Trend Micro Targets APTs With Threat Management System Launch

As organizations such as Google, RSA, Citigroup and others combat advanced persistent threats, Trend Micro is attempting to give enterprise organizations a bit of leg up in the fight with the launch of two threat intelligence management systems Monday, designed to give greater network visibility and isolate threats.

The release includes the debut of Trend Micro’s new Threat Intelligence Manager and the update of its Threat Management System, both of which are boosted by an array of new and existing security services.

Trend Micro executives contended that the solutions were aimed at addressing the growing presence of advanced persistent threats -- sophisticated and organized cyber attacks designed to infiltrate networks and steal classified and heavily protected information -- which have emerged in attacks against RSA and a spate of other high-profile targets.

Both of the offerings are aimed at minimizing the likelihood of a successful APT intrusion by reducing the time it takes to discover the attack and expediting containment and remediation, while working in conjunction with Trend Micro’s cloud-based vulnerability management services, virtual patching capabilities and specialized risk management services, a Trend Micro executive said.

’Many advanced targeted attacks are happening and organizations are scared and realizing traditional security is insufficient,’ said Dan Glessner, Trend Micro vice president of enterprise marketing. ’Ideally, we want to try to block a threat, drastically improve the time to discover it, and the time to be able to contain it.’

The new Threat Intelligence Manager, which is currently available, is an event management console designed to provide a bigger window into the security event lifecycle. The new console, more tightly integrated with network servers, provides threat statistics, actionable intelligence, and advanced visualization techniques, which allow IT administrators to rapidly analyze and remediate risk points.

The TIM product provides incident and event analysis that can detect advanced and hidden threats, discover how the threats infiltrated the network and assess their impact, which give in house security personnel or channel partners the ability to evaluate and respond to cyber attacks. The TIM offering is priced at $10.08 per user.

In addition, the comprehensive launch includes an update of Trend Micro’s Threat Management System, a network analysis and visibility tool that detects evasive intrusions, automates remediation and enables real-time visibility into a network.

The latest TMS release entails a new malware identification and malware analysis platform, known as the Dynamic Threat Analysis System, which employs a sandboxing malware analysis feature that enhances the tool’s existing threat detection and correlation engines. Specifically, the sandboxing feature then enables security consultants to simulate attacks in order to provide full forensic analysis.

The TMS system starts at $20,000 for 1,000 users.

Michelle Drolet, owner of TowerWall, a Framingham, Mass.-based Trend Micro partner, said that she hasn’t seen a similar threat management system in the marketplace that features sandboxing technologies, which opens up opportunities for channel partners specializing in risk analysis to offer comprehensive assessments and forensic services.

’With the sandboxing technology, you can take a piece of all that yuck and launch it in a sandbox and watch what it’s doing. From a discovery perspective, the person responsible for malware remediation can launch the attacks (in the sandbox) and watch what’s happening and do some mitigation,’ she said. ’It’s huge.’

Next: Threat Management Release Bolstered By Security Services

Both the TIM and TMS systems are complemented with a series of related security services, offered directly through Trend Micro as well as the channel.

The array of services include a SaaS vulnerability management service, entailing automated policy compliance, network discovery, asset prioritization, vulnerability assessment and remediation tracking; Trend Micro Deep Security, which provides security and defense for physical, virtual and cloud-based services; and Trend Micro Risk Management Services, which includes proactive monitoring and alerting, threat analysis, threat remediation, risk posture review and strategic security planning.

Drolet said thus far, she hasn’t experienced channel conflict with Trend Micro in vying for any portion of the services business.

’I don’t see that at this point,’ she said. ’What we’re doing is reselling their services. They’re the overlay watching everything. We’re the feet on the street doing the deployment. I don’t see conflict there.’

The comprehensive launch comes amid a spate of high-profile data breaches and cyber attacks against targets that include Sony, Google, Lockheed Martin, Citigroup and the IMF, contributing to a growing awareness about cyber security and underscore an increasing need for real-time threat management, channel partners say.

’We see organizations wanting to figure out how to assess risk in real time versus just having an audit or two done a year,’ said Gary Fish, CEO of Kansas City, Mo.-based FishNet Security. ’There is a lot of talk about how automatic security tuning can be obtained based on events that occur in the enterprise. I sense now there may be more of a willingness to allow security applications to make real time changes without human input. In the past, business came first and security could not be allowed to potentially disrupt data flow. I see CIOs now more willing to accept potential temporary disruption in order to stay secure.’