mod2 wfbs new starter

1Version 1.0 – Trend Micro Confidential

Solution ReadinessSupport Training

Trend Micro Worry-Free Business

Module 2


Trend Micro Worry-Free Business Security

Module 2Marketing and Selling WFBS


WFBS New Starter Training Course Contents

1. Today´s Threats

2. Product Overview

Module 2 – Marketing and Selling WFBS – Today’s Threats and how WFBS is fighting them



Chapter 1Today’s Threats


You will be able to

1. Describe different malware types and how they have evolved

2. Describe an infection chain involving a botnet

3. Understand the motivation of today’s malware writers

4. Describe the impact of malware in business terms

5. List the things on your PC network you should protect

6. List methods you can use to protect yourself against attacks.

7. Outline a policy for protecting a business network

8. List the features that a good anti-malware product should have


Review Question 1.1

• Describe different malware types and how they have evolved• What is the difference between a virus, a network virus and a

worm?


Review Question 1.2

• Describe an infection chain involving a botnet• What is the best description of a botnet?

a. A hacker creates a botnet by sending a trojan to Microsoft servers

b. The hacker controls the botnet by inserting a keylog into infected computers

c. A botnet is a collection of network viruses running on a large group of computers

d. A botnet is a group of infected computers controlled by hacker


Review Question 1.3

• Understand the motivation of today’s malware writers

• What are the reasons people create malware today compared to for example 5 years ago?


Review Question 1.4

• Describe the impact of malware in business terms• What malware variant has caused economic losses amounting

to billions of dollars? Describe the outbreak in general terms.


Review Question 1.5

• List the things on your PC network you should protect• Name three things a small business needs to protect. How

would you assign a financial value to each one? Give a rough estimate in euros.


Review Question 1.6

• List methods you can use to protect yourself against attacks.

What advice would you give to a non-technical friend or colleague who seems to be suffering from malware attacks? Make a list of actions he or she should carry out. What would be top of the list?


Review Question 1.7

• Outline a policy for protecting a business network

What items need to be protected on a small business network? Think in both physical and abstract terms.


Review Question 1.8

• List the features that a good anti-malware product should have• Imagine you are trying to convince a friend to use anti-malware

software on his or her computer. What features would you explain? Outline the conversation you would have.


Review Answer 1.1

• Describe different malware types and how they have evolved• What is the difference between a virus, a network virus and a

worm?• A Virus is an autonomous piece of malicious code which infects

boot sector or files but cannot spread itself to another computer. Spreads manually via floppy disks, later by email or web download.

• A virus spreading over the network is not strictly a network virus. A Network Virus is a virus which replicates using network protocols such as TCP and HTTP.

• Worm – An example of a a Network Virus. Spreads due to network vulnerabilities, like other Network Viruses it can be identified and blocked by a Firwall.


Review Answer 1.2

• Describe an infection chain involving a botnet• What is the best description of a botnet?

d. A botnet is a group of infected computers controlled by hacker


Review Answer 1.3

• Understand the motivation of today’s malware writers

Today’s malware writers are a criminal element motivated primarily by money. They steal account information and gain access to bank accounts and then take money from these accounts. They try to remain undetected.

In the past script-kiddies and other hackers were motivated by a desire to “show-off” their hacking skills. They wanted to make a big impact and embarrass prestigious organisations.


Review Answer 1.4• Describe the impact of malware in business terms

• What malware variant has caused economic losses amounting to billions of dollars? Describe the outbreak in general terms

NetSky is an example of malware which in 2004 had already caused over 25 billion dollars of damage.

This worm spreads by sending out copies of itself as email attachment using its built-in SMTP engine. It gathers target recipients from certain files found on the affected machine, virtually turning the affected system into a propagation launch pad. Like most mass-mailing worm programs, this worm employs social engineering to get through that most critical barrier to propagation, which is getting the target recipient to open the infected email and execute the attachment.

Malware damages are calculated on the basis of helpdesk support costs, overtime payments, contingency outsourcing, loss of business, bandwidth clogging, productivity erosion, management time reallocation, cost of recovery and software upgrades. Intellectual Property Rights (IPR) violations and customer and supplier liability costs must also be counted

http://www.publictechnology.net/content/698http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.P&Vsect=T#email

http://www.publictechnology.net/content/698

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.P&Vsect=T#email





Review Answer 1.5

• List the things on your PC network you should protect• Examples of such assets include:

– Trade names, logos, or slogans.

– Budgets, business plans, and marketing plans.

– Customer lists or employee information.

– Audio, visual, and documentary content.

– Formulas, designs, or methods.

– Research, and developmental or experimental work.

– Software, databases, and data and source code.

– All other material that can be copyrighted, patented, or trademarked.

http://www.workz.com/content/view_content.html?section_id=531&content_id=5453





Review Answer 1.6

• List methods you can use to protect yourself against attacks.

What advice would you give to a non-technical friend or colleague who seems to be suffering from malware attacks? Make a list of actions he or she should carry out. What would be top of the list?

1. Use anti-malware software

2. Turn on a firewall to prevent network viruses

3. Don’t open suspicious emails

4. Don’t provide banking information or credit card details to people requesting them in emails

http://www.ixdownload.com/forums/security/834-how-spot-prevent-being-fooled-email-spam-malware-attacks.html

http://www.ixdownload.com/forums/security/834-how-spot-prevent-being-fooled-email-spam-malware-attacks.html


Review Answer 1.7

• Outline a policy for protecting a business network

A Policy is a formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.

Policy attributes include the following:

• Require compliance (mandatory)

• Failure to comply results in disciplinary action

• Focus on desired results, not on means of

implementation

• Further defined by standards and guidelineshttp://www.sans.org/reading_room/whitepapers/policyissues/developing-security-policies-protecting-corporate-assets_490

http://www.sans.org/security-resources/policies/Policy_Primer.pdf

http://www.sans.org/reading_room/whitepapers/policyissues/developing-security-policies-protecting-corporate-assets_490

http://www.sans.org/reading_room/whitepapers/policyissues/developing-security-policies-protecting-corporate-assets_490

http://www.sans.org/security-resources/policies/Policy_Primer.pdf


Review Answer 1.8

• List the features that a good anti-malware product should have

Support for XP, Vista, and 7 (32-bit and 64-bit).

Fast scanning.

Ability to perform full scans for all drives.

Database updates released daily.

Quarantine to hold threats and restore them at your convenience.

Exclude list for the scanner

A small list of extra utilities to help remove malware manually.

Works together with other anti-malware utilities.

Context menu integration to scan files on demand.

Low impact on normal performance of the PC

http://www.malwarebytes.org/mbam.php




Exercise

• Netstat –ano + taskmanager• Housecall• rubotted



Chapter 2Product Overview


You will be able to

1. State the benefits of WFBS

2. Explain how Worry Free provides protection against today's coordinated threats

3. Position the WFBS product within the Trend Micro product range

4. Describe the Client/Server architecture of WFBS

5. Describe the “Smart Protection Network”

6. Describe what’s in Worry Free up to and including version 6 Service Pack 3


Review Question 2.1

State the benefits of WFBS

What are the 3 basic benefits of WFBS? Give a simple sales pitch.


Review Question 2.2Explain how Worry Free provides protection against today's coordinated threats

1. POP3 Mail Scan in Client/Server Security Agent and IMAP Mail Scan in Messaging Security Agent Protection for Messaging SecurityAgent for Microsoft™ Exchange Servers

2. Antivirus and Anti-spyware Scan Engines along with Pattern Files inClient/Server Security Agent and Messaging Security Agent

3. Firewall in Client/Server Security Agent

4. Web Reputation and TrendProtect in Client/Server Security Agent

5. Behavior Monitoring in Client/Server Security Agent

6. Transaction Protector in Client/Server Security Agent

7. IM Content Filtering in Client/Server Security Agent

8. Firewall in Client/Server Security Agent

PROTECTION

• Match the letters with the numbers

A. Virus/Malware. Virus, Trojans,Worms, Backdoors, and RootkitsSpyware/Grayware. Spyware,Dialers, Hacking tools, Passwordcracking applications, Adware, Jokeprograms, and Keyloggers

B. Virus/Malware and Spyware/Graywaretransmitted through email messagesand spamC. Network Worms/Viruses

D. Intrusions

E. Conceivably harmful Websites/Phishing sites

F. Malicious behaviour

G. Fake access points

H. Explicit/restricted content in IMapplications

THREAT


Review Question 2.3

Position the WFBS product within the Trend Micro product range

What are the benefits of Worry Free Remote Manager?


Review Question 2.4Describe the Client/Server architecture of WFBS

G

A

B C D E F

• Pick out the false statements:• In a typical configuration with WFBS 6 SP3 installed on all computers

1. A sends pattern updates to B – G only2. G has a Client Server Security Agent3. B accesses the Client database on G using HTTP4. G sends pattern updates to B – F5. A accesses the Client database on A using HTTP6. B - G access the Client database on A using HTTP7. G has a Messaging Security Agent8. A has a Client Server Security Agent

Windows 2008 server

Windows XP and Win 7 PCsExchange Server


Review Question 2.51. Describe the “Smart Protection Network”

What are two key benefits of the Smart Protection Network?


Review Question 2.6Describe what’s in WFBS up to and including version 6 Service Pack 3

A Protects users when working on the Internet

B Protects users when working wirelessly

C Protects users when working out of the office

D Protects users against viruses regardless of location

E Protects users when chatting

F Protects users when doing online banking

1 Web reputation

4 Wi Fi Advisor

7 Location Awareness

2 Behaviour Monitoring

3 IM Protection

6 Smart and Conventional Scan

5 Transaction Protect


Review Question 2.7Describe what’s in WFBS up to and including version 6 Service Pack 3

What’s the difference between URL filtering and Web Reputation


Review Answers 2.1

What are the 3xS benefits of WFBS?

82

Trend Micro Worry-Free Business Security Advanced (WFBS) protects small business

users and assets from data theft, identity theft, risky Web sites, and spam. Powered by

the Trend Micro™ Smart Protection Network, Worry-Free Business Security Advanced

is:

• Safer:

Stops viruses, spyware, spam, and Web threats from reaching computers or

servers. URL filtering blocks access to risky Web sites and helps improve user

productivity.

• Smarter:

Fast scans and continuous updates prevent new threats, with minimal

impact to users’ PCs.

• Simpler:

Easy to deploy and requiring zero administration, WFBS detects threats

more effectively so that you can focus on business instead of security.


Review Answer 2.22. Explain how Worry Free provides protection against today's

coordinated threats

83

A 2B 1C 3D 8E 4F 5G 7


Review Answer 2.3

Position the WFBS product within the Trend Micro product range

What are the benefits of Worry Free Remote Manager?

Resellers now have the option to install a Worry-Free Remote Manager Agent that allows them to remotely manage a number of WFBS Security Server and HES installations on behalf of different customers.


Review Answer 2.4

G

A

B C D E F

• Pick out the false statements:• In a typical configuration with WFBS 6 SP3 installed on all computers

1. A sends pattern updates to B – G only F2. G has a Client Server Security Agent T3. B accesses the Client database on G using HTTP F4. G sends pattern updates to B – F F5. A accesses the Client database on A using HTTP T6. B - G access the Client database on A using HTTP T7. G has a Messaging Security Agent T8. A has a Client Server Security Agent T

Windows 2008 server

Windows XP and Win 7 PCsExchange Server


Review Answer 2.51. Describe the “Smart Protection Network”

What are two key benefits of the Smart Protection Network?

Stronger, Faster Protection. Lighter on Your System Resources.

The Trend Micro Smart Protection Network lightens the demand on your system resources by leveraging cloud-based technology to block Web threats before they even reach you, providing stronger protection while reducing your reliance on time-consuming signature-downloads.

Better Together Security.

The Trend Micro Smart Protection Network is constantly updated and strengthened as more users access the network, providing "better together" security.

http://emea.trendmicro.com/emea/technology/smart-protection-network/key-benefits/


Review Answers 2.6

A Protects users when working on the Internet

B Protects users when working wirelessly

C Protects users when working out of the office

D Protects users against viruses regardless of location

E Protects users when chatting

F Protects users when doing online banking

1 Web reputation

3 IM Protection

7 Location Awareness

2 Behaviour Monitoring

4 Wi Fi Advisor

6 Smart and Conventional Scan

5 Transaction Protect

Describe what’s in WFBS up to and including version 6 Service Pack 3


Review Answer 2.7Describe what’s in WFBS up to and including version 6 Service Pack 3

What’s the difference between URL filtering and Web Reputation

URL Filtering WFBS 6.0’s URL Filtering feature lets administrators control access to websites based on their rating. Filter strength can be set to high, medium, low, or custom settings, and by business and leisure hours.

Web Threat Protection Uses the latest Web Reputation technology to assess the security risk of all Web URL requests. Web Threat Protection stops malware real-time, at the source, before it can be downloaded from the Internet. Unique to Trend Micro. 5.1: Enhanced feedback loop mechanism for unknown Web threats, part of the Smart Protection Network.


Exercise

• Try the Trend Micro recommender – see if you can get it to recommend you use Worry Free:

http://recommender.trendmicro-europe.com/




Module Review

Thank You

mod2 wfbs new starter

Technology