Tag Archives: Endpoint Security

Black Hat Europe: How Machine Learning Offers a New Approach to Uncover IOCs

Indicators of compromise (IOCs) are an incredibly important forensic artifacts which, as the name suggests, are used in incident response and threat research to discover if a system has been compromised. They come in various forms, for example, unusual outbound network traffic, an MD5 file in a temporary directory, or even log-in irregularities. One class of IOCs so far resistant to detection by traditional methods relates to the use of external content in web-based attacks.

At Black Hat Europe earlier today, Trend Micro senior security researcher Marco Balduzzi, explained how a new machine learning approach can reap fantastic results for early detection of such threats. Continue reading

Black Hat: Traditional AV is Dead, Long Live XGen Machine Learning

Today’s IT security bosses are assailed from all sides by a huge variety of online threats. They’re designed to exploit known and unknown vulnerabilities across cloud, mobile, virtual and hybrid environments. And increasingly, they’re developed to outwit traditional signature-based tools. Yet the impact of these threats has never been greater. Data breaches and service outages can lead to heavy industry fines, damage to the brand, lost customers, remediation and clean-up costs, and even heft legal bills.

That’s why we have developed a new statistical-based approach designed to learn as it goes to detect modern unknown threats. This XGen approach was revealed at Black Hat today by senior researcher, Marco Balduzzi. Continue reading

The Truth Behind the Hype: Why Endpoint Security Needs to be Multi-Layered

by Ross Baker,

Today’s CISOs are assailed on all sides by a growing array of threats. From ransomware to targeted attacks, data-stealing malware to browser-based exploits – there’s no such thing as a ‘typical’ cyber attack any more. That’s why endpoint security tools need to cover a broad range of capabilities, to offer the maximum threat protection possible. But with so many vendors vying for competition, it’s no easy job picking through the distorted claims and marketing hype out there to find the right solutions.

Don’t believe the hype
If you were in any doubt about the scale of the threats facing UK organisations in 2016, just look at the latest results from interviews we conducted with over 300 UK IT decision makers. Seven in 10 (69%) said they thought their organisation will be targeted by ransomware in the next 12 months – a figure rising to three-quarters for those who’ve already experienced an attack.

And it’s not just ransomware that is keeping IT leaders awake at night. They’re also faced with the possibility of carefully targeted attacks designed to steal sensitive customer data or IP, zero day threats, exploit kits and other commodity malware. And then there’s the ever present risk of accidental data loss via insider negligence. It all adds up to a complex patchwork of threats which need an effective co-ordinated response based around multi-layered endpoint protection.

But there aren’t many vendors out there that can offer a truly comprehensive set of capabilities. Many trumpet ‘advanced’ or ‘next generation’ products, but dig a little deeper and you’ll find they’re little more than one-trick ponies. Machine learning is one such feature getting a lot of press at the moment. But while it’s good at threats hidden in executables, it doesn’t work so well on malware in non-executable files, like PDFs.

Some endpoint security vendors also fail to offer holistic security platforms. While the endpoint is undoubtedly under threat, so too is the web/email gateway, the network and servers. That’s why it’s important to find tools which integrate easily and if possible share threat intelligence to improve the organisation’s overall security posture. It’s also important to remember that blocking online attacks is not the be-all-and-end-all. Your endpoint security should also be equipped to respond and remediate, and learn from incidents so that the organisation is protected next time it encounters the same type of attack.

What you need
For the most effective endpoint security, look for vendors that offer multiple layers of protection to combat the broad range of threats out there. Trend Micro’s endpoint security suites feature anti-malware, ransomware protection, memory inspection, encryption, device control, data loss prevention (DLP), vulnerability shielding, command and control blocking, browser exploit prevention, app whitelisting, behaviour monitoring, web threat protection, and more.

The technology works across all stages of the threat lifecycle to offer connected defence: Prevent, Detect, Analyse, Respond. That means that intelligence generated from network or server security tools, for example, can be used to lock down the endpoint. It’s also manageable from a centralised console and has been built for speed, featuring a lightweight client which won’t impact performance.

Organisations today are faced with a sophisticated enemy used to using multiple varied tools and techniques to achieve its goal. The only way to combat this effectively is through layered endpoint protection.

 

 

Raising the bar with XGen endpoint security – protection exactly when and where you need it

by Bharat Mistry

IT security managers are faced with a series of challenges: increasingly sophisticated threats, riskier user behavior and a lack of visibility across their different security systems. At Trend Micro, our promise to our customers has always been to help them be ahead of the bad guys and ensure their environments are safe and easily controllable. Today, we took our promise one step further and raised the bar for the entire industry. With the launch of XGenTM endpoint security, Trend Micro leads the industry into a new era of security.

So, what is XGen security and how does it revolutionize the industry? XGen security is a cross-generational approach to security that combines proven threat detection techniques to quickly identify known and unknown threats with advanced threat protection techniques, such as application control, exploit prevention and behavioral analysis. Additionally, XGen infuses ‘high-fidelity’ machine learning that checks files both before execution and at runtime – using ‘noise cancellation’ features like census checking and whitelisting to reduce false positives.

Today, many ‘next-gen’ companies are trying to sell machine learning as the “new kid on the block,” but Trend Micro has been using it for more than 10 years to strengthen a variety of its security tools, from anti-spam engines to malicious social media detection techniques. Now, we’re leveraging that decade of experience to deliver high-fidelity machine learning that works in harmony with a complete range of threat protection capabilities——fueled by more than 100 terabytes of data gathered by the Trend Micro Smart Protection Network every day.

The design of XGen security deploys the right technology at the right time to offer holistic enterprise defense. This requires more than just one or two protection techniques, because no one technique is effective against all attack types. Despite next-gen vendors’ claim that machine learning is the “silver bullet” of cybersecurity, truly complete protection requires a range of built-in techniques to close existing security gaps. Ultimately, XGen delivers more significant threat intelligence to effectively train our products – providing the strongest protection for customers against new threats as they are identified.

At the same time, companies don’t just need increased security. They need their security to be manageable without slowing down their systems. XGen provides peace of mind by allowing security to be a priority while maintaining operational efficiency and ease of use. All while still offering the strongest detection techniques on the market to catch threats of all kinds.

XGen endpoint security can be added to enterprise security systems today as part of the Trend Micro Smart Protection Suites. Integrated endpoints, email and web gateway protection are all integrated within the suites to defend users at any point and activity. It also allows centralized visibility and control for IT administrators to improve response time and streamline management. Trend Micro has 28 years of experience protecting more than 155 million endpoints – so we’ve got companies covered no matter what threats try to impact their bottom line.

To learn more about what XGen endpoint security can do for your company, visit https://www.trendmicro.co.uk/xgen.