1 / 18

Trend Micro Updates SIRT IT Security Roundtable

Trend Micro Updates SIRT IT Security Roundtable. Harvard Townsend Chief Information Security Officer harv@ksu.edu November 6, 2009. Agenda . Why the changes? Timeline for the changes New antivirus web site Trend Micro OfficeScan 10 features Trend Micro Security for Macs 1.5 features

amandla
Download Presentation

Trend Micro Updates SIRT IT Security Roundtable

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trend Micro UpdatesSIRT IT Security Roundtable Harvard Townsend Chief Information Security Officer harv@ksu.edu November 6, 2009

  2. Agenda • Why the changes? • Timeline for the changes • New antivirus web site • Trend Micro OfficeScan 10 features • Trend Micro Security for Macs 1.5 features • Removing SAV for Macs • Residence Halls • Q&A

  3. Why the changes? OfficeScan 8 to OfficeScan 10 (Windows) Symantec AV for Macs to Trend Micro Security for Mac 1.5 • Support for new operating systems (Windows 7, Mac OS X 10.6/Snow Leopard) • Support contract for Symantec AV for Macs ended Oct. 27 and no budget for renewal • Release of managed Trend Micro client for Macs • Mac product bundled in pre-paid Trend Micro contract (since paid per user, not per device/platform); licenses paid thru March 2012; support renewed annually • More security features for Mac (like Web Reputation Services) • Beneficial features in OfficeScan 10 • Single vendor for AV and tech support • Can manage both platforms from single OfficeScan server • Give Shea more work before she leaves K-State

  4. Timeline • Oct. 27: Symantec AV for Macs support contract expired • Tuesday, November 10: • OfficeScan 10 for Windows pushed to clients that use the central IT Trend Micro service • OfficeScan 10 available on antivirus.ksu.edu for new installations • TM Security for Mac 1.5 available from antivirus.ksu.edu for manual installation • New antivirus.ksu.edu web site released • January 2010 – Trend required in residence halls for both Windows and Macs

  5. New antivirus web site • Replaces current one on Nov. 10 • New ITS web format • Easier for user to find what they need • www.k-state.edu/its/antivirus or antivirus.k-state.edu • Linked from the main ITS web site

  6. Trend Micro OfficeScan 10 • Major upgrade from version 8 (where did version 9 go?!) • Ripe with marketing hype (“Cloud-Client Architecture”, “Smart Protection Network”, “Global Threat Intelligence”) • But it appears to provide real value: • Faster deployment of pattern file updates • Smaller client footprint • Windows 7 support in sp1 (not officially supported in OfficeScan 8) • More options for re-scheduling missed scheduled scans • Better Active Directory integration • Better control of removable devices like USB drives • Protection of the OfficeScan program itself (prevents malware from altering OfficeScan files, processes and registry entries)

  7. TMOS 10 Features • “In-the-cloud” scanning (“SmartScan”) vs. conventional scanning • Client uses pattern info stored on local or global servers rather than having to store everything on every client computer • Updates pattern files hourly instead of daily • Smaller pattern files on the client, less network bandwidth used to deploy pattern files • Some heuristic-based detection • Can still do conventional scanning for systems with limited Internet access

  8. TMOS 10 Features • Better options for dealing with missed scheduled scan • Postpone a schedule scan before it begins • Stop and Resume a current active schedule scan • Resume a missed schedule scan • Automatically skip schedule scan when Laptop Battery is below certain % • Automatically stop schedule scan when it lasts over a certain amount of period.

  9. TMOS 10 Features • Device Access Control • Sysadmins can control use of removable drives • Examples: Removable Thumb Drives, Firewire Hard Drives, PC-Cards, Media Players.

  10. TMOS 10 Features • The Trend Micro Unauthorized Change Prevention Service replaces the OfficeScan watchdog as the principal means of preventing OfficeScan services from being stopped, and settings from being changed • To prevent OSCE applications being injected with malware and impact business operation • Feature provides the ability to protect OfficeScan files / file types within folders from being modified • Protect OfficeScan system processes to prevent unauthorized shut-down • Protect OfficeScan system registries from unauthorized modification

  11. TMOS 10 User Experience • After automatic installation, user will be prompted to reboot via the pop-up warning in the lower right hand corner of the screen (above system tray) • Icon change OfficeScan 8 & Conventional Scan OfficeScan 10 w/ Smart Scan Problem communicating w/ server

  12. TMOS 10 User Experience • OfficeScan console largely the same • Firewall config for communicating with OfficeScan servers: • Smart Scan server: TCP/443 from 10.130.69.52 (on campus only) • OfficeScan server (conventional scan): TCP/8080 from 129.130.255.181 • Off campus, component updates try campus server, then failover toosce10-p.activeupdate.trendmicro.com

  13. TMOS 10 User Experience • What else about TMOS 10? What is your experience? • TMOS 10 install wipe out any custom TMOS 8 configs? • No tool yet to export/import config from TMOS 8 server to TMOS 10 environment, but they’re working on it. • Significant CPU utilization every hour on Local Scan Server when it downloads and processes new pattern files – has this been a problem? • Pushing new pattern file on demand (like in yesterday’s malware outbreak, how to push to both conventional and SmartScanconfigs) • Standalone Scan Server requires VMware™ ESXi Server 3.5 Update 2. VMware ESX™ Server 3.5 or 3.0, or VMware Server 2.0 • 1,000 client limit if run Local Scan Server and OfficeScan server on same server (compared to 5,000-8,000 clients for latter) – called “Integrated Scan Server”

  14. Trend Micro Security for Mac • Features/Advantages: • No additional cost to cover all Macs • Symantec license was for 1,500 Macs; Trend licensed by user, unlimited quantity for home/office, student/employee • Managed product (can push pattern file updates, manage configuration, centralized reporting, etc.) • Managed as plug-in to current Windows OfficeScan servers, so have common mgmt platform • Service Pack 1 supports Mac OS X 10.6/Snow Leopard (Symantec still not supporting 10.6) • Supports Mac OS X 10.4/5/6 on Intel and PowerPC processors • Includes Web Reputation Services to help prevent users from visiting known malicious web sites • Covered by current Silver Premium Support contract • Single vendor for all AV product • No additional cost

  15. Trend Micro Security for Mac • Trend Micro Security for Mac Version 1.5 (TMSM 1.5) released in late summer, replacing standalone v. 1.0 from spring • Service Pack 1 with Snow Leopard support released Oct. 7 • Full-featured antivirus product with real-time, scheduled, and manual scans; regular pattern file updates; centralized mgmt; Web Reputation Services to control access to known malicious web sites • Available Nov. 10 from antivirus.k-state.edu for manual installation • Management requires OfficeScan server running on Windows; colleges/depts can use central IT server if needed (talk to Shea) • For client installation, must remove any other antivirus first • ClamXav for those who installed it on 10.6/Snow Leopard • Symantec AV on all others (see www.k-state.edu/its/antivirus/mac/removemacav.html)

  16. Trend Micro Security for Mac • Default port for communicating with server is 61617; open firewall for that port both incoming and outgoing • Campus computers should install TMSM 1.5 starting next week • Students in residence halls should install after Nov. 10 as well; will be forced to in January before the start of the spring semester (waiting on Bradford Campus Manager support) • For sysadmins, manuals available atwww.trendmicro.com/download/product.asp?productid=114

  17. Summary • November 10: • Users of central IT OfficeScan server upgraded automatically • OfficeScan 10 available on web for new installs • TM Security for Mac 1.5 sp1 available on web for manual install • New antivirus.ksu.edu web site released • Colleges/depts with own AV infrastructure should upgrade to TMOS 10 and TMSM 1.5 soon • Residence halls required to run Trend Micro by policy now, forced via Bradford Campus Manager in January

  18. What’s on your mind?

More Related