Endpoint Security - Customer Presentation

Enterprise
Endpoint Security
May, 2021
Why Trend Micro?
3 © 2021 Trend Micro Inc.
Donated $5.9M+ to those in need and built
homes for 1,800+ families
Trend Micro cares

about making the
world a safer and Trained 300+ new cybersecurity experts, &
better place for enhanced a culture of diversity & inclusion
everyone.
Educated 50,000+ small business users, 5,000+
university students, and 2.8M+ kids & families
Industry firsts: Always anticipating, adapting
AI-powered writing- Broadest cloud
Optimized security for IoT Reputation style DNA analysis for security platform as
AWS workloads Service email fraud a service
Optimized security Optimized security for Cloud workload Specialized IPS XDR & risk visibility across
for VMware Azure workloads protection platform with for OT endpoint, email, servers,
integrated container environments cloud, & network
protection
Responsible disclosure to Threat intelligence and research for Public/private partnerships
software/hardware vendors consumers, businesses & governments (e.g. law enforcement)
Threats Vulnerabilities Targeted AI & ML IoT OT / IIoT Cybercriminal Future Threat

& Exploits Attacks Undergrounds Landscape
Trend Micro Core

Technology & Products
Market Leader in Vulnerability Disclosure
Zero Day Initiative
• 10,000+ independent vulnerability 5%
researchers 6%
• Market leader in the public disclosure 7%
market for past 13 years, discovering &
reporting 60% of the vulnerabilities in
2020 18%
• Highest for disclosed vulnerabilities
60%
across all severity levels
Source: 2020 Public Vulnerability Market, Omdia, April 2021

A world safe for exchanging digital information
Cybersecurity focused for 30+ years
US $1.7B in sales & profitable every

quarter since going public in 1998
500,000+ commercial customers,

including 9 of the top 10 Global
Fortune 500
7000 people passionate about

security across 65 countries
Eva Chen, CEO and Co-founder of
Trend Micro
A Cybersecurity Platform
Optimized for Enterprise Threat Defense
Common Ecosystem
Services Integration
Global Threat Intelligence

Threat Defense Platform for Security Operations
XDR
Risk Visibility & Insight Extended Detection & Response Agent & Policy Management
Security for Users Security for the Hybrid Cloud Security for Networks
Mobile Servers Virtual Machines Cloud Workloads Containers Applications Prevention Detection
Workstations
Mail Web Apps Open Source Cloud Cloud Security File

Storage IOT Protection Sandboxing
Scanning Network Posture Management
SECURITY POWERED BY TREND MICRO SECURITY POWERED BY GLOBAL THREAT RESEARCH

CYBER THREATS | 0-DAYs | TARGETED ATTACKS | AI&ML | UNDERGROUND | FUTURES
LEADING
11 © THREAT RESEARCH
2021 Trend Micro Inc. THREAT INTELLIGENCE | VULNERABILITIES | CYBERCRIMINALS | FUTURES
• Prevent the broadest range of
threats with the right technique, at
the right time
• Detect more, faster with integrated
detection and response across
endpoints and email
• Complete visibility for holistic
investigation and response

The Threat Landscape
Traditionally, malware prevention has been the These days, attackers use much more than
focal point to attempt to keep attackers at bay. malware.
• It was focused on file-based attacks (executables, embedded • They exploit operating system and application vulnerabilities
scripts, etc.) • They use social engineering to gain access
• Using signatures to detect malware was usually enough, • They use extortion to get employees to do their bidding
though there was a high risk of zero-days
• They use executables already on the endpoints to gain
• Many third-party testing houses to this day focus on efficacy additional control
of detecting file-based threats
• Campaigns span not just endpoints, but servers, cloud
applications, IoT, OT, email and more
“Malware-Centric Protection” “Attacker-Centric Protection”

Holistic Threat Detection
Entry point Pre-Execution Runtime Exit Point
Malware Entry Points Malware Exit Points

Network Command & Control
Email Lateral Movement
USB Exfiltration
Browser Exploit Prevention Predictive Machine Learning Runtime Machine Learning Web Reputation
Vulnerability Protection Application Control Behavioral Analysis Data Loss Prevention
Web Reputation Variant Protection Exploit Protection
Device Control File-Level Signature In-memory Script Analysis

Apex One™: Single Converged Agent
Prevention
Virtual Patching Device Control Firewall App. Control Exploit Prevention
Real Time >

Detection Machine Behavioral Malicious CLI Network Known Threats
Learning Analysis Fingerprinting
Automated
Response DLP Kill & Quarantine Restore Encrypted Suspicious object/ Outbreak
Processes Files Intelligence sharing Prevention
Investigation and >

Response* Cross layered IOC Sweeping MITRE Threat Managed XDR
detection Mapping Intelligence
* Requires additional licensing

Smart, layered security
LEGEND
Known Known Unknown Noise
Good Data Bad Data Data Cancellation
maximizes protection and performance
Intrusion Prevention (IPS) & Firewall
Early Zero-Day Protection
Exploit Prevention & File/Web Reputation
Variant Protection
Application Control
Integrity Monitoring
R
XD
Pre-execution Machine Learning
to y
etr
em
Tel
Behavioral Analysis
Runtime Machine Learning
Network Content Correlation
Safe files & Malicious files &
actions allowed Custom Sandbox Analysis actions blocked
Investigation & Response

Understanding quicker,
cutting through the noise
Prioritize and visualize threats
Prioritizing alerts through Trend Micro reduces alert
scoring fatigue and provides great
visibility into activity
• Combining multiple alerts

• into incidences
• Detailed attack behavior
• Powerful threat hunting

tools
Multiple alerts • Cross technology and

combined from a cross platform
single incident

Trend Micro reduces alert
Clear and detailed fatigue and provides great
description visibility into activity

into incidences

tools
Linked to
MITRE ATT&CK
• Cross technology and
3rd party logs include: cross platform

fatigue and provides great
Combine criteria with visibility into activity
MITRE framework
Search through all or
specific data sources • Combining multiple alerts
into incidences

tools
Easily filter results • Cross technology and

3rd party logs include: cross platform

fatigue and provides great
visibility into activity

into incidences

See the execution profile tools
Windows Mac Red Hat Debian CloudLinux
of endpoints and
cloud/server 3rd workloads.
party ogs include: • Cross technology and
Supports 90+
3rd party logsOS versions.
include: cross platform
Ubuntu SUSE CentOS Amazon Oracle
Linux Linux

Respond rapidly
Respond rapidly and shutdown the attacker
Trend Micro allows you to
respond rapidly from many
tools
• Multi-layer response from a
Workbench
• Respond while hunting in

the Search app
• Remote shell for live

• Many different response

Contextually aware choices
actions
for quick response. Actions
are carried in multiple
• Shared cross-product and
security controls.
cross-vendor

tools
Workbench

the Search app


actions
Take actions or open an
investigation workbench • Shared cross-product and
directly from the results cross-vendor

Remote shell to endpoints tools
within seconds • Multi-layer response from a
Workbench

the Search app
Leverage many different • Remote shell for live

functions to see current investigation and response
state and respond
actions

cross-vendor
* More options available than shown in this screenshot

tools
Isolate Devices Terminate Processes Block IPs & Domains Block Specific URLs • Multi-layer response from a
Workbench

the Search app

Block Files Quarantine Emails Delete Emails Retrieve Files

actions
> All in addition to the automatic prevention responses
included in the Apex One agent. • Shared cross-product and
Remote Shell
cross-vendor

tools
Ecosystem
Workbench
Integration
the Search app


actions

cross-vendor

Then going deeper to
bring more insight
Identity and Risk Insights
Trend Micro uses XDR data
to bring you more visibility
than you ever had before
Shows your level of visibility in a single console
• Multiple Trend Micro and

Third-Party Data Sources
• Risky Users
• Risky Devices
• Endpoint Vulnerabilities
3 party logs currently include:
rd
Palo Alto Forcepoint Web Security Cisco Meraki • Cloud App Usage
Fortinet Fortigate Zscaler Cisco Umbrella

Feature in development. Target release: By end of 2021
in a single console
Highlights immediate risks • Multiple Trend Micro and

Shows current and past risk level Third-Party Data Sources
• Risky Users
• Risky Devices
Gives key activity and dark web
intelligence
• Cloud App Usage

in a single console
Device view • Multiple Trend Micro and
Shows which user on each device Third-Party Data Sources
• Risky Users
• Risky Devices
• Cloud App Usage

in a single console
Device view • Multiple Trend Micro and
Shows which user on each device Third-Party Data Sources
• Risky Users
And what CVEs they are vulnerable to • Risky Devices
• Cloud App Usage

in a single console
Highlighting how many CVEs are at • Multiple Trend Micro and
risk of being exploited Third-Party Data Sources
Their Details And which Trend Micro Virtual • Risky Users

Patching rules are protecting you
• Risky Devices
• Cloud App Usage

in a single console
• Multiple Trend Micro and

Third-Party Data Sources
• Risky Users
The type of cloud
apps being used • Risky Devices
And the risk

• Cloud App Usage
associated with them

Trend Micro threat
prevention
Managed XDR Service – Holistic MDR
Continuously monitoring activity on Endpoints,
Servers, Network and Email
Identifying complex targeted threats
Conducting mitigation measures

when possible, using Trend Micro technology.
Routinely sweeping for threats discovered by

Trend Micro’s Threat Research

Optimized Resources with Managed XDR
Events generated by Trend Micro products (includes 1K high
priority events and 16K events which are not actionable but
needed for compliance / visibility when investigating later)
Standard managed service: corelates events and prioritizes

36 items which require further investigation by a Level II/III
security analyst
Advanced managed service: Trend Micro security experts

investigate each of the 36 events to determine if there is a
security incident and provide a detailed response plan. (will not
be 0 incidents every month!)
Monthly report from a customer subscribing to the
advanced Managed XDR services for endpoint and network

Most endpoint attacks
come from email
Trend Micro Cloud App Security
Smart
• Finds zero-day and hidden threats using static and
dynamic techniques including sandboxing
• DLP discovery, visibility, and enforcement for cloud file
sharing services
Optimized
• Direct cloud-to-cloud integration using vendor API’s
• Protects email (inbound + internal) and file sharing
• Quick deployment through API integration
Connected
• Centrally manage with endpoint, server, network security.
• Includes Vision One XDR and part of Managed XDR

IT OPS TEAMS (Endpoint & Email)
Wants effective ransomware
By 2021, Gartner expects 70% of public & private protection
companies to be using cloud email services.
Less time re-imaging
Gartner; “Market Guide for Email Security” | 6 June 2019 | G00400856 | Neil Wynne, Peter Firstbrook
SOC/IR TEAMS
Wants fast detection & response on
endpoints
By 2025, cloud-delivered EPP solutions
Visibility beyond the endpoint
will grow from 20% of new deals to 95%. (cross-layer)
Gartner; “Magic Quadrant for Endpoint Protection Platforms” |
20 Aug 2019 | G00352135 | Peter Firstbrook, Dionisio Zumerle, et al.

Microsoft 365 Trend Micro Cloud App Security (CAS)
Block Block Detect & Block
Known Known Unknown
Threats Threats Threats
Exploit
Detection
Malware Malware
Signatures Signatures Pre-execution
Machine Learning
Sandbox
Web & URL Analysis
Web & URL
Reputation Reputation
Machine
Learning for
phishing & BEC

Benefits of Trend Micro’s Protection
over vendor and 3 party email gateway protection
rd
of O365
Log email metadata Conduct XDR Investigations Respond by quarantining
for investigations Combining Email & Endpoint Telemetry emails directly from within
the investigation or API
Also better detection…
Threats detected after vendor & 3rd party gateway protection

Customer’s # Customer’s Microsoft Malware Malicious & Phishing URLs BEC High Risk Threats
of users industry Office 365 Plan Detected by TM Detected by TM Detected by TM Blocked by TM
120,000 Hospitality E3 12,249 129,249 1,220 143,129
8,500 IT Services E3 176 4,117 234 4,527

Based on a 2020 detection results of customers with Trend Micro, Microsoft and another third-party email gateway solution.
Trend Micro was the last line of defense.

Non-malware fraud (e.g. business email compromise,
credential compromise) focuses here, and 94% of
Attack starts with malware attacks arrive via email*.
spear-phishing *Verizon Data Breach Investigation Report, May 2019
Today’s attacks are stealthy

and often file-less, evading
Lateral movement via
unpatched outdated defenses.
vulnerabilities
Users vulnerable to
social engineering
It’s challenging to patch all
Vulnerable operating
systems endpoints in a timely
fashion. New OS exploits
Outdated Employee tricked into can spread quickly.
defenses revealing credentials /
install malware
Email Gateway Service Also Available
Email Security Advanced
Inbound email
• Antispam, BEC Outbound email
• Antispam
• Sender reputation
• Email encryption
• Source verification
• DLP
• Antimalware, PML
• File password extraction
• URL rep, time-of-click
• Sandbox analysis for file
and URL
• Email continuity
45
Cybersecurity Assessment Service
Free security assessment service that scans
Microsoft® 365® inboxes and endpoints to
gauge the overall security posture
A simple way for a security professional to:

• Check their Microsoft 365 inboxes for
undiscovered email threats
• Check key endpoints for undiscovered
threats
• Review a final report in PDF form and share
with stakeholders outlining any threats
existing in their environments
https://assessment.xdr.trendmicro.com
Third Party Validation
Carbanak & FIN7
Tradecraft and operational flows in two
simulated breaches
Organizations want high confidence

detection without alert fatigue:
 Top 3 for visibility & telemetry

 100% of Linux attacks detected
 Highly enriched telemetry for
better investigations
48 © 2021 Trend Micro Inc. Data Source: MITRE, 2021

Gartner Magic Quadrant
for Endpoint Protection
Platforms
May 2021
This graphic was published by Gartner, Inc. as part of a larger
research document and should be evaluated in the context of the
entire document. The Gartner document is available upon request
from :
https://resources.trendmicro.com/Gartner-M
agic-Quadrant-Endpoints.html
Gartner does not endorse any vendor, product or service depicted in

its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other
designation. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.

THE FORRESTER WAVETM
Endpoint Security
Software as a Service
Q2 2021
The Forrester WaveTM is copyrighted by Forrester Research, Inc. Forrester and

Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a
graphical representation of Forrester's call on a market and is plotted using a detailed
spreadsheet with exposed scores, weightings, and comments. Forrester does not
endorse any vendor, product, or service depicted in the Forrester Wave. Information
is based on best available resources. Opinions reflect judgment at the time and are
subject to change.

A Leader in 4 Key XDR Building Blocks
Detection & Response Endpoint Email Cloud
The Forrester Wave™: The Forrester Wave™: The Forrester Wave™: The Forrester Wave™:
Enterprise Detection and Endpoint Security Software Enterprise Email Security, Cloud Workload Security,
Response, Q1 2020 as a Service, Q2 2021 Q2 2021 Q4 2019
“The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are
trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call
on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments.
51 © 2021 Trend Micro Inc. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is
based on best available resources. Opinions reflect judgment at the time and are subject to change.”
Appendix
Apex One as a Service Data Centers
Canada (Jun, 2020)

West Europe (Nov, 2017)
Japan East (Nov, 2019)

Central US (Nov, 2017)
India (est. Nov, 2020)
Singapore (Feb, 2019)
Australia East (Apr, 2019)

“ Trend Micro gives us an easy-to-
deploy solution for security and
GDPR compliance, including
integrated management,
visibility, and security that has no
“
performance impact on the
endpoint.
Leon Backbier
ICT Manager

“
Trend Micro is a force
multiplier for us. It gives our
small security team peace of
mind. We can add employees
and infrastructure and handle
it all without expanding our “
security team.
Aaron Cunningham
Vice President of IT

Air Gapped Deployment Models
External Agents
With Central Control
Apex One as a Service and Investigation
Manage agents from SaaS
Or use an on-prem server
On Premises Partial Air Gap If external access allowed, can be managed by SaaS
Site 1 Edge Relay

(in DMZ)
Update Agent Agent Agent

Apex One Agent Apex One Agent Apex One Server
Site X Complete Air Gap
Apex One Agent Apex One Agent Apex One

Update Agent Apex One Server Agent Agent
Optional update channel

Apex One as a Service Certifications

Endpoint Security - Customer Presentation

Uploaded by

Copyright:

Available Formats

Endpoint Security - Customer Presentation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Endpoint Security - Customer Presentation

Uploaded by

Copyright:

Available Formats

Enterprise

Trend Micro cares

Threats Vulnerabilities Targeted AI & ML IoT OT / IIoT Cybercriminal Future Threat

Trend Micro Core

Source: 2020 Public Vulnerability Market, Omdia, April 2021

8 © 2021 Trend Micro Inc.

US $1.7B in sales & profitable every

500,000+ commercial customers,

7000 people passionate about

Global Threat Intelligence

Mail Web Apps Open Source Cloud Cloud Security File

SECURITY POWERED BY TREND MICRO SECURITY POWERED BY GLOBAL THREAT RESEARCH

12 © 2021 Trend Micro Inc.

“Malware-Centric Protection” “Attacker-Centric Protection”

13 © 2021 Trend Micro Inc.

Malware Entry Points Malware Exit Points

14 © 2021 Trend Micro Inc.

Real Time >

Investigation and >

* Requires additional licensing

Investigation & Response

16 © 2021 Trend Micro Inc.

• Combining multiple alerts

• Detailed attack behavior

• Powerful threat hunting

Multiple alerts • Cross technology and

18 © 2021 Trend Micro Inc.

• Combining multiple alerts

• Detailed attack behavior

• Powerful threat hunting

19 © 2021 Trend Micro Inc.

• Detailed attack behavior

• Powerful threat hunting

Easily filter results • Cross technology and

20 © 2021 Trend Micro Inc.

• Combining multiple alerts

• Detailed attack behavior

• Powerful threat hunting

21 © 2021 Trend Micro Inc.

• Respond while hunting in

• Remote shell for live

• Many different response

23 © 2021 Trend Micro Inc.

• Respond while hunting in

• Remote shell for live

• Many different response

24 © 2021 Trend Micro Inc.

• Respond while hunting in

Leverage many different • Remote shell for live

• Shared cross-product and

25 © 2021 Trend Micro Inc.

• Respond while hunting in

• Remote shell for live

• Many different response

26 © 2021 Trend Micro Inc.

• Remote shell for live

• Many different response

• Shared cross-product and

27 © 2021 Trend Micro Inc.