Security as a Business Enabler

Sid Thiru Head of Service Provider Alliances Trend Micro

Copyright 2009 Trend Micro Inc.

680 Million

3 Million

2004
Copyright 2009 Trend Micro Inc.

680 Million ??? 1.7 Billion

3 ??? Million 30 Million

2004 2010
Copyright 2009 Trend Micro Inc.

Booming underground economy

Copyright 2009 Trend Micro Inc.

Its all so easy

Copyright 2009 Trend Micro Inc.

Social Engineering....

Copyright 2009 Trend Micro Inc.

Todays malware is big business.

The Cybercrime Economy*

payout per adware install $0.02 $0.30 basic malware package $1,000 $2,000 virus es exploit kit rental $1 per hr undetected info-stealing trojan $80 worm spyw s are distributed denial of service attack $100 per day botn 10,000 compromised PCs (zombies) ets $1,000 1 million freshly harvested e-mails $8 & up stolen bank account credentials $50 es may vary find your local cybervandal-turned-entrepreneur & up credit card + validation info $1 to $2 personal ID & their pets name $10
Copyright 2009 Trend Micro Inc.

2011 Threat Predictions

Prediction #1 Clever Malware Campaigning Fake AV etc Prediction #2 Old Malware Re-infections Prediction #3 Vulnerabilities will be exploited faster 74% of attacks emerge the same day than patches Prediction #4 BYO Device Risks

Classification

Copyright 2009 Trend Micro Inc.

2011 Threat Predictions

Prediction #5 The Cybercrime Underground Evolution Prediction #6 Cloud-related issues Prediction #7 Targeted Attacks and Cyber- Espionage Prediction #8 Vulnerable Legacy Systems

Classification

Copyright 2009 Trend Micro Inc.

Threats mostly from the internet

Top threat infection vectors

(how threats arrive on PCs)
1.

Visits to malicious websites ( 42% ) Downloaded by other malware 4. ( 34% ) wor E-mail attachments & ms links 6. ( 9% ) Transfers from removable source: Computer Weekly disks 8. ( 8% ) Other (mostly via INTERNET Internet) 10. ( 7% )
2.

92%
viru ses spyw are botn ets

3.

TARGET
FILE TRANSFERS

5.

8%
REMOVABLE MEDIA

7.

9.

Copyright 2009 Trend Micro Inc.

Traditional Security
There is a desperate need for new standards for todays anti-virus products. The dominant paradigm, scanning directories of files, is focused on old and known threats, and reveals little about product efficacy in the wild.
Williamson & Gorelik (2011)

anti-x at the the gateway/endpoint

A V
TARGET
FILE TRANSFERS E-MAIL spa m WEBSITES

LINKS & ATTACHMENTS

REMOVABLE MEDIA

INTERNET

Copyright 2009 Trend Micro Inc.

IT Environment Changes Challenge: Traditional Approaches Fail Signature file updates take too long
Delay protection across all clients and servers Leave a critical security gap Signature files are becoming too big Increase impact on endpoint resources Unpredictable increase of client size Patches cannot be deployed in time Systems remain exposed to exploits Average time to patch was 55 days in 2010
Unique threat samples PER HOUR
Copyright 2009 Trend Micro Inc.

Single attacks multiple vectors

Infection Layer Execution Layer
inspection based on file behavior (rules)

AV protection networks have multiple layers of protection Vulnerability, Execution & Infection Layer blocking the transfer & execution of malware on target computers

inspection based on

inspection based on inspection based on source (IP, url, source (IP, URL, domain) FILE TRANSFERS E-MAIL spa m WEBSITES

Exposure Layer

file content (code, hash)

TARGET

Exposure Layer LINKS & blocking ATTACHMENTS access to/from sources delivering malware

REMOVABLE MEDIA

INTERNET

Vulnerabilit y Layer
inspection based on
Copyright 2009 Trend Micro Inc.

exploit (rules)

Smart Protection Network

Block threats based on source, content & behaviour In addition to examining files for malicious content & behaviour:

FILE REPUTATION WEB REPUTATION EMAIL REPUTATION

Web reputation services identify and block bad web sites & URLs E-mail reputation services identify and block spam by sender IP address Correlation between layers enhances threat identification
LINKS & ATTACHMENTS FILE TRANSFERS E-MAIL spa m WEBSITES

TARGET

REMOVABLE MEDIA

INTERNET
Copyright 2009 Trend Micro Inc.

The Journey to the Cloud..

Lowering Costs, Increasing Flexibility

Private Cloud

Public Cloud

Virtual

Physical

Servers virtualized with minimal changes to datacenter processes

Servers virtualized in scalable, shared, automated & elastic environment

Select enterprise applications in public cloud

Traditional datacenter

Copyright 2009 Trend Micro Inc.

15

Questions?

Copyright 2009 Trend Micro Inc.