cloud computing,雲端運算防毒運用-smart protection network 趨勢科技劉琴堂
DESCRIPTION
根據一份統計資料顯示,全球每年病毒、惡意程式增加的速度遠比想像中快,1988年的病毒數量大約為8萬多種,但是到了1998年已經暴增到80萬隻,而截至2008年底病毒與惡意程式的數量已經達到100萬隻以上,預估到2015年將會快速增加到250萬隻。趨勢科技張明正董事長表示:「以目前的趨勢來看,現階段透過病毒碼特徵比對的防毒技術,未來將無法滿足企業與個人的需求,所以趨勢科技早在2006年就開始將雲端運算應用在資訊安全上」。 病毒、惡意程式增加的速度如此之快,是由於病毒產生工具隨處可得,許多駭客為了獲取金錢開始在網路上販售惡意程式開發工具,就算不會撰寫程式的使用者,也可以輕鬆製造出各式各樣的惡意程式,藉以竊取各種機密的資料。趨勢科技全球核心研發部事業副總經理劉琴堂表示:「藉由定時更新病毒碼的方式,或許可以杜絕部分惡意程式入侵,但是隨著病毒碼資料檔愈來愈大,以及惡意程式偽裝程度愈高,許多個人電腦、掌上型設備根本將無法應付來自四面八方的攻擊保護,所以趨勢科技很早就開始投入Smart Protection Network的開發。」TRANSCRIPT
Smart Protection Network
Kelvin Liu
AVP, Core Tech Development
Copyright 2008 - Trend Micro Inc.
Malware ismultiplying
Malware issophisticated
Malware is profit driven
SpamSpyware
Botnets
Complexity
Worms
Web
Evolving Threat Landscape
Malware is getting increasingly dangerousand harder to detect.
Copyright 2009 - Trend Micro Inc.
Internal - Confidential
Example : Conficker / Downadup
InternetUser receive a spam mail User open the mail
then automatically download a file
The file register itself as a
system service Monitor the Internet browser’s address bar
Block access to certain websites
Connect to various websites, download other malicious files
Copyright 2009 - Trend Micro Inc.Feb 2009Internal - Confidential
Smart Protection Network against Conficker
IncidentTrigger
Email Reputation
WebReputation
FileReputation
Monitor
Many clients’ processes are dropping similar filenames in a short time
Many clients access or modify the same system file in a short time
Many clients accessed similar/same registry keys in a short time
Community Intelligence
Smart Protection Network
Correlate to figure out where the threat come from & whereit would connect to
File Score From Connect to
Crypt.NS.Gen X 129.24.11.3/aexjiire/ Euwl.tsst.com:88/e34jg/
Dropper.Gen X Ndj.sexadult.com/ssr/ee 112.42.5.112:80/
Nqe.exe V www.xyz.com www.abc.com
Conflicker_D X qd.wqwwor.com/om nadasm0.info:80/bugsy
Conflicker_D X Fdjhg.wopqfe.com 7f7fewf.cn:80/sina/
Correlation
Customer Feedback Log
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
IncidentTrigger
Email Reputation
WebReputation
FileReputation
Monitor
Correlation
Feb 2009
Smart Protection Network against Conficker
Domain / Name Server / IP / Register’s Email
Correlationto build up a Spider
Network
Threat Intelligence
Correlation
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
Email Reputation
WebReputation
FileReputation
IncidentTrigger
Monitor
Correlation
Feb 2009
Smart Protection Network against Conficker
Domain / Name Server / IP / Register’s Email
Correlationto build up a Spider
Network
Threat Intelligence
Correlation
ImmediateProtection
Copyright 2009 - Trend Micro Inc.
What & How Trend Micro use Cloud Computing
Feb 2009Internal - Confidential
OS
Server Farm
Smart Protection Network
Tracking System Hadoop ( HBASE / Meta Data )
Virtualization
Hadoop (HDFS)Message Routing framework
MapReduceClustering ClawerAnalyzer
Monitor Incident Trigger Correlation
HTTP DNS FTP
User traffic logProactive sourcing Customer
Customer
Operating system
Infrastructure
Data Archive
Data Processing
Correlation
Copyright 2009 - Trend Micro Inc.Feb 2009Internal - Confidential
Why Smart Protection Network
Time to Protect
Less Complexity
Threat Intelligence
Reduce Cost
Immediate Protection
Early Warning
Lightweight Clients
Less Memory Usage
Reduce Downtime Costs
Reduce Hardware Costs
Threat Lifecycle Management
Copyright 2009 - Trend Micro Inc.
Thank You
業務專線 : (02) 2378-2666