trend micro enterprise protection strategy niraj kaushik country sales manager
TRANSCRIPT
Copyright 2002-2003, Trend Micro, Inc. 2
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineToday’s AV Product Approach Server / Desktop Antivirus
Continuous protection: Detect virus in files Try to clean
Undesirable results: Lengthy cleanup / re-install Support issues Loss of productivity
Copyright 2002-2003, Trend Micro, Inc. 3
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineToday’s AV Product Approach Virus Outbreak
New virus Spreads quickly New techniques
Vulnerability exploit Social engineering Mixed attack
Effects: Loss of data Loss of productivity Loss of credibility
Copyright 2002-2003, Trend Micro, Inc. 4
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Failure of Product- based Approach
Billions of $$ are spent each year on Antivirus products.
Problem is getting worse Cost is escalating
1995
1996
1997
1998
1999
2000
2001
0.5 1.8 3.3
13.217.1
12.1
6.1
02468
1012141618
$US (Billions)
Source: Computer Economics, January 2002 (www.computereconomics.com)
Copyright 2002-2003, Trend Micro, Inc. 5
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
The tough questions
How much is each Virus Outbreak costing us?
What to do when the NEXT outbreak occurs?
What’s our STRATEGY?
Copyright 2002-2003, Trend Micro, Inc. 6
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
What is Enterprise Protection Strategy?
What is Trend Micro’s
Enterprise Protection Strategy ?
Copyright 2002-2003, Trend Micro, Inc. 7
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Basics of EPS
Not a Product – it’s a Strategy EPS = Proactive Outbreak Lifecycle Management Based on real customer feedback EPS technology built into latest and future product
releases
Copyright 2002-2003, Trend Micro, Inc. 8
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Enterprise Protection Strategy
Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management
Attack Preventio
n
$$
Notification and
Assurance
$
Pattern File
$$
Scan and Eliminate
$$
Assess and
Cleanup
$$$$
Restore and Post-Mortem
$
Threat Informati
on
$
Outbreak Prevention Virus Response Assessment and Restoration
Outbreak Prevention Services Virus Response Services Damage Cleanup Services
Proactive AttackUpdates
OutbreakPrevention
Policies
Analysis andReporting
Threat BasedScanning
VirusResponse SLA
AgentlessDamageCleanup
Client andServer Cleaning
TREND MICRO CONTROL MANAGER – outbreak lifecycle management, deployment, and deployment
Copyright 2002-2003, Trend Micro, Inc. 9
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Measuring Security Effectiveness
Pattern released
Pattern Deployed
Effort and cost during outbreak
Cleanup
Copyright 2002-2003, Trend Micro, Inc. 10
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Outbreak Prevention Services• Detailed information on threats as soon as they are characterized
• Provides attack-specific outbreak prevention policies • Block/deflect malicious code from entering or spreading throughout the network
• Ability to approve and deploy policy manually or automatically
• Real-time reporting on policy deployment and status
Outbreak Prevention Services Detail
Attack Prevention
Notification and
Assurance
Pattern File
Scan and Eliminate
Assess and Cleanup
Restore & Post-Mortem
Threat Information
Copyright 2002-2003, Trend Micro, Inc. 11
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Benefits of Outbreak Prevention Services
Proactive Protection against mixed threat attacks Contains outbreaks without stopping business productivity (i.e. shut down
email server) Reduces the chaos associated with defining the threat and behavior Automatic policy creates a 24x7, no-touch defense system
Expertise and Knowledge Recommendations from the experts -- policy formulation Knowledge base of policies for prior viruses
Consistency, reduced coordination, cost reduction Consistent application of policy Removes logistical challenges of notifying critical parties
Policy and Attack Correlation Assurance and reporting = Enterprise-wide visibility and coordination
Copyright 2002-2003, Trend Micro, Inc. 12
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Virus Response SLA• Addresses the Virus Response Stage of the outbreak lifecycle
• Virus Response SLA guarantees virus detection in two hours for case submissions• Delivers reassurance to businesses that outbreaks will not run viral forever• Trend Micro raises the bar on performance
Threat-based Scanning• Policy engine bundled with the scan engine
• Scan where the threat is• Trend downloaded policy or customer initiated
• Build action templates for specific virus types
Virus Response SLA
Assess and Cleanup
Pattern File
Scan and Eliminate
Assess and Cleanup
Restore & Post-MortemAttack
Prevention
Notification and
Assurance
Threat Information
Copyright 2002-2003, Trend Micro, Inc. 13
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Damage Cleanup Services:• Addresses the Assessment and Restoration Phase
• After pattern file and scan engine deployment, Trojans and worms may still exist that can re-attack the client and network• Clients require cleanup from damage incurred during the outbreak
• OfficeScan 5.5 with Damage Cleanup Services delivers managed cleanup• Agent-based cleanup, can be pushed down from OSCE server to OSCE client
• Damage Cleanup Server 1.0 delivers agent-less cleanup• Clients, regardless of their AV solution, can interoperate with Damage Cleanup Server• Centralized console logs information on virus type detected, machine name, IP address of client cleaned, and time of cleanup execution
Damage Cleanup Services
Attack Prevention
Notification and
Assurance
Pattern File
Scan and Eliminate
Assess and
Cleanup
Restore & Post-
Mortem
Threat Information
Copyright 2002-2003, Trend Micro, Inc. 14
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Benefits of Damage Cleanup
Reduced cost and administrative burden Automates manual cleanup of desktops and servers
• Estimated to be the biggest outbreak cost
Increases business productivity Decreased vulnerability to attack
Removes backdoors and Trojans Increased awareness of protection status (DCS1.0)
Ability to determine what has been cleaned, what hasn’t
Copyright 2002-2003, Trend Micro, Inc. 15
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Outbreak Lifecycle Management via TMCM
Manage the outbreak prevention across Trend Micro products on all layers of the network for true, enterprise-level protection
InterScan WebProtect
for iCAP
OfficeScan
InterScan Messaging Security
Suite
ServerProtect for NT
ScanMail for Exchange/ LotusNotes
NetScreen (port
blocking)
GateLock CE
Copyright 2002-2003, Trend Micro, Inc. 16
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
The Value of EPS
OPS released
Policy deployed
Pattern released
Pattern Deployed
Cost and EffortEPS can save
Cleanup
Cleanup
Copyright 2002-2003, Trend Micro, Inc. 18
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Worm_Klez.G
Virus Sample Received 04/17/02; 04:04 a.m.; yellow alert• Memory resident, carries SMTP engine• Shared folders read/write• Uses one of 6 file extensions (EXE, .PIF, COM, BAT, SCR and RAR)
Outbreak Policies Deployed • Via support or Outbreak Commander
• Block six file extensions• Close shared folder access
+ :07+ :00 min. + :19
Pattern File Deployed• Scan true file type for profile
+ 3:42
Cleaning Template Deployed• Remove Klez entries• Remove registry entries…..
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ run\krn132• Remove drop files….
•%systemdir%\krn132.exe
• Straightforward scanning and policy creation • Sophisticated tool required extensive QA testing
Threat Information
Attack Prevention
Notificationand
Assurance
Pattern File
Scan and Eliminate
AssessAnd
cleanup
Restoreand
Post-mortem
Copyright 2002-2003, Trend Micro, Inc. 19
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineWorm_Collo.C
Virus Sample Received 03/29/02; 12:57 a.m.• UPX compressed worm, VB script• Propagates through Windows Address Book (WAB)
Outbreak Policies Deployed • Via support or Outbreak Commander• Filter header
•Check out this cool program!•Kijk eens naar dit coole programma!
• Block exe. files• Cool Program.exe/Cool Programma.exe
+ :20+ :00 min. + :55
Pattern File Deployed• Scan for ‘cool’ headers• Strip and clean
+ :55
Cleaning Template Deployed• Delete registry entry
• HKEY_LOCAL_MACHINE>Software>Microsoft>Windows> CurrentVersion>Run
• Difficult to identify and control, simple cleaning
Threat Information
Attack Prevention
Notificationand
Assurance
Pattern File
Scan and Eliminate
AssessAnd
cleanup
Restoreand
Post-mortem
Copyright 2002-2003, Trend Micro, Inc. 21
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Winning Architecture
Control Manager• Policy Administration and Deployment• Policy Repository• SSL implementation
Inter Scan Messaging Security Suite •All attachment Blocking• URL blocking• Malicious Mail Site Blocking• Block File Download
Scan Mail• Mass Mailing Blocking• All Attachment Blocking• T/F blocking
• Outbreak prevention policies• “Smart” Scan Engine
Office Scan• Port Blocking; IP configuration change• Share/Unshare
Server Protect• Share/Unshare• Port Blocking• Deny Write• T/F Blocking• Filesize block
Gatelock •Anti-hacker setting• VPN configuration
Inter ScanVirus Wall
Office Scan
Server Protect
Scan Mail
Trend MicroControl Manager
Trend Labs
Copyright 2002-2003, Trend Micro, Inc. 22
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Summary Benefits
Coordinated defense policy to halt and mitigate mixed threat attacks Consistent and coordinated application of policy - OPS Quickened response to threats – OPS and Virus SLA
Ability to further leverage Trend Micro’s expertise Policy recommendations from the antivirus/content security experts – OPS,
DCS
Add additional layers of protection Flexibility to alter policies and deployment to fit security preferences – OPS Heterogeneous platform support – Solaris, Windows, Linux – OPS, TMCM
Copyright 2002-2003, Trend Micro, Inc. 23
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Summary Benefits
Decrease enterprise vulnerability Finds and eliminates malicious code that keeps networks open to attack –
DCS
Reduce costs Simplified coordination across departments and regions during outbreaks –
OPS, TMCM Reduces cost associated with manual cleanup of environment – DCS
Deliver best-of-breed solutions by integrating with strategic partners NetScreen, Bluecoat, Cisco and NetApp