Blake Sutherland Global Field Enablement

Custom Defense in the Age of Consumerization, Cloud and new Cyber Threats

7/4/2013 Confidential | Copyright 2012 Trend Micro Inc.

Consumerization

Cloud &

Virtualization

Employees IT

Cyber Threats

Attacker

Data Center

Physical Virtual Private Cloud

Public Cloud

» 90% of breaches first discovered

by a third party — Verizon 2012

Targeted Attacks – The New Norm

The South Korean Cyber Front

• Repeated high-profile attacks on government and business

• Risk prevention focus across government and industry

• Latest attack cripples parts of banking and media industries…

The Reality

• One new threat created every second 1

• A cyber intrusion happens every 5 minutes 2

• Over 90% of enterprises have malware 1

• Almost 75% have one or more bots 1

Sources: 1: Trend Micro, 2012, 2: US-Cert 2012

Analysts and Influencers Urge Action — Adoption of Advanced Threat Detection

"You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc.

"Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs."

Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group

"We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc.

Custom Defense

Network Admin

Security

Network-wide

Detection

Threat

Intelligence

Threat Tools

and Services Custom

Sandboxes

Advanced

Threat Analysis

Automated

Security Updates

Custom Defense

Network-wide

Detection

Threat

Intelligence

Threat Tools

and Services Custom

Sandboxes

Detect malware,

communications and

behavior invisible to

standard defenses

Analyze the risk

and characteristics

of the attack and

attacker

Adapt security

automatically (IP

black lists, custom

signatures…)

Respond using

the insight needed

to respond to your

specific attackers

Enabling a Complete Lifecycle

Advanced

Threat Analysis

Automated

Security Updates

Network Admin

Security

Example Scenarios

• ScanMail integration

• InterScan email &web

integration

• All products through

Command and Control

Central Alerting and

SPN

• API integration with:

– Gateways

– Network Access

Controls

• Syslog integration

with Security

Information and Event

Management Systems

(SIEMs)

• Detect the malware

and adapt the defense

• Capture the forensic

evidence

• Remediate the client

• Automate with low

user impact

• In a VDI environment

Trend Micro integration Simple 3rd party

integration

Sophisticated, multi-vendor product and process integration

Custom Sandbox

?

Employees

?

Custom Defense Solution

✓

Trend Micro email security products

ScanMail

InterScan Messaging

Trend Micro Integration

Custom Sandbox

? ?

Custom Defense Solution

X

Trend Micro email security products

ScanMail

InterScan Messaging

Employees

Trend Micro Integration

The email was flagged

as suspicious and

sandbox analysis

identified malicious

activity being performed

by a Trojan downloader.

Deep Discovery Detection & Analysis

Virtual Analysis Details

The virtual analysis

provided insight into the

actions of the Trojan

downloader such as C&C

connections and details on

2nd stage components

downloaded.

The intel allowed IT to respond immediately. The heuristic detections

provided visibility into the individuals that were targeted by the initial threat,

while the virtual analysis provided the intelligence to respond through the

various controls such as firewall and web gateway C&C blocking.

Threat Connect Intelligence

1

4

Threat Connect provided all Trend Micro

intelligence on the systems participating in this

attack and their relationship to various domains,

files, URLs and malware families. With this intel

all variants and sources of the attack are

identified and can be blocked

3rd Party Integration

Quarantine

VLAN

Production

VLAN

3rd Party Integration

3rd Party Integration

Incident Response Architecture

Demo

Automated Incident Response

What Sets this Solution Apart?

• Detection of non-Windows malware (i.e. mobile and Mac)

• Only solution with multiple customer-defined sandboxes

• Only solution with advanced threat detection and global threat intelligence

• Lowest TCO: Single appliance monitors across multiple ports and 80+ protocols

• Only solution that enables the full lifecycle, with custom security updates to endpoints/gateways

– Provides automatic protection

– Current industry stops at analysis

Best New Product

Q & A and Additional Resources

• Web content: – Combating APTs

– Deep Discovery

– Security Intelligence Threat Research

– Infographic: Targetted Attacks Via Employee Inboxes

• Whitepapers: – Detecting APT Activity with Network Traffice Analysis

– Typical Targeted Attack Entry Points

– APT Primer: Detecting the Enemy Inside the Network

• Analyst reports: – Gartner: How to Mitigate APTs

– Enterprise Strategy Group: New Demands for Real-time Risk Management

• Success Stories: – Motel 6, Manufacturing Case Study and many more

• More Videos: – How Deep Discovery Works, IT Harvest Interview

• Submit threats for analysis: – http://analyzethat.trendmicro.com/

Thank You!