Threats beyond Imagination – Securing your Digital Information: Threats beyond Imagination – Securing your Digital Information Goh Chee Hoh Managing Director Asia South Region May, 2006


Agenda: Agenda Security Evolution : Challenges on unpredictable threat Digital Operation Continuity : Strategy and Solution The Technology : Winning Path RoadMap The Pioneer : Trend Micro Profile Overview


The Problem: The Problem Malware – More Than Just Viruses and Worms New threats detected daily New vulnerabilities (Mobile, IM, images, etc.) Variants active for years Malware’s Growth


Review: Review File Viruses: Projected Decline. Worms: Remain Stable at 150 per month. Bots: 250-300 per month with Potential for Increase. Spam: Projected Increase Phishing: 14,000-15,000 per month with Projected Increase. - Spear Phishing: Projected Increase PhishWare: Remain Stable at 500-700 per month. GrayWare: 1500-1600 per month with Projected Increase. Mobile Threats: 15 per quarter with Projected Increase


Reported Infections and Growth Projections: Reported Infections and Growth Projections Projected Reported Infections: 9.5 Million in Q1, 12.1 Million in Q2, and 29.5 Million in Q3. 70 percent of all infections occurred in North America.


The Problem: The Problem Global Attacks Cost Billions Each Year Malware’s Impact


Mobile Threats 2004-2005: Vlasco Skudoo Boottoon Mabir Win CE DUTS Win CE BRADOR Mobile Threats 2004-2005 29Dec04 1Feb Locknut (Gavno) 21Nov04 Skulls 20June04 Cabir 17Jul04 5Aug04 = Symbian OS (Nokia, etc) = Windows CE (HP, etc) 8Mar Comwar 7Mar Dampig 12Aug04 Qdial 4Apr Fontal 6Apr Drever 18Mar Hobbes 15Apr Doomed 4Jul 8Jul 19Jul Camdesk 21Sep Cardtrp 2Oct Cardblk


Social Engineering and “Phishing”: Social Engineering and “Phishing” How about this email from Citibank asking for recipient to provide personal information?


Spam can kill businesses: Spam can kill businesses


50.000 USD, or we shut down your page!: 50.000 USD, or we shut down your page!


4th Generation Network Worm: 4th Generation Network Worm BLASTER Patch: MS03-026 6/16/2003 SLAMMER NIMDA Patch: MS02-039 7/24/2002 Patch: MS00-078 10/17/2000 9/18/2001 1/25/2003 days SASSER 5/1/2004 Patch: MS04-011 8/13/2004 8/11/2003 ZOTOB 8/13/2005 Window between vulnerability announcement and outbreak is shrinking Patch: MS05-039 8/9/2005


The Pain: The Pain New ATMs moving to Microsoft™ Windows, but Windows is a popular platform for virus authors. Microsoft issued 77 patches for Windows OS in 2003 42 of them are for Windows XP. 7 of them resulted from network virus vulnerabilities. Supposedly isolated ATM networks have been exposed to network virus attacks 1/2003: Slammer (SQL database attack) Bank of America – 13,000 ATMs shut down because of attack. Canadian Imperial Bank of Commerce (CIBC) also impacted. 8/2003: Nachi worm (“Welchia”) Infected two “unnamed” ATM banking networks Network worms can inhibit business and stop transactions.


Malware Still Dominates Threat Landscape: Malware Still Dominates Threat Landscape Source: IDC Enterprise Security Survey, December 2005 Top Threats: Greatest Security Challenges:


Agenda: Agenda Security Evolution : Challenges on unpredictable threat Digital Operation Continuity : Strategy and Solution The Technology : Winning Path RoadMap The Pioneer : Trend Micro Profile Overview


Top 10 I.T. Director Concerns: Top 10 I.T. Director Concerns Aligning IT with business strategy Keeping up with technology Security management Managing costs and resources Coping with change Project management Managing users Workload and managing stress E-business Managing vendors Readers’ survey by MIS Asia


Major Security Concern for CIO: Major Security Concern for CIO How to Deal with Threat that coming from Unmanaged device ??? - like Mobile Users ( PDA, Mobile Phone, Notebook …. ) - like Third party access to network ( visitor, supplier consultant, … ) How to deal with Unknown Mixed Threat Attack ??? - no signature ( Virus Pattern ) exist - zero day threat or attack - Blended with different type of malware 3. How to deal with Targeted Attacked ??? - no longer global outbreak - target attack to a single organization with flooding hundred of malware Readers’ survey by MIS Asia


Enterprise Protection Strategy DefinedIntelligent Threat Protection: Enterprise Protection Strategy Defined Intelligent Threat Protection Infected devices Malicious Threats From Spreading Security policy compliance Potential threats The Whole Is Better Than The Sum Of Parts


Monitor – Detect Potential Threats: Monitor – Detect Potential Threats Ongoing detection of known and unknown threats in real-time Identify source of threat NCIT – Network Content Inspection Technology Limit network access to users that comply with security policies Facilitate regulatory compliance


Prevent – Stop Malicious Threats: Prevent – Stop Malicious Threats Stops known and unknown threats from disrupting business continuity Protection Everywhere Bring business back to normal by repairing infected devices Agent and Agent-less solutions


Central ManagementLowers cost of administration: Central Management Lowers cost of administration NEW Central threat management console Better Protection, Less Mistakes Enterprise-wide view of all threats One Throat To Choke Components: Trend Micro Control Manager Provides enhanced Updates/Reporting/Events/Notifications Cisco Incident Control System (ICS) Supports Routers, Switches and IPS devices Better Protection With One Throat To Choke


EPS: A Security Framework Intelligent Threat Protection: EPS: A Security Framework Intelligent Threat Protection The Whole Is Better Than The Sum Of Parts


The EPS ROIIntelligent Threat Protection: The EPS ROI Intelligent Threat Protection EPS Lowers Overall Threat Exposure


Summary: Summary EPS provides a security framework for intelligent, customized and comprehensive protection against known and unknown threats Detects first instance of potential threats in real-time Offers simple NAC solution for the mobile workforce Protects every critical entry point of threats Automates recovery for managed and unmanaged users Trend Micro Enterprise core competence: Intelligent Threat Protection Integration with network information flow (Cisco, NCIT)


Architectural Evolution - From the Server to the Network Access Point: Architectural Evolution - From the Server to the Network Access Point Policy Management & Reporting WAN Router Firewall VPN L3 Switch L3 Switch IMSS SPS NRS eMail Servers File Servers IWSS Internet/ISP ISVW Mass Mailer Worms Spam Web/MMC Web Site Network Worms Trojan Spyware NVW NVW Appliance TMCM Manage and Coordinate Outbreak Security Actions Outbreak Prevention Virus Response Assessment and Restoration Vulnerability Prevention SMEX SP Office Scan PC-cillin


Trend Micro Control Manager™: Trend Micro Control Manager™ Centralized Management (Web- based) Supports 3000+ managed servers on Windows, UNIX and Linux Log collection and reporting Service update and delivery platform: Outbreak Prevention Service Damage Cleanup Service Vulnerability Assessment Service Centralized Management and configuration for Network Viruswall 1200 Cascaded Console for greater scalability


InterScan Messaging Security Suite: InterScan Messaging Security Suite Comprehensive messaging security at the Enterprise gateway. Virus scanning for SMTP / POP-3 Special mass-mailing virus handling Policy-based management enforces corporate email policies Integrated Anti- spam database and Content Filtering Implements Outbreak Policies for email virus outbreaks Supports Heuristic Spam Prevention Solution


Spam Prevention Solution: Spam Prevention Solution Heuristic Spam filtering engine 90 – 95% Accuracy with 1/80,000 false positive rate Automatic updates for Heuristic engine from Trend’s Active Update servers Integrated with IMSS 5.5 for ease of implementation Increases Spam catch rate over just fingerprint matching IMSS Policy- based framework allows highly granular Spam sensitivity settings


Anti-Spam Building Blocks: Authorization Authentication Anti-Spam Building Blocks Reputation Heuristic & Signature Filters SPF Domain Keys DKIM CSV Spam Caught Today Spam Caught Future “Who Are You?” “Are you Good?” “Probability of Being Good or Bad” Quarantine End Users Mail Servers


Email Reputation Flow: Email Reputation Flow IP Reputation – clears out the obvious spam Sender Authorization – confirms the sender’s domain Domain Reputation – applies knowledge to the sender Can decide to block, filter or pass Content Filtering – removes the gray/questionable messages


InterScan Web Security Suite: InterScan Web Security Suite HTTP/FTP/ICAP 1.0 Antivirus scanning Web site (URL) filtering (optional) Controls access to unproductive sites (raise employee productivity) Controls access to restricted sites (reduce legal liabilities) Allows use of pre-approved and/or customizable list of sites Manage internet usage Displays employee patterns of web usage Alerts administrators of unusual activity based on historical & current Web usage Allows administrators to implement individual surfing quotas


ScanMail for Microsoft Exchange: ScanMail for Microsoft Exchange Server-based e-mail virus protection Administrator controls and monitors virus activities Transparent virus scanning at the server mailbox Stops viruses, malicious code, sensitive content and spam in email and shared folders, before they can reach desktop and spread Emergency Attachment Blocking for outbreak situations like Sircam, Nimda, Netsky, Bagle...etc. Alerts sender, recipients and administrator when a virus is found Microsoft certified for new Exchange Virus Scan API (Microsoft Exchange 2003)


ScanMail eManager Content Filtering: ScanMail eManager Content Filtering eManager Plug-in for ScanMail for Exchange Content Filter - allows administrator to filter out “offensive and inappropriate” email from entering Exchange Server Anti-Spam- Filters out spam or unsolicited junk email coming to the Exchange server Improves mail server efficiency and ensures that only valid messages are received by the end-user Frees up valuable disk space on the server ScanMail + eManager = ScanMail Suite


ServerProtect: ServerProtect ServerProtect efficiently safeguards multiple servers, domains and NAS from virus attack with next-generation antivirus software that can be installed and managed from a single secure console. Network OS supported - NT, Win2000, Novell Netware, Linux, Win2003 Network Attached Storage Supported Platform - EMC, Network appliances


OfficeScan Corporate Edition: OfficeScan Corporate Edition Comprehensive security solution designed for the corporate desktop environment. Robust security protection against multiple types of threats that threaten corporate desktops users Powerful web based management console to coordinate effective security policies and deploy rapidly Accepts and implements Outbreak Policies and Damage Cleanup Templates from Control Manager Supports security policy enforcement via Cisco NAC


Agenda: Agenda Security Evolution : Challenges on unpredictable threat Digital Operation Continuity : Strategy and Solution The Technology : Winning Path RoadMap The Pioneer : Trend Micro Profile Overview


Our Approach : The Whole Threat Lifecycle Management : Our Approach : The Whole Threat Lifecycle Management Plan Deploy Respond Review Antivirus Consultation Service Antivirus Deployment Service Outbreak Prevention & Damage Cleanup Antivirus Review & Audit Service Monitor Knowledge And Expertise Plan Deploy Respond Review Knowledge And Expertise Monitor


Where does the Value comes from: Where does the Value comes from In the short term, the benefit reflects on the number of virus outbreak , user downtime and damage severity. No. of Outbreaks Average Downtime Range of Impact Baseline Damage Damage after adopting ESO The benefit is the product of reduced outbreaks, range of impact and downtime If each dimension is reduced by 30%, total damage will reduce by 65%


Long-Term Value Proposition: Long-Term Value Proposition In the long term, benefit comes from the improvement of overall company security. Time Total Damage Damage for Clients Without Any Protection Damage for Clients Using Products and ESC Damage for Clients Using AV Products When the client’s organization awareness, reaction process and security environment are improved through adopting ESC, the benefit will reflect in the accelerative decrease of damage caused by malware Illustrative


The Building Blocks: Trend Micro Knowledge Service packaging Provider Customer 24 x 7 monitoring and service The Building Blocks Service Mechanism


Agenda: Agenda Security Evolution : Challenges on unpredictable threat Digital Operation Continuity : Strategy and Solution The Technology : Winning Path RoadMap The Pioneer : Trend Micro Profile Overview


Slide41: Trend Micro Incorporated Address: Shinjyuku MAYNDS Tower 27F 2-1-1 Yoyogi, Shibuya-ku Tokyo 151-0053 Japan Founded: 1989, CA, US Founder: Steve Chang, honored “Innovator of the Year” award from 2004 Asia Business Leader Awards (ABLA). Traded: Tokyo Stock Exchange (4704), NASDAQ (TMIC) Business Nature: Antivirus and content security software and services Offices : Operate in more then 30 countries and with 6 Global R&D Centers Number of Employees: 2,900+ 2005 Revenue: USD 621.9M Q1/2006 Revenue: USD 179.6M ( grow 19% ) Market Value: USD 5 Billion Corporate Fact Sheet


COMPANY OVERVIEW: COMPANY OVERVIEW Our Vision: Create a world safe for exchanging digital information Our Mission: Ensure operational continuity against unpredictable, malicious threats Our Strategy: To provide timely updates for threat management by integrating with network information flow


Market Leadership: Market Leadership Global Leader* in the Server-based Antivirus Market #1 market share in the Internet gateway antivirus market for sixth consecutive year #1 market share in the mail server antivirus market for fourth consecutive year #1 market share in the file server antivirus market for second consecutive year "Trend Micro has consistently demonstrated a strong position in the global antivirus market.  To remain successful Trend Micro has adapted quickly to market challenges and the evolution of security threats. Given Trend Micro’s track record and its strong momentum, we expect the company to continue delivering innovative solutions that provide customers with timely protection against unpredictable threats." Brian Burke Research Manager, IDC Source: IDC, Worldwide Antivirus 2005-2009 Forecast and Analysis: Antivirus Evolves from Product to Feature, Doc #34567, December 2005.


Technology Innovation: Technology Innovation


InnovationSupport — TrendLabs Delivers Global Service and Support: Global Service and Support Excellence TrendLabs provides a worldwide platform for delivering timely & customized updates, services, and support anytime, anywhere. More than 800 Threat Research and Service and Support experts at 6 locations Collaborative account management Automated alerts for new threats ISO 9001 2000, BS7799 certifications COPC-2000 Standards Certification Innovation Support — TrendLabs Delivers Global Service and Support Irvine, U.S. Cork, Ireland Paris, France Munich, Germany Tokyo, Japan Taipei, Taiwan Manila, the Philippines Protection requires more than a product… It requires service – timely and expert service


EPS Success Story: EPS Success Story A global healthcare leader Revenue=US$27b, Employees=93k Trend Micro products deployed: Control Manager, Network VirusWall, ScanMail, OfficeScan, ServerProtect Key benefits derived: Centralized management Superior product integration Comprehensive threat protection Automatic company-wide updates EPS Made Us A Partner, Not Just A Vendor


Thank you!More information, please visit/contactwww.trendmicro.comgoh_chee_hoh@trendmicro.comMisoft – Vietnam Distributorwww.misoft.com.vn+844-9331613: Thank you! More information, please visit/contact www.trendmicro.com goh_chee_hoh@trendmicro.com Misoft – Vietnam Distributor www.misoft.com.vn +844-9331613