10/14/2015 Introducing Worry-Free SecureSite. Copyright 2007 - Trend Micro Inc. Agenda Problem...
-
Upload
myron-poole -
Category
Documents
-
view
213 -
download
0
Transcript of 10/14/2015 Introducing Worry-Free SecureSite. Copyright 2007 - Trend Micro Inc. Agenda Problem...
04/19/23
Introducing Worry-Free SecureSite
Copyright 2007 - Trend Micro Inc.
Agenda
• Problem– SQL injection– XSS
• Solution• Market opportunity• Target customers• Competitive• Key Selling Points/Strategies
Copyright 2007 - Trend Micro Inc.
The threat environment
Co
mp
lexi
ty
Crimeware
Spyware
SpamMass Mailers
IntelligentBotnets
Web Threats
• Multi-Vector• Multi-Component • Web Polymorphic• Rapid Variants• Single Instance• Single Target• Regional Attacks• Silent, Hidden • Hard to Clean• Botnet Enabled• Information
Stealing
VulnerabilitiesWorm/
Outbreaks
Copyright 2007 - Trend Micro Inc.
How vulnerable are Web sites?
• Fifty per cent – one of every two – online retail sites have serious vulnerabilities1
– SQL injection – XSS vulnerabilities
• More than 22,000 known xss vulnerabilities identified at named Web sites2
– Only 5% fixed
• More than 40% of Web threat incidents involved legitimate sites unknowingly distributing malware3
1) Trend Micro research 20082) www.xssed.com, April 20083) TrendLabs Blog
Copyright 2007 - Trend Micro Inc.
What is SQL injection?
Injecting a script into website’s SQL database via online form• Injecting a script into SQL database via Web-based form– Can be prevented with field parameters– Proliferation of forms w/ distributed owners is challenge
Copyright 2007 - Trend Micro Inc.
What is SQL Injection?
Copyright 2007 - Trend Micro Inc.
What is XSS?
• XSS = cross–site scripting to inject malware into Web pages– Local
– Non-persistent
– Persistent
• Takes advantage of site-specific vulnerabilities
• Can be used to:– Hijack and redirect user’s session
– Access user session cookie and impersonate end-user
– Can bypass access controls such as same origin policy
– Can be used to craft phishing attacks and browser exploits
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is XSS?
Copyright 2007 - Trend Micro Inc.
What is Worry-Free SecureSite?
1.Assess, validate and monitor web sites against vulnerabilities
2.SecureSite mark for validated sites
3. If necessary, remediation steps and documentation provided
Copyright 2007 - Trend Micro Inc.
How is Worry-Free SecureSite different than competition?
• Provided by a widely known and trusted security vendor
• Channel partners have required experience to help remediate vulnerabilities
• Affordable pricing to drive volume adoption and partner service revenue
– Mark priced affordably for smaller online retailers
– Ongoing scanning priced affordably for larger websites
Copyright 2007 - Trend Micro Inc.
• Level the playing field for your online retail customers
• New service business– OnDemand web application vulnerability assessment– Remediation services– Ongoing vulnerability monitoring– PCI compliance
• Higher recurring revenue– Hosted solutions have up to 2x higher re-purchase
rates than equivalent tradt’l software
Worry-Free SecureSite Benefits to Channel Partners
Copyright 2007 - Trend Micro Inc.
How is Worry-Free SecureSite available?
• Annual hosted subscription
• Licensed per domain scanned
• Free trials available– Try and buy– Enable OnDemand scanning and
reports
Copyright 2007 - Trend Micro Inc.
Why Trend Micro?
Web Filtering
Security-as-a-Service
Web-based Centralized Management
Network Access Control
Email Reputation Services
Gateway Virus Protection
2-Hour Virus ResponseSLA
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
LAN Server Virus Protection
Server-based Email Virus Protection
Threat Lifecycle Management
Strategy
Trend Microand Cisco
Integrated Gateway Content Security
Botnet Identification Service
Our #1 goal is to create value for our customers through continuous innovation
Compliance
Data Leak Prevention
Web Threat Protection
Copyright 2007 - Trend Micro Inc.
Why Trend Micro?
More than 3.2 billion websites monitored on a daily basis
Copyright 2007 - Trend Micro Inc.
Why Trend Micro?
TrendLabs helps provide a worldwide platform for delivering timely threat intelligence, service, and support anytime, anywhere.
Copyright 2007 - Trend Micro Inc.
Competition
Copyright 2007 - Trend Micro Inc.
Competition
Copyright 2007 - Trend Micro Inc.
Competition