Download
1 / 20
200 likes | 348 Views
Trendmicro OverviewWhat mean`s NAC ?Trendmicro Solution and Difference Summary. Agenda. Fastest growing antivirus vendor in the world.*Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ(TMIC) and Tokyo Stock Exchange (4704) Antivirus and content securit
E N D
1. Marko Djordjevic
Product Manager EEUR Selfdefending Networks & Managed Antivirus Strategy
2. Trendmicro Overview
What mean`s NAC ?
Trendmicro Solution and Difference
Summary Agenda
3. Fastest growing antivirus vendor in the world.*
Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ(TMIC) and Tokyo Stock Exchange (4704)
Antivirus and content security software and services provider to enterprise, small and medium business, and consumer segments
Transnational company with 2000+ employees, operations, and representation in over 30 countries worldwide
2004 revenues:
US$584 Million Trendmicro Overview Additional Details:
Trend Micro grew the fastest with a 31 percent growth rate year-over-year (YoY). This is more than double that of the antivirus industry as a whole, which is expected to grow at a 15 percent CAGR between 2001-2006. (IDC: Antivirus Software 2002: A Segmentation of the Market)
TOKYO STOCK EXCHANGE: 4704
NASDAQ: TMIC
Revenue based on consolidated earnings report for fiscal year ending December 31, 2003. Equivalent to 48.0998 Billion Yen, calculated at an exchange rate of JPY 106, per 1 US Dollar.
Trend Micro is one of a growing number of “Transnational” companies in which expertise and decision making authority has been distributed across many different geographical regions and time zones. This structure enables Trend Micro to react faster and more effectively to new outbreaks and to changing market conditions. Additional Details:
Trend Micro grew the fastest with a 31 percent growth rate year-over-year (YoY). This is more than double that of the antivirus industry as a whole, which is expected to grow at a 15 percent CAGR between 2001-2006. (IDC: Antivirus Software 2002: A Segmentation of the Market)
TOKYO STOCK EXCHANGE: 4704
NASDAQ: TMIC
Revenue based on consolidated earnings report for fiscal year ending December 31, 2003. Equivalent to 48.0998 Billion Yen, calculated at an exchange rate of JPY 106, per 1 US Dollar.
Trend Micro is one of a growing number of “Transnational” companies in which expertise and decision making authority has been distributed across many different geographical regions and time zones. This structure enables Trend Micro to react faster and more effectively to new outbreaks and to changing market conditions.
4. Global Leader in Internet Gateway and Mail Server Virus Protection
#1 in the Internet gateway antivirus market for fourth consecutive year
#1 in the mail server antivirus market for third consecutive year
#1 growth rate* in the file server antivirus market
Trendmicro Overview historically, on the consumer market in Europe, Trend Micro’s brand may not be so well known as a couple of the competitors but in the enterprise market and particularly the gateway and server segment, Trend Micro enjoys a leadership position in several different areas as shown here.
What’s even more impressive perhaps is that Trend Micro’s growth has been achieved through continuous innovation from within, rather than through acquisition.
historically, on the consumer market in Europe, Trend Micro’s brand may not be so well known as a couple of the competitors but in the enterprise market and particularly the gateway and server segment, Trend Micro enjoys a leadership position in several different areas as shown here.
What’s even more impressive perhaps is that Trend Micro’s growth has been achieved through continuous innovation from within, rather than through acquisition.
5. Trend Micro continues to innovate, introducing many “industry-firsts.”
Trend Micro pioneered the server-based, Internet security gateway, and email-server based antivirus solutions that have become widely accepted in the security industry today. Trend Micro then introduced Enterprise Protection Strategy, a whole new approach to the true impact of virus and other mixed-threats throughout the outbreak lifecycle. Trend Micro is the only company to back its response time to new virus threats with a service level agreement, introduced in 2002.
In 2003, Trend Micro introduced the first integrated spam prevention service at the Internet gateway.
Today, the company continues to change the way the industry thinks about security from viruses and other mixed-threats.
Trend Micro continues to innovate, introducing many “industry-firsts.”
Trend Micro pioneered the server-based, Internet security gateway, and email-server based antivirus solutions that have become widely accepted in the security industry today. Trend Micro then introduced Enterprise Protection Strategy, a whole new approach to the true impact of virus and other mixed-threats throughout the outbreak lifecycle. Trend Micro is the only company to back its response time to new virus threats with a service level agreement, introduced in 2002.
In 2003, Trend Micro introduced the first integrated spam prevention service at the Internet gateway.
Today, the company continues to change the way the industry thinks about security from viruses and other mixed-threats.
6. Threats Are Evolving But now we come to the hard facts !
The number of viruses are still rising steadily every year. This Malicious Code Growth graph shows the actual number of signatures that Trend Micro has to detect viruses. Even though 77,000 seems high, the actual number of virus is even higher than this.
Slammer: SQL worm – red alert; Love gate.J – blended threat – yellow alert; So big.E – blended threat – yellow alert; Deluder.A – yellow alert
McAlister.A – red alertBut now we come to the hard facts !
The number of viruses are still rising steadily every year. This Malicious Code Growth graph shows the actual number of signatures that Trend Micro has to detect viruses. Even though 77,000 seems high, the actual number of virus is even higher than this.
Slammer: SQL worm – red alert; Love gate.J – blended threat – yellow alert; So big.E – blended threat – yellow alert; Deluder.A – yellow alert
McAlister.A – red alert
7. Viruses and worms can infect millions in minutes without action by end users
Virus writers are becoming more creative and the damage from malware can soar into the billions (USD)
Infected emails may appear to come from legitimate sources
Differences between viruses, malware, spam, and spyware are blurring Threats Are Evolving The frequency and potential impact of outbreaks has increased dramatically. In the past used to take days or weeks for outbreaks to spread across the world, some of the latest outbreaks like SQL.Slammer or Sasser have reached millions of PC´s in 20 minutes. Today viruses are using vulnerabilities in operating systems or applications such as web browsers and email readers, they no longer require the end user to take any action
for it to propagate and attack.
Another trend is that the virus writers of today are no longer just the script-kiddies of a few years ago, today’s hackers or crackers include an criminal element with financial as well as anarchistic motives.
One example of this is a phenomenon known as “Phishing” in which people are tricked into providing personal or financial information to hackers posing as their financial institute or some other trusted source.
For most of us today spam is a major inconvenience, but for the spammers, it can be big business. It costs very little to send hundreds of millions of emails pushing some product or service so if just a fraction of a percent of recipients actually purchase something, the spammers can make big profits. Needless to say, wherever there is money to be made, considerable resource and creativity will be applied to it. The result is an arms race between the spammers and those, like Trend Micro creating antispam solutions. This is very similar to the situation for viruses and in some cases spammers and virus writers appear to be borrowing tricks from each other.
What this means is that the previously clear distinction between viruses and spam is now disappearing and should increasingly be regarded as a single problem.The frequency and potential impact of outbreaks has increased dramatically. In the past used to take days or weeks for outbreaks to spread across the world, some of the latest outbreaks like SQL.Slammer or Sasser have reached millions of PC´s in 20 minutes. Today viruses are using vulnerabilities in operating systems or applications such as web browsers and email readers, they no longer require the end user to take any action
for it to propagate and attack.
Another trend is that the virus writers of today are no longer just the script-kiddies of a few years ago, today’s hackers or crackers include an criminal element with financial as well as anarchistic motives.
One example of this is a phenomenon known as “Phishing” in which people are tricked into providing personal or financial information to hackers posing as their financial institute or some other trusted source.
For most of us today spam is a major inconvenience, but for the spammers, it can be big business. It costs very little to send hundreds of millions of emails pushing some product or service so if just a fraction of a percent of recipients actually purchase something, the spammers can make big profits. Needless to say, wherever there is money to be made, considerable resource and creativity will be applied to it. The result is an arms race between the spammers and those, like Trend Micro creating antispam solutions. This is very similar to the situation for viruses and in some cases spammers and virus writers appear to be borrowing tricks from each other.
What this means is that the previously clear distinction between viruses and spam is now disappearing and should increasingly be regarded as a single problem.
8. Viruses and worms continue to disrupt business
Day-zero attacks make current solutions less effective
Point technologies preserve clients, rather than network availability and enterprise continuity
Non-compliant servers and desktops are common, but difficult to detect and contain
Locating and isolating infected systems is time and resource intensive Problems with IT-Security Cisco and Trend Micro are committed to resolving the most important security issue facing our customers today – disruption of operations from viruses and worms. The damage caused by worms and viruses has demonstrated that existing operational and technical safeguards are not sufficient.
The latest spate of viruses – including Slammer, Blaster, NetSky and MyDoom – proved how vulnerable organizations are to having their business disrupted. Unlike their predecessors – Code Red, Nimda, SQL Slammer – these latest attacks have made organizations realize the importance of protecting their entire infrastructure, not just the edge of their networks. This is because they turned vulnerable desktops and laptops, not just servers, into disruptive agents within the organization’s local networks. The costs and process involved in fixing infected systems and containing outbreaks is severe, and the work is often laborious and manual.
This has caused many organizations to become more committed to addressing compliancy issues with systems accessing their networks – making sure they are running the right tools and have the proper security patches loaded. Non-compliant systems are frequent -- be it due to contractors, business partners, unmanaged devices, non-production devices, or a general lack of ability to ensure company image and update policies are followed – and are difficult, if not impossible, to identify and isolate.Cisco and Trend Micro are committed to resolving the most important security issue facing our customers today – disruption of operations from viruses and worms. The damage caused by worms and viruses has demonstrated that existing operational and technical safeguards are not sufficient.
The latest spate of viruses – including Slammer, Blaster, NetSky and MyDoom – proved how vulnerable organizations are to having their business disrupted. Unlike their predecessors – Code Red, Nimda, SQL Slammer – these latest attacks have made organizations realize the importance of protecting their entire infrastructure, not just the edge of their networks. This is because they turned vulnerable desktops and laptops, not just servers, into disruptive agents within the organization’s local networks. The costs and process involved in fixing infected systems and containing outbreaks is severe, and the work is often laborious and manual.
This has caused many organizations to become more committed to addressing compliancy issues with systems accessing their networks – making sure they are running the right tools and have the proper security patches loaded. Non-compliant systems are frequent -- be it due to contractors, business partners, unmanaged devices, non-production devices, or a general lack of ability to ensure company image and update policies are followed – and are difficult, if not impossible, to identify and isolate.
9. Challenge: - Networks are dynamic
10. Today`s situation
11. Today`s situation
12. Today`s situation
13. Today`s situation
14. Policy Enforcement
15. OfficeScan 7
16. Components of an OfficeScan network
using Cisco NAC
OfficeScan client with a Cisco Trust Agent (CTA) installed
Network access device (NAD)
Cisco Access Control Server (ACS)
Trend Micro Policy Server
OfficeScan server
Cisco NAC Overview
17. The following can be configured on OfficeScan management console:
Communication between the ACS & Policy Server
Client certificate
CTA deployment
OfficeScan Server
18. Responsible for evaluating client credentials against ACS
Available comparison criteria in rules
real-time scan ? enable/disable
engine version ? update to date/out of date
pattern ? version OR release date comparison
Available remediation actions
enable real-time scan
update now
cleanup now
cleanup now + scan now
notification msg
Policy Server
19. The TrendMicro Difference ? Integrated Security Enforcement through Cisco NAC
Trend Micro’s Solution:
Cisco NAC support includes Posture Plugin and Policy Server
Ability to deploy CTA
Posture can be validated from external Policy Server
Competitive Solutions:
Cisco NAC support includes only Posture Plugin
No CTA deployment capability
ACS can only do local policy validation But what makes trendmicro better then the other`s ? Because not only Trendmicro work`s with
Cisco togehter also our competition. Now read from the Slide.
Trendmicro is not only working with Cisco at NAC we are working on the whole SDN Vision that
Includes Switches, IPS-Blades the whole networkinfrastructure that can be protectet.
But what makes trendmicro better then the other`s ? Because not only Trendmicro work`s with
Cisco togehter also our competition. Now read from the Slide.
Trendmicro is not only working with Cisco at NAC we are working on the whole SDN Vision that
Includes Switches, IPS-Blades the whole networkinfrastructure that can be protectet.
