Tag Archives: Endpoint Security

Black Hat: Traditional AV is Dead, Long Live XGen Machine Learning

Today’s IT security bosses are assailed from all sides by a huge variety of online threats. They’re designed to exploit known and unknown vulnerabilities across cloud, mobile, virtual and hybrid environments. And increasingly, they’re developed to outwit traditional signature-based tools. Yet the impact of these threats has never been greater. Data breaches and service outages can lead to heavy industry fines, damage to the brand, lost customers, remediation and clean-up costs, and even heft legal bills.

That’s why we have developed a new statistical-based approach designed to learn as it goes to detect modern unknown threats. This XGen approach was revealed at Black Hat today by senior researcher, Marco Balduzzi. Continue reading

The Truth Behind the Hype: Why Endpoint Security Needs to be Multi-Layered

by Ross Baker,

Today’s CISOs are assailed on all sides by a growing array of threats. From ransomware to targeted attacks, data-stealing malware to browser-based exploits – there’s no such thing as a ‘typical’ cyber attack any more. That’s why endpoint security tools need to cover a broad range of capabilities, to offer the maximum threat protection possible. But with so many vendors vying for competition, it’s no easy job picking through the distorted claims and marketing hype out there to find the right solutions.

Don’t believe the hype
If you were in any doubt about the scale of the threats facing UK organisations in 2016, just look at the latest results from interviews we conducted with over 300 UK IT decision makers. Seven in 10 (69%) said they thought their organisation will be targeted by ransomware in the next 12 months – a figure rising to three-quarters for those who’ve already experienced an attack.

And it’s not just ransomware that is keeping IT leaders awake at night. They’re also faced with the possibility of carefully targeted attacks designed to steal sensitive customer data or IP, zero day threats, exploit kits and other commodity malware. And then there’s the ever present risk of accidental data loss via insider negligence. It all adds up to a complex patchwork of threats which need an effective co-ordinated response based around multi-layered endpoint protection.

But there aren’t many vendors out there that can offer a truly comprehensive set of capabilities. Many trumpet ‘advanced’ or ‘next generation’ products, but dig a little deeper and you’ll find they’re little more than one-trick ponies. Machine learning is one such feature getting a lot of press at the moment. But while it’s good at threats hidden in executables, it doesn’t work so well on malware in non-executable files, like PDFs.

Some endpoint security vendors also fail to offer holistic security platforms. While the endpoint is undoubtedly under threat, so too is the web/email gateway, the network and servers. That’s why it’s important to find tools which integrate easily and if possible share threat intelligence to improve the organisation’s overall security posture. It’s also important to remember that blocking online attacks is not the be-all-and-end-all. Your endpoint security should also be equipped to respond and remediate, and learn from incidents so that the organisation is protected next time it encounters the same type of attack.

What you need
For the most effective endpoint security, look for vendors that offer multiple layers of protection to combat the broad range of threats out there. Trend Micro’s endpoint security suites feature anti-malware, ransomware protection, memory inspection, encryption, device control, data loss prevention (DLP), vulnerability shielding, command and control blocking, browser exploit prevention, app whitelisting, behaviour monitoring, web threat protection, and more.

The technology works across all stages of the threat lifecycle to offer connected defence: Prevent, Detect, Analyse, Respond. That means that intelligence generated from network or server security tools, for example, can be used to lock down the endpoint. It’s also manageable from a centralised console and has been built for speed, featuring a lightweight client which won’t impact performance.

Organisations today are faced with a sophisticated enemy used to using multiple varied tools and techniques to achieve its goal. The only way to combat this effectively is through layered endpoint protection.

 

 

Raising the bar with XGen endpoint security – protection exactly when and where you need it

by Bharat Mistry

IT security managers are faced with a series of challenges: increasingly sophisticated threats, riskier user behavior and a lack of visibility across their different security systems. At Trend Micro, our promise to our customers has always been to help them be ahead of the bad guys and ensure their environments are safe and easily controllable. Today, we took our promise one step further and raised the bar for the entire industry. With the launch of XGenTM endpoint security, Trend Micro leads the industry into a new era of security.

So, what is XGen security and how does it revolutionize the industry? XGen security is a cross-generational approach to security that combines proven threat detection techniques to quickly identify known and unknown threats with advanced threat protection techniques, such as application control, exploit prevention and behavioral analysis. Additionally, XGen infuses ‘high-fidelity’ machine learning that checks files both before execution and at runtime – using ‘noise cancellation’ features like census checking and whitelisting to reduce false positives.

Today, many ‘next-gen’ companies are trying to sell machine learning as the “new kid on the block,” but Trend Micro has been using it for more than 10 years to strengthen a variety of its security tools, from anti-spam engines to malicious social media detection techniques. Now, we’re leveraging that decade of experience to deliver high-fidelity machine learning that works in harmony with a complete range of threat protection capabilities——fueled by more than 100 terabytes of data gathered by the Trend Micro Smart Protection Network every day.

The design of XGen security deploys the right technology at the right time to offer holistic enterprise defense. This requires more than just one or two protection techniques, because no one technique is effective against all attack types. Despite next-gen vendors’ claim that machine learning is the “silver bullet” of cybersecurity, truly complete protection requires a range of built-in techniques to close existing security gaps. Ultimately, XGen delivers more significant threat intelligence to effectively train our products – providing the strongest protection for customers against new threats as they are identified.

At the same time, companies don’t just need increased security. They need their security to be manageable without slowing down their systems. XGen provides peace of mind by allowing security to be a priority while maintaining operational efficiency and ease of use. All while still offering the strongest detection techniques on the market to catch threats of all kinds.

XGen endpoint security can be added to enterprise security systems today as part of the Trend Micro Smart Protection Suites. Integrated endpoints, email and web gateway protection are all integrated within the suites to defend users at any point and activity. It also allows centralized visibility and control for IT administrators to improve response time and streamline management. Trend Micro has 28 years of experience protecting more than 155 million endpoints – so we’ve got companies covered no matter what threats try to impact their bottom line.

To learn more about what XGen endpoint security can do for your company, visit https://www.trendmicro.co.uk/xgen.

Promoting the Layered Defence Response to Ransomware at the Cyber Security Summit

by Simon Edwards

It’s hard to avoid stories warning of the growing ransomware epidemic these days. Yet some IT security leaders are still being caught off-guard. It emerged last week, for example, that an astonishing 30% of councils in England had been hit by a ransomware attack last year. And one suffered an incredible 13 attacks in just 12 months. There’s clearly a need for industry leaders both to raise awareness of the issue and promote a strategy to mitigate the worst effects of this near-ubiquitous threat.

That’s why Trend Micro will be promoting its layered protection message at the Cyber Security Summit in London tomorrow, Wednesday 22nd June 2016. While it can lead to serious repercussions, ransomware can be stopped if organisations follow some basic security best practices and a policy of defence-in-depth.

A bad start to 2016
Ransomware has snowballed in popularity over the past 12-24 months, mainly because cybercriminals have realised it’s a relatively cheap and easy way of making money. Why bother investing time and money in more complex scams if you can force organisations into paying up by simply encrypting their most important data, so it is effectively unusable? It’s a strategy that has reaped huge financial rewards. The FBI reckons ransomware netted the black hats $209 million in the first three months of 2016 alone.

Once infected, many organisations feel they have little choice but to pay up – although there are decryption tools available for some variants, from Trend Micro and other providers. With mission critical data made unavailable, staff productivity grinds to a halt and essential services are disrupted. There’s not only the financial hit of the ‘fee’ for the decryption key to consider, but the money lost in downtime, damaged reputation and even potential legal costs down the line.

Fighting back
The best way to hit back against ransomware is to take preventative steps to avoid ever getting infected. The key to this is a layered approach to security which stops the malware at every possible infection point. This is important as cybercriminals increasingly look beyond targeting users via web and email channels to other parts of the IT infrastructure including the network and servers. We’re also starting to see ransomware bundled with other capabilities – for example, CryptXXX was updated to include data stealing functionality.

Trend Micro recommends IT security managers look at installing security at these layers:

Web and email gateway: Lock down 99% of ransomware threats with protection at this layer to prevent your employees ever being exposed to malicious attachments, URLs etc…

Endpoint: Combine the above with endpoint security with vulnerability shielding, behavioural monitoring, app whitelisting and more

Network: Visibility is key to protecting against ransomware, and could even help stop a broader attack where ransomware is only one element. Ensure you can scan across all network traffic, ports and protocols, and implement advanced sandbox analysis

Server: Virtual patching at this layer will shield server from exploits of software flaws that could be used to inject ransomware

Trend Micro Global CTO Raimund Genes will be on hand at the Cyber Security Summit in London on Wednesday to share these and more tips on how to stay safe from one of 2016’s biggest security threats.

He’ll also explain how basics steps like network segmentation, regular data back-ups, user education, effective patch management and more can help to lock risk down even further. There’ll be other Trend Micro experts at the show on hand to discuss how we can help insulate your organisation from attack by offering industry-leading solutions at every layer of the security stack.

So come down to the show and look out for our stand.

Where: Cyber Security Summit, ETC Venues, 43/44 Crutched Friars, London
When: 22/06/2016; Raimund’s speaking slot at 11.40-12.20