Protecting Your Endpoints and Datacenter › app › webroot › content_files › 13... ·...
Transcript of Protecting Your Endpoints and Datacenter › app › webroot › content_files › 13... ·...
Protecting Your Endpoints and Datacenter
Stop Bad People Allow Good People
Deal with
tiny bit of
Grey
Anti Malware Blacklisting
Content FilteringEncryption
WhitelistingApplication
Control
Dealing with Just Black is not working
Zero Day
118
Discovered Vulnerabilities
Over1000In 2017
New Ransomware Variants
Monthly average
27
Is getting Popular
Ransomware
as a service
Dealing with Just White is not Working
Good Apps gone bad
Insider Threats
Stolen Credentials
Business Email
Compromise
and that little bit of Grey!
Average cost of Breach
$4,000,000
of attacks discovered
externally
53%Before targeted attacks
Are detected
99days
Fifty Shades of Grey
fileless malwares
Pre-disclosed and unpatched vulnerabilities
Attacks using native scripts
© 2019 Trend Micro Inc.7
Cloud and Virtualization
Consumerization(Devices, WFH, Apps…)
Complex Networks
© 2019 Trend Micro Inc.8
Cloud and Virtualization
Consumerization(Devices, WFH, Apps…)
Complex Networks
© 2019 Trend Micro Inc.9
All of our solutions are powered by XGen™ security, which leverages a cross-generational blend of
threat-defense techniques
© 2019 Trend Micro Inc.10
Application Control
BehavioralAnalysis
Response & Containment
Intrusion Prevention
Machine Learning
Sandbox Analysis
Integrity Monitoring
Anti-Malware & Content Filtering
SMARTMaximizes protection
© 2019 Trend Micro Inc.11
Application Control
BehavioralAnalysis
Response & Containment
Intrusion Prevention
Machine Learning
Sandbox Analysis
Integrity Monitoring
Anti-Malware & Content Filtering
Application Control
BehavioralAnalysis
Response & Containment
Intrusion Prevention
Machine Learning
Sandbox Analysis
Integrity Monitoring
Anti-Malware & Content Filtering
Application Control
BehavioralAnalysis
Response & Containment
Intrusion Prevention
Machine Learning
Sandbox Analysis
Integrity Monitoring
Anti-Malware & Content Filtering
OPTIMIZEDMinimizes IT impact
© 2019 Trend Micro Inc.12
OPTIMIZEDMinimizes IT impact
SaaS
CSP
Software
Appliance Software
Software
SaaS
MSP
© 2019 Trend Micro Inc.13
CONNECTEDSpeeds time to protect, detect and respond
Copyright 2018 Trend Micro Inc.14
New Trends in Endpoint Protection
Copyright 2018 Trend Micro Inc.15
Web & File ReputationExploit PreventionApplication ControlVariant Protection
Behavioral AnalysisRuntime Machine Learning
Safe files allowed
Malicious files blocked
Pre-execution Machine Learning
LEG
END
Known Good Data
Known Bad Data
Unknown Data
Noise Cancellation
Custom Sandbox Analysis
Smart: The Right Technique At The Right Time
Investigation & Response
© 2019 Trend Micro Inc.16
Endpoint Detection and Response (EDR)
• Network, event, process, files, commands, operations, etc.
• Tons of telemetry data points
• Stored on endpoints or in server, or a hybrid approach
1. Endpoint Data Recording 2. Investigation of Data & Responding
Sweep (search) for Indicators of Compromise to understand the impact of detections
Hunt for Indicators of Attack based on behavior rules or threat intelligence. Automatic (detection) or manual
Find the root cause of a detection and remediate/prevent/investigate again
© 2019 Trend Micro Inc.17
Powerful Investigative Capabilities (EDR)
Investigation:IOC Sweeping(server-side metadata sweep)Patient Zero ID / Root Cause AnalysisIOA Behavior Hunting/Detection
NEW
API’s for query / automationMDR Service Support (Win/Mac)Modern UX w/prioritized guidanceUnknown file guidance
© 2019 Trend Micro Inc.18
POST DETECTION
“How did this happen?”
“Who else has been affected?”
“How do I respond?”
© 2019 Trend Micro Inc.19
Apex Central™ Management Console
• Single console/workflow
• Seamless integration of EDR investigation and automated detection/response
• Select any detection to investigate
© 2019 Trend Micro Inc.20
Determine what other users may have been impacted
• Endpoint protection shows detection (in this case there was one)
• But were more users impacted before it was “known”?
• Select Analyze Impact to sweep for more
© 2019 Trend Micro Inc.21
Impact Assessment
• Impact assessment found five more undetected instances
• Root Cause Analysis begins for all detected users
• Users can be isolated at any time (without firewalls)
© 2019 Trend Micro Inc.22
Root Cause Analysis Results
• Simplified or full graphical “kill chain” diagram (can also be tabular)
• Enhanced with Trend intelligence and guidance
© 2019 Trend Micro Inc.23
• Selecting an object provides more details
• Options for termination, creating a detection pattern, or further investigation
Response Options
© 2019 Trend Micro Inc.24
PRE DETECTION
“Am I protected?”
“What if…”
© 2019 Trend Micro Inc.25
Multiple Ways to Hunt for Attacks:
• User Defined Suspicious Objects (UDSO) from Deep Discovery
© 2019 Trend Micro Inc.26
Sources of Intelligence to Hunt with:
• User Defined Suspicious Objects (UDSO)
• Open IOC (Indicator of Compromise) or STIXfrom threat feed.
• Customized Criteria:
• Host (host name and IP address are included)
• Filename, path, and SHA-1 hash value
• User account• Windows auto-run registry• Command lines
© 2019 Trend Micro Inc.27
Preliminary Assessment:
• Initial assessment based on single multiple search items
© 2019 Trend Micro Inc.28
Preliminary Assessment:
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
© 2019 Trend Micro Inc.29
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
• Generate Root Cause Analysis for further investigation
Preliminary Assessment:
© 2019 Trend Micro Inc.30
Root Cause Analysis:
• Initial assessment based on single multiple search items
• Results with threat intelligence and prevalence
• Generate Root Cause Analysis for further investigation
© 2019 Trend Micro Inc.31
POST DETECTIONPRE DETECTION
“How did this happen?”
“Who else has been affected?”
“How do I respond?”
“Am I protected?”
“What if…”
© 2019 Trend Micro Inc.32
SENSORS
• Apex One™ with integrated Endpoint Sensor
• Deep Discovery Inspector
• Deep Security
• Delivered to management console
• Automated security updates
RESPONSE
Managed Detection and Response
SERVICE PLATFORM
TREND MICRO ANALYSTS
Expert Rules
Threat Intelligence
Machine Learning
Copyright 2018 Trend Micro Inc.33
Datacenter Protection
Copyright 2017 Trend Micro Inc.34
Hybrid Cloud Security Solution
Network Security
Firewall Vulnerability Scanning
Intrusion Prevention
Stop network attacks,
shield vulnerable
applications & servers
Anti-Malware
Sandbox Analysis
Malware Prevention
Stop malware &
targeted attacks
Behavioral Analysis & Machine Learning
(2H/17)
System Security
Lock down systems &
detect suspicious activity
Application Control
Integrity Monitoring
Log Inspection
Copyright 2019 Trend Micro Inc.35
New Technologies…
Copyright 2018 Trend Micro Inc.36
Detecting Credential Phishing with Computer Vision
Patent pending
[username]
Copyright 2019 Trend Micro Inc.37
Email Account Takeover Attacks
Copyright 2018 Trend Micro Inc.38
Fake URL, sometimes with valid SSL sign, sometimes within a legitimate domain
Favicon is identical or similar to the real website
Login form looks similar to the real website
Credential Phishing Sites Look Convincing
Displays user’s email address in form
[username]
Copyright 2019 Trend Micro Inc.39
Detecting Credential Phishing Attacks
with Computer Vision + AI
▪ After pre-filtering, computer vision image analysis
and machine learning analyze branded elements,
login form, other site content
▪ Combines with site reputation elements and OCR to
recognize fake sites while reducing false positives
URL reputation checkCAS blocked 2.8M additional
malicious URLs in 2017
Computer Vision + Aireal-time detection of fake credential sites
Copyright 2018 Trend Micro Inc.40
AI based Business Email
Compromise (BEC) Detection
Routing behavior
Cousin domain
High-profile user similarity
…Beh
avio
r
Financial impact
Urgency
…Inte
nti
on
Behavior + Intention analysis New! Authorship analysis
WRITING STYLE DNA
Copyright 2018 Trend Micro Inc.41
What Is Writing Style DNA?
• Everyone has a unique style of writing when viewed across hundreds of email
• Writing Style DNA detects email forgeries by comparing to a trained AI model of a users’ writing style
Three Enron execs with different styles
Copyright 2018 Trend Micro Inc.42
Simplified Graphical Representation
of Training the AI Model
Copyright 2018 Trend Micro Inc.43
Workflow of Writing Style DNA
Imposter sends email to ”Max” impersonating “Eva”
Recipient “Max”
Max,
How are you doing? There is something that I need your assistance with, let me know if you are less busy so I can give you the details
Regards,Eva
WarningConfirmation
?
Doesn’t match AI model of “Eva’s” Writing Style DNA
Trend Micro Cloud App Security / ScanMail
Impersonated User, “Eva”
exec
Copyright 2018 Trend Micro Inc.44
Writing Style DNA demo
Copyright 2019 Trend Micro Inc.45
Thank You!