Welcome!

Release Management Authors: Jnan Dash, Liz McMillan, Lori MacVittie, Gilad Parann-Nissany, Carmen Gonzalez

News Feed Item

Trend Micro Custom Defense Takes "Command and Control" of Advanced Persistent Threats

Unique Solution Delivers Breakthroughs in Identifying and Blocking Targeted Attack Communications

CUPERTINO, Calif., Feb. 25, 2013 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), is introducing new advances in its Custom Defense solution that focus on identifying and blocking the command and control (C&C) communications used by advanced persistent threats (APTs) and targeted attacks. Trend Micro Custom Defense is the industry's first advanced threat protection solution that enables organizations not only to detect and analyze these attacks, but also to rapidly adapt their protection and respond to the attackers.

These new advances in C&C response provide unique custom detection and protection for network, gateway, server and endpoint protection points, along with centralized alerting and C&C risk intelligence to keep the customer informed and in control of the response to C&C activity. For the first time, enterprise organizations will have the visibility and intelligence to detect and respond to this important attack indicator before the damage is done.

APTs Directed by C&C Communications

APTs and targeted attacks continue to evade the standard defenses of organizations, as recently witnessed with attacks on the New York Times, Wall Street Journal and US Federal Reserve. According to a recent ISACA member survey, 21 percent of respondents reported that their enterprise has already been victimized by an APT, and 63 percent think it is only a matter of time before their enterprise is targeted.

These attacks are typically remotely orchestrated via C&C communications between the infiltrated systems and the attackers themselves. Advanced malware used for an attack will "call back" for additional downloads and new instructions.  Throughout the attack, the perpetrators will also use this channel to open and manipulate backdoor network access to discover and exfiltrate their targeted data. 2012 Verizon research verified that exploitation of backdoor or command and control channels were used in nearly 50 percent of all stolen data investigated.1

The C&C Detection Challenge

Identifying and responding to C&C communications is a critical factor in detecting a targeted attack, but unlike large-scale botnets, the intermittent and low-volume APT C&C traffic is difficult to detect. And the attackers don't make it easy, attempting to hide C&C traffic with techniques such as changing and redirecting addresses, using legitimate applications and sites as the conduit, and even setting up C&C servers within a customer's network. Trend Micro researchers note that the average lifespan of a C&C address is less than three days and that many sophisticated attackers use techniques only detectable with specialized network-based detection on-site at the organization.

Recently tracked C&C data from TrendLabs℠ researchers shows over 1500 active C&C sites, with victims per site ranging from 1 to over 25,000. Of note, over two-thirds of these sites had three or fewer active victims. Over 25 percent of the sites had a lifespan of one day or less. Over 50 percent had a lifespan of four days or less.

"Most security vendors lack the expertise, scale, technology and resources to reliably identify the various types of C&C.  And when their web, messaging or endpoint products do detect a C&C, it's likely to be simply blocked or logged without notice – the same way any minor event is handled. So in most cases, the organization never knows that it may be under a serious targeted attack," Steve Quane, chief product officer at Trend Micro.

Enterprise security teams need to reliably answer these critical questions:

  • Is there C&C activity on my network?
  • Is it a simple botnet or a possible targeted attack?
  • How risky is it? Where and whom is it from?
  • Should I immediately block and remediate or monitor it further?

The Trend Micro Custom Defense Solution for C&C Response

Only the Trend Micro Custom Defense solution can answer these questions with the C&C detection, intelligence and response control needed to stop a targeted attack before the damage is done. At RSA 2013, Trend Micro is introducing and demonstrating these new and unique Custom Defense C&C functions:

  • Enhanced identification and tracking of C&C communications in the cloud and on the customer network
  • Built-in detection of C&C communications activity in network, gateway, server, and endpoint protection points
  • Centralized C&C alerting, dedicated C&C risk intelligence, flexible response control options
  • Adaptive security updates to inform all products of new C&C detection
  • Open web services APIs to include any security product in the Custom Defense

How It Works

Global Identification and Tracking: Trend Micro™ Smart Protection Network™ and Trend Micro Threat Researchers

The Smart Protection Network automatically identifies active C&C sites worldwide based on daily processing of 12 Billion IP/URL inquires and the correlation of over six Terabytes of data. Its correlation engines keep up with the changing nature of C&C addresses, and it employs the latest innovations from Trend Micro's 1200 threat researchers to continually detect all evasive measures taken by attackers.

Trend Micro threat researchers also collect and examine the forensic evidence of attempted targeted attacks over the tens of thousands of Trend Micro enterprise customers worldwide. Peeling back the layers of an attack, they gain further insight into C&C, malware, and attacker techniques, driving constant improvement in the Smart Protection Network and Trend Micro products.

Network-Based Detection and Learning with Trend Micro™ Deep Discovery Advanced Threat Protection

Trend Micro Deep Discovery uses customer-specific threat detection to discover advanced malware, communications and attacker activities at the network level. Unique "fingerprint" detection of cloaked C&C traffic can identify attackers' use of legitimate applications and websites, as well as other advanced techniques such as the use of internal C&C servers. Deep Discovery custom sandbox analysis can also discover new C&C destinations of zero-day malware attacks and update the Smart Protection Network and all customer security protection points.

Integrated Protection Across Products; Centralized Alerts and Control

The latest global and local C&C detection information powers Trend Micro enterprise security products at the endpoint, server, network, gateway, and messaging protection points to identify and control C&C activity across the customer environment. C&C detection at any point is clearly identified on a centralized console, alerting the security team and allowing them to control the course of action. C&C risk assessment, containment and remediation are aided by unique Threat Connect intelligence on the severity, activity, origins and related addresses of the C&C site – helping to determine whether the communication represents a high risk, whether it should be immediately blocked, and how the containment and remediation should proceed.

Products and Availability

These Trend Micro products will include the new Custom Defense C&C functions, with Beta versions available in February 2013 and individual product General Availability dates throughout 1H 2013.

Endpoint Security

  • Trend MicroOfficeScan

Server, Virtualization & Cloud Security

  • Trend MicroDeep Security

Network Security

  • Trend MicroDeep Discovery

Messaging Security

  • Trend MicroInterScan Mail Security
  • Trend MicroScanMail for Exchange, Trend MicroScanMail for Lotus Domino

Web Security

  • Trend MicroInterScan Web Security

Central Management

  • Trend Micro Control Manager

Quotes

"Trend Micro is the only major security vendor who gets APTs - and we continue to expand and deliver on our Custom Defense vision. C&C can be a critical APT attack indicator. Customers have the right to expect their security products to do a better job of detecting risky C&C and giving them the intelligence they need to respond appropriately. We are leading the way by improving our C&C detection and intelligence, integrating it into each of our products, and providing the visibility and response control that customers need to combat their attackers," said Kevin Faulkner, director of product marketing at Trend Micro.

"We are big fans of Trend Micro Custom Defense.  It not only detects and analyzes APTs but also allows us to rapidly respond. In its first two months on our network, Deep Discovery spotted and stopped 5,000 anonymous events on our WAN that were not caught by any other security layer," said John Dickson, Director, IT Infrastructure Republic National Distributing Company, Atlanta, Georgia.

"Attacks on the enterprise today are more sophisticated and targeted than ever before.  Trend Micro's Custom Defense solution and the C&C detection and response control capabilities it offers across the Trend Micro product line will help customers to better identify and deal appropriately with attacks to their organization," said Richard Stiennon, chief research analyst, IT-Harvest.

Additional Assets:
APT C&C Communication Superior Detection with Trend Micro Custom Defense (Trend Micro Solution Brief) 
ISACA Advanced Persistent Threats Awareness Survey
TrendLabs research paper: Detecting APT Activity with Network Traffic Analysis
Tracking Known C&C Traffic infographic
Custom Defense White Paper
Custom Defense web page  
Trend Micro Custom Defense Video

Sources:
1.     2012 Data Breach Investigations Reports, Verizon RISK Team, March 2012

About Trend Micro

Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers.  A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ global threat intelligence data mining framework, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. 

Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.trendmicro.com/  and as part of an RSS feed at www.trendmicro.com/rss.   Or follow our news on Twitter at @TrendMicro.

SOURCE Trend Micro Incorporated

SOURCE Trend Micro Incorporated

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change t...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
industrial company for a multi-year contract initially valued at over $4.0 million. In addition to DataV software, Bsquare will also provide comprehensive systems integration, support and maintenance services. DataV leverages advanced data analytics, predictive reasoning, data-driven diagnostics, and automated orchestration of remediation actions in order to improve asset uptime while reducing service and warranty costs.
Vidyo, Inc., has joined the Alliance for Open Media. The Alliance for Open Media is a non-profit organization working to define and develop media technologies that address the need for an open standard for video compression and delivery over the web. As a member of the Alliance, Vidyo will collaborate with industry leaders in pursuit of an open and royalty-free AOMedia Video codec, AV1. Vidyo’s contributions to the organization will bring to bear its long history of expertise in codec technolo...