Trend Micro - Targeted attacks: Have you found yours?

Targeted Attacks| Have you found yours?Andy DancerCTO EMEA

Advanced Persistent Threats

EmpoweredEmployees

Elastic Perimeter

Copyright 2012 Trend Micro Inc.

Trend Micro evaluations find over 90% of enterprise networks contain active

malicious malware!

Traditional Security is Insufficient

3Copyright 2012 Trend Micro Inc.

Custom Attacks

• Today’s most dangerous attacks are those targeted directly and specifically at an organization — its people, its systems, its vulnerabilities, its data.

04/12/2023 4Confidential | Copyright 2012 Trend Micro Inc.

0101001010010100110001100001011101010101

Deep Discovery & The Custom Defense


Deep Discovery

Network Threat Detection

DETECT

Advanced Threat

Protection

APT Activity

Specialized Threat DetectionAcross the Attack Sequence

Malicious Content• Emails containing embedded

document exploits• Drive-by Downloads• Zero-day and known malware

Suspect Communication• C&C communication for any

type of malware & bots• Backdoor activity by attacker

Attack Behavior• Malware activity: propagation,

downloading, spamming . . .• Attacker activity: scan, brute

force, tool downloads.• Data exfiltration communication


Switch of mental approach

• Terrorist Paradox– We have to win all the

time to defend– They only have to get it

right once to win

• Advanced Threats– Many steps have to

execute in turn to steal my data

– I only need to spot one step to thwart them



Deep Discovery

Attack Analysis & Intelligence

ANALYZE


DETECT

Advanced Threat

Protection


Automated AnalysisBandwidth

Live Cloud Lookup

Advanced Heuristics

Sandbox Analysis

Output to SIEM

ThreatIntelligence

Focused Manual Investigation

Deep Discovery AdvisorThreat Intelligence Center

• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events

• Integrated Threat Connect Intelligence included in analysis results

• Enhanced Threat Investigation and Visualization capabilities

• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep

Discovery Inspector units

Threat ConnectIntelligence



Deep Discovery

Attack Analysis & Intelligence

ANALYZE

Containment& Remediation

RESPOND

Adaptive SecurityUpdates

ADAPT


DETECT

Advanced Threat

Protection

The Custom Defense


D E T E C T A N A L Y Z E R E S P O N DA D A P T

Context-relevant views & intel guide rapid remediation response

Custom security blacklists & signatures block further attack

Deep analysis based on custom sandboxing and relevant global intel

Specialized Threat Detection at network and protection points

The Custom Defense In Action Advanced Email Protection

• Blocking of targeted spear phishing emails and document exploits via custom sandboxing

• Central analysis of detections

• Automated updates of malicious IP/Domains

• Search & Destroy function

InterScan Messaging Securityor ScanMail

Anti-spam

Web Reputation

Anti-phishing

Advanced Threat Detection

Anti-malware

“Suspicious”

quarantine

feedback


Deep Discovery Advisor

ThreatAnalyzer

Threat Intelligence

Center

Security Update Server

So what does that look like in context?

Outer Perimeter

Inn

er P

erim

eter

s

Valuable Server

Valuable Server

Endpoint

Endpoint

Valuable Server

Deep Discovery

Identify Attack Behaviour & Reduce False Positives

Detect Malicious Content and Communication

Analyze

Simulate

Real-Time

Inspection

Deep

Analysis

Correlate

Actionable

Intelligence

Visibility – Real-time DashboardsInsight – Risk-based Analysis

Action – Remediation Intelligence

Out of band network data

feed of all network traffic

DeepSecurityInner Perimeter for valuable assets

VM VM VM VMVMSecurity

VM

Hypervisor

Deep Packet Inspection

Firewall

Anti-Virus

Log Inspection

Integrity Monitoring

Also works

for VDI

Thanks for listening......any questions?

Confidential | Copyright 2012 Trend Micro Inc.

Documents

Trend Micro - Targeted attacks: Have you found yours?