Trend Micro Enterprise Protection Strategy Niraj Kaushik Country Sales Manager
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 2 Today’s AV Product Approach Server / Desktop Antivirus Continuous protection: Detect virus in files Try to clean Undesirable results: Lengthy cleanup / re-install Support issues Loss of productivity
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 3 Today’s AV Product Approach Virus Outbreak New virus Spreads quickly New techniques Vulnerability exploit Social engineering Mixed attack Effects: Loss of data Loss of productivity Loss of credibility
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 4 Failure of Product- based Approach Billions of $$ are spent each year on Antivirus products. Problem is getting worse Cost is escalating Source: Computer Economics, January 2002 (
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 5 The tough questions How much is each Virus Outbreak costing us? What to do when the NEXT outbreak occurs? What’s our STRATEGY?
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 6 What is Enterprise Protection Strategy? What is Trend Micro’s Enterprise Protection Strategy ?
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 7 Basics of EPS Not a Product – it’s a Strategy EPS = Proactive Outbreak Lifecycle Management Based on real customer feedback EPS technology built into latest and future product releases
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 8 Enterprise Protection Strategy Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management Attack Prevention $$ Notification and Assurance $ Pattern File $$ Scan and Eliminate $$ Assess and Cleanup $$$$ Restore and Post- Mortem $ Threat Information $ Outbreak PreventionVirus Response Assessment and Restoration Outbreak Prevention ServicesVirus Response ServicesDamage Cleanup Services Proactive Attack Updates Outbreak Prevention Policies Analysis and Reporting Threat Based Scanning Virus Response SLA Agentless Damage Cleanup Client and Server Cleaning TREND MICRO CONTROL MANAGER – outbreak lifecycle management, deployment, and deployment
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 9 Measuring Security Effectiveness Pattern released Pattern Deployed Effort and cost during outbreak Cleanup
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 10 Outbreak Prevention Services Detailed information on threats as soon as they are characterized Provides attack-specific outbreak prevention policies Block/deflect malicious code from entering or spreading throughout the network Ability to approve and deploy policy manually or automatically Real-time reporting on policy deployment and status Outbreak Prevention Services Detail Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess and Cleanup Restore & Post- Mortem Threat Information
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 11 Benefits of Outbreak Prevention Services Proactive Protection against mixed threat attacks Contains outbreaks without stopping business productivity (i.e. shut down server) Reduces the chaos associated with defining the threat and behavior Automatic policy creates a 24x7, no-touch defense system Expertise and Knowledge Recommendations from the experts -- policy formulation Knowledge base of policies for prior viruses Consistency, reduced coordination, cost reduction Consistent application of policy Removes logistical challenges of notifying critical parties Policy and Attack Correlation Assurance and reporting = Enterprise-wide visibility and coordination
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 12 Virus Response SLA Addresses the Virus Response Stage of the outbreak lifecycle Virus Response SLA guarantees virus detection in two hours for case submissions Delivers reassurance to businesses that outbreaks will not run viral forever Trend Micro raises the bar on performance Threat-based Scanning Policy engine bundled with the scan engine Scan where the threat is Trend downloaded policy or customer initiated Build action templates for specific virus types Virus Response SLA Assess and Cleanup Pattern File Scan and Eliminate Assess and Cleanup Restore & Post-Mortem Attack Prevention Notification and Assurance Threat Information
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 13 Damage Cleanup Services: Addresses the Assessment and Restoration Phase After pattern file and scan engine deployment, Trojans and worms may still exist that can re-attack the client and network Clients require cleanup from damage incurred during the outbreak OfficeScan 5.5 with Damage Cleanup Services delivers managed cleanup Agent-based cleanup, can be pushed down from OSCE server to OSCE client Damage Cleanup Server 1.0 delivers agent-less cleanup Clients, regardless of their AV solution, can interoperate with Damage Cleanup Server Centralized console logs information on virus type detected, machine name, IP address of client cleaned, and time of cleanup execution Damage Cleanup Services Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess and Cleanup Restore & Post- Mortem Threat Information
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 14 Benefits of Damage Cleanup Reduced cost and administrative burden Automates manual cleanup of desktops and servers Estimated to be the biggest outbreak cost Increases business productivity Decreased vulnerability to attack Removes backdoors and Trojans Increased awareness of protection status (DCS1.0) Ability to determine what has been cleaned, what hasn’t
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 15 Outbreak Lifecycle Management via TMCM Manage the outbreak prevention across Trend Micro products on all layers of the network for true, enterprise-level protection InterScan WebProtect for iCAP OfficeScan InterScan Messaging Security Suite ServerProtect for NT ScanMail for Exchange/ LotusNotes NetScreen (port blocking) GateLock CE
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 16 The Value of EPS OPS released Policy deployed Pattern released Pattern Deployed Cost and Effort EPS can save Cleanup
Trend Micro’s Service Performance
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 18 Worm_Klez.G Virus Sample Received 04/17/02; 04:04 a.m.; yellow alert Memory resident, carries SMTP engine Shared folders read/write Uses one of 6 file extensions (EXE,.PIF, COM, BAT, SCR and RAR) Outbreak Policies Deployed Via support or Outbreak Commander Block six file extensions Close shared folder access + :07 + :00 min. + :19 Pattern File Deployed Scan true file type for profile + 3:42 Cleaning Template Deployed Remove Klez entries Remove registry entries….. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ run\krn132 Remove drop files…. %systemdir%\krn132.exe Straightforward scanning and policy creation Sophisticated tool required extensive QA testing Threat Information Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess And cleanup Restore and Post-mortem
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 19 Worm_Collo.C Virus Sample Received 03/29/02; 12:57 a.m. UPX compressed worm, VB script Propagates through Windows Address Book (WAB) Outbreak Policies Deployed Via support or Outbreak Commander Filter header Check out this cool program! Kijk eens naar dit coole programma! Block exe. files Cool Program.exe/Cool Programma.exe + :20 + :00 min. + :55 Pattern File Deployed Scan for ‘cool’ headers Strip and clean + :55 Cleaning Template Deployed Delete registry entry HKEY_LOCAL_MACHINE>Software>Microsoft>Windows> CurrentVersion>Run Difficult to identify and control, simple cleaning Threat Information Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess And cleanup Restore and Post-mortem
The Importance of Architecture
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 21 Winning Architecture Control Manager Policy Administration and Deployment Policy Repository SSL implementation Inter Scan Messaging Security Suite All attachment Blocking URL blocking Malicious Mail Site Blocking Block File Download Scan Mail Mass Mailing Blocking All Attachment Blocking T/F blocking Outbreak prevention policies “Smart” Scan Engine Office Scan Port Blocking; IP configuration change Share/Unshare Server Protect Share/Unshare Port Blocking Deny Write T/F Blocking Filesize block Gatelock Anti-hacker setting VPN configuration Inter Scan Virus Wall Office Scan Server Protect Scan Mail Trend Micro Control Manager Trend Labs
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 22 Summary Benefits Coordinated defense policy to halt and mitigate mixed threat attacks Consistent and coordinated application of policy - OPS Quickened response to threats – OPS and Virus SLA Ability to further leverage Trend Micro’s expertise Policy recommendations from the antivirus/content security experts – OPS, DCS Add additional layers of protection Flexibility to alter policies and deployment to fit security preferences – OPS Heterogeneous platform support – Solaris, Windows, Linux – OPS, TMCM
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 23 Summary Benefits Decrease enterprise vulnerability Finds and eliminates malicious code that keeps networks open to attack – DCS Reduce costs Simplified coordination across departments and regions during outbreaks – OPS, TMCM Reduces cost associated with manual cleanup of environment – DCS Deliver best-of-breed solutions by integrating with strategic partners NetScreen, Bluecoat, Cisco and NetApp
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright , Trend Micro, Inc. 24 Thank you