The latest version of Trend Micro’s Threat Management System (TMS) adds sandboxing technology to its set of its network-based malware detection engines. Trend Micro has also introduced a threat intelligence product to correlate and analyze log information from its endpoint and network security tools to improve threat detection and incident response.
TMS provides network-based detection to complement Trend’s endpoint products: OfficeScan, its flagship endpoint antimalware product, and DeepSecurity, which provides server-based host intrusion prevention. Contemporary malware has become increasingly difficult to detect at the endpoint because of technologies such as sophisticated obfuscation techniques, automated updating and the sheer volume of variants designed to frustrate signature-based detection. Trend says 90% of initial TMS customers found active malware on their networks, despite their other security measures.
Enterprises often fail to detect breaches for weeks, even months, according to Verizon Business in its Data Breach Investigations reports. Verizon also reports that some sort of malware is involved in almost every breach. This is not a new phenomenon. Verizon has been reporting similar findings from investigations going back to 2004.
The new product, Threat Intelligence Manager, brings the products together, correlating data from OfficeScan, DeepSecurity and TMS, to produce actionable security intelligence for rapid incident response. The Threat Intelligence Manager is a sort of focused Security Information and Event Management (SIEM) product, designed to work with Trend Micro log data to assess enterprise threat posture.
"That’s the right attitude today,” says Jon Oltsik, principal analyst at Enterprise Strategy Group. “It says, 'We’ll do everything we can for prevention, but assume we’ll be attacked, so how do we detect, remediate quickly?'"