Welcome!

Release Management Authors: Liz McMillan, Jnan Dash, Lori MacVittie, Gilad Parann-Nissany, Carmen Gonzalez

News Feed Item

Trend Micro Custom Defense Takes "Command and Control" of Advanced Persistent Threats

Unique Solution Delivers Breakthroughs in Identifying and Blocking Targeted Attack Communications

CUPERTINO, Calif., Feb. 25, 2013 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), is introducing new advances in its Custom Defense solution that focus on identifying and blocking the command and control (C&C) communications used by advanced persistent threats (APTs) and targeted attacks. Trend Micro Custom Defense is the industry's first advanced threat protection solution that enables organizations not only to detect and analyze these attacks, but also to rapidly adapt their protection and respond to the attackers.

These new advances in C&C response provide unique custom detection and protection for network, gateway, server and endpoint protection points, along with centralized alerting and C&C risk intelligence to keep the customer informed and in control of the response to C&C activity. For the first time, enterprise organizations will have the visibility and intelligence to detect and respond to this important attack indicator before the damage is done.

APTs Directed by C&C Communications

APTs and targeted attacks continue to evade the standard defenses of organizations, as recently witnessed with attacks on the New York Times, Wall Street Journal and US Federal Reserve. According to a recent ISACA member survey, 21 percent of respondents reported that their enterprise has already been victimized by an APT, and 63 percent think it is only a matter of time before their enterprise is targeted.

These attacks are typically remotely orchestrated via C&C communications between the infiltrated systems and the attackers themselves. Advanced malware used for an attack will "call back" for additional downloads and new instructions.  Throughout the attack, the perpetrators will also use this channel to open and manipulate backdoor network access to discover and exfiltrate their targeted data. 2012 Verizon research verified that exploitation of backdoor or command and control channels were used in nearly 50 percent of all stolen data investigated.1

The C&C Detection Challenge

Identifying and responding to C&C communications is a critical factor in detecting a targeted attack, but unlike large-scale botnets, the intermittent and low-volume APT C&C traffic is difficult to detect. And the attackers don't make it easy, attempting to hide C&C traffic with techniques such as changing and redirecting addresses, using legitimate applications and sites as the conduit, and even setting up C&C servers within a customer's network. Trend Micro researchers note that the average lifespan of a C&C address is less than three days and that many sophisticated attackers use techniques only detectable with specialized network-based detection on-site at the organization.

Recently tracked C&C data from TrendLabs℠ researchers shows over 1500 active C&C sites, with victims per site ranging from 1 to over 25,000. Of note, over two-thirds of these sites had three or fewer active victims. Over 25 percent of the sites had a lifespan of one day or less. Over 50 percent had a lifespan of four days or less.

"Most security vendors lack the expertise, scale, technology and resources to reliably identify the various types of C&C.  And when their web, messaging or endpoint products do detect a C&C, it's likely to be simply blocked or logged without notice – the same way any minor event is handled. So in most cases, the organization never knows that it may be under a serious targeted attack," Steve Quane, chief product officer at Trend Micro.

Enterprise security teams need to reliably answer these critical questions:

  • Is there C&C activity on my network?
  • Is it a simple botnet or a possible targeted attack?
  • How risky is it? Where and whom is it from?
  • Should I immediately block and remediate or monitor it further?

The Trend Micro Custom Defense Solution for C&C Response

Only the Trend Micro Custom Defense solution can answer these questions with the C&C detection, intelligence and response control needed to stop a targeted attack before the damage is done. At RSA 2013, Trend Micro is introducing and demonstrating these new and unique Custom Defense C&C functions:

  • Enhanced identification and tracking of C&C communications in the cloud and on the customer network
  • Built-in detection of C&C communications activity in network, gateway, server, and endpoint protection points
  • Centralized C&C alerting, dedicated C&C risk intelligence, flexible response control options
  • Adaptive security updates to inform all products of new C&C detection
  • Open web services APIs to include any security product in the Custom Defense

How It Works

Global Identification and Tracking: Trend Micro™ Smart Protection Network™ and Trend Micro Threat Researchers

The Smart Protection Network automatically identifies active C&C sites worldwide based on daily processing of 12 Billion IP/URL inquires and the correlation of over six Terabytes of data. Its correlation engines keep up with the changing nature of C&C addresses, and it employs the latest innovations from Trend Micro's 1200 threat researchers to continually detect all evasive measures taken by attackers.

Trend Micro threat researchers also collect and examine the forensic evidence of attempted targeted attacks over the tens of thousands of Trend Micro enterprise customers worldwide. Peeling back the layers of an attack, they gain further insight into C&C, malware, and attacker techniques, driving constant improvement in the Smart Protection Network and Trend Micro products.

Network-Based Detection and Learning with Trend Micro™ Deep Discovery Advanced Threat Protection

Trend Micro Deep Discovery uses customer-specific threat detection to discover advanced malware, communications and attacker activities at the network level. Unique "fingerprint" detection of cloaked C&C traffic can identify attackers' use of legitimate applications and websites, as well as other advanced techniques such as the use of internal C&C servers. Deep Discovery custom sandbox analysis can also discover new C&C destinations of zero-day malware attacks and update the Smart Protection Network and all customer security protection points.

Integrated Protection Across Products; Centralized Alerts and Control

The latest global and local C&C detection information powers Trend Micro enterprise security products at the endpoint, server, network, gateway, and messaging protection points to identify and control C&C activity across the customer environment. C&C detection at any point is clearly identified on a centralized console, alerting the security team and allowing them to control the course of action. C&C risk assessment, containment and remediation are aided by unique Threat Connect intelligence on the severity, activity, origins and related addresses of the C&C site – helping to determine whether the communication represents a high risk, whether it should be immediately blocked, and how the containment and remediation should proceed.

Products and Availability

These Trend Micro products will include the new Custom Defense C&C functions, with Beta versions available in February 2013 and individual product General Availability dates throughout 1H 2013.

Endpoint Security

  • Trend MicroOfficeScan

Server, Virtualization & Cloud Security

  • Trend MicroDeep Security

Network Security

  • Trend MicroDeep Discovery

Messaging Security

  • Trend MicroInterScan Mail Security
  • Trend MicroScanMail for Exchange, Trend MicroScanMail for Lotus Domino

Web Security

  • Trend MicroInterScan Web Security

Central Management

  • Trend Micro Control Manager

Quotes

"Trend Micro is the only major security vendor who gets APTs - and we continue to expand and deliver on our Custom Defense vision. C&C can be a critical APT attack indicator. Customers have the right to expect their security products to do a better job of detecting risky C&C and giving them the intelligence they need to respond appropriately. We are leading the way by improving our C&C detection and intelligence, integrating it into each of our products, and providing the visibility and response control that customers need to combat their attackers," said Kevin Faulkner, director of product marketing at Trend Micro.

"We are big fans of Trend Micro Custom Defense.  It not only detects and analyzes APTs but also allows us to rapidly respond. In its first two months on our network, Deep Discovery spotted and stopped 5,000 anonymous events on our WAN that were not caught by any other security layer," said John Dickson, Director, IT Infrastructure Republic National Distributing Company, Atlanta, Georgia.

"Attacks on the enterprise today are more sophisticated and targeted than ever before.  Trend Micro's Custom Defense solution and the C&C detection and response control capabilities it offers across the Trend Micro product line will help customers to better identify and deal appropriately with attacks to their organization," said Richard Stiennon, chief research analyst, IT-Harvest.

Additional Assets:
APT C&C Communication Superior Detection with Trend Micro Custom Defense (Trend Micro Solution Brief) 
ISACA Advanced Persistent Threats Awareness Survey
TrendLabs research paper: Detecting APT Activity with Network Traffic Analysis
Tracking Known C&C Traffic infographic
Custom Defense White Paper
Custom Defense web page  
Trend Micro Custom Defense Video

Sources:
1.     2012 Data Breach Investigations Reports, Verizon RISK Team, March 2012

About Trend Micro

Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers.  A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ global threat intelligence data mining framework, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. 

Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.trendmicro.com/  and as part of an RSS feed at www.trendmicro.com/rss.   Or follow our news on Twitter at @TrendMicro.

SOURCE Trend Micro Incorporated

SOURCE Trend Micro Incorporated

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Pulzze Systems was happy to participate in such a premier event and thankful to be receiving the winning investment and global network support from G-Startup Worldwide. It is an exciting time for Pulzze to showcase the effectiveness of innovative technologies and enable them to make the world smarter and better. The reputable contest is held to identify promising startups around the globe that are assured to change the world through their innovative products and disruptive technologies. There w...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions wi...
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abil...
Is the ongoing quest for agility in the data center forcing you to evaluate how to be a part of infrastructure automation efforts? As organizations evolve toward bimodal IT operations, they are embracing new service delivery models and leveraging virtualization to increase infrastructure agility. Therefore, the network must evolve in parallel to become equally agile. Read this essential piece of Gartner research for recommendations on achieving greater agility.
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.