welcome to: smart protection network claudio zattoni senior system engineer...
TRANSCRIPT
Agenda
Trend Micro Overview
1
Changing Malware Market
2
Smart Protection Networks
3
Wrap-Up
4
Slide #2
Slide #3
Trend Micro Overview
Vision and Mission
A world where it is absolutely safe to exchange digital information
Our Vision
Develop, deliver, and support the most flexible and customizable Internet security solutions to address the threats on the Web
Our Mission
ever-changing
Smart Protection
Network Launched
June 18th 2008
Slide #4
Trend Micro Vital Stats
Founded: 1988
Operations in over 50 countries
Headquartered: Tokyo, Japan
Slide #5
3,600+ Employees
0
100
200
300
400
500
600
700
800
900
1000
Trend Micro Vital Stats
2007 Revenue:
$848 Million
Sales: Channel/Partner
Consultancy: Channel/Partner
Support: Channel/Partner
Slide #6
Segments
Consumer Small Business Mid-Size Business Enterprise Business
Time to Protect
Slide #7
Smart Protection Network
Slide #8
Changing Malware Market
Increasing Threat
Malware is becoming increasingly dangerous
and harder to detect.
Slide #9
Malware is Multiplying
Malware Samples• 1988: 1,738
• 1998: 177,615
• 2008: 1,100,000+
• Pattern Files Can’t Keep Up
{ Malware is Sophisticated
Malware Variants• Multi-Vector
• Polymorphic
• Rapid Variants{ Malware is Profit-Driven
Malware Actions• Stealthy
• Targeted
• Crime & Espionage
• Increased Liability Costs{
Underground Economy
Asset Going-rate
Pay-out for each unique adware installation $0.02-0.30
Malware package, basic version $1,000 – $2,000
Malware package with add-on services Starting at $20
Exploit kit rental (1 hour) $0.99 to $1
Exploit kit rental (2.5 hours) $1.60 to $2
Exploit kit rental (5 hours) $4, may vary
Undetected copy of info-sealing Trojan $80, may vary
Distributed Denial of Service attack $100 per day
10,000 compromised PCs $1,000
Stolen bank account credentials Starting at $50
1 million freshly-harvested emails (unver) $8 and up
Sample data from research on the underground digital economy in 2007
Slide #10
0.00
5,000.00
10,000.00
15,000.00
20,000.00
25,000.00
30,000.00
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Projected Threats
The Volume Problem
Projected
Increase in Unique Threat Samples PER HOUR
(Conservative Projections)By 2015 233,000,000 Per Year
Slide #11
Slide #12
Smart Protection Network
Next generation architecture
Threat Protection Databases
PASTPast
Small Pattern DBSlowly Updating Patterns
< 50 Per Day
Patterns
Slide #13
Hybrid Client
Hybrid Client Cloud-based complementing
traditional anti-malware pattern updates
Enterprise Network Caches
Pattern File Size Reduction
Not Always Connected
Performance Cache
Host-Based Behavioral
Anti-Malware (HIPS) is Helpful
Some Traditional AV benchmarking may no
longer be valid.
Slide #17
Smart Protection Network
It powers both on-premise and hosted solutions to protect users whether they are on the network, at home, or on the go, using light
weight clients to access its unique in-the-cloud network of correlated email, Web and file reputation technologies, as well as threat
databases. Customers’ protection is automatically updated and strengthened as more products, services and users access
the network, creating a real-time neighbourhood watch protection service for
its users.
Cloud-Client Hybrid (Formal Statement)
Slide #18
Backend investment
• 3.5 billion URL requests per day 20 million+ install base 99.9999%+ uptime
• 5 data center (US, EMEA, APAC) 1000 production servers
Category Collaboration
Anti-SpamOperation
Anti-MalwareOperation
Threat ResearchOperation
Email Security Services
EmailReputation Services
OEM Partners
URL Sourcing
End UserQuery Traffic
WebCrawler
CustomerFeedback
URLs inSpam Mails
URL ThreatResearch
3rd PartySources
UR
Ls
Malicious EXE or URLs
URLs with malware
URLs
DNS & HTTP
URLAnalysis
Automatic Rating Systems
Zone Builder/Dispatcher
URL Database
JIT Human Validation
Category Reputation
Worldwide Services Dispatch
Category & Reputation Score
URL ServicesQuery PointsURL ServicesQuery Points
URL ServicesQuery Points
URL ServicesQuery PointsURL ServicesQuery Points
URL ServicesQuery Points
TMUFE
AV/AS Detection Signature or Heuristics
Web Reputation ServiceURL Filtering Service
Point Products
Slide #19
Backend Investment
Competition are way behind.
Many cannot make the investment $
Most utilize non-integrated third-party products
Slide #20
Key Infrastructure Components
Specialized Threat Analysis
Web reputation technologyEmail reputation technologyFile reputation technologyBehavioural analysis
“Neighbourhood Watch”
Correlates multiple events from many sources
• Customer feedback• Web Crawlers• Honey Pots• Trend Labs• Other AV companies
Prioritises further analysis
Real-Time Services
Feedback Loop
Backend Correlation Technology
TrendLabs
Slide #21
In-the-Cloud File Reputation
Product Launch in 1H
2009
Part of Smart Protection Network
Rapid Protection from File Modifying Malware
Extends Existing
File Scanning Features
White/Black Listing Functionality
Virtualization Support
Strengthens Data-Centre Correlation
In-the-Cloud Thin-Client
File Scanning
Slide #22
Already Live
Slide #23
Slide #24
Smart Protection NetworkProducts
Smart Protection NetworkProduct Support
Slide #25
Web Reputation
• TIS & TIS Pro 2008, 2009• WBFS Standard &
Advanced• OfficeScan 8.x• IWSS/IWSVA 3.x• C&CS
{ Email Reputation
• WFBS Advanced
• IMSS/IMSVA Advanced
• SPS
• IMHS Standard & Advanced (includes web reputation for embedded links within email)
• C&CS
{ File Reputation
(Whitelisting)
• TIS & TIS Pro 2008, 2009• WFBS Standard &
Advanced{
Threats
Services
InterScan™ Messaging
Hosted Security
Internet
Worry-Free™SecureSite
Desktop & ServerGateway Small BusinessServer/Exchange
Worry FreeAdvanced
Worry-FreeStandard
Gateway SecurityPartner Solutions
Linksys
Worry-Free™ Remote Manager
Small Business
Slide #26
Threats
Medium Business
24 x 7 Support24 x 7 Support
Trend Micro Message ArchiverTrend Micro Message Archiver
Trend Micro LeakProof ™Trend Micro LeakProof ™
Desktop & ServerGateway Mail Server
ScanMail™OfficeScan™
InterScan™ Web Security
InterScan™ Messaging
Security
NeatSuite™
Client Server Messaging Suite
Services
InterScan™ Messaging
Hosted Security
Internet
Slide #27
Enterprise Business
Threats
Services
InterScan™ Messaging
Hosted Security
Internet
24 x 7 Support24 x 7 Support
Trend Micro Message ArchiverTrend Micro Message Archiver
Trend Micro LeakProof ™Trend Micro LeakProof ™
EndpointGateway Servers
Management
InterScan™ Web Security
InterScan™ Messaging
Security
ScanMail™
IM Security for OCS Solution
ServerProtect™
SharePoint Portal
Trend Micro Control Manager™
NeatSuite™
Client Server Messaging Suite
OfficeScan™
Slide #28
Slide #28
Wrap-Up
Already Proven Over Many
months (ERS & WRS)
• Data centres scale to enterprise
• Embedded in many TM products
• Still evolving -- FRS
Near Real-Time Protection
• Minutes from malware resolution to End-User protection
• Trend Micro “Neighbourhood Watch” monitoring/ feedback
Massive Differentiation
Investment by TM
• Some competitors have some small pieces
Downloaded Pattern Files are
Failing
• Memory
• Network bandwidth
• Update lag
• New architecture & framework needed
Hugely Reduced Pattern File Size
Issues
• Works with disconnected laptops
• Reduces network bandwidth
Smart Protection Network - Architecture
Slide #30
Smart Protection Network - USP
Smart Protection Network (USP)
Less Network Traffic
Lightweight Clients, Less Memory
Removes Pattern Monitoring/ Management
Protects Customers in Near Real Time
Slide #31
Smart Protection Network - USP
Less Staff Time
Reduced Costs
Improved Productivity
Lowered Data Theft
Enhanced Legal Compliance
Slide #32
33
The End