it-security-symposium 2019 it -security im fokus · die neue komplettlösung für den...
TRANSCRIPT
![Page 1: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/1.jpg)
Die neue Komplettlösung für den EndpunktschutzÖzgür Isik – Channel Presales Engineer, ApexOne
IT-Security-Symposium 2019I T - S e c u r i t y i m F o k u s
![Page 2: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/2.jpg)
Die neue Komplettlösung für den EndpunktschutzApexOne
Özgür Isik – Channel Presales Engineer
![Page 3: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/3.jpg)
© 2019 Trend Micro Inc.3
Agenda• Architektur von Apex One und Apex One as a Service• Sicherheitsmodule & Services
– iProducts– Endpoint Detection & Response Funktionalitäten– Managed Detection and Response
• Migration und Upgrade– Hybrider Betrieb
• Q&A
![Page 4: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/4.jpg)
© 2019 Trend Micro Inc.4
Apex One as a Service• Einstieg in das Thema
![Page 5: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/5.jpg)
Copyright 2019 Trend Micro Inc.5
Trend Micro Apex One™
![Page 6: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/6.jpg)
Copyright 2019 Trend Micro Inc.6
Trend Micro Apex One™
Apex = der höchste Punkt
einer Form[Beste Aussicht,
alles im Blick]
![Page 7: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/7.jpg)
Copyright 2019 Trend Micro Inc.7
Trend Micro Apex One™“One” ist Teil des Produktnamens und nicht die Version
Apex = der höchste Punkt
einer Form[Beste Aussicht,
alles im Blick]
![Page 8: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/8.jpg)
© 2019 Trend Micro Inc.8
Wie starte ich mit einer Testlizenz?Trial registrieren:https://www.trendmicro.com/product_trials/service/index/us/165
❹Provision Completed
❸Provision
Flow
❷Trial
Confirmation
❶Trial Form
![Page 9: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/9.jpg)
© 2019 Trend Micro Inc.9
Testlizenz• Gültigkeit: 30 Tage• Bestandteile des Trials sind:
– Apex Central as a Service– Apex One as a Service
• Data Loss Prevention• Endpoint Application Control• Vulnerability Protection
– Apex One for Mac– Endpoint Sensor– Sandbox as a Service
![Page 10: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/10.jpg)
© 2019 Trend Micro Inc.10
Start als mit SPE/SPC Lizenz
❺Provision Completed
❹Provision
Flow
❸ClickOpen
Console
❷select
Apex One as a
Service
❶CLP
console
![Page 11: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/11.jpg)
© 2019 Trend Micro Inc.11
Start mit SPE/SPC Lizenz
Startet den Rollout des Dienstesfür den Kunden
![Page 12: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/12.jpg)
© 2019 Trend Micro Inc.12
Lizenzinhalt bei SPE/SPC• Apex Central as a Service• Apex One as a Service
– Data Loss Prevention– Endpoint Application Control– Vulnerability Protection
• Apex One for Mac• Add-on:
– Endpoint Sensor– Sandbox as a Service
![Page 13: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/13.jpg)
© 2019 Trend Micro Inc.13
Apex One as a Service• Architektur
![Page 14: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/14.jpg)
© 2019 Trend Micro Inc.14
Westeuropa, Amsterdam (Primär)Central US, Iowa (Primär)
East US-2, Virginia (Backup)
Nordeuropa, Dublin (Backup)
1. Europäisches Datacenter für europäische Kunden2. US Datacenter für den Rest der Welt
![Page 15: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/15.jpg)
© 2019 Trend Micro Inc.15
Management der Lösung• Zwei Server werden provisioniert
– Apex Central– Apex One
• Maximal 4 Datenbanken– Apex Central– Apex One– Endpoint Sensor– Apex One (Mac)
![Page 16: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/16.jpg)
© 2019 Trend Micro Inc.16
Agent Platform SupportPlatform Support (Agents) XG XG SP1 Apex OneWindows XP (5.1)Windows 7 (6.1)Windows 8 (6.2)Windows 8.1 (6.3) Windows 10 (10.0)Windows Server 2003 (5.2)Windows Server 2008 (6.0)Windows Server 2008 R2 (6.1)Windows Server 2012 (6.2)Windows Server 2012 R2 (6.3) Windows Server 2016 R2 (10) Windows Server 2019
![Page 17: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/17.jpg)
© 2019 Trend Micro Inc.17
Apex One (on Premise)
Optional:Edge Relay- Verwaltung externer Clients
- Policy- SO Handling- Updates- Logs & Status
Optional:Smart Protection Server Standalone- Webreputation- Filereputation
![Page 18: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/18.jpg)
© 2019 Trend Micro Inc.18
Module & Neuerungen
![Page 19: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/19.jpg)
© 2019 Trend Micro Inc.19
Runtime Exit PointEntry point Pre-Execution
![Page 20: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/20.jpg)
© 2019 Trend Micro Inc.20
Malicious Site
OS Vulnerability Exploit
Browser Exploit
Malicious USB
Web ReputationBlocks connectionsat kernel level (not onlyin web browsers)
Virtual PatchingBlocks new exploits with industry’smost timely vulnerability research
Browser Exploit ProtectionDetects exploits based on scriptInspection & site behavior
Device ControlBlocks unknown removablemedia devices on Windows and Mac OS
Entry Point
Trend Micro ZDI detected 66% of all vulnerabilities in 2017. This powers unmatched timeliness for virtual patches.
!
!
![Page 21: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/21.jpg)
© 2019 Trend Micro Inc.21
Pre-execution
Packer DetectionIdentifies packed malware in memory as it unpacks, prior to execution
File-based Threate.g. EXE, DLL, OfficeDocument w/ macros
On Disk
Application ControlBlocks execution of anything that isn’t on the (easily manageable) white list
Variant ProtectionDetects mutations of malicious samples by recognizing known fragments of malware code
File-based SignatureDetects known-bad files (with 3 billion detections globally in 1H/2018)
Predictive Machine LearningScores the file against a cloud-based or local/offline model to detect previously unknown threats
In Memory
!
!
![Page 22: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/22.jpg)
© 2019 Trend Micro Inc.22
Run-timeRuntime Machine LearningScores real-time behavior against a cloud model to detect previously unknown threatsAnything Executing
EXE, DLL, PowerShell,Document behavior inside MS Office, etc. IOA Behavioral Analysis
Detects behavior that matches known indicators of attack (IOA), including ransomware encryption behaviors, script launching
In-memory runtime analysisMalicious script detection, malicious code injection, runtime un-pack detectionIn Memory
!
!
![Page 23: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/23.jpg)
© 2019 Trend Micro Inc.23
Command andControl Server
Data Exfiltration
LateralMovement
Web ReputationBlocks connections at kernel level
(not only in web browsers)
Host Intrusion PreventionDetects and blocks
of lateral movement behavior
Exit Point
Data Exfiltration DetectionDLP Detects and blocks sensitive
data leaving the endpoint
Device ControlBlocks unknown removable
media devices
!
!
!
![Page 24: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/24.jpg)
© 2019 Trend Micro Inc.24
IsolationQuarantineProcess killExecution blockDamage rollbackAPI capabilities Rapid response protection updates to other endpoints/products*
Automated Response
*manual
![Page 25: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/25.jpg)
© 2019 Trend Micro Inc.25
iProducts im Detail
![Page 26: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/26.jpg)
© 2019 Trend Micro Inc.26
Integrierte VulnerabilityProtection
![Page 27: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/27.jpg)
© 2019 Trend Micro Inc.27
Begriffsdefinition
Einbruchsicheres Glas Einbruchsicheres Glas
Normales Glas entgegen Ihres WissensVulnerability / SchwachstelleZero Day
![Page 28: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/28.jpg)
© 2019 Trend Micro Inc.28
Begriffsdefinition
Einbruchsicheres GlasEinbruchsicheres Glas
Normales Glas entgegen Ihres Wissens
Exploit
Vulnerability / SchwachstelleZero Day
![Page 29: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/29.jpg)
© 2019 Trend Micro Inc.29
Begriffsdefinition
Exploit
Vulnerability / SchwachstelleZero Day
Payload
Einbruchsicheres Glas Einbruchsicheres Glas
Normales Glas entgegen Ihres Wissens
![Page 30: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/30.jpg)
© 2019 Trend Micro Inc.30
Begriffsdefinition• Vulnerability oder Schwachstelle
– Anfälligkeit gegen Angriffe aufgrund von Mängeln in der Programmierung, Logik, etc.
• Exploit– Eine Methode, in das System einzubrechen, indem eine Schwachstelle
ausgenutzt wird
• Payload– Der Schadcode, der durch den Angriff in das System geschubst wird
![Page 31: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/31.jpg)
© 2019 Trend Micro Inc.31
Positiv: Inbetriebnahme spielend & kein Risiko
![Page 32: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/32.jpg)
© 2019 Trend Micro Inc.32
Integriertes ApplicationControl
![Page 33: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/33.jpg)
© 2019 Trend Micro Inc.33
Applikationskontrolle• User- und Device-basierende Regeln• Allow & Block• Lockdown
![Page 34: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/34.jpg)
© 2019 Trend Micro Inc.34
Best Practise
• Start with a Block (Assessment) criteria– E.g., Select all categories in Certified Safe Software list
• Assign policy to Apex OneTM Security Agents
![Page 35: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/35.jpg)
© 2019 Trend Micro Inc.35
Best Practise• Review with the Application Control violation detections manually
– Widget provides an easy-to-filter entry point
![Page 36: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/36.jpg)
© 2019 Trend Micro Inc.36
Best Practise• Refine criteria and approve recognized software
– Unselect the categories from Certificated Safe Software List– Create Allow Criteria to exempt from screening
![Page 37: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/37.jpg)
© 2019 Trend Micro Inc.37
Was und wie wird definiert?
• Certified Safe Software List (von Trend Micro)
• Dateipfade• Zertifikate• Hash Werte• Gray Software List (von Trend Micro)• Suspicious Object List (generiert
durch Ihre Systeme wie Sandbox oder EDR)
![Page 38: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/38.jpg)
© 2019 Trend Micro Inc.38
Regeln bauen
• Vorsicht bei der Regeldefinition!
![Page 39: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/39.jpg)
© 2019 Trend Micro Inc.39
Integrierter Endpoint Sensor (EDR)
• Was ist der mehrwert?
![Page 40: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/40.jpg)
Copyright 2019 Trend Micro Inc.40
POST DETECTION
“How did this happen?”
“Who else has been affected?”
“How do I respond?”
![Page 41: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/41.jpg)
© 2019 Trend Micro Inc.41
Apex Central™ Management Console
• Single console/workflow • Seamless integration of EDR investigation and automated detection/response• Select any detection to investigate
![Page 42: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/42.jpg)
© 2019 Trend Micro Inc.42
Wer ist noch betroffen???
• Endpoint protection shows detection (in this case there was one)• But were more users impacted before it was “known”?• Select Analyze Impact to sweep for more
![Page 43: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/43.jpg)
© 2019 Trend Micro Inc.43
Impact Assessment
• Impact assessment found five more undetected instances• Root Cause Analysis begins for all detected users• Users can be isolated at any time
![Page 44: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/44.jpg)
© 2019 Trend Micro Inc.44
Root Cause Analysis Results
![Page 45: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/45.jpg)
© 2019 Trend Micro Inc.45
Response Options
![Page 46: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/46.jpg)
Copyright 2019 Trend Micro Inc.46
PRE DETECTION
“Am I protected?”
“What if…”
![Page 47: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/47.jpg)
© 2019 Trend Micro Inc.47
Multiple Ways to Hunt for Attacks:
• User Defined Suspicious Objects (UDSO) from Deep Discovery
Supports SHA-1, IP, Domain
![Page 48: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/48.jpg)
© 2019 Trend Micro Inc.48
Sources of Intelligence to Hunt with:
• User Defined Suspicious Objects (UDSO)
• Open IOC (Indicator of Compromise) or STIXfrom threat feed.
• Customized Criteria:• Host (host name and IP
address are included)• Filename, path, and SHA-1
hash value• User account• Windows auto-run registry• Command lines
![Page 49: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/49.jpg)
© 2019 Trend Micro Inc.49
Preliminary Assessment:
• Initial assessment based on single multiple search items
![Page 50: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/50.jpg)
© 2019 Trend Micro Inc.50
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
Preliminary Assessment:
![Page 51: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/51.jpg)
© 2019 Trend Micro Inc.51
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
• Generate Root Cause Analysis for further investigation
Preliminary Assessment:
![Page 52: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/52.jpg)
© 2019 Trend Micro Inc.52
Root Cause Analysis:
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
• Generate Root Cause Analysis for further investigation
![Page 53: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/53.jpg)
ManagedDetection and Response
![Page 54: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/54.jpg)
© 2019 Trend Micro Inc.54
SENSORS
• Apex One™ with integrated Endpoint Sensor
• Deep Discovery Inspector
• Deep Security
• Delivered to management console
• Automated security updates
RESPONSE
Managed Detection and Response
SERVICE PLATFORM
TREND MICRO ANALYSTS
Expert Rules
Threat Intelligence
Machine Learning
![Page 55: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/55.jpg)
© 2019 Trend Micro Inc.55
US SOCDallas, Texas, USA
EU SOCCork, Ireland
APAC SOCManila, Philippines
US MDR Node Oregon, USA
EU MDR NodeFrankfurt, Germany
MDR Infrastruktur
![Page 56: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/56.jpg)
© 2019 Trend Micro Inc.56
Migration und Upgrade
![Page 57: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/57.jpg)
© 2019 Trend Micro Inc.57
Einstellungen migrierenhttps://success.trendmicro.com/solution/1118375-migrating-on-prem-officescan-xg-sp1-or-higher-to-officescan-as-a-service
![Page 58: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/58.jpg)
© 2019 Trend Micro Inc.58
Migrate to SaaS – Without Control Manager
Sign up forApex One SaaS
12 Export your Policies and import them into Apex One SaaS
OfficeScan XG Server
OfficeScan XGAgent 3 Move your agents to
Apex One SaaS
Apex One SaaS Agent
4 Decommission the OfficeScan XG Server
Apex Central SaaS
![Page 59: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/59.jpg)
© 2019 Trend Micro Inc.59
Migrate to SaaS – Retiring Control Manager
Sign up forApex One SaaS
1OfficeScan XG Server
OfficeScan XGAgent 3 Move your agents to
Apex One SaaS
Apex One SaaS Agent
4 Decommission the OfficeScan XG and Control Manager Servers
Control ManagerServer
2 Export policies and import them into Apex One SaaS
On-premise Control Manager needed for Connected Threat Defense with other Trend Micro software, hardware or services.
Apex Central SaaS
![Page 60: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/60.jpg)
© 2019 Trend Micro Inc.60
Migrate to SaaS – Keeping Control Manager
Sign up forApex One SaaS
1OfficeScan XG Server
OfficeScan XGAgent 3 Move your agents to
Apex One SaaS
Apex One SaaS Agent
4 Decommission the OfficeScan XG Server
Control ManagerServer -> Inplace
Upgrade Apex Central
2 Connect Apex One SaaS to On-Premise Control Manager
On-premise Control Manager needed for Connected Threat Defense with other Trend Micro software, hardware or services.
Apex One SaaS
![Page 61: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/61.jpg)
© 2019 Trend Micro Inc.61
On-Premise Upgrades
![Page 62: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/62.jpg)
© 2019 Trend Micro Inc.62
On-Premise Upgrades – In Place
OfficeScan ServerOn-Premise
Control Manager On-Premise
Apex One ServerOn-Premise
Apex CentralOn-Premise
Apex One Agent
Upgrade to Apex Central Server1
It’s always recommended to take backups before performing upgrades.
Upgrade to Apex One Server2 The agent will automatically upgrade*3
*Unless disabled in the configurations. You can use this to slowly roll out agent updates.
![Page 63: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/63.jpg)
© 2019 Trend Micro Inc.63
On-Premise Upgrades – New Server
InstallApex One Server
12 Export your Policies and import them into Apex One
OfficeScan XG Server
OfficeScan XGAgent 3 Move your agents to
the new server
Apex One Agent
4 Decommission the OfficeScan XG Server
Apex One ServerOn-Premise
![Page 64: IT-Security-Symposium 2019 IT -Security im Fokus · Die neue Komplettlösung für den Endpunktschutz Özgür Isik – Channel Presales Engineer, ApexOne IT-Security-Symposium 2019](https://reader033.vdocument.in/reader033/viewer/2022041820/5e5da917f6944d7f89432486/html5/thumbnails/64.jpg)
© 2019 Trend Micro Inc.64
TMVP bereits vorhanden? Kein Problem
Apex One AgentEndpoint Sensor AgentVulnerability Protection Agent
Apex OneSaaS
Endpoint Sensor Server
Vulnerability Protection Server
Enable the Feature in Policies
The existing Vulnerability Protection Agent is automatically uninstalled.