Tag Archives: cloud security

Celebrating more industry recognition as the cloud security leader

by Ross Baker

At Trend Micro we’ve spent the past three decades and more honing our threat protection capabilities to make the connected world a more secure place. But we also know that our company can’t work in isolation to make this happen. That’s what makes industry partnerships so crucial — and they don’t come much more important than in the cloud space, where so much business-critical data is stored these days.

That’s why we’re delighted to have just been awarded 2019 Google Cloud Technology Partner of the Year for Security. It’s testament to our ongoing leadership in the space and commitment to simplicity and close integration for optimised cloud security.

Continue reading

How to beat cloud misconfiguration: Trend Micro @ Cloud Expo Europe

By Bharat Mistry

Cloud adoption is moving pretty fast. So fast, in fact, that sometimes organisations roll-out infrastructure without being able to fully support their end of the shared responsibility model. The bad news is that the vast majority of incidents still go unnoticed. That’s a compliance timebomb waiting to go off.

Fortunately, we have an answer. At Cloud Expo Europe this month, Trend Micro’s Cloud Security Architect, Ian Heritage, will be taking to the stage to explain all.

Clouds are everywhere
There was a time not so many years ago when the public cloud was only for the early adopters. It’s safe to say we’re well beyond that point now. In fact, Gartner predicts that the public cloud services market will grow 17% in 2020 to top$266 billion, and continue on to reach nearly $355 billion by 2022. 

However, as more firms build out hybrid cloud environments from multiple vendors, complexity rises. And as it does so, in-house teams find it increasing difficult to stay on top of the multiple competing protocols, policies and platforms they must manage. Sometimes they’ll have brought in different security vendors, which can create further complexity and allows coverage gaps to appear. 

Complexity means mistakes
The end result is inevitable: mistakes get made that can leave cloud data stores unprotected. You don’t have to go far to find an example. Whether it’s an online Elasticsearch database a MongoDB instance or an AWS S3 bucket, configuration incidents have impacted defence contractors like Boeing, big-name brands like Honda, and a whole host of companies and service providers in between.

The worrying news for CISOs is that, whereas over the past few years such leaks have usually been found and responsibly disclosed by security researchers, cyber-criminals are now starting to take notice. A growing number of cases have seen hackers probe for unsecured cloud databases, steal the data and hold it to ransom. One report even suggested that Magecart hackers are getting in on the act by trying to seed malicious digital skimming code in misconfigured buckets.

A cloud misconfiguration was also technically to blame for the mega-breach at Capital One which exposed data on 100 million customers and applicants.

Trend Micro at Cloud Expo
The cost to organisations could be massive. One vendor claims that over 33 billion records were exposed in leaks due to cloud misconfigurations in 2018 and 2019.

Fortunately, Trend Micro’s Cloud Conformity offers a solution: a cloud security posture management (CSPM) platform providing continuous monitoring, alerts and remediation of AWS and Azure environments. It will flag when configuration errors have been made and offer simple steps to get you back on track, all from a single pane of glass.

Join our Cloud Security Architect, Ian Heritage, at Cloud Expo Europe this month to hear how you can tackle the challenge of cloud misconfiguration, and in so doing drive DevOps and business growth. 

What: Cloud Misconfiguration Causes Breaches—How to Avoid it: Ian Heritage, Cloud Security Architect, Trend Micro. At Cloud Expo Europe.
Where: ExCel London, Keynote Theatre
When: Thursday, 12 March, 2020. 11.10-11.30 

Securing our cloud-connected world in 2020

By Ross Baker

It’s been a tough year for CISOs. The past 12 months has seen another spike in data breaches, cloud misconfigurations, and security threats at a DevOps layer. Ransomware is up, filelessmalware is on the rise, and business email compromise continues to increase. Trend Micro alone blocked over  26.8 billion unique threats in the first half of the year. With no let-up in store for 2020, cybersecurity leaders need to ensure they work with trusted partners — vendors with a clear vision of the future.

Continue reading

Flying High in the Hybrid Cloud with More “Market Leader” Analyst Recognition

by Bharat Mistry

Modern organisations are laser-focused on business agility and the customer experience. To help them respond quicker to changing market demands they are turning to the hybrid cloud and DevOps. But this kind of innovation-centric digital growth can only be achieved with a strong and secure foundation. Trend Micro was one of the first to spot this emerging trend a decade ago, and today we’re recognised as the market leader.

In fact, we’re celebrating again, having just been named the “dominant leader” in IDC’s latest report, Worldwide Software Defined Compute Workload Security Market Shares, 2018

Why SDC workloads matter
As the IDC report explains, software-defined compute (SDC) covers a large number of abstraction technologies across the system software stack. Although technically a subset of endpoint security, SDC workload security is primarily designed to protect VMs, containers and cloud system software — and as such is commonly used in the context of cloud environments. Tools in this category can include things like anti-malware, firewall, host intrusion detection, application control and integrity monitoring.

Why does this matter? Because increasingly the cloud, and therefore VMs and containers, is being used to develop and support the microservices-based applications needed to drive faster, more responsive customer-facing experiences. But as we predict in our new report, The New Norm, these environments are set to come under much greater scrutiny by hackers over the coming decade. Cloud platforms are particularly at risk from code injection attacks, either directly or via third-party libraries, while containers and serverless architectures could be exploited because they contain vulnerable shared code components.

This poses an existential threat to modern businesses. If your cloud systems and apps get hacked, digital growth efforts could be halted in their tracks.

A long journey
Trend Micro’s share of the SDC workload security market now stands at over two-fifths, nearly triple its nearest competitor, according to IDC. That’s due in part to our vision in this space. Back in 2009 we acquired a little-known host-based intrusion-prevention and firewall software provider called Third Brigade. It was the start of a long journey, as we steadily built out our capabilities for virtual, hybrid cloud and container environments.

Today we offer comprehensive security across physical, virtual and hybrid cloud environments from a single pane of glass with tight integration into AWS, Azure and GCP. Trend Micro has also focused on automation and security-as-code to embed seamless protection into DevOps pipelines, including pre-runtime scanning of container images.

Most recently, we released XDR, which correlates data across email, network, endpoint, server and cloud workloads to spot and block malicious workload activity. And we bought leading cloud security posture management firm Cloud Conformity to tackle misconfiguration and compliance/governance challenges.

All of these capabilities and more will soon be offered as part of a holistic Cloud One solution that allows organisations to receive automated protection from a single console — minimising risk, management overheads and billing issues. Trend Micro is always looking one step ahead to provide protection where you need it.