490 likes | 613 Views
Threats beyond Imagination – Securing your Digital Information. Goh Chee Hoh Managing Director Asia South Region May, 2006. Agenda. Security Evolution : Challenges on unpredictable threat Digital Operation Continuity : Strategy and Solution The Technology : Winning Path RoadMap
E N D
Threats beyond Imagination – Securing your Digital Information Goh Chee Hoh Managing Director Asia South Region May, 2006
Agenda • Security Evolution : Challenges on unpredictable threat • Digital Operation Continuity : Strategy and Solution • The Technology : Winning Path RoadMap • The Pioneer : Trend Micro Profile Overview
The Problem Malware’s Growth • Malware – More Than Just Viruses and Worms • New threats detected daily • New vulnerabilities (Mobile, IM, images, etc.) • Variants active for years
Review • File Viruses: Projected Decline. • Worms: Remain Stable at 150 per month. • Bots: 250-300 per month with Potential for Increase. • Spam: Projected Increase • Phishing: 14,000-15,000 per month with Projected Increase. - Spear Phishing: Projected Increase • PhishWare: Remain Stable at 500-700 per month. • GrayWare: 1500-1600 per month with Projected Increase. • Mobile Threats: 15 per quarter with Projected Increase
Reported Infections and Growth Projections Reported Infections: 9.5 Million in Q1, 12.1Million in Q2, and 29.5 Million in Q3. 70 percent of all infections occurred in North America. Projected
The Problem Malware’s Impact Global Attacks Cost Billions Each Year
Mobile Threats 2004-2005 20June04 4Apr 7Mar 17Jul04 21Sep 8Jul 8Mar 29Dec04 6Apr 2Oct 5Aug04 1Feb 15Apr 4Jul 19Jul 18Mar 12Aug04 21Nov04 Mabir Cardtrp Doomed Comwar Cardblk Vlasco Fontal Cabir Boottoon Skulls Dampig Qdial Hobbes Skudoo Locknut (Gavno) Drever Win CE DUTS Camdesk = Symbian OS (Nokia, etc) = Windows CE (HP, etc) Win CE BRADOR
Social Engineering and “Phishing” • How about this email from Citibank asking for recipient to provide personal information?
50.000 USD, or we shut down your page! And they did!!!
4 18 26 185 336 4th Generation Network Worm days Patch: MS05-039 8/9/2005 Window between vulnerability announcement and outbreak is shrinking 8/13/2005 ZOTOB Patch: MS04-011 8/13/2004 5/1/2004 SASSER Patch: MS03-026 6/16/2003 8/11/2003 BLASTER Patch: MS02-039 7/24/2002 1/25/2003 SLAMMER Patch: MS00-078 10/17/2000 9/18/2001 NIMDA
The Pain • New ATMs moving to Microsoft™ Windows, but Windows is a popular platform for virus authors. • Microsoft issued 77 patches for Windows OS in 2003 • 42 of them are for Windows XP. • 7 of them resulted from network virus vulnerabilities. • Supposedly isolated ATM networks have been exposed to network virus attacks • 1/2003: Slammer (SQL database attack) • Bank of America – 13,000 ATMs shut down because of attack. • Canadian Imperial Bank of Commerce (CIBC) also impacted. • 8/2003: Nachi worm (“Welchia”) • Infected two “unnamed” ATM banking networks Network worms can inhibit business and stop transactions.
0 20 40 60 80 Malware Still Dominates Threat Landscape Top Threats: Greatest Security Challenges: Source: IDC Enterprise Security Survey, December 2005
Agenda • Security Evolution : Challenges on unpredictable threat • Digital Operation Continuity : Strategy and Solution • The Technology : Winning Path RoadMap • The Pioneer : Trend Micro Profile Overview
Top 10 I.T. Director Concerns • Aligning IT with business strategy • Keeping up with technology • Security management • Managing costs and resources • Coping with change • Project management • Managing users • Workload and managing stress • E-business • Managing vendors Readers’ survey by MIS Asia
Major Security Concern for CIO • How to Deal with Threat that coming from Unmanaged device ??? - like Mobile Users ( PDA, Mobile Phone, Notebook …. ) - like Third party access to network ( visitor, supplier consultant, … ) • How to deal with Unknown Mixed Threat Attack ??? - no signature ( Virus Pattern ) exist - zero day threat or attack - Blended with different type of malware 3. How to deal with Targeted Attacked ??? - no longer global outbreak - target attack to a single organization with flooding hundred of malware Readers’ survey by MIS Asia
Enterprise Protection Strategy DefinedIntelligent Threat Protection Security policy compliance Potential threats Malicious Threats From Spreading Infected devices The Whole Is Better Than The Sum Of Parts
Monitor – Detect Potential Threats Ongoing detection of known and unknown threats in real-time Identify source of threat • Limit network access to users that comply with security policies • Facilitate regulatory compliance NCIT – Network Content Inspection Technology
Prevent – Stop Malicious Threats Stops known and unknown threats from disrupting business continuity Protection Everywhere Bring business back to normal by repairing infected devices Agent and Agent-less solutions
Central ManagementLowers cost of administration • Central threat management console • Better Protection, Less Mistakes • Enterprise-wide view of all threats • One Throat To Choke • Components: • Trend Micro Control Manager • Provides enhanced Updates/Reporting/Events/Notifications • Cisco Incident Control System (ICS) • Supports Routers, Switches and IPS devices NEW Better Protection With One Throat To Choke
EPS: A Security Framework Intelligent Threat Protection The Whole Is Better Than The Sum Of Parts
The EPS ROIIntelligent Threat Protection EPS Lowers Overall Threat Exposure
Summary • EPS provides a security framework for intelligent, customized and comprehensive protection against known and unknown threats • Detects first instance of potential threats in real-time • Offers simple NAC solution for the mobile workforce • Protects every critical entry point of threats • Automates recovery for managed and unmanaged users • Trend Micro Enterprise core competence: • Intelligent Threat Protection • Integration with network information flow (Cisco, NCIT)
Architectural Evolution - From the Server to the Network Access Point Vulnerability Prevention Outbreak Prevention Virus Response Assessment and Restoration Manage and Coordinate Outbreak Security Actions Mass Mailer Worms Policy Management & Reporting Spam Office Scan TMCM PC-cillin Web/MMC L3 Switch NVW NVW Internet/ISP Firewall VPN Web Site WANRouter ISVW eMailServers FileServers Network Worms SMEX SP L3 Switch Spyware Appliance IMSS SPS NRS Trojan IWSS
Trend Micro Control Manager™ • Centralized Management (Web- based) • Supports 3000+ managed servers on Windows, UNIX and Linux • Log collection and reporting • Service update and delivery platform: • Outbreak Prevention Service • Damage Cleanup Service • Vulnerability Assessment Service • Centralized Management and configuration for Network Viruswall 1200 • Cascaded Console for greater scalability
InterScan Messaging Security Suite • Comprehensive messaging security at the Enterprise gateway. • Virus scanning for SMTP / POP-3 • Special mass-mailing virus handling • Policy-based management enforces corporate email policies • Integrated Anti- spam database and Content Filtering • Implements Outbreak Policies for email virus outbreaks • Supports Heuristic Spam Prevention Solution
Spam Prevention Solution • Heuristic Spam filtering engine • 90 – 95% Accuracy with 1/80,000 false positive rate • Automatic updates for Heuristic engine from Trend’s Active Update servers • Integrated with IMSS 5.5 for ease of implementation • Increases Spam catch rate over just fingerprint matching • IMSS Policy- based framework allows highly granular Spam sensitivity settings
Anti-Spam Building Blocks Spam Caught Today Spam Caught Future Quarantine “Probability of Being Good or Bad” “Are you Good?” “Who Are You?” Heuristic & Signature Filters Reputation Mail Servers Authorization Authentication End Users SPF Domain Keys DKIM CSV
IP Reputation – Known Spamming Behavior Sender Authorization - Authenticated Mail Sender IP number of sending server not authentic or known bad Domain Reputation - Known Email Behavior Unknown email source Reputation as spammer Questionable spam reputation, or anomalous behavior Spam clean reputation and normal behavior Categorically Block Filter Categorically Pass Email Reputation Flow • IP Reputation – clears out the obvious spam • Sender Authorization – confirms the sender’s domain • Domain Reputation – applies knowledge to the sender • Can decide to block, filter or pass • Content Filtering – removes the gray/questionable messages
InterScan Web Security Suite • HTTP/FTP/ICAP 1.0 Antivirus scanning • Web site (URL) filtering (optional) • Controls access to unproductive sites(raise employee productivity) • Controls access to restricted sites(reduce legal liabilities) • Allows use of pre-approved and/orcustomizable list of sites • Manage internet usage • Displays employee patterns of web usage • Alerts administrators of unusual activitybased on historical & current Web usage • Allows administrators to implement individual surfing quotas
ScanMail for Microsoft Exchange • Server-based e-mail virus protection • Administrator controls and monitors virus activities • Transparent virus scanning at the server mailbox • Stops viruses, malicious code, sensitive content and spam in email and shared folders, before they can reach desktop and spread • Emergency Attachment Blocking for outbreak situations like Sircam, Nimda, Netsky, Bagle...etc. • Alerts sender, recipients and administrator when a virus is found • Microsoft certified for new Exchange Virus Scan API (Microsoft Exchange 2003)
ScanMail eManager Content Filtering eManager Plug-in for ScanMail for Exchange • Content Filter - allows administrator to filter out “offensive and inappropriate” email from entering Exchange Server • Anti-Spam- Filters out spam or unsolicited junk email coming to the Exchange server • Improves mail server efficiency and ensures that only valid messages are received by the end-user • Frees up valuable disk space on the server ScanMail + eManager = ScanMail Suite
ServerProtect ServerProtect efficiently safeguards multiple servers, domains and NAS from virus attack with next-generation antivirus software that can be installed and managed from a single secure console. • Network OS supported - NT, Win2000, Novell Netware, Linux, Win2003 • Network Attached Storage Supported Platform - EMC, Network appliances
OfficeScan Corporate Edition Comprehensive security solution designed for the corporate desktop environment. • Robust security protection against multiple types of threats that threaten corporate desktops users • Powerful web based management console to coordinate effective security policies and deploy rapidly • Accepts and implements Outbreak Policies and Damage Cleanup Templates from Control Manager • Supports security policy enforcement via Cisco NAC
Agenda • Security Evolution : Challenges on unpredictable threat • Digital Operation Continuity : Strategy and Solution • The Technology : Winning Path RoadMap • The Pioneer : Trend Micro Profile Overview
Our Approach : The Whole Threat Lifecycle Management Antivirus Consultation Service Plan Plan Antivirus Review & Audit Service Knowledge And Expertise Knowledge And Expertise Review Review Deploy Deploy Antivirus Deployment Service Monitor Monitor Respond Respond Outbreak Prevention & Damage Cleanup
Where does the Value comes from In the short term, the benefit reflects on the number of virus outbreak , user downtime and damage severity. No. of Outbreaks • The benefit is the product of reduced outbreaks, range of impact and downtime • If each dimension is reduced by 30%, total damage will reduce by 65% Baseline Damage Damage after adopting ESO Range of Impact Average Downtime
Long-Term Value Proposition In the long term, benefit comes from the improvement of overall company security. Illustrative Total Damage Damage for Clients Without Any Protection • When the client’s organization awareness, reaction process and security environment are improved through adopting ESC, the benefit will reflect in the accelerative decrease of damage caused by malware Damage for Clients Using AV Products Damage for Clients Using Products and ESC Time
The Building Blocks Security Infrastructure Organizational Security Awareness/Behavior Customer 24 x 7 monitoring and service Trend Micro Partner Trend Micro Provider Technical Account Manager Online real-time monitoring mechanism Service Mechanism Premium Support Program Monitoring Service Offerings Products Consulting Service Service packaging Trend Micro Security Expertise Customer Service Experience Knowledge
Agenda • Security Evolution : Challenges on unpredictable threat • Digital Operation Continuity : Strategy and Solution • The Technology : Winning Path RoadMap • The Pioneer : Trend Micro Profile Overview
Corporate Fact Sheet Trend Micro Incorporated Address: Shinjyuku MAYNDS Tower 27F 2-1-1 Yoyogi, Shibuya-ku Tokyo 151-0053 Japan Founded: 1989, CA, US Founder: Steve Chang, honored “Innovator of the Year” award from 2004 Asia Business Leader Awards (ABLA). Traded: Tokyo Stock Exchange (4704), NASDAQ (TMIC) Business Nature: Antivirus and content security software and services Offices : Operate in more then 30 countries and with 6 Global R&D Centers Number of Employees: 2,900+ 2005 Revenue: USD 621.9M Q1/2006 Revenue: USD 179.6M ( grow 19% ) Market Value: USD 5 Billion
COMPANY OVERVIEW • Our Vision: • Create a world safe for exchanging digital information • Our Mission: • Ensure operational continuity against unpredictable, malicious threats • Our Strategy: • To provide timely updates for threat management byintegrating with network information flow
Market Leadership Global Leader* in the Server-based Antivirus Market • #1 market share in the Internet gateway antivirus market for sixth consecutive year • #1 market share in the mail server antivirus market for fourth consecutive year • #1 market share in the file server antivirus market for second consecutive year • "Trend Micro has consistently demonstrated a strong position in the global antivirus market. To remain successful Trend Micro has adapted quickly to market challenges and the evolution of security threats. Given Trend Micro’s track record and its strong momentum, we expect the company to continue delivering innovative solutions that provide customers with timely protection against unpredictable threats." • Brian Burke • Research Manager, IDC Source: IDC, Worldwide Antivirus 2005-2009 Forecast and Analysis: Antivirus Evolves from Product to Feature, Doc #34567, December 2005.
InnovationSupport — TrendLabs Delivers Global Service and Support Global Service and Support Excellence • TrendLabs provides a worldwide platform for delivering timely & customized updates, services, and support anytime, anywhere. Munich, Germany Cork, IrelandParis, France Tokyo, Japan Irvine, U.S. Taipei, Taiwan Manila,the Philippines • More than 800 Threat Research and Service and Support experts at 6 locations • Collaborative account management • Automated alerts for new threats • ISO 9001 2000, BS7799 certifications • COPC-2000 Standards Certification Protection requires more than a product… It requires service – timely and expert service
EPS Success Story • A global healthcare leader • Revenue=US$27b, Employees=93k • Trend Micro products deployed: • Control Manager, Network VirusWall, ScanMail, OfficeScan, ServerProtect • Key benefits derived: • Centralized management • Superior product integration • Comprehensive threat protection • Automatic company-wide updates EPS Made Us A Partner, Not Just A Vendor
Thank you!More information, please visit/contactwww.trendmicro.comgoh_chee_hoh@trendmicro.comMisoft – Vietnam Distributorwww.misoft.com.vn+844-9331613