Trend Micro and IBM Security QRadar SIEM

Similar documents
Stopping Advanced Persistent Threats In Cloud and DataCenters

Trend Micro Deep Discovery and Custom Defence

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

South Korea Cyber-attack Heightens Changes in Threat Landscape. Richard Sheng Sr. Director, Enterprise Security, Asia Pacific

IBM Security Network Protection Solutions

Copyright 2011 Trend Micro Inc.

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Securing the Modern Data Center with Trend Micro Deep Security

CloudSOC and Security.cloud for Microsoft Office 365

Building Resilience in a Digital Enterprise

Maximum Security with Minimum Impact : Going Beyond Next Gen

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Proactive Approach to Cyber Security

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Combatting advanced threats with endpoint security intelligence

SIEM: Five Requirements that Solve the Bigger Business Issues

Agile Security Solutions

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

May the (IBM) X-Force Be With You

Office 365 Buyers Guide: Best Practices for Securing Office 365

Automated Threat Management - in Real Time. Vectra Networks

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Security. Risk Management. Compliance.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Managed Endpoint Defense

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

A Simple Guide to Understanding EDR

Synchronized Security

Symantec Security Monitoring Services

Annexure E Technical Bid Format

Security in a Virtualized Environment with TrendMicro

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

TREND MICRO SMART PROTECTION SUITES

Protection - Before, During And After Attack

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The McGill University Health Centre (MUHC)

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Designing and Building a Cybersecurity Program

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Automated Context and Incident Response

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

IBM Next Generation Intrusion Prevention System

Cisco s Appliance-based Content Security: IronPort and Web Security

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

SaaS Flyer for Trend Micro

THE ACCENTURE CYBER DEFENSE SOLUTION

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1


TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

with Advanced Protection

SIEM Solutions from McAfee

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA INCIDENT RESPONSE SERVICES

Un SOC avanzato per una efficace risposta al cybercrime

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

McAfee Public Cloud Server Security Suite

Commercial Product Matrix

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

TREND MICRO SMART PROTECTION SUITES

HOSTED SECURITY SERVICES

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Qualys Indication of Compromise

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Protecting Your Digital World

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

How Vectra Cognito enables the implementation of an adaptive security architecture

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Seceon s Open Threat Management software

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Deep Instinct v2.1 Extension for QRadar

RSA NetWitness Suite Respond in Minutes, Not Months

Security by Default: Enabling Transformation Through Cyber Resilience

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

RSA INCIDENT RESPONSE SERVICES

SentinelOne Technical Brief

BUFFERZONE Advanced Endpoint Security

The Internet of Everything is changing Everything

Enhanced Threat Detection, Investigation, and Response

deep (i) the most advanced solution for managed security services

Transcription:

Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1

Agenda 1. Nature of the IBM Relationship with Trend Micro 2. Market Challenges- Opportunities 3. Overview Trend Micro Deep Discovery 4. Value proposition to Customers vs. Competition 5. What products integrate with IBM Security QRadar SIEM 6. Future Roadmap for Trend Micro integrations 7. Contacts and Reference sources 8. Q&A 2

Trend Micro and IBM relationship Trend Micro was one of the early partners to join the SIPP program (Security Intelligence Partner Program) with Q1 Labs Close working relationship with the Deep Discovery team they notify us of future releases, have QRadar installed in their lab test the integrity of the integration when versions change = happy customers, fewer support calls. IBM OEMs the Trend Micro Core Protection product as part of IEM Trend Micro SecureCloud is being used within IBM SmartCloud as the encryption solution 3

Hackers have an Unfair Advantage! Easy access to Resource constrained weapons/expertise Many points of defense Low barriers to entry Competing demands Focused objectives High penalty for failure Low penalty for failure 4 4

Attackers test and use every entry point & means Mobile devices & PCs Different OSs & Client Software FTP IRC Hundreds of protocols Evolving / Morphing Attacks HTTP Unknown Threats Known Threats Port 1145 Dozens of Ports Port 2056 3/31/2014 5 Confidential Copyright 2013 Trend Micro Inc. 5

The Ideal Solution for Targeted Attacks All devices, multiple OS, custom sandboxing and file types Changes in C&C, ports, protocols, signatures and behaviour Attack Evolution Software & Devices Communication Protocols Monitor over 80 protocols Zero day & variations of known threats Unknown Threats Known Threats Network Ports Rapid identification Monitor all ports 6

Trend Micro Deep Discovery Comprehensive 360 o view of targeted attacks 24 Customizable Sandboxes Evolving Attacks 80+ Protocols Unknown Threats Trend Micro Deep Discovery From a single appliance Known Threats All Ports 7

Joint Value Proposition Real-time Protection from Advanced Persistent Threats (APTs) & Targeted Attacks Detect Trend Micro Deep Discovery Advanced Threat Management Real-time Global Threat Intelligence Defend IBM Security QRadar Security Information & Event Mgt. Detect APTs & targeted attacks that are otherwise invisible Characterize threats & risk factors Deliver actionable intelligence to IBM Security QRadar SIEM Assess threats further Correlate with other contextual data Remediate, contain and prevent threats and attacks with existing security systems 8 8

QRadar + Deep Discovery Provides real-time answers to these critical questions: Are we being attacked? By who? Is someone stealing our data? Who? How are they attacking/stealing? What is being attacked or targeted? 9 9

Customer Value for Deep Discovery QRadar integration Web Threat Use Case QRadar receives a web threat event from Deep Discovery. It is correlated with XForce data to confirm a known bad URL, generating an offense. The security team can update their black list policy. Data Loss Threat Use Case Deep Discovery alerts that there is suspicious behavior on a critical asset. When this event is followed by a behavioral rule firing based on excessive network activity at 3:00 AM at corporate HQ over the past week, Qradar generates an offense. The SOC analyst sees the offense on her dashboard first thing the next morning and investigates. 10

Customer Value for Deep Discovery QRadar integration Deep Discovery logs are in LEEF format. The log source is auto detected, reducing configuration effort for the customer QRadar offers broad contextual data to trigger offenses, giving customers visibility to what s happening real time, the tools to do forensic investigations and rapidly see value. 11

Success Stories: QRadar Deep Discovery Large South Korean bank Combined solution successfully used in March 2013 to detect a malicious downloader attached to emails, which would ultimately render systems un-usable. Large University Hospital in Canada Multiple sites and 8,000+ computers Using QRadar & Deep Discovery to help detect and respond to security incidents that would otherwise fly under the radar. 12 12

Security Spotlight Advanced Persistent Threats - Complements ISS NIDS/NIPS Value Proposition: Comprehensive defense against targeted and persistent threats Help IBM complete its product offering in providing end to end security against targeted and advanced persistent threats. Deep Discovery ISS NIDS/NIPS QRAdar SIEM Console IBM Endpoint Manager Desktop(s) Laptop(s) Mobile Virtual/VDI 13

Trend Micro Product Overview OfficeScan is an endpoint security solution to safeguard file servers, desktops, laptops, virtualized desktops and mobile devices. Malware protection against viruses, trojans, worms, spyware and new variants Data Loss Prevention Customer Value: Lower infection rates and management costs. Offers virtual patching for protection from zero-day threats. This is the product that IBM OEMs as part of IBM Endpoint Protection 14

Customer Value for OfficeScan QRadar integration OfficeScan alerts QRadar of endpoints that have been exposed to malware and viruses Use Cases When correlated with Assets security posture based on vulnerability data and importance to the enterprise, QRadar helps customers prioritize which assets to patch and fix. By correlating OfficeScan events with flows, QRadar can detect Botnet C&C activity Competitors do not have the same capability to use vulnerability management to help prioritize remediation QRadar is unique in its visibility to Layer 7 flows to confirm the breadth of attacks 15

IBM Security Solution Endpoint Manager Core Protection Trend Micro Deep Discovery Inspector 16 16

Trend Micro Product Overview Control Manager Centrally manages threat and data policies Enterprise visibility of data protection policy violations ID s botnet and targeted attack C&C communications Customer Value: Simplifies administration, manages consistent policies, increases visibility across the enterprise, and improves compliance 17

Customer Value for Control Manager QRadar integration Control Manager sends QRadar events indicating when policies have been changed, when policy violations occur and malware threats and outbreaks occur Use Cases: Policy changes can be compared with reference sets of privileged users permitted to make changes and lower the severity of the event to avoid false positives. An offense can be generated as a result of correlating Control Manager virus outbreak events with Qflows, enabling SOC analysts to determine the perpetrator and prevent it from spreading. Don t discount the power of flows! 18

Trend Micro Integrations on the QRadar roadmap Deep Discovery Analyzer - an open and scalable platform allowing sandbox analysis to be integrated with QRadar. Use Cases block targeted spear phishing emails block document exploits Supports LEEF format Targeting DSM release to align with Trend s release of Deep Discovery Analyzer likely Q2 19

Trend Micro Integrations with Deep Discovery Analyzer InterScan Web Security and InterScan Messaging Security offer visibility and control of internet activity, stops email threats and protects enterprise data DLP Modules for each product Block URLs to malicious sites Stops advanced malware and phishing attacks Customer Value: Comprehensive Spam protection, increases productivity and reduces management effort and IT costs NOTE: QRadar has a DSM for InterScan VirusWall, an older version of these products which IBM will continue to support 20

Innovative Spear Phishing Protection: InterScan Messaging Security or ScanMail Anti-spam Anti-phishing Web Reputation Anti-malware Advanced Threat Detection Threat Analyzer Threat Intelligence Center Blocking of targeted spear phishing emails and document exploits via custom sandboxing Central analysis of detections Security Update Server Deep Discovery Analyzer quarantine 3/31/2014 21 Copyright 2012 Trend Micro Inc. 21

What Trend Micro integrations are on the roadmap? Deep Security provides physical, virtual and cloud server security against Malware web threats malicious changes to files Intrusion Detection and Prevention Trend has committed to support LEEF format by Q3 or Q4 Why is format important for QRadar? Today, Deep Security logs are only in CEF format. CEF is an ArcSight/HP registered standard, IBM would need ArcSight permission and validation 22

Next Steps & Contacts Trend Micro Contacts Jim Smith, Technical Specialist Jim_Smith@trendmicro.com 1-647-990-0546 Richard Eve, IBM Trend Sales Manager -EMEA Richard_Eve@trendmicro.com 011 44 7500 835125 Rory McCall, IBM/Trend Sales Manager -USA Rory_McCall@trendmicro.com 1-703-201-9209 Robert Tavares VP, IBM Strategic Partnership - APAC,LAR & CANADA Robert_Tavares@trendmicro.com 1-514-816-1548 23 23

Reference information QRadar DSM Roadmap and Integrations Community https://w3- connections.ibm.com/communities/service/html/communityoverview?communityu uid=bfd16c11-a02f-4374-8a71-5a56909786c0 Integration Roadmap is posted on the Community: QRadar Integration Roadmap in slide form.ppt Status of Integrations: https://w3-connections.ibm.com/wikis/home?lang=enus#!/wiki/wa84ee4294cea_414d_9c00_8a48d644e739/page/integration%20and %20DSM%20talking%20points%20&%20elevator%20pitch Solution Briefs on PartnerWorld: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/w59 a08f1a659b_439f_afee_5e08fab3030e/page/qradar%20solution%20briefs 24

> IBM Security Systems more secure A smarter planet 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback