Security Market Segment LS
Tuesday, 05 March 2019 17:05

Time to review endpoint security: Trend Micro exec

Trend Micro global vice-president of market strategy Eric Skinner Trend Micro global vice-president of market strategy Eric Skinner

Changes in the threat landscape mean organisations should take a fresh look at their endpoint security measures, Trend Micro global vice-president of market strategy Eric Skinner has told iTWire.

Fileless malware represents "a rapid evolution in the threat landscape" and its incidence increased by 819% between August 2017 and December 2018, Skinner observed.

One reason for the rapid increase in fileless malware was because most organisations had managed to get ransomware under control, so "the attackers have shifted to something new".

The technique generally involves using legitimate software such as PowerShell to perform unauthorised actions on victim systems. This makes it effectively invisible to older types of endpoint security software, he said.

Endpoint security was a "sleepy space" around five years ago, he said, and some administrators had got into the habit of disabling the advanced features of their security software.

But simply scanning files is not going to be effective against fileless malware, so endpoint security software needs to look at the way the system is behaving. For example, is PowerShell being launched by another application? Is there an unusual pattern of memory activity?

This means administrators need to ensure that their incumbent security product is being used to its full potential, said Skinner, and to consider other options if they are using a product that isn't up to the job in 2019.

Email is currently the most common method of launching attacks, and while Trend Micro says the traditional shotgun approach (blasting an email to millions of addresses in the hope that even a small percentage of recipients will be taken in) is still in use and relatively easy to spot, carefully targeted emails are being used for spearphishing and BEC (business email compromise) attacks.

In both cases, the messages show a good command of English, address the recipient by name, and indicate a degree of research (eg, using information drawn from sites such as LinkedIn), Skinner said.

Around a year ago, Trend Micro introduced Writing Style DNA to help determine how likely it is that a particular email actually originated from the apparent sender.

More recently, it has begun rendering the destination pages of the links in an email and applying machine vision to the resulting image to help detect spoofed login pages designed to steal the victim's credentials (phishing). The advantage of this approach is that it doesn't require knowledge of domains used for phishing: if the page resembles (say) the Office 365 login page but isn't part of the relevant Microsoft domain(s), then it is highly suspicious.

Ideally, email-borne threats should be detected before they are delivered. But the growing tendency for people to work off-site (at clients' premises, at home or in cafes, for example) coupled with the use of personal email accounts, means that the software on the device must be kept up-to-date (or at least subject to virtual patching) and equipped with endpoint security software that is capable of detecting and blocking relevant threats when the organisation's servers and firewalls haven't had the opportunity to inspect the traffic.

"The endpoint has to defend itself," Skinner said.

Another consideration is the requirement to adequately report data breaches. While older endpoint products lack forensic capabilities, newer products incorporate (often as an optional extra) endpoint detection and response technology, providing customers with an investigative toolset that can, for example, show where malware came from, whether or not it was blocked before it could take any action, which files (if any) were accessed by the malware, and whether any data was exfiltrated.

In addition, Trend Micro offers managed EDR. Unlike incident response services, managed EDR is an ongoing service that reports any detected improper activity and identifies when data breaches have occurred.

Trend Micro's cloud-based platform uses a variety of techniques including machine learning to process telemetry data from customers' systems before bringing exceptions to the attention of the company's international team of security analysts. This scale and automation means the service is "eminently affordable", he said.

With all these issues in mind, it is really important that organisations refresh their approach to endpoint security, whether they choose to stay with their incumbent vendor or move to a new provider, Skinner said.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments