Upload
minh-le
View
404
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Trend Micro Direction Executive Summit 2013, Seoul Korea. Custom defense - Blake final.
Citation preview
Blake Sutherland Global Field Enablement
Custom Defense in the Age of Consumerization, Cloud and new Cyber Threats
7/4/2013 Confidential | Copyright 2012 Trend Micro Inc.
Consumerization
Cloud &
Virtualization
Employees IT
Cyber Threats
Attacker
Data Center
Physical Virtual Private Cloud
Public Cloud
» 90% of breaches first discovered
by a third party — Verizon 2012
Targeted Attacks – The New Norm
The South Korean Cyber Front
• Repeated high-profile attacks on government and business
• Risk prevention focus across government and industry
• Latest attack cripples parts of banking and media industries…
The Reality
• One new threat created every second 1
• A cyber intrusion happens every 5 minutes 2
• Over 90% of enterprises have malware 1
• Almost 75% have one or more bots 1
Sources: 1: Trend Micro, 2012, 2: US-Cert 2012
Analysts and Influencers Urge Action — Adoption of Advanced Threat Detection
"You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc.
"Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs."
Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group
"We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc.
Custom Defense
Network Admin
Security
Network-wide
Detection
Threat
Intelligence
Threat Tools
and Services Custom
Sandboxes
Advanced
Threat Analysis
Automated
Security Updates
Custom Defense
Network-wide
Detection
Threat
Intelligence
Threat Tools
and Services Custom
Sandboxes
Detect malware,
communications and
behavior invisible to
standard defenses
Analyze the risk
and characteristics
of the attack and
attacker
Adapt security
automatically (IP
black lists, custom
signatures…)
Respond using
the insight needed
to respond to your
specific attackers
Enabling a Complete Lifecycle
Advanced
Threat Analysis
Automated
Security Updates
Network Admin
Security
Example Scenarios
• ScanMail integration
• InterScan email &web
integration
• All products through
Command and Control
Central Alerting and
SPN
• API integration with:
– Gateways
– Network Access
Controls
• Syslog integration
with Security
Information and Event
Management Systems
(SIEMs)
• Detect the malware
and adapt the defense
• Capture the forensic
evidence
• Remediate the client
• Automate with low
user impact
• In a VDI environment
Trend Micro integration Simple 3rd party
integration
Sophisticated, multi-vendor product and process integration
Custom Sandbox
?
Employees
?
Custom Defense Solution
✓
Trend Micro email security products
ScanMail
InterScan Messaging
Trend Micro Integration
Custom Sandbox
? ?
Custom Defense Solution
X
Trend Micro email security products
ScanMail
InterScan Messaging
Employees
Trend Micro Integration
The email was flagged
as suspicious and
sandbox analysis
identified malicious
activity being performed
by a Trojan downloader.
Deep Discovery Detection & Analysis
Virtual Analysis Details
The virtual analysis
provided insight into the
actions of the Trojan
downloader such as C&C
connections and details on
2nd stage components
downloaded.
The intel allowed IT to respond immediately. The heuristic detections
provided visibility into the individuals that were targeted by the initial threat,
while the virtual analysis provided the intelligence to respond through the
various controls such as firewall and web gateway C&C blocking.
Threat Connect Intelligence
1
4
Threat Connect provided all Trend Micro
intelligence on the systems participating in this
attack and their relationship to various domains,
files, URLs and malware families. With this intel
all variants and sources of the attack are
identified and can be blocked
3rd Party Integration
Quarantine
VLAN
Production
VLAN
3rd Party Integration
3rd Party Integration
Incident Response Architecture
Demo
Automated Incident Response
What Sets this Solution Apart?
• Detection of non-Windows malware (i.e. mobile and Mac)
• Only solution with multiple customer-defined sandboxes
• Only solution with advanced threat detection and global threat intelligence
• Lowest TCO: Single appliance monitors across multiple ports and 80+ protocols
• Only solution that enables the full lifecycle, with custom security updates to endpoints/gateways
– Provides automatic protection
– Current industry stops at analysis
Best New Product
Q & A and Additional Resources
• Web content: – Combating APTs
– Deep Discovery
– Security Intelligence Threat Research
– Infographic: Targetted Attacks Via Employee Inboxes
• Whitepapers: – Detecting APT Activity with Network Traffice Analysis
– Typical Targeted Attack Entry Points
– APT Primer: Detecting the Enemy Inside the Network
• Analyst reports: – Gartner: How to Mitigate APTs
– Enterprise Strategy Group: New Demands for Real-time Risk Management
• Success Stories: – Motel 6, Manufacturing Case Study and many more
• More Videos: – How Deep Discovery Works, IT Harvest Interview
• Submit threats for analysis: – http://analyzethat.trendmicro.com/
Thank You!