Trend Micro Threat Management Services
End-to-end threat infection discovery, remediation, and management
Overview:
Day-zero malware threats continue to exploit gaps in enterprise security, quietly stealing large amounts of data before being detected. To find and wipe out these threats, you need an additional security defense layer that provides visibility into where malware is hiding, enables proactive alerting, and enacts measures to contain threats and clean up your network.
Trend Micro Threat Management Services is a network security overwatch service that gives you an additional protection layer to strengthen your existing IT infrastructure against evasive malware threats. Powered by the Trend Micro Smart Protection Network™, Trend Micro Threat Management Services uncovers hidden malware threats and helps ensure the ultimate protection of your corporate assets with increased protection, greater visibility, and less management complexity. Threat Management Services is a three-tiered solution that seamlessly integrates into your existing security infrastructure and includes:
- Threat Discovery Services provides 24x7 network monitoring and detection of hidden malware infections
- Threat Remediation Services utilizes threat discovery information to provide early warning notifications and proactive threat resolution
- Threat Lifecycle Management Services combines threat monitoring, automated remediation, root-cause analysis, and expert advisory services to provide complete threat management
Detects and Protects Against:
|
Find hidden malware before it steals data and damages your network
After conducting over 100 customer Threat Management Services assessment trials worldwide, Trend Micro found that 100% of enterprises had undetected malware. How does malware continue to infiltrate so many corporate networks? Evasive emerging threats undertake targeted attacks based on the personal and corporate information found on the web. Security infrastructure vulnerabilities emerge whenever mobile users enter your network with unprotected devices. And unsecured technologies proliferate in today’s enterprise, with workers engaging in file-sharing and instant messaging on unpatched legacy systems and guest laptops.
Today’s security environment is ready for a new approach—one that introduces greater visibility into the location and cause of infections, provides proactive alerting, and enacts effective measures to disarm malware, clean up the network, and provide insight on how to stop it from happening again.
| Threat Management Services | |||
|---|---|---|---|
| Protection Point | Services | ||
| Threat Discovery | Threat Remediation | Threat Lifecycle Management | |
| Network overwatch threat discovery |  |
|
|
| Network security assessment reports (manual – daily/weekly) | |
|
|
| Proactive threat monitoring and early warning notifications | |
|
|
| Threat containment and remediation advisory services | |
|
|
| 24x7 access to Trend Micro Threat Management Advisors | |
|
|
| Automated threat remediation technology | |
||
| Threat infection root-cause analysis | |
||
| Bi-annual threat outbreak drills for best practice responses | |
||
| Customized threat security management plan | |
||
| Quarterly executive business review | |
||
| Annual threat landscape updates briefings | |
||
The Need for a Network Security Overwatch Layer
After conducting over 100 enterprise network assessments worldwide with Threat Management Services, Trend Micro found:
- 100% of companies had active malware
- 56% of companies had an informationstealing malware
- 72% of companies had one or more IRC bots
- 80% of companies had a malware web download
- 42% of companies had a network worm
Source: Figures calculated from 130 global Threat Discovery Services trials through August 2009. Companies had an average of 7,484 employees and included representatives from the manufacturing, government, education, financial services, retail, and healthcare industries.
Features & Benefits:
Key Benefits:
- Increased Protection
Closes gaps in your corporate security with comprehensive patent-pending, multi-protocol, multi-layer malware detection- Greater Network Visibility
Provides a detailed view of your overall security posture with continuous threat monitoring, discovery, notifications, and reporting- Reduced Management Complexity
An easy-to-use threat management portal, advanced reporting features, and proactive security planning services from Trend Micro advisors simplify threat discovery and remediation
Key Features:
24x7 Network Monitoring
- Get a complete view of network security and discover potential gaps in IT systems
- See active malware infections across your network
- Automatically detect hidden data-stealing malware before it damages sensitive corporate information
Rapid Threat Containment and Cleanup
- Get early warning notifications when malware first enters your network
- Use proactive alerts to speed response time to discovered threats
- Rely on advanced cloud-based correlation technology to detect the newest, most advanced threats
- Rapidly clean up your network with automated, pattern-free remediation
- Utilize root-cause analysis to break the infection chain and find malware entry points
Advanced Reporting
- Receive daily threat summaries to stay on top of day-to-day network operations
- Generate weekly or monthly executive reports to enhance network visibility
- Log in to an easy-to-use management portal to access real-time risk information, including business meters, threat statistics, and trends
Expert Advisory Services from Trend Micro Advisors
- Leverage Trend Micro’s 20+ years of industry experience
- Get customized infection diagnosis, containment, and cleanup services from Trend Micro security advisors
- Refine company security policies and procedures through bi-annual outbreak drills
- Receive ongoing security recommendations and information, including quarterly security briefings
The End-to-End Threat Lifecycle Management Cycle:
- Assess: Discover threats to gain insight into your current security posture
- Monitor: Continuously monitor for active, data-stealing malware infections and receive early warning outbreak notifications
- Diagnose: Correlate suspicious events and activities on the network to determine steps for effective containment
- Contain: Respond to threats and isolate infected systems quickly
- Remediate: Conduct network-wide threat remediation with pattern-free clean-up, root-cause analysis, and assistance with the expertise of Trend Micro Threat Management Advisors
- Learn: Rely on proactive security advisory services from trusted Trend Micro Threat Management Advisors to prevent security threats
Threat Management Services Solutions:
Next-generation malware keeps finding new ways to evade detection. In fact, after conducting over 100 Threat Management Services assessment trials in enterprises worldwide, Trend Micro found that 100% of enterprises had undetected malware. These targeted, coordinated attacks are dangerous precisely because they are specifically designed to go undetected while systematically stealing sensitive data.
Why are corporate networks still vulnerable to malware attacks?
Evasive Emerging Threats
- Cybercriminals now use the abundance of personal and corporate information found in social networking sites, corporate websites, and web searches to slip by security mechanisms and unleash new targeted attacks, enabling explosive growth in the sheer number and variety of malware threats.
Security Infrastructure Vulnerabilities
- As increasing numbers of mobile users go on and off networks with easily infected, vulnerable devices, they compromise corporate networks when connected from inside or via VPN.
- Inadequate remote office security, lack of onsite IT personnel, and lax policy enforcement create numerous malware entry points.
Unsecured Technologies
- Unmanaged and unpatched resources—including legacy systems, contractors, and guest laptops—and mass storage drives like USB devices are common gateways for malware infections.
- Increased usage of easily exploited technologies such as P2P, file sharing, streaming media, and instant messaging expose networks to malware.
Once inside your network, malware can steal sensitive data and leak information to cybercriminals, harming your customers and damaging your company’s reputation. Even worse, enterprises often have no early warning system to catch a pending or active data breach, and no comprehensive strategy to contain threats or recover from an outbreak.
Today’s enterprise needs an advanced approach to protect systems from the next generation of sophisticated security attacks—one that goes beyond traditional security solutions to provide greater network visibility, proactive alerts, and effective tools to disarm malware, clean up networks, and stop infections before they happen again.
The Solution
Trend Micro™ Threat Management Services is a network security overwatch service that provides an additional security layer, strengthening an organization’s existing security infrastructure with threat discovery, containment, and remediation services.
By helping companies find and respond to sophisticated information-stealing malware faster and more efficiently, Threat Management Services minimizes data loss, reduces damage containment and cleanup costs, and improves security posture overall. Other security solutions frequently miss active datastealing malware infiltrations within the network, but Threat Management Services has been built by industry-leading experts to find and wipe out hidden malware, helping ensure the ultimate protection of corporate data.
Powered by the Trend Micro™ Smart Protection Network™, Threat Management Services includes three packages that provide a critical, network security overwatch layer for complete threat lifecycle management:
Threat Discovery Services
- Assess and monitor networks 24x7 for stealthy malware infections
- Generate daily incident reports for faster threat response
- Access real-time threat dashboard showing threat metrics, business risk meters, and affected assets and departments
- Receive weekly executive summary reports detailing overall security posture and trends
Threat Remediation Services - Supplements Threat Discovery Services with:
- Expert, proactive oversight from Threat Management Advisors, including early warning notifications of malware outbreaks both inside and outside your company
- Security advisory services provided by Threat Management Advisors to help diagnose outbreaks, determine containment measures, and provide remediation strategies
Threat Lifecycle Management Services - Supplements Threat Discovery Services and Threat Remediation
Services with:
- Automated threat remediation, pattern-free cleanup technology for day-zero malware, and root-cause analysis with Threat Mitigator technology
- Proactive security planning services from a dedicated Trend Micro Threat Management Advisor, including customized corporate threat security management planning, outbreak fire drills, security infrastructure business impact briefings, and security best practices recommendations
As you can see in the chart below, the service packages within Threat Management Services build on each other to
progressively reinforce your network security by offering a complete threat lifecycle management experience.
| Threat Management Services | ||||
|---|---|---|---|---|
| Feature Summary | Benefits | Threat Discovery | Threat Remediation | Threat Lifecycle Management |
| Network overwatch threat discovery |
|
 |
|
|
| Threat discovery reports |
|
|
|
|
| Advanced cloud correlation with Smart Protection Network |
|
|
|
|
| Out-of-band threat discovery deployment |
|
|
|
|
| Proactive threat monitoring and early warning notifications |
|
|
|
|
| Threat containment and remediation advisory services |
|
|
|
|
| 24x7 access to Trend Micro Threat Management Advisors |
|
|
|
|
| Threat infection root-cause analysis |
|
|
||
| Automated patternfree remediation |
|
|
||
| Annual threat landscape update briefings |
|
|
||
| Bi-annual threat outbreak drills |
|
|
||
Complete Enterprise Security Solutions
Threat Management Services is part of Trend Micro Enterprise Security, a tightly integrated offering of content security products, services, and solutions optimized to deliver immediate protection—all with the goal of reducing the time, risk, and costs associated with acquiring, deploying, and managing content security.
How Malware Detection Works:
Trend Micro Threat Management Services uses the Trend Micro Threat Discovery Appliance to discover malware that has evaded detection. The appliance is deployed out of band at the network layer on the core switch, where it can monitor the stealth techniques being used by modern malware.
Capable of analyzing traffic up to the application layer across 120 different protocols, the Threat Detection Appliance not only detects malware but also the mechanisms used by malware to propagate, including:
- Malware downloading additional components and updates
- Malware receiving and executing commands
- Malware transferring stolen information
A powerful combination of Trend Micro’s scanning engines and technologies
When traffic is received by the Threat Detection Appliance, a multi-step process occurs:
- Trend Micro file scanning engine determines if a file is known or new malware
- Trend Micro Web Reputation database identifies malicious URLs
- Trend Micro Virus Scanning Engine checks the traffic stream for exploits and network worms
- Trend Micro Network Content Inspection Engine correlates the different attributes of the network traffic to identify potentially malicious characteristics and behavior
- The appliance works with in-the-cloud servers and the Trend Micro Smart Protection Network™ to perform advanced correlation on information from multiple sessions
Removing the infection—and determining the cause
Once a threat is uncovered, the Threat Discovery Appliance sends a message to the Threat Mitigator, which will initiate a revolutionary pattern-free cleanup. The Threat Mitigator first removes the files and malware processes associated with the infection, then identifies the chain of events that led to the infection with a detailed root-cause analysis; for example, a malicious website download or an infected USB stick.
Gain greater visibility through reporting
The comprehensive reports provide valuable insight into your security posture including:
- malicious activity detected
- IP address of the hosts infected
- frequency of incidents and the departments or network domains affected
Expert advisors help you take the next steps toward improved security
If the Threat Mitigator is unable to clean the infection, it automatically sends all of the necessary forensic file data from the infected machines to the Trend Micro Threat Management Advisors. This team of seasoned security experts can then initiate an early warning communication in conjunction with diagnosis and remediation advisory services—helping you save valuable time.
As part of the infection learning phase, Trend Micro Threat Management Advisors provide proactive security planning services, including:
- customized corporate threat security management planning
- outbreak fire drills
- security infrastructure business impact briefings
- security best practices recommendations
Throughout this process of discovering and remediating network infections, you gain a crucial advantage—greater insight into your security posture.
System Requirements:
| System Requirements | |
|---|---|
| Threat Discovery Appliance 2.5 Virtual Appliance - VMware |
|
Threat Discovery Appliance 2.5 Hardware Appliance |
|
Documentation:
