copyright 2011 trend micro inc. trend micro real-time threat management june 13, 2011—launch date;...
Post on 24-Dec-2015
214 Views
Preview:
TRANSCRIPT
Copyright 2011 Trend Micro Inc.
Trend Micro Real-TimeThreat ManagementJune 13, 2011—launch date; Press Presentation
Dan Glessner, Vice-President, Enterprise Marketing
Kevin Faulkner, Director, Product Marketing
AdvancedAdvancedTargeted ThreatsTargeted Threats
EmpoweredEmpoweredEmployeesEmployees
De-PerimeterizationDe-PerimeterizationVirtualization, Cloud, Virtualization, Cloud,
Consumerization & Mobility Consumerization & Mobility
Today, Traditional Security is Insufficient
Source: Forrester
i.e., Stuxnet, Epsilon, Aurora, Mariposa, Zeus,Sony PlayStation, etc.
& Wikileaks
Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware!
3 Copyright 2011 Trend Micro Inc.
The Need for Real-time Risk ManagementSource: Verizon 2011 Data Breach Report
1/3 of infections result in compromise within minutes, butmost are not discovered or contained for weeks or months!
4 Copyright 2011 Trend Micro Inc.
Analysts and Influencers Urge Action
“Zero-Trust” security model Use of Network Analysis and Visibility Tools
“Lean Forward” proactive security strategy Use of Network Threat Monitoring Tools
“Real-Time Risk Management” Use of Threat Monitoring Intelligence
US Federal Risk Management Framework Calls for “Continuous Monitoring”
5 Copyright 2011 Trend Micro Inc.
Increased IT Security Priority: Vulnerability and Threat Management
Source: Forrsights Security Survey, Q3 2010
Since 2008, “Managing vulnerabilities and threats” has
moved from #5 to #2
“Which of the following initiatives are likely to be your firm’stop IT security priorities over the next 12 months?”
6 Copyright 2011 Trend Micro Inc.
Announcing: Trend Micro Real-Time Threat Management Solutions
• Detect, analyze and remediate advanced threats• Investigate incident events and contain their impact• Monitor and optimize security posture• Manage vulnerabilities & proactive virtual patching• Augment security staff & expertise
Network-WideVisibility and Control
ActionableThreat Intelligence
Timely VulnerabilityProtection
Threat Management SystemDynamic Threat Analysis System
Threat Intelligence Manager
Vulnerability Mgmt. ServicesDeep Security Virtual Patching
Smart Protection Network IntelligenceRisk Management Services
7 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Management System
TMS is a Network Analysis and Visibility solution that provides the real-time visibility, insight, and control to protect your company from advanced persistent attacks
Network Threat Detection & Deterrence
Automated Remediation
Malware Forensic Analysis Platform
Multi-Level Reporting
Risk ManagementServices Offering
Over 300 Enterprise & Government Customers WW
8 Copyright 2011 Trend Micro Inc.
TMS: Visibility – Insight – Control
DataCenterAPT Implanted Via Web, Email, USB…
Threat DiscoveryAppliance
Command & Control Server
APT Communication Detected
Threat Mitigator
Additional Analysis
Detailed Reports:• Incident Analysis• Executive Summary• Root-cause Analysis
• Signature-free clean up• Root-cause analysis
Threat Confirmed
9 Copyright 2011 Trend Micro Inc.
Detection Capabilities
New – DTAS Sandbox Detection EngineNew – Document Exploit EngineNew – DTAS Sandbox Detection EngineNew – Document Exploit Engine
• Multiple unique threat engines
• 24 hour event correlation
• Continually updated threat relevance rules
• Data loss detection
• Tracks unauthorized app usage and malicious destinations
• Powered by Smart Protection Network and dedicated Trend researchers
Best Detection Rates
Lowest False Positives
Real-Time Impact
10 Copyright 2011 Trend Micro Inc.
TMS + Dynamic Threat Analysis System
• Sandbox execution
• Malware actions & events
• Malicious destinations
• C&C Servers contacted
• Exportable reports & PCAP files
• Backend integration into TMS reporting & Mitigator
Integrated malware execution and forensic analysis
Threat DiscoveryAppliance
Direct FileSubmission
Other Trend Products
11 Copyright 2011 Trend Micro Inc.
Event Management Customer Pain Points
Trend Micro Confidential 04/19/23 11
*SAN Survey Data 2010
Wide gap between those who know they have a problem, and those who have a solution
12 Copyright 2011 Trend Micro Inc.
Trend Micro Threat Intelligence Manager
Delivers threat intelligence and impact analysis needed to identify and reduce exposure to advanced threats.
Incident Analysis and Security Posture Monitoring
Real-Time Threat Analysis and Visualization
Provide Actionable Intelligence for active threats
Visualize event relationships in an attack
Office ScanIncident Discovery
Threat Discovery ApplianceSuspicious Network BehaviorThreat Intelligence
ManagerThreat Analysis and Response
Consolidates threat events and uses advanced visualization and intelligence to uncover the hidden threats!
Deep SecuritySystem Integrity
13 Copyright 2011 Trend Micro Inc.
What Threat Intelligence Manager Enables
Customers can:
• Identify the hidden or advanced threats
• Visualize the lifecycle of an attack
• Establish custom alerts for tracking future events
• Customized reporting and executive reporting
• Scorecards for monitoring security posture
• Answer key questions:– Are there suspicious events that I am missing from my logs?
– Are there outbound active connections from compromised systems?
– Are there additional endpoints with similar behaviors as the compromised system?
– What systems are involved in the attack, and what steps can I take to defend?
14 Copyright 2011 Trend Micro Inc.
Customizable Dashboard
Access and visualization by role and responsibility
15 Copyright 2011 Trend Micro Inc.
Threat Intelligence ManagerThreat Management System
Dynamic Threat Analysis System
Endpoints
Network
Servers
• Multi-point detection
• Validation
• Threat Analysis
• Impact Assessment
• Automated Remediation
• Pro-active Protection
Real-Time Threat ManagementIn Action
Benefits of Trend Micro Real-Time Threat Management Solutions
Compromise
Days / Weeks Weeks / MonthsWeeks / Months
Discovery
Containment
Entry
Hours
Level of Damage from APT
Trend expedites containment – helping identify, remediate and protect infiltrated and susceptible systems
Intelligent threat and log analysis Automated remediation Virtual patching
If entry successful, Trend shortens the time to discovery – minimizing the risk and damages of actual compromise
Network-level analysis & visibility Intelligent threat and log analysis HIPS, virtual patching, Integrity Monitoring
Trend minimizes the likelihood of APT intrusion - blocking threat exposure, vulnerability and communication
Smart Protection Network reputation intelligence Network-level analysis & visibility Vulnerability scanning & virtual patching
17 Copyright 2011 Trend Micro Inc.
New Risk Management Services
• Proactive monitoring and alerting
• Threat analysis and advisory
• Threat remediation assistance
• Risk posture review and analysis
• Strategic security planning
Augment stretched IT security staff
Put Trend Micro Threat Researchers and Service Specialists on your team
A complete portfolio designed to further reduce risk exposure and security management costs
Increase IT security responsiveness and expertise
18 Copyright 2011 Trend Micro Inc.
Why Trend Micro?
Trend Micro is the only vendor providing integrated
real-time protection and risk management against
advanced targeted threats.
Network-WideVisibility and Control
ActionableThreat Intelligence
Timely VulnerabilityProtection
Threat Management SystemDynamic Threat Analysis System
Threat Intelligence Manager
Vulnerability Mgmt. ServicesDeep Security Virtual Patching
Smart Protection Network IntelligenceRisk Management Services
“Trend Micro has always impressed me with its understanding of what its customers are going through and this reiterates it again.”
Richard Stiennon, IT-Harvest
19 Copyright 2011 Trend Micro Inc.
Appendix
20 Copyright 2011 Trend Micro Inc.
The Virtual Patching Solution
• Close window of vulnerability for critical systems and applications
• Protect “unpatchable” systems
• Meet 30-day PCI patch requirement
Risk Mgt & Compliance
• Reduce patch cycle frequency
• Avoid ad-hoc patching
• Minimize system downtime
Operational Impact
Trend Micro Security Center provides Virtual Patches within hours of vulnerability disclosure
•Automated centralized distribution
•Protection available:
•Deep Security product module
•With OfficeScan IDF plugin
AutomatedMonitoring Application
Analysis
Filter “Patch”Development
ProtectionDeliveryTrend Micro
Security Center Physical / Virtual / CloudServers
Endpoints & Devices
21 Copyright 2011 Trend Micro Inc.
Vulnerability Management System• Vulnerability scanning
– Vulnerability scanning of internal and external devices
– Patch and configuration recommendations
• Web application scanning– Web site crawler to detect application
design vulnerabilities like SQL injection and cross-site scripting etc.
• PCI compliant scanning– Vulnerability scanning with reports for PCI
– Trend is an Approved Scanning Vendor
• Policy compliance– Define and track compliance with device
security policies
• SaaS based management portal– Hosted scans of external devices
– On-premise appliance for scanning internal devices managed from SaaS portal
– On-demand scan
21
22 Copyright 2011 Trend Micro Inc.
Flavors of “Intelligence”
Security Information & Event Management (SIEM):•The collection and advanced analysis of logs/events across all security disciplines into a central platform, for high-level status and event review.
Threat Intelligence is:•Threat Intelligence is a complementary technology to SIEM, with greater focus on the “threat space” of security
23 Copyright 2011 Trend Micro Inc.
Advanced Visualization & Impact Analysis
Visualize the relationship between cause and effect of each threat event, and fully understand the impact
24 Copyright 2011 Trend Micro Inc.
Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use)Results from T+60 test
Trend Micro Smart Protection Network
25 Copyright 2011 Trend Micro Inc.
http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/nss-labs/index.html?cm_re=HP:Sub:1-_-CORP-_-NSSlabs02
Trend Micro Smart Protection Network
26 Copyright 2011 Trend Micro Inc.
Industry-proven real-world protection
Note: If multiple products from one vendor were evaluated, then vendor’s best performance is listed.
*1 : http://www.nsslabs.com/research/endpoint-security/anti-malware/*2 : http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html*3 : http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf (Dec. Test performed for Computer Shopper UK)*4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html
Trend Micro Smart Protection Network
27 Copyright 2011 Trend Micro Inc.
Interactive drill-down dashboards
• Navigate across corporate groups• Pin-point infected sources• Perform root-cause analysis• Track suspicious user behavior and application usage• Detect leakage of regulated data• Customizable event alarms• Multi-level reporting for managers and executives• Available on-premise or hosted
Threat Management Portal
Coming 2H 2011• Improved drill down capability• Sandbox analysis workbench
28 Copyright 2011 Trend Micro Inc.
Threat Mitigator Technology: Root-cause and signature-free cleanup
Cleanup request received
Check forensic logs
Locate which process performed malicious activity
Remove malware process, file and registry entries
Locate and remove parent malware
Locate and remove child malware
In case of failure, a custom cleanup kit is automatically generated by Trend
29 Copyright 2011 Trend Micro Inc.
Risk Management Services
BronzeServices
SilverServices
Gold Services
Diamond Services
• On-demand advisory services
• On-demand remediation services
• Priority event alerting
• 8X5 access
• Product installation and configuration
• Bronze package plus…
• Weekly report reviews & advisory
• Monthly status; Quarterly reviews
• 24X7 access for urgent issues
• Silver package plus…
• Daily report reviews & advisory
• Customized security planning
• Annual assessment and training
• Gold package plus…
• Daily monitoring & communication
• Complete tailored services delivery
• Dedicated Technical Account Manager
A component of Trend Micro Technical Account Management Services
Over 300 Enterprise and Government Customers WW
Global Security& Logistics Co.
top related