1. Trend Micro Real-Time
Threat Management
June 13, 2011—launch date; Press Presentation
Dan Glessner, Vice-President, Enterprise Marketing
Kevin Faulkner, Director, Product Marketing
Copyright 2011 Trend Micro Inc.
2. Today, Traditional Security is Insufficient
Empowered
Employees
& Wikileaks Advanced
Targeted Threats De-Perimeterization
i.e., Stuxnet, Epsilon, Virtualization, Cloud,
Aurora, Mariposa, Zeus, Consumerization & Mobility
Sony PlayStation, etc.
Trend Micro evaluations find over 90% of enterprise
networks contain active malicious malware!
Source: Forrester
3. The Need for Real-time Risk Management
Source: Verizon 2011 Data Breach Report
1/3 of infections result in compromise within minutes, but
most are not discovered or contained for weeks or months!
3 Copyright 2011 Trend Micro Inc.
4. Analysts and Influencers Urge Action
“Zero-Trust” security model
Use of Network Analysis and Visibility Tools
“Lean Forward” proactive security strategy
Use of Network Threat Monitoring Tools
“Real-Time Risk Management”
Use of Threat Monitoring Intelligence
US Federal Risk Management Framework
Calls for “Continuous Monitoring”
4 Copyright 2011 Trend Micro Inc.
5. Increased IT Security Priority:
Vulnerability and Threat Management
“Which of the following initiatives are likely to be your firm’s
top IT security priorities over the next 12 months?”
Since 2008, “Managing
vulnerabilities and threats” has
moved from #5 to #2
Source: Forrsights Security Survey, Q3 2010
5 Copyright 2011 Trend Micro Inc.
6. Announcing: Trend Micro Real-Time
Threat Management Solutions
Network-Wide Actionable Timely Vulnerability
Visibility and Control Threat Intelligence Protection
Threat Management System Threat Intelligence Vulnerability Mgmt. Services
Dynamic Threat Analysis System Manager Deep Security Virtual Patching
Smart Protection Network Intelligence
Risk Management Services
• Detect, analyze and remediate advanced threats
• Investigate incident events and contain their impact
• Monitor and optimize security posture
• Manage vulnerabilities & proactive virtual patching
• Augment security staff & expertise
6 Copyright 2011 Trend Micro Inc.
7. Trend Micro Threat Management System
TMS is a Network Analysis and Visibility solution that
provides the real-time visibility, insight, and control to
protect your company from advanced persistent attacks
Network Threat
Detection & Deterrence
Automated Remediation
Malware Forensic
Analysis Platform
Multi-Level Reporting
Risk Management
Services Offering
Over 300 Enterprise & Government Customers WW 7 Copyright 2011 Trend Micro Inc.
8. TMS: Visibility – Insight – Control
Detailed Reports:
• Incident Analysis
• Executive Summary
• Root-cause Analysis
Command &
Control Server Additional Analysis
Threat Confirmed
Threat Mitigator
• Signature-free clean up
• Root-cause analysis
APT Communication Detected
Threat Discovery
Appliance
DataCenter
APT Implanted
Via Web, Email, USB…
8 Copyright 2011 Trend Micro Inc.
9. Detection Capabilities
• Multiple unique threat engines
• 24 hour event correlation
• Continually updated threat
relevance rules
• Data loss detection
• Tracks unauthorized app usage
New – DTAS Sandbox Detection Engine
New – DTAS Sandbox Detection Engine
and malicious destinations
New – Document Exploit Engine
New – Document Exploit Engine • Powered by Smart Protection
Network and dedicated Trend
researchers
Best Detection Rates
Lowest False Positives
Real-Time Impact
9 Copyright 2011 Trend Micro Inc.
10. TMS + Dynamic Threat Analysis System
Integrated malware execution and forensic analysis
• Sandbox execution
• Malware actions &
events
• Malicious destinations
• C&C Servers
contacted
• Exportable reports &
PCAP files
• Backend integration
into TMS reporting &
Mitigator
Threat Discovery Direct File Other Trend
Appliance Submission Products 10 Copyright 2011 Trend Micro Inc.
11. Event Management Customer Pain Points
Wide gap between those who
know they have a problem, and
those who have a solution
*SAN Survey Data 2010
Trend Micro Confidential 03/28/13 11
11 Copyright 2011 Trend Micro Inc.
12. Trend Micro Threat Intelligence Manager
Delivers threat intelligence and impact analysis needed
to identify and reduce exposure to advanced threats.
Incident Analysis and
Security Posture
Monitoring
Real-Time Threat Analysis
and Visualization
Office Scan
Incident Discovery
Provide Actionable
Intelligence for active
threats Threat Discovery Appliance
Threat Intelligence Suspicious Network Behavior
Visualize event Manager
relationships in an attack Threat Analysis and
Response
Deep Security
System Integrity
Consolidates threat events and uses advanced visualization
and intelligence to uncover the hidden threats!
12 Copyright 2011 Trend Micro Inc.
13. What Threat Intelligence Manager Enables
Customers can:
• Identify the hidden or advanced threats
• Visualize the lifecycle of an attack
• Establish custom alerts for tracking future events
• Customized reporting and executive reporting
• Scorecards for monitoring security posture
• Answer key questions:
– Are there suspicious events that I am missing from my logs?
– Are there outbound active connections from compromised systems?
– Are there additional endpoints with similar behaviors as the
compromised system?
– What systems are involved in the attack, and what steps can I take to
defend?
13 Copyright 2011 Trend Micro Inc.
14. Customizable Dashboard
Access and visualization by role and responsibility
14 Copyright 2011 Trend Micro Inc.
16. Benefits of Trend Micro Real-Time Threat
Management Solutions
Trend expedites containment – helping identify,
remediate and protect infiltrated and susceptible systems
• Intelligent threat and log analysis
• Automated remediation
• Virtual patching
Containment
Level of
Damage
from APT Discovery
If entry successful, Trend shortens the time to discovery –
minimizing the risk and damages of actual compromise
• Network-level analysis & visibility
• Intelligent threat and log analysis
• HIPS, virtual patching, Integrity Monitoring
Trend minimizes the likelihood of APT intrusion -
blocking threat exposure, vulnerability and communication
• Smart Protection Network reputation intelligence
• Network-level analysis & visibility
• Vulnerability scanning & virtual patching
Compromise
Entry
Hours Days / Weeks Weeks / Months Weeks / Months
17. New Risk Management Services
Augment stretched IT security staff
Increase IT security responsiveness
and expertise
Put Trend Micro Threat Researchers
and Service Specialists on your team
• Proactive monitoring and alerting
A complete portfolio • Threat analysis and advisory
designed to further reduce
• Threat remediation assistance
risk exposure and security
management costs • Risk posture review and analysis
• Strategic security planning
17 Copyright 2011 Trend Micro Inc.
18. Why Trend Micro?
Trend Micro is the only vendor providing integrated
real-time protection and risk management against
advanced targeted threats.
Network-Wide Actionable Timely Vulnerability
Visibility and Control Threat Intelligence Protection
Threat Management System Threat Intelligence Vulnerability Mgmt. Services
Dynamic Threat Analysis System Manager Deep Security Virtual Patching
Smart Protection Network Intelligence
Risk Management Services
“Trend Micro has always impressed me with its understanding of
what its customers are going through and this reiterates it again.”
Richard Stiennon, IT-Harvest
18 Copyright 2011 Trend Micro Inc.
20. The Virtual Patching Solution
Trend Micro Security Center
provides Virtual Patches within
Risk Mgt & Compliance
hours of vulnerability disclosure • Close window of vulnerability for
critical systems and applications
•Automated centralized distribution
•Protection available: • Protect “unpatchable” systems
• Deep Security product module • Meet 30-day PCI patch requirement
• With OfficeScan IDF plugin Operational Impact
• Reduce patch cycle frequency
Automated
Monitoring
• Avoid ad-hoc patching
Application
Analysis • Minimize system downtime
Filter “Patch”
Development
Protection
Trend Micro Delivery
Physical / Virtual / Cloud Endpoints
Security Center
Servers & Devices
20 Copyright 2011 Trend Micro Inc.
21. Vulnerability Management System
• Vulnerability scanning
– Vulnerability scanning of internal and
external devices
– Patch and configuration recommendations
• Web application scanning
– Web site crawler to detect application
design vulnerabilities like SQL injection
and cross-site scripting etc.
• PCI compliant scanning
– Vulnerability scanning with reports for PCI
– Trend is an Approved Scanning Vendor
• Policy compliance
– Define and track compliance with device
security policies
• SaaS based management portal
– Hosted scans of external devices
– On-premise appliance for scanning
internal devices managed from SaaS
portal
– On-demand scan
21
21 Copyright 2011 Trend Micro Inc.
22. Flavors of “Intelligence”
Security Information & Event Management (SIEM):
•The collection and advanced analysis of logs/events across all security
disciplines into a central platform, for high-level status and event review.
Threat Intelligence is:
•Threat Intelligence is a complementary technology to SIEM, with greater focus
on the “threat space” of security
22 Copyright 2011 Trend Micro Inc.
23. Advanced Visualization & Impact Analysis
Visualize the relationship between cause and effect of each
threat event, and fully understand the impact 23 Copyright 2011 Trend Micro Inc.
24. Trend Micro Smart Protection Network
Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use)
Results from T+60 test
24 Copyright 2011 Trend Micro Inc.
26. Trend Micro Smart Protection Network
Industry-proven real-world protection
*1 : http://www.nsslabs.com/research/endpoint-security/anti-malware/
*2 : http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html Note: If multiple products from one vendor were
*3 : http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf evaluated, then vendor’s best performance is listed.
(Dec. Test performed for Computer Shopper UK)
*4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html
26 Copyright 2011 Trend Micro Inc.
27. Threat Management Portal
Interactive drill-down dashboards
• Navigate across corporate groups
• Pin-point infected sources
• Perform root-cause analysis
• Track suspicious user behavior and
application usage
• Detect leakage of regulated data
• Customizable event alarms
• Multi-level reporting for managers
and executives
• Available on-premise or hosted
Coming 2H 2011
• Improved drill down capability
• Sandbox analysis workbench
27 Copyright 2011 Trend Micro Inc.
28. Threat Mitigator Technology:
Root-cause and signature-free cleanup
Cleanup request
received
Check forensic logs
Locate which process
performed malicious activity
Remove malware
process, file and registry
entries
Locate and remove
parent malware
Locate and remove child
malware
In case of failure, a
custom cleanup kit is
automatically generated
by Trend
28 Copyright 2011 Trend Micro Inc.
30. Global Security
& Logistics Co.
Over 300 Enterprise and Government Customers WW
Editor's Notes
Advanced targeted threats can easily evade conventional perimeter and content security, software vulnerabilities are rampant, insider threats are a constant, and consumerization and mobility open the network even further to exploitation. Stuxnet, Wikileaks, RSA, Epsilon breaches are the latest demonstration of the advanced exploits and damages facing the modern enterprise
To combat these threats Forrester calls for “Zero Trust” security using Network Analysis & Visibility tools; Gartner encourages enterprises to “lean forward” with Network Threat Monitoring, and the US NIST (National Institute of Standards and Technology) specifies “continuous monitoring”. All share the goal of going beyond the due diligence of traditional security management to embrace a proactive process of real-time threat and vulnerability management, that relies heavily on Network monitoring to detect, analyze and remediate advanced targeted threats
Trend Micro Threat Management System (TMS) is a network analysis and visibility solution that uniquely detects evasive intrusions, automates remediation, and provides the real-time visibility, insight, and control to protect a company from advanced targeted attacks. Powered by Trend Micro Smart Protection Network, an array of threat detection and analysis engines, and the latest intelligence of Trend Micro Threat Researchers, TMS provides the best and most up-to-date threat deterrence capability. TMS Components TMS protects: core datacenter resources from external infiltration, corporate endpoint and post-pc mobile devices, legacy and specialized systems and devices Trend Micro Risk Management Services put Trend Threat Researchers and Service Specialists on your team to augment your security responsiveness and expertise At your request, we can deliver a complete portfolio of proactive monitoring, remediation and strategic consulting services designed to further reduce your risk exposure and security management costs . Delete all
In a recent SANS 2010 Survey, IT Managers cited that 3 of the top 5 issues they deal with are: -Time spent or inability to search log data -Creating relevant reports of each event/attack -Using log data to make informed decisions to secure (Actionable Intelligence) The key here is that the Blue bars indicate “opportunity/Demand”, and the Red bars indicate “Currently satisfied”. This delta is illustrating our potential customer base for TIM, in that there are a large number of customers who are needing a solution, and have yet to find or implement one that fulfills their needs. Event Management challenges: Targeted Advanced Persistent Threats are on the rise Single most under-utilized source of information are EVENT LOGS All devices, servers/endpoints, applications and network devices create logs and event data Customers are affected by spending too MUCH time, or too LITTLE time, on event analysis According to 2010 CSO Magazine Survey, 70% of all security incidents are never reported. Log/Event analysis is one of the most costly and time consuming efforts a Security Team may undertake
The TIM console is a web-based console that is highly configurable, uses Role-Based administration, so each user has their own customized views of JUST the information and data they need to perform their role. Customizable by widget, by geography, by time, by administrator Administration by vertical or horizontal
Trend researchers monitor an array of sources to track vulnerabilities. They then analyze the applications to develop and test a non-intrusive patch (IDS filter, or rule). The patch is then made available to customers, who can choose to deploy it automatically via the Deep Security Control Center or OfficeScan Manager. The window of vulnerability for normal patching can be quite lengthy: Time for public disclosure (weeks to months after first explotation) + Time to patch availability (weeks or months) + Time to deploy (up to customer testing and policy, but typically another month or more)
WFBS-services 3.0 may have a tons of features. For example, it provide server management functions, such as Anti-malware Anti-spyware, Web Reputation, File Reputation, Behavior Monitoring and License Management. Talking to the client features, it has, Anti-malware, Anti-spyware, Web Reputation, File Reputation, Firewall , POP3 Mail Scan/ Anti-spam, Behavior Monitoring, Trend Protect (Wi-Fi protection, Web Site Rating), Instant Messaging Content Filtering, Intuit QuickBook Protection, Windows 7 support. (Those are the features of WFBS 6.0.)
Up until now, companies have addressed event management either by ignoring it, by leveraging Log Management solutions for event query, or to use more advanced and costy SIEM offerings for more complete event analysis. With the introduction of “Threat Intelligence” tools, a more focused analysis of malware related events can be leveraged to resolve the hidden and advanced threats.
Threat Intelligence Manager utilizes multiple graphical methods for illustrating the different facets of an event. Showing you the timing, frequency, impact geography, as well as a more sophisticated look at showing the relationship of events between one another, to more easily highlight a potential threat.
When products are tested using real-world multi-layer security tests, Trend Micro consistently outperforms the competition Products Tested Trend Micro OfficeScan v10.5.1083 Symantec Endpoint Protection v12.0.1001.95 McAfee VirusScan Enterprise v8.7.0.570 Microsoft Forefront Client Security v1.5.1981.0 Sophos Endpoint Security and Control v9.5.3
With the Smart Protection Network, we are seeing very consistent results from multiple test labs in how effective our protection is. As you can see from this chart, we consistently perform the best in real-world protection tests, versus our competitors who tend to deviate much more widely. This can be attributed to the maturity of our protection network and the fact that it powers all of our solutions, from consumer to Enterprise.