APT Detection Appliance Launched By Trend Micro


Trend Micro adds real-time, network monitoring and remediation tools to detect advanced persistent threats

Trend Micro updated its network-analysis tools and threat-management services to help organisations stop advanced persistent threats (APT) before they break into the network and do serious damage.

The line of Real-Time Threat Management network appliances monitor network traffic for incoming malware and outgoing botnet activity, Trend Micro said. The appliances provide organisations with detailed insights into the type of malware and other threats that may be trying to enter the network as well as actual remedies and cleanup capabilities.

The Threat Management appliances will automate security scanning and inform IT managers when something goes wrong, Trend Micro said. The goal is to give organisations visibility and monitoring to detect APTs before attackers successfully steal sensitive information, Dan Glessner, vice president of enterprise marketing at Trend Micro, told eWEEK.

Dsiclosing Stealth Attacks On Systems

APTs are a class of sophisticated stealth attacks that lurk in the network for a period of time to steal sensitive data and intellectual property. Organisations often do not discover an infection or a network breach until weeks or months have gone by, Glessner said.

The Threat Management System (TMS) appliance relies on its sandboxing technology to detect and identify real-time evidence of hacker activity or malware infections, Kevin Faulkner, director of product marketing, told eWEEK. TMS complements Trend Micro’s flagship endpoint security product OfficeScan and server-based intrusion-detection offering DeepSecurity.

TMS consists of the Threat Discovery appliance and the Threat Mitigator. Threat Discovery sits offline and inspects inbound, outbound and internal network traffic using a combination of signature, behaviour and reputation-based scanning techniques to identify malicious activity and malware. Threat Mitigator handles automated remediation such as cleaning up infections on compromised machines.

Customers need a two-pronged approach when fighting APTs. Organisations should take preventive measures, but should also assume an attack is inevitable and put in mechanisms to detect an attack, be alerted immediately and remedy the threat.

Malware developers are increasingly using sophisticated obfuscation techniques and automatic updates to make it difficult for endpoint-security programs to detect malicious code. A significant number of initial TMS customers found malware active on their networks despite having security measures in place, Glessner said.

The Power Of Three

The new Threat Intelligence Manager uses Trend Micro’s database of threats to have the most up-to-date information to block incoming infections. It correlates and analyses log information collected by OfficeScan, DeepSecurity and TMS to improve detection and response rates. The threat-intelligence service provides organisations with log-management SIEM (security information and event management) capabilities, Faulkner said.

The Threat Intelligence Manager displays the data in a fully customisable dashboard that gives a high-level overview of the threats that may target the network. IT administrators can configure notifications to warn the IT team when certain thresholds and risk factors are met.

The system looks at unusual macros in Word and PDF documents and checks outbound traffic to ensure the systems are not trying to contact known command-and-control servers and other malicious sites.

Trend Micro is positioning its new line to complete with products such as the NetWitness NextGen visibility-monitoring system acquired by RSA Security earlier this year.

For 1,000 users, TMS pricing starts at $20,000 (£12,300) and Threat Intelligence Manager starts at $6,250 (£3,850).

Read also :