SOLUTION BRIEF

Page 1 of 2 • SOLUTION BRIEF • NETWORK DEFENSE

Your enterprise network is facing a rapidly changing IT landscape, riskier user behavior, and constantly evolving and more sophisticated threats including ransomware, zero-day attacks, targeted attacks and more, making it more difficult than ever to protect your network.

Traditional cyber security defenses alone no longer cut it in the rapidly changing IT landscape, and islands of single-technology solutions are insufficient to tackle the massive volume and variety of threats you are facing.

To simplify the threat landscape we have broken the threats into three classifications; known, unknown and undisclosed.

Trend Micro

NETWORK DEFENSEProtection from known, unknown and undisclosed threats

The SQL Slammer worm exploited a vulnerability in January of 2003 that infected 75,000 victims within ten minutes, even though Microsoft released a patch for the vulnerability six months earlier. This known vulnerability spread in just 15 minutes even though there was a patch available, and still infects systems today.

Known threats are known to the public and to security tools. These threats are added to reputation databases, addressed by physical and virtual patches, have security pattern files written for them, or have exploit filters created to block them. Even though known, many still get through – usually through unpatched software. In 2015, all of the top 10 vulnerabilities exploited were those that were more than a year old, with 48 percent being five or more years old.* Limited resources to implement patches and end-of-life systems are the major reasons why systems go unpatched.* Source: “Cyber Risk Report 2016” Hewlett Packard Enterprise February 2016

Unknown threats are often designed to impact a single system or a small group of hosts. These targeted attacks often include a multi-vector attack consisting of emails, links, downloads, lateral movement, etc. In 2015, an RSA employee opened the Excel attachment from an email in a junk folder, which contained a threat. This threat opened a back door into Adobe Flash, and through lateral movement within the network, the attacker was able to target the SecurID two-factor authentication product.*

*Source: Bank Info Security

Unknown threats have never before been seen and are usually created to specifically target an individual or enterprise. These targeted attacks and advanced threats are customized to evade your conventional security defenses, and remain hidden while stealing your sensitive data or encrypting critical data until ransom demands are met.

Page 2 of 2 • SOLUTION BRIEF • NETWORK DEFENSE

©2017 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. [SB01_NetworkDefense_170228US]

Undisclosed threats are a hybrid between known and unknown threats. These vulnerabilities are usually known by some security researchers and the impacted software vendors. Until software is patched, enterprises are at risk of threat actors exploiting it to gain access or launch attacks.

BETTER PREVENTION THROUGH INTEGRATION Only complete visibility into all network traffic and activity will keep you ahead of today’s threats that either ransom or steal sensitive data, communications, and intellectual property. Trend Micro offers an integrated advanced threat prevention approach to network security.

Trend Micro Network Defense is powered by XGen™ security, a unique blend of cross-generational threat protection techniques and market-leading global threat intelligence to protect enterprise networks. XGen™ security protects your network with a smart, optimized and connected security technology approach.

Network Defense solutions are smart, leveraging a blend of cross-generational threat defense techniques such as machine learning, custom sandboxing, behavioral analysis and custom content correlation. Network Defense applies the right technology at the right time and place to give you the most efficient network threat protection possible, rather than relying on a single-technology approach. Trend Micro can stop known threats inline at wire speed, identify, analyze and turn unknown threats or suspicious objects into known threats moving inbound, outbound or laterally across the network. The Zero Day Initiative and TippingPoint Digital Vaccine® (DVLabs) can provide preemptive threat protection from undisclosed threats months before they are made public.

Network Defense solutions are optimized to work in your customer environments. They have been designed to work with both Trend Micro and a broad spectrum of security vendors including; SIEM, vulnerability management, next-generation firewalls, SDN and cloud, network packet brokers and others.

Network Defense solutions are part of a connected Threat Defense solution that seamlessly share threat intelligence with centralized visibility and control across layers of security. Network Defense systems can automatically be updated by other Trend Micro solutions, and other Trend Micro solutions can automatically update Network Defense solutions with updated threat information. Network Defense threat intelligence is fueled by the Trend Micro™ Smart Protection Network™. The Smart Protection Network mines data around the clock and across the globe to ensure that you are always protected.

Trend Micro TippingPoint Next-Generation IPS (NGIPS) – Uses a combination of technologies such as deep packet inspection, threat reputation and machine learning to detect and block known threats at wire speed.

Trend Micro™ Deep Discovery™ (AKA TippingPoint Advanced Threat Protection) – Detects unknown threats moving inbound, outbound or laterally across the network by monitoring all ports and over 100 protocols, turning the unknown into known and shares the threat information with a host of security tools including the TippingPoint NGIPS.

Zero Day initiative – An independent organization of over 3,000 security researchers discovering vulnerabilities in operating systems and software used by business and individuals around the world before they can be exploited.

DVLabs - Provides cutting-edge threat analysis and security filters that cover an entire vulnerability providing preemptive threat protection against undisclosed vulnerabilities via the TippingPoint NGIPS.

The Poodle attack took advantage of a vulnerability in SSL 3.0 to exploit enterprise networks. This vulnerability was discovered by a threat research team over five months before it was exploited, making it known by few and unknown to all others. During this time many corporate networks were at risk.