Tag Archives: cybersecurity

Zoom threats: how to keep your business and employees safe

by Bharat Mistry

Cyber-criminals are always looking for new opportunities to make money and steal data. Globally trending events are a tried-and-tested way of doing just this, and they don’t come much bigger than the current Covid-19 pandemic. It’s sparking a wave of phishing, BEC, extortion, ransomware and data breach attempts. And as increasing numbers of global workers are sent home, new opportunities are opening up to compromise video conferencing apps.

Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.

Continue reading

Taking endpoint detection to the next level with analyst recognition

By Bharat Mistry

Endpoint detection and response (EDR) plays a crucial role in any enterprise IT security posture. But increasingly organisations need more than EDR. That’s why Trend Micro developed its XDR platform

So it was fantastic to see our strategy recognised recently after Forrester named Trend Micro a “leader” in its latest report, Forrester Wave™: Enterprise Detection and Response, Q1 2020.

Beyond the endpoint
When done well, EDR helps teams spot and block threats early on, before they have a chance to compromise key systems and data. This is vital in a world in which we detected and blocked over 52 billion threats in 2019 alone. Not only are these growing in volume, they’re growing in variety, stretching already under-staffed security teams to the limit.

XDR was designed to empower these teams to hit back. Unlike traditional EDR it goes beyond the endpoint to also collect and analyse data from email, servers, cloud workloads, and networks. This provides more context for teams which, when combined with the tool’s built-in AI capabilities and expert security analytics, helps them to find and contain threats more easily.

Ultimately, this means fewer, higher fidelity alerts, to maximise your organisation’s limited resources and keep threats at bay. Given the current environment, where security staff may be off sick or tied up on other projects, it’s more important than ever.

What Forrester said
Trend Micro received the highest possible score in six areas: endpoint telemetry; security analytics; product vision; performance; enterprise clients [in market presence category]; and product line revenue. The analyst noted:

“Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively performing threat hunting.”

Find out more here and access the full report

Continue reading

Tracking the continuous evolution of notorious APT group Pawn Storm

By Bharat Mistry

Trend Micro is dedicated to securing the connected world, and all of our customers across the globe. To help us in this task, we have a team of over 1,200 dedicated white hat researchers working round the clock to anticipate and investigate the latest emerging cyber-threats. Many of the groups responsible for these are criminal gangs. But increasingly they may also be state-backed hackers. Now this may sound like a far cry from the day-to-day mundanity of the average UK enterprise. But that’s not necessarily the case.  

Sophisticated Advanced Persistent Threat (APT) groups don’t always target big-name brands or military and critical infrastructure sectors. As our latest research into the infamous Pawn Storm group highlights, they’re even going after private schools, kindergartens and doctors.

Continue reading

How to beat cloud misconfiguration: Trend Micro @ Cloud Expo Europe

By Bharat Mistry

Cloud adoption is moving pretty fast. So fast, in fact, that sometimes organisations roll-out infrastructure without being able to fully support their end of the shared responsibility model. The bad news is that the vast majority of incidents still go unnoticed. That’s a compliance timebomb waiting to go off.

Fortunately, we have an answer. At Cloud Expo Europe this month, Trend Micro’s Cloud Security Architect, Ian Heritage, will be taking to the stage to explain all.

Clouds are everywhere
There was a time not so many years ago when the public cloud was only for the early adopters. It’s safe to say we’re well beyond that point now. In fact, Gartner predicts that the public cloud services market will grow 17% in 2020 to top$266 billion, and continue on to reach nearly $355 billion by 2022. 

However, as more firms build out hybrid cloud environments from multiple vendors, complexity rises. And as it does so, in-house teams find it increasing difficult to stay on top of the multiple competing protocols, policies and platforms they must manage. Sometimes they’ll have brought in different security vendors, which can create further complexity and allows coverage gaps to appear. 

Complexity means mistakes
The end result is inevitable: mistakes get made that can leave cloud data stores unprotected. You don’t have to go far to find an example. Whether it’s an online Elasticsearch database a MongoDB instance or an AWS S3 bucket, configuration incidents have impacted defence contractors like Boeing, big-name brands like Honda, and a whole host of companies and service providers in between.

The worrying news for CISOs is that, whereas over the past few years such leaks have usually been found and responsibly disclosed by security researchers, cyber-criminals are now starting to take notice. A growing number of cases have seen hackers probe for unsecured cloud databases, steal the data and hold it to ransom. One report even suggested that Magecart hackers are getting in on the act by trying to seed malicious digital skimming code in misconfigured buckets.

A cloud misconfiguration was also technically to blame for the mega-breach at Capital One which exposed data on 100 million customers and applicants.

Trend Micro at Cloud Expo
The cost to organisations could be massive. One vendor claims that over 33 billion records were exposed in leaks due to cloud misconfigurations in 2018 and 2019.

Fortunately, Trend Micro’s Cloud Conformity offers a solution: a cloud security posture management (CSPM) platform providing continuous monitoring, alerts and remediation of AWS and Azure environments. It will flag when configuration errors have been made and offer simple steps to get you back on track, all from a single pane of glass.

Join our Cloud Security Architect, Ian Heritage, at Cloud Expo Europe this month to hear how you can tackle the challenge of cloud misconfiguration, and in so doing drive DevOps and business growth. 

What: Cloud Misconfiguration Causes Breaches—How to Avoid it: Ian Heritage, Cloud Security Architect, Trend Micro. At Cloud Expo Europe.
Where: ExCel London, Keynote Theatre
When: Thursday, 12 March, 2020. 11.10-11.30