Threats beyond Imagination Securing your Digital Information

1
Threats beyond Imagination Securing your
Digital Information

• Goh Chee Hoh
• Managing Director
• Asia South Region
• May, 2006

2
Agenda

• Security Evolution Challenges on unpredictable
  threat
• Digital Operation Continuity Strategy and
  Solution
• The Technology Winning Path RoadMap
• The Pioneer Trend Micro Profile Overview

3
The Problem
Malwares Growth

• Malware More Than Just Viruses and Worms
• New threats detected daily
• New vulnerabilities (Mobile, IM, images, etc.)
• Variants active for years

4
Review

• File Viruses Projected Decline.
• Worms Remain Stable at 150 per month.
• Bots 250-300 per month with Potential for
  Increase.
• Spam Projected Increase
• Phishing 14,000-15,000 per month with Projected
  Increase.
• - Spear Phishing Projected Increase
• PhishWare Remain Stable at 500-700 per month.
• GrayWare 1500-1600 per month with Projected
  Increase.
• Mobile Threats 15 per quarter with Projected
  Increase

5
Reported Infections and Growth Projections
Reported Infections 9.5 Million in Q1, 12.1
Million in Q2, and 29.5 Million in Q3. 70
percent of all infections occurred in North
America.
Projected
6
The Problem
Malwares Impact
Global Attacks Cost Billions Each Year
7
Mobile Threats 2004-2005
20June04
4Apr
7Mar
17Jul04
21Sep
8Jul
29Dec04
8Mar
6Apr
2Oct
5Aug04
1Feb
15Apr
4Jul
19Jul
18Mar
12Aug04
21Nov04
Mabir
Cardtrp
Doomed
Comwar
Cardblk
Vlasco
Fontal
Cabir
Boottoon
Skulls
Dampig
Qdial
Hobbes
Skudoo
Locknut (Gavno)
Drever
Win CE DUTS
Camdesk
Symbian OS (Nokia, etc) Windows CE (HP, etc)
Win CE BRADOR
8
Social Engineering and Phishing

• How about this email from Citibank asking for
  recipient to provide personal information?

9
Spam can kill businesses
10
50.000 USD, or we shut down your page!
And they did!!!
11
4th Generation Network Worm
days
Patch MS05-039 8/9/2005
Window between vulnerability announcement and
outbreak is shrinking
8/13/2005
ZOTOB
Patch MS04-011 8/13/2004
5/1/2004
SASSER
Patch MS03-026 6/16/2003
8/11/2003
BLASTER
Patch MS02-039 7/24/2002
1/25/2003
SLAMMER
Patch MS00-078 10/17/2000
9/18/2001
NIMDA
12
The Pain

• New ATMs moving to Microsoft Windows, but
  Windows is a popular platform for virus authors.
• Microsoft issued 77 patches for Windows OS in
  2003
• 42 of them are for Windows XP.
• 7 of them resulted from network virus
  vulnerabilities.
• Supposedly isolated ATM networks have been
  exposed to network virus attacks
• 1/2003 Slammer (SQL database attack)
• Bank of America 13,000 ATMs shut down because
  of attack.
• Canadian Imperial Bank of Commerce (CIBC) also
  impacted.
• 8/2003 Nachi worm (Welchia)
• Infected two unnamed ATM banking networks

Network worms can inhibit business and stop
transactions.
13
Malware Still Dominates Threat Landscape
Top Threats
Greatest Security Challenges
Source IDC Enterprise Security Survey, December
2005
14
Agenda

• Security Evolution Challenges on unpredictable
  threat
• Digital Operation Continuity Strategy and
  Solution
• The Technology Winning Path RoadMap
• The Pioneer Trend Micro Profile Overview

15
Top 10 I.T. Director Concerns

• Aligning IT with business strategy
• Keeping up with technology
• Security management
• Managing costs and resources
• Coping with change
• Project management
• Managing users
• Workload and managing stress
• E-business
• Managing vendors

Readers survey by MIS Asia
16
Major Security Concern for CIO

• How to Deal with Threat that coming from
  Unmanaged device ???
• - like Mobile Users ( PDA, Mobile Phone,
  Notebook . )
• - like Third party access to network ( visitor,
  supplier consultant, )
• How to deal with Unknown Mixed Threat Attack ???
• - no signature ( Virus Pattern ) exist
• - zero day threat or attack
• - Blended with different type of malware
• 3. How to deal with Targeted Attacked ???
• - no longer global outbreak
• - target attack to a single organization with
  flooding hundred of malware

Readers survey by MIS Asia
17
Enterprise Protection Strategy DefinedIntelligent
Threat Protection
Security policy compliance
Potential threats
Malicious Threats From Spreading
Infected devices
The Whole Is Better Than The Sum Of Parts
18
Monitor Detect Potential Threats

• Ongoing detection of known and unknown threats in
  real-time
• Identify source of threat

• Limit network access to users that comply with
  security policies
• Facilitate regulatory compliance

NCIT Network Content Inspection Technology
19
Prevent Stop Malicious Threats

• Stops known and unknown threats from disrupting
  business continuity
• Protection Everywhere

Bring business back to normal by repairing
infected devices Agent and Agent-less solutions
20
Central ManagementLowers cost of administration

• Central threat management console
• Better Protection, Less Mistakes
• Enterprise-wide view of all threats
• One Throat To Choke
• Components
• Trend Micro Control Manager
• Provides enhanced Updates/Reporting/Events/Notific
  ations
• Cisco Incident Control System (ICS)
• Supports Routers, Switches and IPS devices

NEW
Better Protection With One Throat To Choke
21
EPS A Security Framework Intelligent Threat
Protection
The Whole Is Better Than The Sum Of Parts
22
The EPS ROIIntelligent Threat Protection
EPS Lowers Overall Threat Exposure
23
Summary

• EPS provides a security framework for
  intelligent, customized and comprehensive
  protection against known and unknown threats
• Detects first instance of potential threats in
  real-time
• Offers simple NAC solution for the mobile
  workforce
• Protects every critical entry point of threats
• Automates recovery for managed and unmanaged
  users
• Trend Micro Enterprise core competence
• Intelligent Threat Protection
• Integration with network information flow (Cisco,
  NCIT)

24
Architectural Evolution - From the Server to
the Network Access Point
Outbreak Prevention
Virus Response
Assessment and Restoration
Vulnerability Prevention
Manage and Coordinate Outbreak Security Actions
Mass Mailer Worms
Policy Management Reporting
Spam
Office Scan
TMCM
PC-cillin
Web/MMC
L3 Switch
NVW
NVW
Internet/ISP
Firewall VPN
WANRouter
Web Site
ISVW
eMailServers
FileServers
Network Worms
SMEX
SP
L3 Switch
Spyware
Appliance
IMSS SPS NRS
Trojan
IWSS
25
Trend Micro Control Manager

• Centralized Management (Web- based)
• Supports 3000 managed servers on Windows, UNIX
  and Linux
• Log collection and reporting
• Service update and delivery platform
• Outbreak Prevention Service
• Damage Cleanup Service
• Vulnerability Assessment Service
• Centralized Management and configuration for
  Network Viruswall 1200
• Cascaded Console for greater scalability

26
InterScan Messaging Security Suite

• Comprehensive messaging security at the
  Enterprise gateway.
• Virus scanning for SMTP / POP-3
• Special mass-mailing virus handling
• Policy-based management enforces corporate email
  policies
• Integrated Anti- spam database and Content
  Filtering
• Implements Outbreak Policies for email virus
  outbreaks
• Supports Heuristic Spam Prevention Solution

27
Spam Prevention Solution

• Heuristic Spam filtering engine
• 90 95 Accuracy with 1/80,000 false positive
  rate
• Automatic updates for Heuristic engine from
  Trends Active Update servers
• Integrated with IMSS 5.5 for ease of
  implementation
• Increases Spam catch rate over just fingerprint
  matching
• IMSS Policy- based framework allows highly
  granular Spam sensitivity settings

28
Anti-Spam Building Blocks
Spam Caught Today
Spam Caught Future
Quarantine
Probability of Being Good or Bad
Are you Good?
Who Are You?
Heuristic Signature Filters
Reputation
Mail Servers
Authorization Authentication
End Users
SPF Domain Keys DKIM CSV
29
Email Reputation Flow

• IP Reputation clears out the obvious spam
• Sender Authorization confirms the senders
  domain
• Domain Reputation applies knowledge to the
  sender
• Can decide to block, filter or pass
• Content Filtering removes the gray/questionable
  messages

30
InterScan Web Security Suite

• HTTP/FTP/ICAP 1.0 Antivirus scanning
• Web site (URL) filtering (optional)
• Controls access to unproductive sites(raise
  employee productivity)
• Controls access to restricted sites(reduce legal
  liabilities)
• Allows use of pre-approved and/orcustomizable
  list of sites
• Manage internet usage
• Displays employee patterns of web usage
• Alerts administrators of unusual activitybased
  on historical current Web usage
• Allows administrators to implement individual
  surfing quotas

31
ScanMail for Microsoft Exchange

• Server-based e-mail virus protection
• Administrator controls and monitors virus
  activities
• Transparent virus scanning at the server mailbox
• Stops viruses, malicious code, sensitive content
  and spam in email and shared folders, before they
  can reach desktop and spread
• Emergency Attachment Blocking for outbreak
  situations like Sircam, Nimda, Netsky,
  Bagle...etc.
• Alerts sender, recipients and administrator when
  a virus is found
• Microsoft certified for new Exchange Virus Scan
  API (Microsoft Exchange 2003)

32
ScanMail eManager Content Filtering

• eManager Plug-in for ScanMail for Exchange
• Content Filter - allows administrator to filter
  out offensive and inappropriate email from
  entering Exchange Server
• Anti-Spam- Filters out spam or unsolicited junk
  email coming to the Exchange server
• Improves mail server efficiency and ensures that
  only valid messages are received by the end-user
  
• Frees up valuable disk space on the server

ScanMail eManager ScanMail Suite
33
ServerProtect

• ServerProtect efficiently safeguards
  multiple servers, domains and NAS from virus
  attack with next-generation antivirus software
  that can be installed and managed from a single
  secure console.
• Network OS supported - NT, Win2000, Novell
  Netware, Linux, Win2003
• Network Attached Storage Supported Platform -
  EMC, Network appliances

34
OfficeScan Corporate Edition

• Comprehensive security solution designed for
  the corporate desktop environment.
• Robust security protection against multiple types
  of threats that threaten corporate desktops users
• Powerful web based management console to
  coordinate effective security policies and deploy
  rapidly
• Accepts and implements Outbreak Policies and
  Damage Cleanup Templates from Control Manager
• Supports security policy enforcement via Cisco
  NAC

35
Agenda

• Security Evolution Challenges on unpredictable
  threat
• Digital Operation Continuity Strategy and
  Solution
• The Technology Winning Path RoadMap
• The Pioneer Trend Micro Profile Overview

36
Our Approach The Whole Threat Lifecycle
Management
Antivirus Consultation Service
Plan
Plan
Antivirus Review Audit Service
Knowledge And Expertise
Knowledge And Expertise
Review
Review
Deploy
Antivirus Deployment Service
Deploy
Monitor
Monitor
Respond
Respond
Outbreak Prevention Damage Cleanup
37
Where does the Value comes from
In the short term, the benefit reflects on the
number of virus outbreak , user downtime and
damage severity.
No. of Outbreaks

• The benefit is the product of reduced outbreaks,
  range of impact and downtime
• If each dimension is reduced by 30, total damage
  will reduce by 65

Baseline Damage
Damage after adopting ESO
Range of Impact
Average Downtime
38
Long-Term Value Proposition
In the long term, benefit comes from the
improvement of overall company security.
Illustrative
Total Damage
Damage for Clients Without Any Protection

• When the clients organization awareness,
  reaction process and security environment are
  improved through adopting ESC, the benefit will
  reflect in the accelerative decrease of damage
  caused by malware

Damage for Clients Using AV Products
Damage for Clients Using Products and ESC
Time
39
The Building Blocks
Security Infrastructure
Organizational Security Awareness/Behavior
Customer
24 x 7 monitoring and service
Trend Micro Partner
Trend Micro
Provider
Technical Account Manager
Online real-time monitoring mechanism
Service Mechanism
Premium Support Program
Monitoring Service Offerings
Products
Consulting Service
Service packaging
Trend Micro Security Expertise
Customer Service Experience
Knowledge
40
Agenda

• Security Evolution Challenges on unpredictable
  threat
• Digital Operation Continuity Strategy and
  Solution
• The Technology Winning Path RoadMap
• The Pioneer Trend Micro Profile Overview

41
Corporate Fact Sheet
Trend Micro Incorporated Address Shinjyuku
MAYNDS Tower 27F 2-1-1 Yoyogi, Shibuya-ku Tokyo
151-0053 Japan Founded 1989, CA, US Founder
Steve Chang, honored Innovator of the Year
award from 2004 Asia Business Leader Awards
(ABLA). Traded Tokyo Stock Exchange (4704),
NASDAQ (TMIC) Business Nature Antivirus and
content security software and services Offices
Operate in more then 30 countries and with 6
Global RD Centers Number of Employees
2,900 2005 Revenue USD 621.9M Q1/2006 Revenue
USD 179.6M ( grow 19 ) Market Value USD 5
Billion
42
COMPANY OVERVIEW

• Our Vision
• Create a world safe for exchanging digital
  information
• Our Mission
• Ensure operational continuity against
  unpredictable, malicious threats
• Our Strategy
• To provide timely updates for threat management
  byintegrating with network information flow

43
Market Leadership

• Global Leader in the Server-based Antivirus
  Market
• 1 market share in the Internet gateway antivirus
  market for sixth consecutive year
• 1 market share in the mail server antivirus
  market for fourth consecutive year
• 1 market share in the file server antivirus
  market for second consecutive year

• "Trend Micro has consistently demonstrated a
  strong position in the global antivirus market. 
  To remain successful Trend Micro has adapted
  quickly to market challenges and the evolution of
  security threats. Given Trend Micros track
  record and its strong momentum, we expect the
  company to continue delivering innovative
  solutions that provide customers with timely
  protection against unpredictable threats."
• Brian Burke
• Research Manager, IDC

Source IDC, Worldwide Antivirus 2005-2009
Forecast and Analysis Antivirus Evolves from
Product to Feature, Doc 34567, December 2005.
44
Technology Innovation
45
InnovationSupport TrendLabs Delivers Global
Service and Support

• Global Service and Support Excellence
• TrendLabs provides a worldwide platform for
  delivering timely customized updates, services,
  and support anytime, anywhere.

Munich, Germany
Cork, IrelandParis, France
Tokyo, Japan
Irvine, U.S.
Taipei, Taiwan
Manila,the Philippines

• More than 800 Threat Research and Service
  and Support experts at 6 locations
• Collaborative account management
• Automated alerts for new threats
• ISO 9001 2000, BS7799 certifications
• COPC-2000 Standards Certification

Protection requires more than a product It
requires service timely and expert service
46
EPS Success Story

• A global healthcare leader
• RevenueUS27b, Employees93k
• Trend Micro products deployed
• Control Manager, Network VirusWall, ScanMail,
  OfficeScan, ServerProtect
• Key benefits derived
• Centralized management
• Superior product integration
• Comprehensive threat protection
• Automatic company-wide updates

EPS Made Us A Partner, Not Just A Vendor
47
(No Transcript)
48
Thank you!More information, please
visit/contactwww.trendmicro.comgoh_chee_hoh_at_tre
ndmicro.comMisoft Vietnam Distributorwww.miso
ft.com.vn844-9331613