Advanced Persistent Threat (APT) attacks represent one of the biggest challenges to government organisations and private businesses today. From the Operation Aurora attacks on Google and others through to Night Dragon, LURID and even the RSA data breach, they are targeted, covert and sophisticated enough to get past conventional security tools.
Enter Trend Micro Deep Discovery – a solution engineered specifically to help firms neutralise the growing menace of APTs. Not only does itprovide the tools to detect zero day malware and tell-tale malicious human activity across the entire network and all phases of the attack, but it has also been designed to offer in-depth analysis so firms can prevent similar attacks in the future.
Typically an APT consists of several elements.The attack starts with intelligence gathering to create and execute a socially engineered employee infection – often in the form of a malicious e-mail attachment. Next comes network infiltration, lateral movement across the organisation, and finally data discovery and exfiltration – and all the while, command & control communication and backdoor controls are executed by the attackers via remote control.
Deep Discovery is different because it focuses on the malicious content, suspect communications and the human attack behaviour to give firms the best chance of detecting and stopping APTs:
CONTENT: Trend Micro’s Smart Protection Network underpins the solution providing threat detection of zero day and advanced malware with very low false positive rates, currently scanning over 45 billion files per day
COMMS: Deep Discovery also makes use of the SPN’s reputation engine and blacklisting capabilities to detect and block the command and control channels used by the attackers to communicate with the malware embedded in the target organisation.
BEHAVIOUR: Through painstaking analysis Trend Micro researchers have been able to draw up a set of behavioural rules based around classic signs of an APT attack – including multiple log-in failures and data exfiltration – so that Deep Discovery can flag up a possible intrusion.
Organisations today don’t just need detection capabilities that will protect them once, they need actionable intelligence to contain and remediate the threats and enable a more proactive approach to preventing APTs in the future.
Deep Discovery therefore provides:
Sandbox simulation and analysis, allowing the user to put any newly discovered malware under the microscope to find out who it’s trying to contact and why.
Threat Connect – an information portal providing all the relevant threat intelligence about a particular attack.
Integration with leading SIEM platforms – so that relevant threat information can be exported and analysis done from a single location.
“APTs are designed to stay hidden. Organisations therefore need a solution which provides the broadest and deepest analysis possible of their network, encompassing threat detection and crucial intelligence on human attack activity”, said Andy Dancer, CTO at Trend Micro. “Deep Discovery has all that thanks to its superior intelligence gathering from thousands of global threat researchers and the billions of daily events processed by the Smart Protection Network,” he added.
Before joining SME Advisor, I worked as a producer/reporter for Forbes Media in New York. I obtained a Bachelor’s degree in Journalism and International Studies at the University of South Florida in the US. I am currently in Dubai working as Sub-Editor for SME Advisor Middle East, which is a business magazine published by CPI. You can follow me on Twitter: @joumanasaad or @SMEadvisorME and (Joumana Saad) or (SME Advisor) on LinkedIn.