Trend Micro

Virtualization and Server Security (DeepSecurity)

Advanced server security for physical, virtual, and cloud servers

Deep Security protects enterprise applications and data from breaches and business disruptions without requiring emergency patching. This comprehensive, centrally managed platform helps organizations simplify security operations while enabling regulatory compliance and accelerating the ROI of virtualization and cloud projects. Tight integration with CSPs dramatically reduces operational impacts by automating policy-based security for instances as they are launched or terminated.

Proven Protection Against Targeted Attacks and Advanced Persistent Threats
The Trend Micro Deep Discovery threat protection platform enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time. Deployed as individual components or as a complete cyber security platform, Deep Discovery provides advanced threat protection where it matters most to your organization. The Deep Discovery platform is the foundation of the Trend Micro Custom Defense, integrating your security infrastructure into a comprehensive defense tailored to protect your organization against targeted attacks.


Cloud Security (Cloud Security for Office 365)

Trend Micro™ Cloud App Security enhances Office 365 with advanced threat protection controls to help you communicate and collaborate more confidently in the cloud. The solution extends Office 365 built-in security with document exploit detection and sandbox malware analysis to detect zero-day malware and malicious code hidden in office files. Plus, it improves your visibility into compliance with data loss prevention. Cloud App Security integrates directly with Office 365. There is no need to re-route email traffic and you can expand protection beyond email to include collaborations over SharePoint and OneDrive.


Endpoint Security(Smart Protection)

This high-performance endpoint security suite protects virtual and physical desktops against today’s evolving threat landscape using the broadest range of anti-malware techniques available. Multiple layers of threat and data security protect your users and corporate information across all devices and applications. Plus, you get the same cloud flexibility and user-centric management benefits of Smart Protection Complete.


Connected Threat Defense (Deep Discovery w/ Smart Protection for Endpoints)

Trend Micro’s Connected Threat Defense provides network wide protection and detection for known & unknown malware using the broadest range of detection and protection techniques such as Trend Micro’s Machine Learning.  Capable of even finding lateral movements, C&C attacks, ransomware, and the like.


Managed Detection and Response Service

Trend Micro’s Managed Detection and Response (MDR) service monitors network and endpoint data, and prioritizes alerts according to severity using big data Artificial Intelligence (AI) techniques, and can help detect threats that may previously have been “grey alerts” by themselves. Trend Micro threat researchers investigate further to determine the extent and spread of the attack through a detailed Root Cause Analysis, and work with customers to provide a detailed response plan.

  • Endpoint-resident event recording

The MDR service uses alight weight agent that combines TrendMicro’s award winning endpoint protection solution with EDR to provide detailed recording of system behaviors and events at the kernel and user levels. It tracks these events in context across time, providing an in-depth history that can be accessed in real time.

  • Network meta data recording from Deep Discovery

Trend MicroTM DeepDiscoveryTM Inspector is a network appliance that monitors all ports and over 100 different network protocols to discover advanced threats and targeted attacks moving in and out of the network and laterally across it. The appliance detects and analyzes malware, command-and-control (C&C) communications, and evasive attacker activities that are invisible to standard security defenses. Alerts are sent directly to the MDR service, while recorded meta data is collected and queried by the MDR service as needed.

  • Event Monitoring and Alerting

Trend Micro Managed Services will monitor the customer’s MDR deployment 24/7/365, and will remotely investigate all critical security events using data available in the monitored products. Real-time events from endpoint and network security will be continuously sent to Trend Micro’s SOC via event logs and alerts. If a critical event is detected and validated it will be escalated to the customer for action.

  • Advanced Correlation

By correlating threat data from multiple sources such as endpoints, networks and servers, a clearer picture is available to determine the source and spread of advanced attacks. Trend Micro’s MDR service can even spot Internet of Things (IoT) devices, such as printers, that may have been compromised, and makes use of advanced AI to analyze and prioritize threat data..

  • Reports

For investigated customer threat alerts, Trend Micro reports information through incident cases, which contain details of the threat including affected hosts, IOC’s, and recommended mitigation options wherever possible. Trend Micro also provides monthly reports to summarize case activity from the preceding month. All cases and reports are published to the Trend Micro Customer Success portal, as well as emailed to desired recipients through the standard case support system.

  • Service Reviews

Trend Micro provides an opportunity for a formal service performance review atleast once per month. This review examines service performance, significant events and incidents, faults and cases, change requests and execution and recommendations.

DETECTION

Within an organization, endpoint sensors record system activities and behaviors and send metadata about these recordings, as well as endpoint alerts and detections to the MDR service. Deep Discovery records the network data and sends metadata to the MDR service, as well as network security alerts and detections. Using advanced AI, these alerts are correlated and analyzed through the Trend MicroTM Smart Protection NetworkTM. The resulting correlated alerts are prioritized, and notifications are sent to the Trend Micro SOC.

ANALYSIS

Incident response staff investigate the specific threats by gathering additional information (with customer approval though their management console), determining vulnerabilities, understanding what else may have been downloaded, or if the original threat has mutated and spread. The analyst investigates to determine the full root cause analysis and potential impact to the affected customer.

RESPONSE

A report is provided to customers about the incident, including recommendations on how to respond and remediate from the attack where appropriate. In some cases, tools may be provided to assist with the remediation.


Tippingpoint Threat Protection System Family

Trend MicroTM TippingPoint® Threat Protection System (TPS) is a powerful network security platform that offers comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy. It provides industry- leading coverage across different threat vectors from advanced threats, malware, and phishing, etc., with extreme flexibility and high performance. The TPS enables enterprises to take a proactive approach to security to provide comprehensive contextual awareness and deeper analysis of network traffic.

  • Real Time Detection, enforcement and remediation

Integrates the Deep Discovery Advanced Threat Protection Solution to Detect and block targeted attacks and malware through preemptive threat prevention, threat insight and prioritization, and real-time reinforcement and remediation

  • Performance Scalability and flexibility for them most demanding network requirements

Delivers unprecedented security and performance for high capacity, high performance enterprise networks. It scales performance requirements to protect data, critical infrastructures, and vulnerable applications in real time without adversely affecting network performance and is designed to follow your network wherever it moves whether it’s physical or virtual.

  • Comprehensive threat insight and prioritization

Gain complete visibility across network with the insight and context needed to measure and drive vulnerability threat prioritization. Deep Inspection of network traffic identifies and blocks threats undetected by traditional security solutions

  • Comprehensive threat insight and prioritization

Gain complete visibility across network with the insight and context needed to measure and drive vulnerability threat prioritization. Deep Inspection of network traffic identifies and blocks threats undetected by traditional security solutions

  • Deployment flexibility and investment protection

With flexible deployment options that are easy to setup and manage through a centralized management interface, it provides immediate and ongoing threat protection with out-of-the box recommended settings.

KEY FEATURES

On-box SSL Inspection: Sophisticated and targeted attacks are increasingly using encryption to evade detection. TPS reduces security blind spots created by encrypted traffic with on-box SSL inspection.

Performance Scalability: The increase in data center consolidation and proliferation of cloud environments requires security solutions that can scale as network demands increase. TPS delivers unprecedented security and performance for high-capacity networks with a scalable deployment model that includes the industry’s first 40Gbps NGIPS in a 1U form factor with the ability to scale up to 120Gbps aggregate in a 3U form factor.

Flexible Licensing Model: Easily scale performance and security requirements with pay-as-you-grow approach and flexible licenses that can be reassigned across TPS deployments without changing network infrastructure.

Real-time Machine Learning: Many security threats are short-lived and constantly evolving, at times limiting the effectiveness of traditional signature- and hash-based detection mechanisms. TPS uses statistical models developed with machine learning techniques to deliver the ability to detect and mitigate threats in real time.

Enterprise Vulnerability Remediation (eVR): Quickly remediate vulnerabilities by integrating third-party vulnerability assessments with the TippingPoint product portfolio. Customers can pull in information from various vulnerability management and incident response vendors (Rapid7, Qualys, Tenable), map Common Vulnerabilities and Exposures (CVEs) to TippingPoint Digital Vaccine® filters and take action accordingly.

Advanced Threat Analysis: Extend protection from unknown threats through integration with Deep DiscoveryTM Analyzer. TPS pre-filters known threats, forwards potential threats for automated sandbox analysis, and remediates in real time upon confirmation of malicious content.

High Availability: Ideal for in-line deployment, TPS has multiple fault-tolerant features including hot swappable power supplies, watchdog timers to continuously monitor security and management engines, built-in inspection bypass, and zero power high availability (ZPHA). In addition, TPS can be provisioned using redundant links in a transparent Active-Active or Active-Passive high availability (HA) mode.

Integrated Advanced Threat Prevention: TPS integrates with Trend MicroTM Deep DiscoveryTM advanced threat detection solutions, rated as the most effective and “recommended” breach detection system by NSS Labs.

Asymmetric Traffic Inspection: Traffic asymmetry is widespread and pervasive throughout enterprise and data center networks. Enterprises must overcome challenges from both flow and routing asymmetry to be able to fully protect their networks. TPS by default inspects all types of traffic, including asymmetric traffic, and applies security policies to ensure comprehensive protection.

Agility and Flexibility: TPS embraces software-defined network protection by deploying IPS as a service. TPS also protects virtualized applications from within your virtualized infrastructure (VMware, KVM).

Best-in-Class Threat Intelligence: Trend MicroTM TippingPoint® Digital Vaccine® Labs (DVLabs) provides cutting-edge threat analysis and security filters that cover an entire vulnerability to protect against all potential attack permutations, not just specific exploits. In addition to DVLabs, exclusive access to vulnerability information from the Zero Day Initiative (ZDI) protects customers from undisclosed and zero-day threats. ZDI is the largest vendor-agnostic bug bounty program, with 700 vulnerabilities published in 2016. In 2016, Trend Micro TippingPoint customers were protected an average of 57 days ahead of a vulnerability being patched by affected vendors.

Virtual Patching: Virtual patching provides a powerful and scalable frontline defense mechanism that protects networks from known threats and relies on vulnerability-based filters to provide an effective barrier from all attempts to exploit a particular vulnerability at the network level rather than the end- user level. This helps enterprises gain control of their patch management strategy with pre-emptive coverage between the discovery of a vulnerability and the availability of a patch, as well as added protection for legacy, out-of-support software.

Support for a broad set of traffic types: TPS platform supports a wide variety of traffic types and protocols. It provides uncompromising IPv6/v4 simultaneous payload inspection and support for related tunneling variants (4in6, 6in4, and 6in6). It also supports inspection of IPv6/v4 traffic with VLAN and MPLS tags, mobile IPv4 traffic, GRE and GTP (GPRS tunneling), and jumbo frames. This breadth of coverage gives IT and security administrators the flexibility to deploy its protection wherever it is needed.

Centralized Management: The TippingPoint Security Management System(SMS) delivers a unified policy and element management graphical user interface that provides a single mechanism for monitoring operational information, editing network security policies, configuring elements and deploying network security policy across the entire infrastructure whether its physical or virtual.