Trend Micro – A World Safe for Exchanging Digital Information
Copyright 2014 Trend Micro Inc.
Kimmo Vesajoki, Country Manager
Trend Micro
2
26 years focused on security software, now largest pure-play
Consistent – A World Safe for Exchanging Digital Information
Headquartered in Japan, Tokyo Exchange Nikkei Index (4704)
8 consecutive years on Dow Jones Sustainability Indexes
Customers include 48 of top 50 global corporations
5200+ employees, 38 business units worldwide
500k commercial customers &155M endpoints protected
Small Business
Midsize Business
Enterprise
Consumer
Consumers
http://www3.weforum.org/docs/WEF_Global_Risks_2015_Report15.pdf
Global Risks Landscape - 2015
DATA BREACH 70M RECORDS
CEO RESIGNATION MAY ‘14
HUNDREDS OF CIVIL LAWSUITS
2013 PROFITS DOWN 34%
TOTAL COST $1B
CIO RESIGNATION MARCH ‘14
• Direct costs: Investigation of an incident using external professionals averages 100k€ Labor costs for own personnel (ppl x time x salary)
• Indirect costs: Probability x Cost = Expected Moneraty Value of Incident If probability for incident is 1% and cost of incident is X €, then expected monetary
value of incident is X * 1% • Some avegares to help in risk calculation:
Average cost for data breach is calculated to be $1,6 - $1,8 million USD Average size of data breach is 100'000 stolen records
Cost of an Incident
Moves laterally across network seeking valuable data
Gathers intelligence about organization and individuals
Targets individuals using social engineering
Employees
Establishes link to Command & Control server
Today’s Attacks: Social, Sophisticated, Stealthy!
Attackers
Extracts data of interest – can go undetected for months!
€€€€
monthly onetime
Menu for Full Service Hacking
Malware Checking $30 $50
Botnet Framework $40 $125
Bulletproof Hosting $52 $0
Exploit Kit $38 $120
DDOS Attack for 24 Hours $70 $205
Dropper File and Crypt $8 $80
Modules Total: $238 $600
Existing security is focused on known threats & signatures
Next-Gen Firewall
Intrusion
Detection (IDS)
Intrusion
Prevention (IPS)
Traditional
AV
Email /Web
Gateways
Known threats
You May Already Have…
Advanced methods can evade traditional defenses
Next-Gen Firewall
Intrusion
Detection (IDS)
Intrusion
Prevention (IPS)
Traditional
AV
Email /Web
Gateways
But that May Not Be Enough…
Advanced reconnaissance Spear-phishing emails Embedded payloads Unknown malware & exploits Dynamic command and control
(C&C) servers BYOD and remote employees
create a broad attack surface
91% targeted attacks begin with spear-phishing1
4 million malicious and high-risk Android apps2
1 in 5 use Dropbox at work,3 used in 97% of Fortune 500
1: Trend Micro: “Spear Phishing Email: Most Favored APT Attack Bait”, Nov 2012
2: Trend Micro Annual Report 2014, Feb 2015
3: Global survey of 1300 enterprise customers; “Shadow IT in the Enterprise”, Nasuni, Sept 2012
BYOD, Shadow IT & Phishing compromising organizations’ information security
ConsumerizationCloud & Virtualization
Cyber Threats
IT
Attackers
Employees
ConsumerizationCloud & Virtualization
Cyber Threats
ITEmployees
Attackers
CENTRALIZED VISIBILITY & CONTROLCENTRALIZED VISIBILITY & CONTROL
GLOBAL SENSOR NETWORK Collects More Information in More Places• Hundreds of millions of sensors• 16 billion threat queries daily
GLOBAL THREAT INTELLIGENCEAccurately Analyzes & Identifies Threats Faster• Identifies new threats 50x faster than average
(NSS Labs)
PROACTIVE PROTECTIONBlocks Real-World Threats Sooner• 250M threats blocked daily• 500k new threats identified per day
Copyright 2014 Trend Micro Inc. Source: All values from Trend Micro Smart
Protection Network statistics, July 2014
Confidential | Copyright 2013 Trend Micro Inc.
Confidential | Copyright 2013 Trend Micro Inc.
Confidential | Copyright 2013 Trend Micro Inc.
Risk Management Recommendations1. Conduct Pen test of all third parties.
2. Use Two-factor authentication.
3. Utilize a host based intrusion prevention system.
4. Deploy file integrity monitoring.
5. Implement virtual shielding for zero day exploits.
6. Deploy both an MDM and Mobile Application Reputation software.
7. Deploy Sandbox Cloud Apps.
8. Implement whitelisting.
9. Manage the crypto keys for your cloud data.
10. Web Application Security (OWASP).
11. Deploy context aware Threat Intelligence.
12. Utilize a Breach Detection System.
CENTRALIZED VISIBILITY & CONTROLCENTRALIZED VISIBILITY & CONTROL
Market leadership
• Magic Quadrant for Endpoint Protection Platforms, Gartner, January 2014
• http://av-comparatives.org (Aug – Sept 2014 Real World Protection test)
• http://www.av-test.org (Sept 2013 – Feb 2014 test results)
#1 in protection and performance
A “Leader” in the MQ for Endpoint Protection
13 consecutive years
• IDC, Worldwide Endpoint Security 2014-2018 Forecast and 2013 Vendor Shares, August 2014
• expertON Group, Cloud Vendor Benchmark, June 2014
• 2014 NSS Labs Breach Detection Tests
• Best new product of the year at Network computing awards 2013
Copyright 2014 Trend Micro Inc.
100% of the top 10 automotive
companies.
96% of the top 50 global
corporations.
100% of the top 10 telecom
companies.
80% of the top10 banks.
90% of the top10 oil companies.
5000+ Employees in 50+ CountriesFounded
Headquarters
2013 Sales
Customers
1988, United States
Tokyo, Japan
$1.1B USD
500,000 businesses,Millions of consumers
A world safe for exchanging digital information
24
The world’s largest pure-play security software company
Copyright 2014 Trend Micro Inc.
Questions?
Thank you!