Transcript Presentation Title

Trend Micro Real-Time
Threat Management
June 13, 2011—launch date; Press Presentation
Dan Glessner, Vice-President, Enterprise Marketing
Kevin Faulkner, Director, Product Marketing
Copyright 2011 Trend Micro Inc.
Today, Traditional Security is Insufficient
Empowered
Employees
& Wikileaks
Advanced
Targeted Threats
i.e., Stuxnet, Epsilon,
Aurora, Mariposa, Zeus,
Sony PlayStation, etc.
De-Perimeterization
Virtualization, Cloud,
Consumerization & Mobility
Trend Micro evaluations find over 90% of enterprise
networks contain active malicious malware!
Source: Forrester
The Need for Real-time Risk Management
Source: Verizon 2011 Data Breach Report
1/3 of infections result in compromise within minutes, but
most are not discovered or contained for weeks or months!
3
Copyright 2011 Trend Micro Inc.
Analysts and Influencers Urge Action
 “Zero-Trust” security model
 Use of Network Analysis and Visibility Tools
 “Lean Forward” proactive security strategy
 Use of Network Threat Monitoring Tools
 “Real-Time Risk Management”
 Use of Threat Monitoring Intelligence
 US Federal Risk Management Framework
 Calls for “Continuous Monitoring”
4
Copyright 2011 Trend Micro Inc.
Increased IT Security Priority:
Vulnerability and Threat Management
“Which of the following initiatives are likely to be your firm’s
top IT security priorities over the next 12 months?”
Since 2008, “Managing
vulnerabilities and threats” has
moved from
#5 to #2
Source: Forrsights Security Survey, Q3 2010
5
Copyright 2011 Trend Micro Inc.
Announcing: Trend Micro Real-Time
Threat Management Solutions
Network-Wide
Visibility and Control
Threat Management System
Dynamic Threat Analysis System
Actionable
Threat Intelligence
Timely Vulnerability
Protection
Threat Intelligence
Manager
Vulnerability Mgmt. Services
Deep Security Virtual Patching
Smart Protection Network Intelligence
Risk Management Services
•
•
•
•
•
Detect, analyze and remediate advanced threats
Investigate incident events and contain their impact
Monitor and optimize security posture
Manage vulnerabilities & proactive virtual patching
Augment security staff & expertise
6
Copyright 2011 Trend Micro Inc.
Trend Micro Threat Management System
TMS is a Network Analysis and Visibility solution that
provides the real-time visibility, insight, and control to
protect your company from advanced persistent attacks
Network Threat
Detection & Deterrence
Automated Remediation
Malware Forensic
Analysis Platform
Multi-Level Reporting
Risk Management
Services Offering
Over 300 Enterprise & Government Customers WW
7
Copyright 2011 Trend Micro Inc.
TMS: Visibility – Insight – Control
Detailed Reports:
• Incident Analysis
• Executive Summary
• Root-cause Analysis
Command &
Control Server
Additional Analysis
Threat Confirmed
Threat Mitigator
• Signature-free clean up
• Root-cause analysis
APT Communication Detected
Threat Discovery
Appliance
DataCenter
APT Implanted
Via Web, Email, USB…
8
Copyright 2011 Trend Micro Inc.
Detection Capabilities
• Multiple unique threat engines
• 24 hour event correlation
• Continually updated threat
relevance rules
• Data loss detection
New – DTAS Sandbox Detection Engine
New – Document Exploit Engine
• Tracks unauthorized app usage
and malicious destinations
• Powered by Smart Protection
Network and dedicated Trend
researchers
Best Detection Rates
Lowest False Positives
Real-Time Impact
9
Copyright 2011 Trend Micro Inc.
TMS + Dynamic Threat Analysis System
Integrated malware execution and forensic analysis
• Sandbox execution
• Malware actions &
events
• Malicious destinations
• C&C Servers contacted
• Exportable reports &
PCAP files
• Backend integration
into TMS reporting &
Mitigator
Threat Discovery
Appliance
Direct File
Submission
Other Trend
Products
10
Copyright 2011 Trend Micro Inc.
Event Management Customer Pain Points
Wide gap between those who
know they have a problem, and
those who have a solution
*SAN Survey Data 2010
Trend Micro Confidential 7/17/2015
11
11
Copyright 2011 Trend Micro Inc.
Trend Micro Threat Intelligence Manager
Delivers threat intelligence and impact analysis needed
to identify and reduce exposure to advanced threats.
Incident Analysis and
Security Posture
Monitoring
Real-Time Threat Analysis
and Visualization
Office Scan
Incident Discovery
Provide Actionable
Intelligence for active
threats
Visualize event
relationships in an attack
Threat Discovery Appliance
Threat Intelligence
Manager
Suspicious Network Behavior
Threat Analysis and
Response
Deep Security
System Integrity
Consolidates threat events and uses advanced visualization
and intelligence to uncover the hidden threats!
12
Copyright 2011 Trend Micro Inc.
What Threat Intelligence Manager Enables
Customers can:
• Identify the hidden or advanced threats
• Visualize the lifecycle of an attack
• Establish custom alerts for tracking future events
• Customized reporting and executive reporting
• Scorecards for monitoring security posture
• Answer key questions:
– Are there suspicious events that I am missing from my logs?
– Are there outbound active connections from compromised systems?
– Are there additional endpoints with similar behaviors as the
compromised system?
– What systems are involved in the attack, and what steps can I take to
defend?
13
Copyright 2011 Trend Micro Inc.
Customizable Dashboard
Access and visualization by role and responsibility
14
Copyright 2011 Trend Micro Inc.
Real-Time Threat Management
In Action
Network
• Multi-point detection
• Validation
• Threat Analysis
Threat Intelligence Manager
Threat Management System
Dynamic Threat Analysis System
• Impact Assessment
• Automated Remediation
• Pro-active Protection
Endpoints
Servers
15
Copyright 2011 Trend Micro Inc.
Benefits of Trend Micro Real-Time Threat
Management Solutions
Trend expedites containment – helping identify,
remediate and protect infiltrated and susceptible systems
 Intelligent threat and log analysis
 Automated remediation
 Virtual patching
Level of
Damage
from APT
Containment
Discovery
If entry successful, Trend shortens the time to discovery –
minimizing the risk and damages of actual compromise
 Network-level analysis & visibility
 Intelligent threat and log analysis
 HIPS, virtual patching, Integrity Monitoring
Trend minimizes the likelihood of APT intrusion blocking threat exposure, vulnerability and communication
 Smart Protection Network reputation intelligence
 Network-level analysis & visibility
 Vulnerability scanning & virtual patching
Compromise
Entry
Hours
Days / Weeks
Weeks / Months
Weeks / Months
New Risk Management Services
Augment stretched IT security staff
Increase IT security responsiveness
and expertise
Put Trend Micro Threat Researchers
and Service Specialists on your team
• Proactive monitoring and alerting
A complete portfolio
designed to further reduce
risk exposure and security
management costs
• Threat analysis and advisory
• Threat remediation assistance
• Risk posture review and analysis
• Strategic security planning
17
Copyright 2011 Trend Micro Inc.
Why Trend Micro?
Trend Micro is the only vendor providing integrated
real-time protection and risk management against
advanced targeted threats.
Network-Wide
Visibility and Control
Threat Management System
Dynamic Threat Analysis System
Actionable
Threat Intelligence
Timely Vulnerability
Protection
Threat Intelligence
Manager
Vulnerability Mgmt. Services
Deep Security Virtual Patching
Smart Protection Network Intelligence
Risk Management Services
“Trend Micro has always impressed me with its understanding of
what its customers are going through and this reiterates it again.”
Richard Stiennon, IT-Harvest
18
Copyright 2011 Trend Micro Inc.
Appendix
19
Copyright 2011 Trend Micro Inc.
The Virtual Patching Solution
Trend Micro Security Center
provides Virtual Patches within
hours of vulnerability disclosure
• Automated centralized distribution
Risk Mgt & Compliance
• Close window of vulnerability for
critical systems and applications
• Protect “unpatchable” systems
• Protection available:
• Deep Security product module
• With OfficeScan IDF plugin
• Meet 30-day PCI patch requirement
Operational Impact
• Reduce patch cycle frequency
Automated
Monitoring
• Avoid ad-hoc patching
Application
Analysis
• Minimize system downtime
Filter “Patch”
Development
Trend Micro
Security Center
Protection
Delivery
Physical / Virtual / Cloud
Servers
20
Endpoints
& Devices
Copyright 2011 Trend Micro Inc.
Vulnerability Management System
• Vulnerability scanning
– Vulnerability scanning of internal and
external devices
– Patch and configuration recommendations
• Web application scanning
– Web site crawler to detect application
design vulnerabilities like SQL injection
and cross-site scripting etc.
• PCI compliant scanning
– Vulnerability scanning with reports for PCI
– Trend is an Approved Scanning Vendor
• Policy compliance
– Define and track compliance with device
security policies
• SaaS based management portal
– Hosted scans of external devices
– On-premise appliance for scanning
internal devices managed from SaaS
portal
– On-demand scan
21
21
Copyright 2011 Trend Micro Inc.
Flavors of “Intelligence”
Security Information & Event Management (SIEM):
•The collection and advanced analysis of logs/events across all security
disciplines into a central platform, for high-level status and event review.
Threat Intelligence is:
•Threat Intelligence is a complementary technology to SIEM, with greater focus
on the “threat space” of security
22
Copyright 2011 Trend Micro Inc.
Advanced Visualization & Impact Analysis
Visualize the relationship between cause and effect of each
threat event, and fully understand the impact
23
Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network
Total Percentage of threats blocked by all layers:
Exposure, Infection, Dynamic
100.0%
100.0%
80.0%
77.0%
63.0%
61.5%
70.5%
60.0%
40.0%
20.0%
0.0%
Trend Micro OfficeScan
McAfee VirusScan
Sophos Endpoint Security
Symantec Endpoint Protection
Microsoft Forefront
Jan 2011 results of testing conducted by AV-Test.org (qualified for internal use)
Results from T+60 test
24
Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network
http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/nss-labs/index.html?cm_re=HP:Sub:1-_-CORP-_NSSlabs02
25
Copyright 2011 Trend Micro Inc.
Trend Micro Smart Protection Network
Industry-proven real-world protection
*1：http://www.nsslabs.com/research/endpoint-security/anti-malware/
*2：http://us.trendmicro.com/us/trendwatch/core-technologies/competitive-benchmarks/index.html
*3：http://www.dennistechnologylabs.com/reports/s/a-m/trendmicro/PCVP2010-TM.pdf
(Dec. Test performed for Computer Shopper UK)
*4 : http://www.av-comparatives.org/images/stories/test/dyn/stats/index.html
Note: If multiple products from one vendor were
evaluated, then vendor’s best performance is listed.
26
Copyright 2011 Trend Micro Inc.
Threat Management Portal
Interactive drill-down dashboards
• Navigate across corporate groups
• Pin-point infected sources
• Perform root-cause analysis
• Track suspicious user behavior and
application usage
• Detect leakage of regulated data
• Customizable event alarms
• Multi-level reporting for managers
and executives
• Available on-premise or hosted
Coming 2H 2011
• Improved drill down capability
• Sandbox analysis workbench
27
Copyright 2011 Trend Micro Inc.
Threat Mitigator Technology:
Root-cause and signature-free cleanup

Cleanup request
received

Check forensic logs

Locate which process
performed malicious activity

Remove malware
process, file and registry
entries

Locate and remove
parent malware

Locate and remove child
malware

In case of failure, a
custom cleanup kit is
automatically generated
by Trend
28
Copyright 2011 Trend Micro Inc.
Risk Management Services
A component of Trend Micro Technical Account Management Services
Bronze
Services
Silver
Services
• On-demand advisory
services
• Bronze package
plus…
• On-demand
remediation services
• Weekly report reviews
& advisory
• Priority event alerting
• Monthly status;
Quarterly reviews
• 8X5 access
• Product installation
and configuration
• 24X7 access for
urgent issues
Gold
Services
Diamond
Services
• Silver package plus…
• Gold package plus…
• Daily report reviews &
advisory
• Daily monitoring &
communication
• Customized security
planning
• Complete tailored
services delivery
• Annual assessment
and training
• Dedicated Technical
Account Manager
29
Copyright 2011 Trend Micro Inc.
Global Security
& Logistics Co.
Over 300 Enterprise and Government Customers WW