10/14/2015 Introducing Worry-Free SecureSite. Copyright 2007 - Trend Micro Inc. Agenda Problem...

04/19/23

Introducing Worry-Free SecureSite

Copyright 2007 - Trend Micro Inc.

Agenda

• Problem– SQL injection– XSS

• Solution• Market opportunity• Target customers• Competitive• Key Selling Points/Strategies


The threat environment

Co

mp

lexi

ty

Crimeware

Spyware

SpamMass Mailers

IntelligentBotnets

Web Threats

• Multi-Vector• Multi-Component • Web Polymorphic• Rapid Variants• Single Instance• Single Target• Regional Attacks• Silent, Hidden • Hard to Clean• Botnet Enabled• Information

Stealing

VulnerabilitiesWorm/

Outbreaks


How vulnerable are Web sites?

• Fifty per cent – one of every two – online retail sites have serious vulnerabilities1

– SQL injection – XSS vulnerabilities

• More than 22,000 known xss vulnerabilities identified at named Web sites2

– Only 5% fixed

• More than 40% of Web threat incidents involved legitimate sites unknowingly distributing malware3

1) Trend Micro research 20082) www.xssed.com, April 20083) TrendLabs Blog


What is SQL injection?

Injecting a script into website’s SQL database via online form• Injecting a script into SQL database via Web-based form– Can be prevented with field parameters– Proliferation of forms w/ distributed owners is challenge


What is SQL Injection?


What is XSS?

• XSS = cross–site scripting to inject malware into Web pages– Local

– Non-persistent

– Persistent

• Takes advantage of site-specific vulnerabilities

• Can be used to:– Hijack and redirect user’s session

– Access user session cookie and impersonate end-user

– Can bypass access controls such as same origin policy

– Can be used to craft phishing attacks and browser exploits


What is XSS?


What is Worry-Free SecureSite?

1.Assess, validate and monitor web sites against vulnerabilities

2.SecureSite mark for validated sites

3. If necessary, remediation steps and documentation provided


How is Worry-Free SecureSite different than competition?

• Provided by a widely known and trusted security vendor

• Channel partners have required experience to help remediate vulnerabilities

• Affordable pricing to drive volume adoption and partner service revenue

– Mark priced affordably for smaller online retailers

– Ongoing scanning priced affordably for larger websites


• Level the playing field for your online retail customers

• New service business– OnDemand web application vulnerability assessment– Remediation services– Ongoing vulnerability monitoring– PCI compliance

• Higher recurring revenue– Hosted solutions have up to 2x higher re-purchase

rates than equivalent tradt’l software

Worry-Free SecureSite Benefits to Channel Partners


How is Worry-Free SecureSite available?

• Annual hosted subscription

• Licensed per domain scanned

• Free trials available– Try and buy– Enable OnDemand scanning and

reports


Why Trend Micro?

Web Filtering

Security-as-a-Service

Web-based Centralized Management

Network Access Control

Email Reputation Services

Gateway Virus Protection

2-Hour Virus ResponseSLA

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008

LAN Server Virus Protection

Server-based Email Virus Protection

Threat Lifecycle Management

Strategy

Trend Microand Cisco

Integrated Gateway Content Security

Botnet Identification Service

Our #1 goal is to create value for our customers through continuous innovation

Compliance

Data Leak Prevention

Web Threat Protection


Why Trend Micro?

More than 3.2 billion websites monitored on a daily basis


Why Trend Micro?

TrendLabs helps provide a worldwide platform for delivering timely threat intelligence, service, and support anytime, anywhere.


Competition

10/14/2015 Introducing Worry-Free SecureSite. Copyright 2007 - Trend Micro Inc. Agenda Problem...

Documents

Transcript of 10/14/2015 Introducing Worry-Free SecureSite. Copyright 2007 - Trend Micro Inc. Agenda Problem...