cloud computing,雲端運算防毒運用-smart protection network 趨勢科技劉琴堂
Post on 23-Jan-2015
1.980 Views
Preview:
DESCRIPTION
TRANSCRIPT
Smart Protection Network
Kelvin Liu
AVP, Core Tech Development
Copyright 2008 - Trend Micro Inc.
Malware ismultiplying
Malware issophisticated
Malware is profit driven
SpamSpyware
Botnets
Complexity
Worms
Web
Evolving Threat Landscape
Malware is getting increasingly dangerousand harder to detect.
Copyright 2009 - Trend Micro Inc.
Internal - Confidential
Example : Conficker / Downadup
InternetUser receive a spam mail User open the mail
then automatically download a file
The file register itself as a
system service Monitor the Internet browser’s address bar
Block access to certain websites
Connect to various websites, download other malicious files
Copyright 2009 - Trend Micro Inc.Feb 2009Internal - Confidential
Smart Protection Network against Conficker
IncidentTrigger
Email Reputation
WebReputation
FileReputation
Monitor
Many clients’ processes are dropping similar filenames in a short time
Many clients access or modify the same system file in a short time
Many clients accessed similar/same registry keys in a short time
Community Intelligence
Smart Protection Network
Correlate to figure out where the threat come from & whereit would connect to
File Score From Connect to
Crypt.NS.Gen X 129.24.11.3/aexjiire/ Euwl.tsst.com:88/e34jg/
Dropper.Gen X Ndj.sexadult.com/ssr/ee 112.42.5.112:80/
Nqe.exe V www.xyz.com www.abc.com
Conflicker_D X qd.wqwwor.com/om nadasm0.info:80/bugsy
Conflicker_D X Fdjhg.wopqfe.com 7f7fewf.cn:80/sina/
Correlation
Customer Feedback Log
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
IncidentTrigger
Email Reputation
WebReputation
FileReputation
Monitor
Correlation
Feb 2009
Smart Protection Network against Conficker
Domain / Name Server / IP / Register’s Email
Correlationto build up a Spider
Network
Threat Intelligence
Correlation
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
Email Reputation
WebReputation
FileReputation
IncidentTrigger
Monitor
Correlation
Feb 2009
Smart Protection Network against Conficker
Domain / Name Server / IP / Register’s Email
Correlationto build up a Spider
Network
Threat Intelligence
Correlation
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
What & How Trend Micro use Cloud Computing
Feb 2009Internal - Confidential
OS
Server Farm
Smart Protection Network
Tracking System Hadoop ( HBASE / Meta Data )
Virtualization
Hadoop (HDFS)Message Routing framework
MapReduceClustering ClawerAnalyzer
Monitor Incident Trigger Correlation
HTTP DNS FTP
User traffic logProactive sourcing Customer
Customer
Operating system
Infrastructure
Data Archive
Data Processing
Correlation
Copyright 2009 - Trend Micro Inc.Feb 2009Internal - Confidential
Why Smart Protection Network
Time to Protect
Less Complexity
Threat Intelligence
Reduce Cost
Immediate Protection
Early Warning
Lightweight Clients
Less Memory Usage
Reduce Downtime Costs
Reduce Hardware Costs
Threat Lifecycle Management
Copyright 2009 - Trend Micro Inc.
Thank You
業務專線 : (02) 2378-2666
top related