Threat Management System

Trend Micro Threat Management System is a network analysis and visibility solution that uniquely detects evasive intrusions and automates remediation. Powered by Trend Micro Smart Protection Network, an array of threat detection and analysis engines, and the latest intelligence of Trend Micro Threat Researchers, this zero-trust solution provides the most accurate and up-to-date threat deterrence capability.

Network Analysis and Visibility

Get real-time visibility, insight, and control to protect from advanced attacks.

Identifies evasive malicious activity with network traffic analysis
Eradicates any infections found using automated malware remediation
Provides multi-level analysis and reporting of total threat posture

Endpoint Security Automation

Automatically detect and mitigate advanced threats that evade perimeter security.

Keeps you ahead of advanced infections and their proliferation
Minimizes your risk of a serious attack
Reduces your endpoint security management costs

System and Device Protection

Protect systems that cannot directly run antivirus.

Keeps equipment running and your network clean with automated detection
Prolongs lifetime of legacy systems that can’t be patched or protected
Meets compliance requirements for these devices and systems

Regulatory and IT Security Compliance

Aid compliance efforts with important controls, DLP, and reporting capabilities.

Automates incident management and auditable logging
Detects regulated data leaving the network by any means
Achieves compliance for hard-to-secure systems and devices

Staff Augmentation and Expertise

Leverage the proactive expertise of Trend Micro Risk Management Services

Put Trend Threat Researchers and Service Specialists on your team
Access proactive monitoring, remediation and strategic consulting services
Further reduce your risk exposure and security management costs

Detects and Protects against Advanced Targeted Threats

Advanced Persistent Threats
Targeted network exploits
Web-based threats (web exploits, cross-site scripting)
Email-based threats (phishing, spear-phishing)
Sensitive data expulsion or transfer
Bots
Worms
Crimeware

How Malware Detection Works

Trend Micro Threat Management Services uses the Trend Micro Threat Discovery Appliance to discover malware that has evaded detection. The appliance is deployed out of band at the network layer on the core switch, where it can monitor the stealth techniques being used by modern malware.

Capable of analyzing traffic up to the application layer across 120 different protocols, the Threat Detection Appliance not only detects malware but also the mechanisms used by malware to propagate, including:

Malware downloading additional components and updates
Malware receiving and executing commands
Malware transferring stolen information

A Powerful Combination of Trend Micro’s Scanning Engines and Technologies

When traffic is received by the Threat Detection Appliance, a multi-step process occurs:

Trend Micro file scanning engine determines if a file is known or new malware
Trend Micro Web Reputation database identifies malicious URLs
Trend Micro Virus Scanning Engine checks the traffic stream for exploits and network worms
Trend Micro Network Content Inspection Engine correlates the different attributes of the network traffic to identify potentially malicious characteristics and behavior
The appliance works with in-the-cloud servers and the Trend Micro Smart Protection Network™ to perform advanced correlation on information from multiple sessions

Removing the Infection—and Determining the Cause

Once a threat is uncovered, the Threat Discovery Appliance sends a message to the Threat Mitigator, which will initiate a revolutionary pattern-free cleanup. The Threat Mitigator first removes the files and malware processes associated with the infection, then identifies the chain of events that led to the infection with a detailed root-cause analysis; for example, a malicious website download or an infected USB stick.

Gain Greater Visibility through Reporting

The comprehensive reports provide valuable insight into your security posture including:

malicious activity detected
IP address of the hosts infected
frequency of incidents and the departments or network domains affected

Expert Advisors Help You Take the Next Steps toward Improved Security

If the Threat Mitigator is unable to clean the infection, it automatically sends all of the necessary forensic file data from the infected machines to the Trend Micro Threat Management Advisors. This team of seasoned security experts can then initiate an early warning communication in conjunction with diagnosis and remediation advisory services—helping you save valuable time.

As part of the infection learning phase, Trend Micro Threat Management Advisors provide proactive security planning services, including:

customized corporate threat security management planning
outbreak fire drills
security infrastructure business impact briefings
security best practices recommendations

Throughout this process of discovering and remediating network infections, you gain a crucial advantage—greater insight into your security posture.

Today's Network Security Challenges

Trend Micro understands that your network needs to be protected from a new kind of threat—the internal threat. Internal threats result from employees, contractors or other users who accidentally infect the corporate network with infected machines, USB sticks and other storage devices, or by browsing infected Web sites.

Internal threats are increasing because of the following key challenges to your corporate network:

Conventional security solutions unable to detect internal threats. Read more
Dramatic changes in how and where people work. Read more
Lack of information about your local threat environment. Read more

The Threat Management Solution was designed to identify and respond to next-generation threats. By monitoring the network to catch hidden malware and disruptive applications that traditional security products fail to detect, the Threat Management Solution collaborates with in-the-cloud Threat Management Services to deliver a more detailed analysis of your threat environment. The solution then performs network-wide clean-up and policy enforcement on infected endpoints.

Limitation of Today’s Security Solutions

As threats become more sophisticated and workplace data leaks grow more prevalent, today’s security solutions struggle to keep up. Conventional technologies like firewalls, IDS systems, and VPNs may prevent outside threats but fail to protect “inside threats” from employees who accidentally infect the network.

Security solutions such as Network Access Controls (NAC) focus on initial posture assessment and authentication of the employee’s endpoint. Once a user is authenticated, he or she is no longer monitored and can act in ways harmful to the network. In addition, today’s "borderless" organizations freely share information globally between employees and partners. These enterprises attempt to balance openness and flexibility with security risks as employees work from home, airports, and from other, non-secure, off-site locations.

Workplace Changes

Greater numbers of telecommuting and traveling employees and the blurring between home and work offices have increased mobile device use, creating the need for better protection against the loss of sensitive corporate and user data. This mobile workforce makes it harder for IT departments to maintain updated antivirus and software patches on all computers, making it increasingly difficult to control how and where users connect. Storage devices, such as USB sticks, and music players add new channels for infection. In addition, inadequate remote office security, lack of security personnel, and lax policy enforcement negatively impact security.

Unprotected channels, such as Web mail or wireless networks, and easily exploited technologies, such as P2P file sharing, streaming media, and instant messaging, allow malware to enter the network while draining valuable network bandwidth. In addition, hard-to-detect, zero-day malware require immediate attention and are beyond the means of most antivirus applications, which rely on a pattern-based approach. Once inside, malware can leak data to cybercriminals, posing problems both for the consumers who lose confidential data and for businesses whose reputations are irreparably damaged when data is lost.

Damage clean-up costs and lost productivity create the need for a better solution to protect against insider threats. Forrester Research estimates that up to 85 percent of enterprise security breaches involve internal people and resources. And according to Gartner, “organizational costs of a sensitive data breach will increase 20 percent per year over the next two years.”

Lack of Information about Your Local Threat Environment

Today’s security environment is ready for a new approach. Lack of visibility into the exact location and cause of infections prevents your IT department from determining the most appropriate remedy. To achieve more holistic coverage, security personnel need more information to better understand how threats occur and exactly where they enter the network.

Most security systems show that malware was detected—for example that irc bot activity occurred— however, no information is provided about how or where the infection happened. This creates a lack of visibility into the overall security threat posture, which hampers the ability of IT personnel to identify network pain points and the origin of threats, such as a company’s marketing department or an organization’s remote office. Companies need greater detail about the threat environment, such as the type of threats residing in the network, or the percentage that are malware or hacking attempts or that are caused by disruptive applications. Determining the root cause of how these threats entered the network helps IT formulate better security policies.

Key Components:

The Threat Management Solution Includes the Following three Tiers:

Threat Discovery Appliance — uncovers internal security threats and disruptive applications within the network.
Threat Management Services — performs advanced threat correlation to uncover hidden threats, delivering customized threat reports, incident analysis, and threat recommendations.
Threat Mitigator — acts on information provided by a monitoring device to perform automated damage clean-up, infection root-cause analysis, and policy enforcement.

Threat Discovery Appliance

Deployed at the network layer for comprehensive coverage, the Threat Discovery Appliance collaborates with the Smart Protection Network’s in-the-cloud servers to identify and respond to next-generation threats. The Threat Discovery Appliance monitors suspicious activities at the network layer to spot malware that traditional, pattern-based security applications fail to detect. In addition, the device detects Web or email content-based attacks such as Web exploits, cross-site scripting, and phishing.

In addition, the solution identifies potential security risks and disruptive applications such as instant messaging, P2P file sharing, streaming media, and unauthorized services such as the SMTP open-relay and rogue DNS. The Threat Discovery Appliance leverages Network Content Inspection Technology to inspect network traffic and Trend Micro’s Virus Scan Engine for analyzing file content. Flexible, out-of-band deployment ensures no network disruption.

The information gleaned during Threat Discovery Appliance feeds reports that provide insight into your network security for proactive planning.

Threat Management Services

Threat Management Services leverages the computing power of in-the-cloud servers to run advanced correlation for improved threat detection, root cause identification, forensics, and threat analytics. Integration with Trend Micro’s Smart Protection Network ensures that the most up-to-date threat data is available to perform this analysis. Access to Trend Micro’s global security intelligence also provides in-depth, real-time information based on twenty years of threat research, as well as new and emerging threats, for faster response to data loss and improved threat education and remediation.

Threat Management Services provides advanced threat analysis and reporting capabilities that generate a clear view of an organization’s state of security. IT administrators can generate daily administrative reports for incident response and remediation. Also, executives can receive threat summary reports on the overall security posture of their company’s networks.

Threat Mitigator

After the Threat Discovery Appliance detects a new threat, the Threat Mitigator automatically performs pattern-free clean-up of both new and known malware at the endpoint without impacting the host system. Scan, auto-clean, and custom-clean working modes allow for flexible clean-up options.

Threat Mitigator also runs a root-cause analysis to help IT administrators determine the chain of events that led to the malware infection. Threat Mitigator collaborates with Threat Management Services to provide incident reports detailing the malicious behavior detected, how it was cleaned, and where the incident originated. Forensic scanning uncovers malware components by analyzing behavior collected in real time during threat discovery.

Threat Mitigator also ensures that all network endpoints have a baseline security posture before being allowed to connect to the network. An endpoint found lacking in service updates or security patches, or that is found to be infected, is quickly quarantined to a local network until updates or clean-up is performed.

With Threat Mitigator, IT can choose between two deployment strategies—in-line and out-of-band. Flexible, out-of-band deployment ensures no interruption to existing services.

Threat Discovery 2.6 Hardware Appliance

Purpose-built 2U rack-mountable appliance
Max Throughput: 1 Gbps
Max Concurrent Connections: 128000
Redundant Power
RAID 1
Device Failure Detection

Threat Discovery 2.6 Software Virtual Appliance – VMware

Virtual Appliance/Software Support: VMware ESX /ESXi server 3.5 server or later
CPU: Two Intel™ Core™ 2 Quad processors recommended
Memory: 2GB minimum; 4GB recommended
Hard Disk Space: 6.5GB minimum; 80GB recommended
Networking Interface Card: 2 NICs

Threat Discovery 2.6 Software Appliance

CPU: Two Intel™ Core™ 2 Quad processors recommended
Memory: 2GB minimum; 4GB recommended
Hard Disk Space: 6.5GB minimum; 80GB recommended
Networking Interface Card: 2 NICs

Certified Server Platform: Dell PowerEdge 2950, Dell PowerEdge R410, Dell PowerEdge R710 and HP ProLiant