Trend Micro Inc. has begun shipping a new solution aimed at taking a customized approach to the battle against advanced persistent threats (APTs). Marketed as “Custom Defense,” the new offering promises to detect, analyze, and assist in remediation against APTs through the use of specialized tools as well as a global threat intelligence database that is consistently updated by the Cupertino, Calif.-based company.
"Today's advanced persistent threats are much stealthier, much more sophisticated and much more attuned to social information," said Steve Quane, chief product officer at Trend Micro. "The changes have become far more targeted than ever. This is a major change compared to what we have seen before."
Quane cited statistics indicating that 67 percent of the companies are not currently ready to fend off attacks, and 55 percent are not even aware of intrusion.
"We need to be able to monitor the behavior of targeted attacks, such as those penetrating Active Directory, as a means of gaining additional information and access to company resources," he said.
Custom Defense takes on a four-fold mission that spans detection, analysis and adaptation in response.
The platform analyzes inbound and outbound network traffic for the detection of zero-day attacks, lateral movement, malicious communications and other activities that would otherwise be invisible to most security efforts. Target applications include email, which is a frequent point of entry for various types of malware, social media applications and mobile devices. Users can customize their sandbox to get granular information into how the malware behaves based on the specific properties of the attack, as well as the specific network environment.
"If you find something that you think is malicious, the system can run 50,000 samples through the sandbox and execute all behavior specific to the attack on a massively automated scale," said Quane. "A real-time link to the threat database helps the user to better understand and analyze the threat."
The solution also delivers data related to the level of risk and the origin of the attack, while at the same time providing IT administrators and channel partners with actionable advice for remediation. The company's global threat intelligence network also receives reports on the particular exploit in order to help defend against future attacks that might be experienced either by the targeted company or by others.
Supporting tools include a mail scanner and in Active Directory Attack Sniffer that helps to protect against the theft of admin-level access.
The solution is being marketed through the Trend Micro channel. The company is now in the process of reaching out to security-focused partners, specifically those with technology focused on defense against advanced persistent threats.
PUBLISHED OCT. 8, 2012