Download - Trend Micro Enterprise Protection Strategy Niraj Kaushik Country Sales Manager

Trend Micro Enterprise Protection Strategy

Niraj KaushikCountry Sales Manager

Copyright 2002-2003, Trend Micro, Inc. 2

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineToday’s AV Product Approach Server / Desktop Antivirus

Continuous protection: Detect virus in files Try to clean

Undesirable results: Lengthy cleanup / re-install Support issues Loss of productivity


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineToday’s AV Product Approach Virus Outbreak

New virus Spreads quickly New techniques

Vulnerability exploit Social engineering Mixed attack

Effects: Loss of data Loss of productivity Loss of credibility


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Failure of Product- based Approach

Billions of $$ are spent each year on Antivirus products.

Problem is getting worse Cost is escalating

1995

1996

1997

1998

1999

2000

2001

0.5 1.8 3.3

13.217.1

12.1

6.1

02468

1012141618

$US (Billions)

Source: Computer Economics, January 2002 (www.computereconomics.com)



The tough questions

How much is each Virus Outbreak costing us?

What to do when the NEXT outbreak occurs?

What’s our STRATEGY?



What is Enterprise Protection Strategy?

What is Trend Micro’s

Enterprise Protection Strategy ?



Basics of EPS

Not a Product – it’s a Strategy EPS = Proactive Outbreak Lifecycle Management Based on real customer feedback EPS technology built into latest and future product

releases



Enterprise Protection Strategy

Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management

Attack Preventio

n

$$

Notification and

Assurance

$

Pattern File

$$

Scan and Eliminate

$$

Assess and

Cleanup

$$$$

Restore and Post-Mortem

$

Threat Informati

on

$

Outbreak Prevention Virus Response Assessment and Restoration

Outbreak Prevention Services Virus Response Services Damage Cleanup Services

Proactive AttackUpdates

OutbreakPrevention

Policies

Analysis andReporting

Threat BasedScanning

VirusResponse SLA

AgentlessDamageCleanup

Client andServer Cleaning

TREND MICRO CONTROL MANAGER – outbreak lifecycle management, deployment, and deployment



Measuring Security Effectiveness

Pattern released

Pattern Deployed

Effort and cost during outbreak

Cleanup



Outbreak Prevention Services• Detailed information on threats as soon as they are characterized

• Provides attack-specific outbreak prevention policies • Block/deflect malicious code from entering or spreading throughout the network

• Ability to approve and deploy policy manually or automatically

• Real-time reporting on policy deployment and status

Outbreak Prevention Services Detail

Attack Prevention

Notification and

Assurance

Pattern File

Scan and Eliminate

Assess and Cleanup

Restore & Post-Mortem

Threat Information



Benefits of Outbreak Prevention Services

Proactive Protection against mixed threat attacks Contains outbreaks without stopping business productivity (i.e. shut down

email server) Reduces the chaos associated with defining the threat and behavior Automatic policy creates a 24x7, no-touch defense system

Expertise and Knowledge Recommendations from the experts -- policy formulation Knowledge base of policies for prior viruses

Consistency, reduced coordination, cost reduction Consistent application of policy Removes logistical challenges of notifying critical parties

Policy and Attack Correlation Assurance and reporting = Enterprise-wide visibility and coordination



Virus Response SLA• Addresses the Virus Response Stage of the outbreak lifecycle

• Virus Response SLA guarantees virus detection in two hours for case submissions• Delivers reassurance to businesses that outbreaks will not run viral forever• Trend Micro raises the bar on performance

Threat-based Scanning• Policy engine bundled with the scan engine

• Scan where the threat is• Trend downloaded policy or customer initiated

• Build action templates for specific virus types

Virus Response SLA

Assess and Cleanup

Pattern File

Scan and Eliminate

Assess and Cleanup

Restore & Post-MortemAttack

Prevention

Notification and

Assurance

Threat Information



Damage Cleanup Services:• Addresses the Assessment and Restoration Phase

• After pattern file and scan engine deployment, Trojans and worms may still exist that can re-attack the client and network• Clients require cleanup from damage incurred during the outbreak

• OfficeScan 5.5 with Damage Cleanup Services delivers managed cleanup• Agent-based cleanup, can be pushed down from OSCE server to OSCE client

• Damage Cleanup Server 1.0 delivers agent-less cleanup• Clients, regardless of their AV solution, can interoperate with Damage Cleanup Server• Centralized console logs information on virus type detected, machine name, IP address of client cleaned, and time of cleanup execution

Damage Cleanup Services

Attack Prevention

Notification and

Assurance

Pattern File

Scan and Eliminate

Assess and

Cleanup

Restore & Post-

Mortem

Threat Information



Benefits of Damage Cleanup

Reduced cost and administrative burden Automates manual cleanup of desktops and servers

• Estimated to be the biggest outbreak cost

Increases business productivity Decreased vulnerability to attack

Removes backdoors and Trojans Increased awareness of protection status (DCS1.0)

Ability to determine what has been cleaned, what hasn’t



Outbreak Lifecycle Management via TMCM

Manage the outbreak prevention across Trend Micro products on all layers of the network for true, enterprise-level protection

InterScan WebProtect

for iCAP

OfficeScan

InterScan Messaging Security

Suite

ServerProtect for NT

ScanMail for Exchange/ LotusNotes

NetScreen (port

blocking)

GateLock CE



The Value of EPS

OPS released

Policy deployed

Pattern released

Pattern Deployed

Cost and EffortEPS can save

Cleanup

Cleanup

Trend Micro’s Service Performance



Worm_Klez.G

Virus Sample Received 04/17/02; 04:04 a.m.; yellow alert• Memory resident, carries SMTP engine• Shared folders read/write• Uses one of 6 file extensions (EXE, .PIF, COM, BAT, SCR and RAR)

Outbreak Policies Deployed • Via support or Outbreak Commander

• Block six file extensions• Close shared folder access

+ :07+ :00 min. + :19

Pattern File Deployed• Scan true file type for profile

+ 3:42

Cleaning Template Deployed• Remove Klez entries• Remove registry entries…..

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ run\krn132• Remove drop files….

•%systemdir%\krn132.exe

• Straightforward scanning and policy creation • Sophisticated tool required extensive QA testing

Threat Information

Attack Prevention

Notificationand

Assurance

Pattern File

Scan and Eliminate

AssessAnd

cleanup

Restoreand

Post-mortem


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineWorm_Collo.C

Virus Sample Received 03/29/02; 12:57 a.m.• UPX compressed worm, VB script• Propagates through Windows Address Book (WAB)

Outbreak Policies Deployed • Via support or Outbreak Commander• Filter header

•Check out this cool program!•Kijk eens naar dit coole programma!

• Block exe. files• Cool Program.exe/Cool Programma.exe

+ :20+ :00 min. + :55

Pattern File Deployed• Scan for ‘cool’ headers• Strip and clean

+ :55

Cleaning Template Deployed• Delete registry entry

• HKEY_LOCAL_MACHINE>Software>Microsoft>Windows> CurrentVersion>Run

• Difficult to identify and control, simple cleaning

Threat Information

Attack Prevention

Notificationand

Assurance

Pattern File

Scan and Eliminate

AssessAnd

cleanup

Restoreand

Post-mortem

The Importance of Architecture



Winning Architecture

Control Manager• Policy Administration and Deployment• Policy Repository• SSL implementation

Inter Scan Messaging Security Suite •All attachment Blocking• URL blocking• Malicious Mail Site Blocking• Block File Download

Scan Mail• Mass Mailing Blocking• All Attachment Blocking• T/F blocking

• Outbreak prevention policies• “Smart” Scan Engine

Office Scan• Port Blocking; IP configuration change• Share/Unshare

Server Protect• Share/Unshare• Port Blocking• Deny Write• T/F Blocking• Filesize block

Gatelock •Anti-hacker setting• VPN configuration

Inter ScanVirus Wall

Office Scan

Server Protect

Scan Mail

Trend MicroControl Manager

Trend Labs



Summary Benefits

Coordinated defense policy to halt and mitigate mixed threat attacks Consistent and coordinated application of policy - OPS Quickened response to threats – OPS and Virus SLA

Ability to further leverage Trend Micro’s expertise Policy recommendations from the antivirus/content security experts – OPS,

DCS

Add additional layers of protection Flexibility to alter policies and deployment to fit security preferences – OPS Heterogeneous platform support – Solaris, Windows, Linux – OPS, TMCM



Summary Benefits

Decrease enterprise vulnerability Finds and eliminates malicious code that keeps networks open to attack –

DCS

Reduce costs Simplified coordination across departments and regions during outbreaks –

OPS, TMCM Reduces cost associated with manual cleanup of environment – DCS

Deliver best-of-breed solutions by integrating with strategic partners NetScreen, Bluecoat, Cisco and NetApp



Thank you

Download - Trend Micro Enterprise Protection Strategy Niraj Kaushik Country Sales Manager

Top Related