SlideShare a Scribd company logo
Targeted Attacks| Have you found yours?
Andy Dancer
CTO EMEA
Traditional Security is Insufficient

                                                   Advanced                Empowered     Elastic
                                               Persistent Threats           Employees   Perimeter
Trend Micro evaluations find over 90%
 of enterprise networks contain active
          malicious malware!




                                         Copyright 2012 Trend Micro Inc.
Copyright 2012 Trend Micro Inc.   3
Custom Attacks

        • Today’s most dangerous
          attacks are those targeted
                                                                  01010010
          directly and specifically                               100101001
                                                                  10001100

          at an organization —
                                                                  00101110
                                                                  1010101


          its people, its systems,
          its vulnerabilities,
          its data.




10/9/2012    Confidential | Copyright 2012 Trend Micro Inc.   4
Deep Discovery & The Custom Defense


                             Advanced
                                 Threat
                             Protection
                                                                               Network Threat
                                                                              Detection




                                                             Deep Discovery




10/9/2012   Confidential | Copyright 2012 Trend Micro Inc.         5
APT Activity
               Specialized Threat Detection
               Across the Attack Sequence

                  Malicious Content
                  • Emails containing embedded
                    document exploits
                  • Drive-by Downloads
                  • Zero-day and known malware



                  Suspect Communication
                  • C&C communication for any
                    type of malware & bots
                  • Backdoor activity by attacker



                  Attack Behavior
                  • Malware activity:
                    propagation, downloading, spam
                    ming . . .
                  • Attacker activity: scan, brute
                    force, tool downloads.
                   • Data exfiltration communication
Switch of mental approach




• Terrorist Paradox                           • Advanced Threats
  – We have to win all the                           – Many steps have to
    time to defend                                     execute in turn to steal
  – They only have to get it                           my data
    right once to win                                – I only need to spot one
                                                       step to thwart them




                               Copyright 2012 Trend Micro Inc.   7
Deep Discovery & The Custom Defense


                             Advanced
                                 Threat
                             Protection
                                                                                               Network Threat
                                                                                              Detection




                                                                 Deep Discovery




                                                             Attack Analysis & Intelligence




10/9/2012   Confidential | Copyright 2012 Trend Micro Inc.                 8
Automated Analysis
                    Bandwidth



                                                              Live Cloud
                                                              Lookup



                                                              Advanced
                                                              Heuristics
      Threat
Intelligence

                                                              Sandbox
                                                              Analysis


                                                              Focused
                                                              Manual
                                                              Investigation

  Output to SIEM        Copyright 2012 Trend Micro Inc.   9
Deep Discovery Advisor
   Threat Intelligence Center




• In-Depth Contextual Analysis including simulation
  results, asset profiles and additional security events
• Integrated Threat Connect Intelligence included in
  analysis results
• Enhanced Threat Investigation and Visualization
  capabilities
• Highly Customizable Dashboard, Reports & Alerts
• Centralized Visibility and Reporting across Deep
  Discovery Inspector units



                   Threat Connect
                    Intelligence
Deep Discovery & The Custom Defense


                             Advanced
                                 Threat
                             Protection
                                                                                                        Network Threat
                                                                                                       Detection




                                                                 Deep Discovery
                                     Adaptive Security
                                         Updates                                               Containment
                                                                                              & Remediation



                                                             Attack Analysis & Intelligence




10/9/2012   Confidential | Copyright 2012 Trend Micro Inc.                 11
The Custom Defense




  Specialized Threat                               Deep analysis                Custom security    Context-relevant
  Detection at network                             based on custom              blacklists &       views & intel guide
  and protection                                   sandboxing and               signatures block   rapid remediation
  points                                           relevant global intel        further attack     response



10/9/2012   Confidential | Copyright 2012 Trend Micro Inc.                 12
The Custom Defense In Action
            Advanced Email Protection



             InterScan Messaging Security
                      or ScanMail
                              Anti-spam                                               Threat        Threat      Security
                                                                                     Analyzer    Intelligence   Update
                          Anti-phishing                                                             Center       Server


                       Web Reputation                                                   Deep Discovery Advisor

                          Anti-malware                                            • Blocking of targeted spear phishing
                                                                                    emails and document exploits via
              Advanced Threat Detection                                             custom sandboxing
                                                                                  • Central analysis of detections
                                                                                  • Automated updates of malicious
                                                                quarantine          IP/Domains
                                                                                  • Search & Destroy function


10/9/2012      Confidential | Copyright 2012 Trend Micro Inc.                13
So what does that look like in context?
                    Outer Perimeter




                                      Valuable Server




                                                        Inner Perimeters
                                      Valuable Server


      Endpoint
                                      Valuable Server
      Endpoint
Deep Discovery




                                                                 Simulate
                          Analyze
  Out of band
 network data
   feed of all
                                                                 Correlate
network traffic
                  Detect Malicious Content
                      and Communication

                                             Identify Attack Behaviour
                                              & Reduce False Positives

                                                                   Visibility – Real-time Dashboards
                                                                        Insight – Risk-based Analysis
                                                                   Action – Remediation Intelligence
DeepSecurity
Inner Perimeter for valuable assets




  Deep Packet Inspection

                  Firewall
                             Security
               Anti-Virus     VM        VM    VM      VM   VM   VM


          Log Inspection                     Hypervisor

      Integrity Monitoring
Thanks for listening...
...any questions?




 Confidential | Copyright 2012 Trend Micro Inc.

More Related Content

What's hot

Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
Zsolt Nemeth
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
Trend Micro
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
Zsolt Nemeth
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
Andrew Wong
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
Trend Micro
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS   ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS   ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6
David Spinks
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
Global Business Events
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
Trend Micro (EMEA) Limited
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics
EMC
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
Symantec
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
Lakshmi Subramanian
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
CMR WORLD TECH
 

What's hot (20)

Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS   ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS   ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6Csirs Trabsport Security September 2011 V 3.6
Csirs Trabsport Security September 2011 V 3.6
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 

Similar to Trend Micro - Targeted attacks: Have you found yours?

Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
Kappa Data
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
zohaibqadir
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS   ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS   ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
Andris Soroka
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
sathiyamaha
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
Symantec
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Acrodex
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Terell Jones
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
Aberla
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
IBM Danmark
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
Cade Zvavanjanja
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
S series presentation
S series presentationS series presentation
S series presentation
Sergey Marunich
 

Similar to Trend Micro - Targeted attacks: Have you found yours? (20)

Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS   ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS   ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
RSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information Protection
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Strategy Cloud and Security as a Service
Strategy Cloud and Security as a ServiceStrategy Cloud and Security as a Service
Strategy Cloud and Security as a Service
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
S series presentation
S series presentationS series presentation
S series presentation
 

More from Global Business Events

Cio Event
Cio EventCio Event
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
Global Business Events
 
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
Global Business Events
 
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
Global Business Events
 
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
Global Business Events
 
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
Global Business Events
 
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT ModernisationHakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
Global Business Events
 
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
Global Business Events
 
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
Global Business Events
 
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
Global Business Events
 
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
Global Business Events
 
John Prowse, vCISO at BT - Security Anxiety
John Prowse, vCISO at BT - Security AnxietyJohn Prowse, vCISO at BT - Security Anxiety
John Prowse, vCISO at BT - Security Anxiety
Global Business Events
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
Keith Inight, CTO at Atos - Software Defined Everything
Keith Inight, CTO at Atos - Software Defined EverythingKeith Inight, CTO at Atos - Software Defined Everything
Keith Inight, CTO at Atos - Software Defined Everything
Global Business Events
 
David Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
David Clarke, CITSO at Vciso - Security, Standards and Swiss CheeseDavid Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
David Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
Global Business Events
 
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
Global Business Events
 
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
Global Business Events
 
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
Global Business Events
 
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
Global Business Events
 
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
Global Business Events
 

More from Global Business Events (20)

Cio Event
Cio EventCio Event
Cio Event
 
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
Ludo Van den Kerckhove , Managing Partner at A-cross Health - The Network Alw...
 
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
Tim Mann, CIO at NFU Mutual - Digital Transformation Case Studies: how NFUM i...
 
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
Neil Ward-Dutton, Founder & Research Director at MWD Advisors - Innovating di...
 
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
Mark Jacot, Assistant Director – IT Service Deliveryat The Open University - ...
 
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
Gerard O'Hara, Head of IT EMEA at Facebook - How the Facebook IT department i...
 
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT ModernisationHakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
Hakan Yaren, Managing Director IT at FedEx Express EMEA - IT Modernisation
 
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
Sam De Silva, Partner - Head of IT and Outsourcing Group at Penningtons Manch...
 
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
Hugo Smith, CTO at Broadbandchoices - Improving the Agility of your Business ...
 
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
Mark Aikman, IT Director at The North Group - Leading a Complex Bespoke Syste...
 
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
David Clarke, CITSO at Digital Arena - Security Benchmarking, best practise a...
 
John Prowse, vCISO at BT - Security Anxiety
John Prowse, vCISO at BT - Security AnxietyJohn Prowse, vCISO at BT - Security Anxiety
John Prowse, vCISO at BT - Security Anxiety
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
 
Keith Inight, CTO at Atos - Software Defined Everything
Keith Inight, CTO at Atos - Software Defined EverythingKeith Inight, CTO at Atos - Software Defined Everything
Keith Inight, CTO at Atos - Software Defined Everything
 
David Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
David Clarke, CITSO at Vciso - Security, Standards and Swiss CheeseDavid Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
David Clarke, CITSO at Vciso - Security, Standards and Swiss Cheese
 
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
Dave Jones, CIO at Cape Plc - Transition of Autonomous regional IT to Providi...
 
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
Wolfgang Kuhl, CIO at Pharmaserv - Data Centre Planning and Execution - A Sur...
 
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
Mark Aikman, CIO at The North Group - Leading a Complex Bespoke System Transf...
 
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
Neil Ward-Dutton, Co-founder and Research Director at MWD Advisors - Digital ...
 
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
Gordon Tredgold, SVP Global IT at Henkel - Fast Leadership - Accelerating Pro...
 

Trend Micro - Targeted attacks: Have you found yours?

  • 1. Targeted Attacks| Have you found yours? Andy Dancer CTO EMEA
  • 2. Traditional Security is Insufficient Advanced Empowered Elastic Persistent Threats Employees Perimeter Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Copyright 2012 Trend Micro Inc.
  • 3. Copyright 2012 Trend Micro Inc. 3
  • 4. Custom Attacks • Today’s most dangerous attacks are those targeted 01010010 directly and specifically 100101001 10001100 at an organization — 00101110 1010101 its people, its systems, its vulnerabilities, its data. 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 4
  • 5. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 5
  • 6. APT Activity Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, tool downloads. • Data exfiltration communication
  • 7. Switch of mental approach • Terrorist Paradox • Advanced Threats – We have to win all the – Many steps have to time to defend execute in turn to steal – They only have to get it my data right once to win – I only need to spot one step to thwart them Copyright 2012 Trend Micro Inc. 7
  • 8. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Attack Analysis & Intelligence 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 8
  • 9. Automated Analysis Bandwidth Live Cloud Lookup Advanced Heuristics Threat Intelligence Sandbox Analysis Focused Manual Investigation Output to SIEM Copyright 2012 Trend Micro Inc. 9
  • 10. Deep Discovery Advisor Threat Intelligence Center • In-Depth Contextual Analysis including simulation results, asset profiles and additional security events • Integrated Threat Connect Intelligence included in analysis results • Enhanced Threat Investigation and Visualization capabilities • Highly Customizable Dashboard, Reports & Alerts • Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence
  • 11. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Adaptive Security Updates Containment & Remediation Attack Analysis & Intelligence 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 11
  • 12. The Custom Defense Specialized Threat Deep analysis Custom security Context-relevant Detection at network based on custom blacklists & views & intel guide and protection sandboxing and signatures block rapid remediation points relevant global intel further attack response 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 12
  • 13. The Custom Defense In Action Advanced Email Protection InterScan Messaging Security or ScanMail Anti-spam Threat Threat Security Analyzer Intelligence Update Anti-phishing Center Server Web Reputation Deep Discovery Advisor Anti-malware • Blocking of targeted spear phishing emails and document exploits via Advanced Threat Detection custom sandboxing • Central analysis of detections • Automated updates of malicious quarantine IP/Domains • Search & Destroy function 10/9/2012 Confidential | Copyright 2012 Trend Micro Inc. 13
  • 14. So what does that look like in context? Outer Perimeter Valuable Server Inner Perimeters Valuable Server Endpoint Valuable Server Endpoint
  • 15. Deep Discovery Simulate Analyze Out of band network data feed of all Correlate network traffic Detect Malicious Content and Communication Identify Attack Behaviour & Reduce False Positives Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence
  • 16. DeepSecurity Inner Perimeter for valuable assets Deep Packet Inspection Firewall Security Anti-Virus VM VM VM VM VM VM Log Inspection Hypervisor Integrity Monitoring
  • 17. Thanks for listening... ...any questions? Confidential | Copyright 2012 Trend Micro Inc.

Editor's Notes

  1. Traditional Security works against Traditional Threats. It’s not designed to cope with Targeted attacks. Partly because they are unique and so harder to spot. Partly because charges in how we are using IT such as cloud and mobile make the perimeter less effective than it used to be.
  2. But… Don’t throw the baby out with the bath water! Spotting a targeted attack on your network is like finding a needle in a haystack. The way to do it isn’t to start with the biggest haystack possible and throw in lots of pins that look very like needles to confuse the situation. It’s all about filtering. Eliminate standard threats as close to source as you can to make it easier to spot the really clever stuff.
  3. Deep Discovery specialized threat detection focuses on 3 key areas to discovery attacks during every phase of activity Malicious Content (steps 2,3): Deep Discovery detects zero-day and advanced malware – including document exploits and drive-by downloads – used during the initial compromise or later C&C downloadsSuspect Communications (step 3):Deep Discovery detects the C&C communications used by modern malware, as well as backdoor manipulations by remote attackers Attack Behavior (steps 4,5,6): Deep Discovery detects both malware and hacker network behaviors that indicate propagation, scanning, irregular activity, and suspect data access and transmission  Today you hear of products that find malware by sandboxing executables or detecting some botnet traffic, but only Deep Discovery indentifies the malicious content, communications and behaviors of malware and human attacker activity across all phases of the attack cycle.
  4. We need a switch of mental approach
  5. Centralized management of all deployed Deep Discovery units provides consolidated threat management and enhanced analysis and reportingin a single console.Centralized Visibility and Reporting over multiple instances of Deep DiscoveryEnhanced Threat Investigation and Visualization capabilitiesHighly Customizable Dashboard, Reports & AlertsContext-based Risk Assessment by enriching events with location and asset severity information
  6. This one shows which bits like to what – need to keep either this one or the previous one but not both.
  7. Can we get this one drawn into the same style as the rest of the deck please. It links to the section of slide 18 that I’ve copied off to the right of the slide. If we can show that linkage that would be great 