Trend Micro Incorporated has announced the latest enhancements to the Trend Micro™ Smart Protection Platform, building upon a set of unified threat defense capabilities that already enable customers to protect their organisation against known threats, yet also detect and respond to new targeted attacks, immediately guarding against further intrusion.
“Businesses and governments are under attack, and signature-based approaches alone just won’t cut it,” says Eva Chen, CEO and co-founder, Trend Micro. “We’ve made a dramatic shift to lead the way in next-generation threat defense — continually innovating our Smart Protection Platform with new techniques that best protect against today’s threats.”
The most notable enhancement to the Smart Protection Platform is the all-new Trend Micro™ Smart Sensor solution, a context-aware endpoint monitoring solution that enables threat investigators to rapidly detect and assess the nature and extent of targeted attacks on endpoints and servers, speeding time to remediation. Working in conjunction with the Trend Micro™ Deep Discovery™ solution, which offers protection against targeted attacks, Smart Sensor collects unique intelligence to drive enterprise-wide threat investigation and response.
Focusing on more than advanced threats, the Smart Protection Platform supports a complete cycle of protection across networks, endpoints and servers. With centralised visibility and control, correlated threat intelligence and flexible on-premise or cloud deployment options, it also delivers more cost-effective and manageable capabilities.
Gartner recently recommended a holistic strategy to guard against advanced attacks. Their report [1] notes that: “Capabilities must work together as system. The end result should not be 12 silos of disparate information security solutions. The end goal should be that these different capabilities integrate and share information to build a security protection system that is more adaptive and intelligent overall. For example, while the enterprise may not have had a ‘signature’ to prevent a breach initially, after the attack is discovered, the enterprise can use the knowledge gained by a forensic analysis of the attack to block further infections, in essence developing a ‘custom defense’ against the attack.”
In alignment with this analysis, Trend Micro Smart Protection Platform enhancements include:
Trend Micro Smart Sensor
Offering continuous security monitoring at the endpoint, Smart Sensor enables threat investigators to rapidly discover and gain insight into the nature and extent of targeted attacks on endpoints and servers. It monitors detailed process-level and network communications activities of systems, empowering the analyst to easily perform multi-level “signature-less” investigations using rich IOC (indicators of compromise) parameters from Deep Discovery or any intelligence source.
With Smart Sensor, threat investigators are able to:
- Analyse the enterprise-wide chain of events involved in a targeted attack
- Monitor and investigate endpoints regardless of their location – on premise, remote or cloud-based
- Discover and verify system infiltration, malicious command and control (C&C) communications, and suspicious account activities
- Understand actual malware behavior including delivery method, execution, communications and system implications
Trend Micro™ Deep Discovery™ Email Inspector
This new solution protects companies from spear phishing emails that are the typical starting point for today’s targeted attacks. It uses proven sandboxing and other advanced detection engines to identify malicious attachments or embedded URLs, allowing the customer to analyse the threats and to set automatic policies for email blocking or quarantine. Deep Discovery Email Inspector complements existing email security solutions, adding a layer of targeted attack protection at a company’s most vulnerable point of entry.
Trend Micro™ Deep Discovery™ Inspector v3.6
To date, Trend Micro’s Deep Discovery Inspector has been broadly deployed at hundreds of enterprise and government organisations around the world. The latest update further addresses the needs of large-scale organisations by enhancing and extending sandboxing analysis and threat investigation capabilities, enhancing SIEM integration and introducing a new 4 Gbps model. Customers can now create more custom sandbox images, concurrently analyse more files and more rapidly analyse attack details within Deep Discovery or their SIEM systems. In addition, the new 4Gbps model, Deep Discovery Inspector supports broader deployment options to better protect against targeted attacks.
[1] “Designing an Adaptive Security Architecture for Protection From Advanced Attacks“ February 12, 2014