View
159
Download
1
Category
Tags:
Preview:
DESCRIPTION
Attacks are evolving and so must the response – but how? This presentation explores how you get beyond the APT hype and strike a sensible balance between security expenditure and commercial risk. We explain what do you need to just keep doing, what’s new and what’s no longer effective.
Citation preview
Targeted Attacks| Have you found yours?Andy DancerCTO EMEA
Advanced Persistent Threats
EmpoweredEmployees
Elastic Perimeter
Copyright 2012 Trend Micro Inc.
Trend Micro evaluations find over 90% of enterprise networks contain active
malicious malware!
Traditional Security is Insufficient
3Copyright 2012 Trend Micro Inc.
4Copyright 2012 Trend Micro Inc.
Switch of mental approach
• Terrorist Paradox– We have to win all the
time to defend– They only have to get it
right once to win
• Advanced Threats– Many steps have to
execute in turn to steal my data
– I only need to spot one step to thwart them
Custom Attacks
• Today’s most dangerous attacks are those targeted directly and specifically at an organization — its people, its systems, its vulnerabilities, its data.
04/13/2023 5Confidential | Copyright 2012 Trend Micro Inc.
0101001010010100110001100001011101010101
Deep Discovery & The Custom Defense
04/13/2023 6Confidential | Copyright 2012 Trend Micro Inc.
Deep Discovery
Network Threat Detection
DETECT
Advanced Threat
Protection
APT Activity
Specialized Threat DetectionAcross the Attack Sequence
Malicious Content• Emails containing embedded
document exploits• Drive-by Downloads• Zero-day and known malware
Suspect Communication• C&C communication for any
type of malware & bots• Backdoor activity by attacker
Attack Behavior• Malware activity: propagation,
downloading, spamming . . .• Attacker activity: scan, brute
force, tool downloads.• Data exfiltration communication
Deep Discovery & The Custom Defense
04/13/2023 9Confidential | Copyright 2012 Trend Micro Inc.
Deep Discovery
Attack Analysis & Intelligence
ANALYZE
Network Threat Detection
DETECT
Advanced Threat
Protection
10Copyright 2012 Trend Micro Inc.
Automated AnalysisBandwidth
Live Cloud Lookup
Advanced Heuristics
Sandbox Analysis
Output to SIEM
ThreatIntelligence
Focused Manual Investigation
Deep Discovery AdvisorThreat Intelligence Center
• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events
• Integrated Threat Connect Intelligence included in analysis results
• Enhanced Threat Investigation and Visualization capabilities
• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep
Discovery Inspector units
Threat ConnectIntelligence
Deep Discovery & The Custom Defense
04/13/2023 12Confidential | Copyright 2012 Trend Micro Inc.
Deep Discovery
Attack Analysis & Intelligence
ANALYZE
Containment& Remediation
RESPOND
Adaptive SecurityUpdates
ADAPT
Network Threat Detection
DETECT
Advanced Threat
Protection
The Custom Defense
04/13/2023 13Confidential | Copyright 2012 Trend Micro Inc.
D E T E C T A N A L Y Z E R E S P O N DA D A P T
Context-relevant views & intel guide rapid remediation response
Custom security blacklists & signatures block further attack
Deep analysis based on custom sandboxing and relevant global intel
Specialized Threat Detection at network and protection points
The Custom Defense In Action Advanced Email Protection
• Blocking of targeted spear phishing emails and document exploits via custom sandboxing
• Central analysis of detections
• Automated updates of malicious IP/Domains
• Search & Destroy function
InterScan Messaging Securityor ScanMail
Anti-spam
Web Reputation
Anti-phishing
Advanced Threat Detection
Anti-malware
“Suspicious”
quarantine
feedback
04/13/2023 14Confidential | Copyright 2012 Trend Micro Inc.
Deep Discovery Advisor
ThreatAnalyzer
Threat Intelligence
Center
Security Update Server
So what does that look like in context?
Outer Perimeter
Inn
er P
erim
eter
s
Valuable Server
Valuable Server
Endpoint
Endpoint
Valuable Server
Deep Discovery
Identify Attack Behaviour & Reduce False Positives
Detect Malicious Content and Communication
Analyze
Simulate
Real-Time
Inspection
Deep
Analysis
Correlate
Actionable
Intelligence
Visibility – Real-time DashboardsInsight – Risk-based Analysis
Action – Remediation Intelligence
Out of band network data
feed of all network traffic
DeepSecurityInner Perimeter for valuable assets
VM VM VM VMVMSecurity
VM
Hypervisor
Deep Packet Inspection
Firewall
Anti-Virus
Log Inspection
Integrity Monitoring
Also works
for VDI
Thanks for listening......any questions?
Confidential | Copyright 2012 Trend Micro Inc.
Recommended