Trend Micro updated its network-analysis tools and threat-management services to help organizations stop advanced persistent threats before they break into the network and do serious damage.
The line of Real-Time Threat Management network appliances monitor network traffic for incoming malware and outgoing botnet activity, Trend Micro said June 13. The appliances provide organizations with detailed insights into the type of malware and other threats that may be trying to enter the network as well as actual remedies and cleanup capabilities.
The Threat Management appliances will automate security scanning and inform IT managers when something goes wrong, Trend Micro said. The goal is to give organizations visibility and monitoring to detect APTs (advanced persistent threats) before attackers successfully steal sensitive information, Dan Glessner, vice president of enterprise marketing at Trend Micro, told eWEEK.
APTs are a class of sophisticated stealth attacks that lurk in the network for a period of time to steal sensitive data and intellectual property. Organizations often don't discover an infection or a network breach until weeks or months have gone by, Glessner said.
The Threat Management System appliance relies on its sandboxing technology to detect and identify real-time evidence of hacker activity or malware infections, Kevin Faulkner, director of product marketing, told eWEEK. TMS complements Trend Micro's flagship endpoint security product OfficeScan and server-based intrusion-detection offering DeepSecurity.
TMS consists of the Threat Discovery appliance and the Threat Mitigator. Threat Discovery sits offline and inspects inbound, outbound and internal network traffic using a combination of signature-, behavior- and reputation-based scanning techniques to identify malicious activity and malware. Threat Mitigator handles automated remediation such as cleaning up infections on compromised machines.
Customers need a two-pronged approach when fighting APTs. Organizations should take preventive measures, but should also assume an attack is inevitable and put in mechanisms to detect an attack, be alerted immediately and remedy the threat.
Malware developers are increasingly using sophisticated obfuscation techniques and automatic updates to make it difficult for endpoint-security programs to detect malicious code. A significant number of initial TMS customers found malware active on their networks despite having security measures in place, Glessner said.
The new Threat Intelligence Manager uses Trend Micro's database of threats to have the most up-to-date information to block incoming infections. It correlates and analyzes log information collected by OfficeScan, DeepSecurity and TMS to improve detection and response rates. The threat-intelligence service provides organizations with log-management SIEM (security information and event management) capabilities, Faulkner said.
The Threat Intelligence Manager displays the data in a fully customizable dashboard that gives a high-level overview of the threats that may target the network. IT administrators can configure notifications to warn the IT team when certain thresholds and risk factors are met.
The system looks at unusual macros in Word and PDF documents and checks outbound traffic to ensure the systems aren't trying to contact known command-and-control servers and other malicious sites.
Trend Micro is positioning its new line to complete with products such as the NetWitness NextGen visibility-monitoring system acquired by RSA Security earlier this year.
TMS pricing starts at $20,000 for 1,000 users. Threat Intelligence Manager starts at $6,250 for 1,000 users.