Trend Micro Deep Discovery and Custom Defence

Similar documents
Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

South Korea Cyber-attack Heightens Changes in Threat Landscape. Richard Sheng Sr. Director, Enterprise Security, Asia Pacific

Copyright 2011 Trend Micro Inc.

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Trend Micro and IBM Security QRadar SIEM

Stopping Advanced Persistent Threats In Cloud and DataCenters

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Securing the Modern Data Center with Trend Micro Deep Security

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Building Resilience in a Digital Enterprise

RSA NetWitness Suite Respond in Minutes, Not Months

Trend Micro Deep Discovery Training for Certified Professionals

This course incorporates a variety of hands-on lab exercises allowing participants to put the lesson content into action.

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Compare Security Analytics Solutions

CloudSOC and Security.cloud for Microsoft Office 365

Automated Threat Management - in Real Time. Vectra Networks

CYBER RESILIENCE & INCIDENT RESPONSE

Maximum Security with Minimum Impact : Going Beyond Next Gen

McAfee Total Protection for Data Loss Prevention

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Trend Micro Deep Discovery Training Advanced Threat Detection 2.0 for Certified. Professionals Course Description

Protection - Before, During And After Attack

Agile Security Solutions

McAfee Advanced Threat Defense

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Managed Endpoint Defense

McAfee Endpoint Threat Defense and Response Family


Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

External Supplier Control Obligations. Cyber Security

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

IBM Security Network Protection Solutions

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Un SOC avanzato per una efficace risposta al cybercrime

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Security by Default: Enabling Transformation Through Cyber Resilience

Synchronized Security

Cisco Firepower NGFW. Anticipate, block, and respond to threats

with Advanced Protection

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Lastline Breach Detection Platform

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Office 365 Buyers Guide: Best Practices for Securing Office 365

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Seceon s Open Threat Management software

Speed Up Incident Response with Actionable Forensic Analytics

Put an end to cyberthreats

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference


Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Juniper Sky Advanced Threat Prevention

Trend Micro Deep Discovery Training for Certified Professionals

CA Security Management

GDPR: An Opportunity to Transform Your Security Operations

Cisco Cyber Threat Defense Solution 1.0

TREND MICRO SMART PROTECTION SUITES

Endpoint Protection : Last line of defense?

Securing Your Most Sensitive Data

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MITIGATE CYBER ATTACK RISK

Are we breached? Deloitte's Cyber Threat Hunting

Automated Context and Incident Response

Cybersecurity The Evolving Landscape

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

JUNIPER SKY ADVANCED THREAT PREVENTION

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

The Future of Threat Prevention

Cyber Security Technologies

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Combating Cyber Risk in the Supply Chain

RSA Security Analytics

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Commercial Product Matrix

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

TREND MICRO SMART PROTECTION SUITES

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

2018 Edition. Security and Compliance for Office 365

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Incident Response Agility: Leverage the Past and Present into the Future

Transcription:

Trend Micro Deep Discovery and Custom Defence Protection from Targeted Attacks 23 May 2013 James Walker Snr. EMEA Product Marketing Manager

How threats have evolved! Patterns Reputation Heuristics Custom Defence General Malware High volume (Non Targeted) Targeted Attacks

RSA Sony Copyright 2012 Trend Micro Inc. 3

We see the TIP of the Targeted Attack / APT ICEBERG Attacks in the News Most go unreported. 90% of companies found previously unknown Malware* APTs Cyber Espionage Targeted Attacks Cyber Threats * Trend Micro Study

Analysts and Influencers Urge Action Adoption of Advanced Threat Detection "You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc. "We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc. "Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs." Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 5

How long do Targeted Attacks / APTs stay hidden? Most companies breached in minutes but not discovered for months! Average time from compromise to discovery is 210days Source: Verizon Data Breach Investigations Report 2012 Confidential Copyright 2012 Trend Micro Inc. 6

Prevention is not the cure! Prevention solutions on their own will not protect you! Criminals test software thoroughly before starting an attack Need visibility of when you are compromised so you can take action quickly. Fast detection Address the compromised machine Actionable information You can t fix what you don t know Make the unknown known Copyright 2012 Trend Micro Inc. 7

The Custom Defence A complete lifecycle to combat the attacks that matter to you Detect Analyze Adapt Respond Specialized threat detection capability on the network and protection points Deep local analysis with custom sandboxing and custom global intel to fully assess threats Custom security blacklists & signatures block further attack at network, gateway, endpoints Attack profiles and network-wide event intelligence guide rapid containment & remediation Targeted Attack Challenges Visibility: What s really happening on my network? Detection: How to identify what is evading my standard defenses? Risk Assessment: What s dangerous? What s not? Who is behind this attack? Prevention: Should I block this attack? How? Remediation: How widespread is this attack and what actions should be taken?

The fully integrated approach to total Anti- Malware threat protection Trend Micro Competition Traditional Endpoint and Gateway providers Network and Sandbox Analysis Point, incomplete solutions Entire Threat Landscape Generic Malware Non Targeted, High Volume, Known Traditional Anti-Malware Solutions - SPN OfficeScan SMEX IMSVA Deep Security IWSVA SMLD Targeted Malware New, Unique, Low Volume, Targeted, Unknown Targeted Attack Solutions Deep Discovery Entire Threat Landscape Complete integrated solution Trend Micro Custom Defence Integrated protection against traditional and targeted threats Copyright 2012 Trend Micro Inc. 10

Deep Discovery The custom detection, intelligence and response capabilities you need to deploy a Custom Defence against the APTs & targeted attacks that matter to you Network Scanning Appliance Sandbox Appliance Deep Discovery Advisor Deep Discovery Inspector Network traffic inspection Malicious Communication Automated Sandbox Malicious Files Real-time analysis & reporting High Capacity Sandbox Integrates into other Trend Micro Solutions Adaptive Protection against attack Centralised reporting and analysis DDI Inspectors / Trend Solutions Log and detection correlation Threat Analysis Visibility Insight Control

The Custom Defense In Action The future Adaptive Protection for All Trend Products Endpoint Security Network Deep Discovery Inspector Server Security OfficeScan Deep Security Messaging Security Threat Analyzer Threat Intelligence Center Security Update Server Deep Discovery Advisor Web Security (Gateway) SMEX / SMLD IMSVA (Mail Svr, Gateway) IP/Domain blacklist updates Signature updates 2H/2013 SIEM Integration IWSVA 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 12

The Custom Defense In Action Advanced Email Protection InterScan Messaging Security or ScanMail Anti-spam Anti-phishing Web Reputation Anti-malware Advanced Threat Detection quarantine Threat Analyzer Threat Intelligence Center Deep Discovery Advisor Blocking of targeted spear phishing emails and document exploits via custom sandboxing Central analysis of detections Automated updates of malicious IP/Domains Signature file updates Security Update Server 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 13

APTs Most Commonly Start with a Spear Phishing Email with an Attachment

Deep Discovery Inspector Advanced Threat Protection Across the Attack Sequence Malicious Content Suspect Communication Attacker Behavior 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 15

Deep Discovery Advisor Threat Analyzer In-depth threat simulation & analysis Custom sandbox execution environments 24 Sandboxes per unit Scalable to 50,000 samples/day Integration with Deep Discovery Inspector Open, automated and manual submission Threat Intelligence Center In-depth analysis of incidents & events Risk-focused monitoring & investigation Trend Micro & open security event collection Context-relevant actionable intelligence Deep Discovery Inspector centralised reporting Security Update Server IP/URL blacklist export Custom security signature updates (future) Threat Analyzer Threat Intelligence Center Security Update Server Deep Discovery Advisor Custom scalable threat simulation Deep investigation & analysis Actionable intelligence & results Supports clustering of up to 5 units for analysing up to 50,000 samples/day 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 16

Deep Discovery Functionality Summary Functionality Deep Discovery Inspector Deep Discovery Advisor Network Traffic Analysis Yes No File Sandboxing + Number Yes (1) Yes (24) Hardware Appliance Option Yes (500Mbps / 1Gbps) Yes Virtual Appliance Option Yes (100,250, 500Mbps, 1Gbps) No Management / Analysis interface Yes Yes Threat Connect Yes Yes Threat Investigation Centre No Yes Reporting / Analysis Consolidation No Yes Integration with other Trend Solutions No Yes Clustering No Yes Copyright 2012 Trend Micro Inc. 17

Today s Attacks: Social, Sophisticated, Stealthy! Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest can go undetected for months! Moves laterally across network seeking data of interest Employees Confidential Copyright 2012 Trend Micro Inc.

Where does Deep Discovery go on the Network? Attacker Endpoint Email Server Management console C&C WWW Port Mirroring Out of band Deep Discovery Advisor Deep Discovery Inspector 1. Place on ingress / egress point to network 2. Place on other sensitive or target network segments Copyright 2012 Trend Micro Inc. 19

Why Deep Discovery vs Competition Detection Custom sandboxing Beyond MSFT & sandboxing Mobile, Mac, Beyond malware Attacker activity, C&C Comms Intelligence Smart Protection Network & Researchers Threat Connect Portal Local log file analysis The Custom Defense Weaves your security into a complete defense against your attackers Custom Detection and Intelligence TCO Single appliance Flexible form factors Competitive pricing Advanced Protection Integration Custom Security Updates Forensics, Containment, Remediation 5/23/2013 Detect Analyze Adapt - Respond

How to help justify Budgets? Regulatory Fine EU Data Protection Directive Ability to remediate infections quickly saving time and resource Cost of brand damage Loss of customers Reduced ability to sell to new customers Loss of Intellectual properly / Loss Competitive advantage Reduce expenditure on pure prevention to gain better visibility and control Improve Ability to work with other companies Decrease the chance of blackmail / Extortion NEW EU Data Protection Regulation Copyright 2012 Trend Micro Inc. 21

How to justify the budget? What s coming in 2014!! EU Data Protection Directive changes 2014 expected updates to Directive as new regulation Regulation means all EU countries have to enforce as set out New Draft Regulation details Fines up to 2% of Global Turnover/Revenue Level of fine will depend of steps taken to prevent data leak» Technologies» Processes Forced Disclosure of Data Breaches 72 hour reporting, plus disclosure to individuals where data leak may adversely effect their privacy. Ability for Individuals to sue organisation if their data is leaked as part of the breach Regulation extends beyond just EU based companies to any companies holding and/or processing EU residents data Prison time for those responsible if found negligent DPO 3000 Amendments Presently - 95/46/EC -Directive Copyright 2012 Trend Micro Inc. 22

One-Click access to similar events across network Thorough Details on Each Event

One-Click Drill-Down from Dashboard to view events per Host

Virtual Analyzer (Sandbox) Results Ability to download Network Activity Capture and Analyze Behavior exhibited by suspicious network traffic by executing it in Virtual Analyzer

Additional Monitoring and Notification Capabilities

Threat Connect Information Portal

Thank You Questions? Copyright 2012 Trend Micro Inc. 29

Questions? Have you been targeted by an attack? Yes! Not sure? But would like to know! How do you know? Data breach, forensic analysis Security audit Incident response, alerts Custom threat defense Third Party Informed Why are you being targeted? What are they after? What can you do about it? 30

Deep Discovery Enhances SIEM Effectiveness Unique Network Intelligence (with verified incidents) enhances correlation capabilities of SIEM DEEP DISCOVERY Specialized Network Threat Detection Deep Network Visibility allows multi-dimensional attack profiling across multiple sources Enables SIEM to be the central console for enterprise wide threat detection & management

Requirements from customer for POC install Access to Server / Switch room to deploy appliance Access to switch port to mirror desired traffic IP address Customer sandbox image of common endpoint required VMWare OVA image of Customer endpoint needs to be created within VCentre Network IP ranges, List of services running on the network Detailed requirements in separate document Copyright 2012 Trend Micro Inc. 32

How Deep Discovery Works Attack Detection Emails containing embedded document exploits Drive-by downloads Zero-day & known malware C&C communication for all malware: bots, downloaders, data stealing, worms, blended Backdoor activity by attacker Detection Methods Decode & decompress embedded files Custom sandbox simulation of suspicious files Browser exploit kit detection Malware scan (Signature & Heuristic) Destination analysis (URL, IP, domain, email, IRC channel, ) via dynamic blacklisting, white listing Smart Protection Network reputation of all requested and embedded URLs Communication fingerprinting rules Malware activity: propagation, downloading, spamming, Attacker activity: scan, brute force, tool download, Data exfiltration Rule-based heuristic analysis Identification and analysis of usage of 100 s of protocols & apps including HTTPbased apps Behavior fingerprinting 5/23/2013 Confidential Copyright 2012 Trend Micro Inc. 33

Deep Discovery Advisor Threat Intelligence Center In-Depth Contextual Analysis including simulation results, asset profiles and additional security events Integrated Threat Connect Intelligence included in analysis results Enhanced Threat Investigation and Visualization capabilities Highly Customizable Dashboard, Reports & Alerts Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence

Customer - Motel 6 Challenge Prevent infections, especially malicious code that can steal sensitive data, and remain hidden for long periods of time Solution Deep Discovery (With other Trend Technologies) Results Significant reduction in infection rates, with eye-opening discovery of malicious threats attempting to phone home Boosted confidence in protection of customer information and corporate reputation Alignment between company vision and security vendor s directions Deep Discovery is not just a step forward it is a big leap forward Deep Discovery gives us a line of defence against targeted attacks. We can now shut them down quickly ICT Manager Motel 6 Copyright 2012 Trend Micro Inc. 35

2013 Roadmap DDI 3.5 Preview Feb 2013 (RSA), GA 4/13 Global/Custom C&C blacklist adoption and adaptive sharing Multiple DDI management via TMCM Usability & reporting enhancements DDI 3.6 (Q3/Q4 2013) Multi sandbox form factors Role based administration Web sandboxing Common Criteria Certification EAL 2 IPv6 DDA 3.0 Preview Feb 2013 (RSA), GA 4/13 Multiple custom sandbox images Central reporting for DDI DDA 3.2 (Q3/Q4 2013) Additional OS sandbox support Enhanced log event analysis And more 36

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback