Trend Micro - Targeted attacks: Have you found yours?

Targeted Attacks| Have you found yours?Andy DancerCTO EMEA

Advanced Persistent Threats

EmpoweredEmployees

Elastic Perimeter

Copyright 2012 Trend Micro Inc.

Trend Micro evaluations find over 90% of enterprise networks contain active

malicious malware!

Traditional Security is Insufficient

3Copyright 2012 Trend Micro Inc.

Custom Attacks

• Today’s most dangerous attacks are those targeted directly and specifically at an organization — its people, its systems, its vulnerabilities, its data.

04/12/2023 4Confidential | Copyright 2012 Trend Micro Inc.

0101001010010100110001100001011101010101

Deep Discovery & The Custom Defense

04/12/2023 5Confidential | Copyright 2012 Trend Micro Inc.

Deep Discovery

Network Threat Detection

DETECT

Advanced Threat

Protection

APT Activity

Specialized Threat DetectionAcross the Attack Sequence

Malicious Content• Emails containing embedded

document exploits• Drive-by Downloads• Zero-day and known malware

Suspect Communication• C&C communication for any

type of malware & bots• Backdoor activity by attacker

Attack Behavior• Malware activity: propagation,

downloading, spamming . . .• Attacker activity: scan, brute

force, tool downloads.• Data exfiltration communication

7Copyright 2012 Trend Micro Inc.

Switch of mental approach

• Terrorist Paradox– We have to win all the

time to defend– They only have to get it

right once to win

• Advanced Threats– Many steps have to

execute in turn to steal my data

– I only need to spot one step to thwart them

Deep Discovery & The Custom Defense

04/12/2023 8Confidential | Copyright 2012 Trend Micro Inc.

Deep Discovery

Attack Analysis & Intelligence

ANALYZE

Network Threat Detection

DETECT

Advanced Threat

Protection

9Copyright 2012 Trend Micro Inc.

Automated AnalysisBandwidth

Live Cloud Lookup

Advanced Heuristics

Sandbox Analysis

Output to SIEM

ThreatIntelligence

Focused Manual Investigation

Deep Discovery AdvisorThreat Intelligence Center

• In-Depth Contextual Analysis including simulation results, asset profiles and additional security events

• Integrated Threat Connect Intelligence included in analysis results

• Enhanced Threat Investigation and Visualization capabilities

• Highly Customizable Dashboard, Reports & Alerts• Centralized Visibility and Reporting across Deep

Discovery Inspector units

Threat ConnectIntelligence

Deep Discovery & The Custom Defense

04/12/2023 11Confidential | Copyright 2012 Trend Micro Inc.

Deep Discovery

Attack Analysis & Intelligence

ANALYZE

Containment& Remediation

RESPOND

Adaptive SecurityUpdates

ADAPT

Network Threat Detection

DETECT

Advanced Threat

Protection

The Custom Defense

04/12/2023 12Confidential | Copyright 2012 Trend Micro Inc.

D E T E C T A N A L Y Z E R E S P O N DA D A P T

Context-relevant views & intel guide rapid remediation response

Custom security blacklists & signatures block further attack

Deep analysis based on custom sandboxing and relevant global intel

Specialized Threat Detection at network and protection points

The Custom Defense In Action Advanced Email Protection

• Blocking of targeted spear phishing emails and document exploits via custom sandboxing

• Central analysis of detections

• Automated updates of malicious IP/Domains

• Search & Destroy function

InterScan Messaging Securityor ScanMail

Anti-spam

Web Reputation

Anti-phishing

Advanced Threat Detection

Anti-malware

“Suspicious”

quarantine

feedback

04/12/2023 13Confidential | Copyright 2012 Trend Micro Inc.

Deep Discovery Advisor

ThreatAnalyzer

Threat Intelligence

Center

Security Update Server

So what does that look like in context?

Outer Perimeter

Inn

er P

erim

eter

s

Valuable Server

Valuable Server

Endpoint

Endpoint

Valuable Server

Deep Discovery

Identify Attack Behaviour & Reduce False Positives

Detect Malicious Content and Communication

Analyze

Simulate

Real-Time

Inspection

Deep

Analysis

Correlate

Actionable

Intelligence

Visibility – Real-time DashboardsInsight – Risk-based Analysis

Action – Remediation Intelligence

Out of band network data

feed of all network traffic

DeepSecurityInner Perimeter for valuable assets

VM VM VM VMVMSecurity

VM

Hypervisor

Deep Packet Inspection

Firewall

Anti-Virus

Log Inspection

Integrity Monitoring

Also works

for VDI

Thanks for listening......any questions?

Confidential | Copyright 2012 Trend Micro Inc.