Trend Micro has added new tools and capabilities to provide real-time network monitoring and remediation to handle advanced persistent threats.
updated its network-analysis tools and threat-management services to help
organizations stop advanced persistent threats before they break into the
network and do serious damage.
The line of
Real-Time Threat Management network appliances monitor network traffic for
incoming malware and outgoing botnet activity, Trend Micro said June 13. The
appliances provide organizations with detailed insights into the type of
malware and other threats that may be trying to enter the network as well as
actual remedies and cleanup capabilities.
Management appliances will automate security scanning and inform IT managers
when something goes wrong, Trend Micro said. The goal is to give organizations
visibility and monitoring to detect APTs (advanced persistent threats) before
attackers successfully steal sensitive information, Dan Glessner, vice president
of enterprise marketing at Trend Micro, told eWEEK.
APTs are a
class of sophisticated stealth attacks that lurk in the network for a period of
time to steal sensitive data and intellectual property. Organizations often
don't discover an infection or a network breach until weeks or months have gone
by, Glessner said.
Management System appliance relies on its sandboxing technology to detect and
identify real-time evidence of hacker activity or malware infections, Kevin
Faulkner, director of product marketing, told eWEEK.
TMS complements Trend Micro's flagship endpoint security
product OfficeScan and server-based intrusion-detection offering DeepSecurity.
of the Threat Discovery appliance and the Threat Mitigator. Threat Discovery
sits offline and inspects inbound, outbound and internal network traffic using
a combination of signature-, behavior- and reputation-based scanning techniques
to identify malicious activity and malware. Threat Mitigator handles automated
remediation such as cleaning up infections on compromised machines.
a two-pronged approach when fighting APTs. Organizations should take preventive
measures, but should also assume an attack is inevitable and put in mechanisms
to detect an attack, be alerted immediately and remedy the threat.
Malware developers are increasingly using sophisticated
obfuscation techniques and automatic updates to make it difficult for endpoint-security
programs to detect malicious code. A significant number of initial TMS
customers found malware active on their networks despite having security
measures in place, Glessner said.
The new Threat
Intelligence Manager uses Trend Micro's database of threats to have the most
up-to-date information to block incoming infections. It correlates and analyzes
log information collected by OfficeScan, DeepSecurity and TMS to improve
detection and response rates. The threat-intelligence service provides
organizations with log-management SIEM (security information and event management)
capabilities, Faulkner said.
Intelligence Manager displays the data in a fully customizable dashboard that
gives a high-level overview of the threats that may target the network. IT administrators
can configure notifications to warn the IT team when certain thresholds and
risk factors are met.
looks at unusual macros in Word and PDF documents and checks outbound traffic
to ensure the systems aren't trying to contact known command-and-control
servers and other malicious sites.
Trend Micro is
positioning its new line to complete with products such as the NetWitness
NextGen visibility-monitoring system acquired by RSA Security earlier this
starts at $20,000 for 1,000 users. Threat Intelligence Manager starts at $6,250
for 1,000 users.