Trend Micro Announces Enterprise Endpoint Sensor Protection
Trend Micro Inc. recently announced enhancements to its enterprise-wide security platform designed to provide a better unified threat defense against known attacks while also detecting and responding to new targeted attacks now in widespread use.
The primary improvement to the company's Smart Protection Platform is the new Smart Sensor product, described as "a context-aware endpoint monitoring solution that enables threat investigators to rapidly detect and assess the nature and extent of targeted attacks on endpoints and servers, speeding time to remediation."
The new Smart Sensor works in conjunction with the company's Deep Discovery solution designed to protect against targeted attacks.
Smart Sensor monitors process-level and network communications so security investigators can conduct multi-level "signature-less" analysis using "indicators of compromise" parameters produced by Deep Discovery or other sources of network security intelligence.
Trend Micro said investigators can use Smart Sensor to examine the chain of events associated with a targeted attack across enterprise systems, including endpoints on-premise, at remote locations or in the cloud. These events can include system infiltration, malicious "command and control" incursions and possibly dangerous account activities.
Introduced at the RSA 2014 security conference in San Francisco, Smart Sensor helps investigators "understand actual malware behavior including delivery method, execution, communications and system implications," the Tokyo-based company said.
Other enhancements include a Deep Discovery Email Inspector designed to complement other email security measures and protect against "spear phishing" emails, described by Trend Micro as a common point of entry for the types of targeted attacks now in use. "It uses proven sandboxing and other advanced detection engines to identify malicious attachments or embedded URLs, allowing the customer to analyze the threats and to set automatic policies for email blocking or quarantine," the company said.
Yet another component is Deep Discovery Inspector v3.6, which the company said helps large-scale enterprises improve and extend sandboxing analysis and better investigate threats with better event management (SIEM) integration and a new 4 Gbps model.
"Customers can now create more custom sandbox images, concurrently analyze more files and more rapidly analyze attack details within Deep Discovery or their SIEM systems," Trend Micro said. "In addition, [with] the new 4Gbps model, Deep Discovery Inspector supports broader deployment options to better protect against targeted attacks."
David Ramel is the editor of Visual Studio Magazine.