging Security or ScanMail Anti-spam Threat Threat Security Analyzer Intelligence Update Anti-phishing Center Server Web Reputation Deep Discovery Advisor Anti-malware • Blocking of targeted spear phishing emails and document exploits via Advanced Threat Detection custom sandboxing • Central analysis of detections • Automated updates of malicious quarantine IP/Domains • Search & Destroy function 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 13
- 14. So what doesthat look like in context? Outer Perimeter Valuable Server Inner Perimeters Valuable Server Endpoint Valuable Server Endpoint
- 15. Deep Discovery Simulate Analyze Out of band network data feed of all Correlate network traffic Detect Malicious Content and Communication Identify Attack Behaviour & Reduce False Positives Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence
- 16. DeepSecurity Inner Perimeter forvaluable assets Deep Packet Inspection Firewall Security Anti-Virus VM VM VM VM VM VM Log Inspection Hypervisor Integrity Monitoring
- 17. Thanks for listening... ...anyquestions? Confidential | Copyright 2012 Trend Micro Inc.
Editor's Notes
- #3 Traditional Security works against Traditional Threats. It’s not designed to cope with Targeted attacks. Partly because they are unique and so harder to spot. Partly because charges in how we are using IT such as cloud and mobile make the perimeter less effective than it used to be.
- #4 But… Don’t throw the baby out with the bath water! Spotting a targeted attack on your network is like finding a needle in a haystack. The way to do it isn’t to start with the biggest haystack possible and throw in lots of pins that look very like needles to confuse the situation. It’s all about filtering. Eliminate standard threats as close to source as you can to make it easier to spot the really clever stuff.
- #7 Deep Discovery specialized threat detection focuses on 3 key areas to discovery attacks during every phase of activity Malicious Content (steps 2,3): Deep Discovery detects zero-day and advanced malware – including document exploits and drive-by downloads – used during the initial compromise or later C&C downloadsSuspect Communications (step 3):Deep Discovery detects the C&C communications used by modern malware, as well as backdoor manipulations by remote attackers Attack Behavior (steps 4,5,6): Deep Discovery detects both malware and hacker network behaviors that indicate propagation, scanning, irregular activity, and suspect data access and transmission Today you hear of products that find malware by sandboxing executables or detecting some botnet traffic, but only Deep Discovery indentifies the malicious content, communications and behaviors of malware and human attacker activity across all phases of the attack cycle.
- #8 We need a switch of mental approach
- #11 Centralized management of all deployed Deep Discovery units provides consolidated threat management and enhanced analysis and reportingin a single console.Centralized Visibility and Reporting over multiple instances of Deep DiscoveryEnhanced Threat Investigation and Visualization capabilitiesHighly Customizable Dashboard, Reports & AlertsContext-based Risk Assessment by enriching events with location and asset severity information
- #16 This one shows which bits like to what – need to keep either this one or the previous one but not both.
- #17 Can we get this one drawn into the same style as the rest of the deck please. It links to the section of slide 18 that I’ve copied off to the right of the slide. If we can show that linkage that would be great