Security Market Segment LS
Tuesday, 05 March 2019 17:05

Time to review endpoint security: Trend Micro exec

By
Trend Micro global vice-president of market strategy Eric Skinner Trend Micro global vice-president of market strategy Eric Skinner

Changes in the threat landscape mean organisations should take a fresh look at their endpoint security measures, Trend Micro global vice-president of market strategy Eric Skinner has told iTWire.

Fileless malware represents "a rapid evolution in the threat landscape" and its incidence increased by 819% between August 2017 and December 2018, Skinner observed.

One reason for the rapid increase in fileless malware was because most organisations had managed to get ransomware under control, so "the attackers have shifted to something new".

The technique generally involves using legitimate software such as PowerShell to perform unauthorised actions on victim systems. This makes it effectively invisible to older types of endpoint security software, he said.

Endpoint security was a "sleepy space" around five years ago, he said, and some administrators had got into the habit of disabling the advanced features of their security software.

But simply scanning files is not going to be effective against fileless malware, so endpoint security software needs to look at the way the system is behaving. For example, is PowerShell being launched by another application? Is there an unusual pattern of memory activity?

This means administrators need to ensure that their incumbent security product is being used to its full potential, said Skinner, and to consider other options if they are using a product that isn't up to the job in 2019.

Email is currently the most common method of launching attacks, and while Trend Micro says the traditional shotgun approach (blasting an email to millions of addresses in the hope that even a small percentage of recipients will be taken in) is still in use and relatively easy to spot, carefully targeted emails are being used for spearphishing and BEC (business email compromise) attacks.

In both cases, the messages show a good command of English, address the recipient by name, and indicate a degree of research (eg, using information drawn from sites such as LinkedIn), Skinner said.

Around a year ago, Trend Micro introduced Writing Style DNA to help determine how likely it is that a particular email actually originated from the apparent sender.

More recently, it has begun rendering the destination pages of the links in an email and applying machine vision to the resulting image to help detect spoofed login pages designed to steal the victim's credentials (phishing). The advantage of this approach is that it doesn't require knowledge of domains used for phishing: if the page resembles (say) the Office 365 login page but isn't part of the relevant Microsoft domain(s), then it is highly suspicious.

Ideally, email-borne threats should be detected before they are delivered. But the growing tendency for people to work off-site (at clients' premises, at home or in cafes, for example) coupled with the use of personal email accounts, means that the software on the device must be kept up-to-date (or at least subject to virtual patching) and equipped with endpoint security software that is capable of detecting and blocking relevant threats when the organisation's servers and firewalls haven't had the opportunity to inspect the traffic.

"The endpoint has to defend itself," Skinner said.

Another consideration is the requirement to adequately report data breaches. While older endpoint products lack forensic capabilities, newer products incorporate (often as an optional extra) endpoint detection and response technology, providing customers with an investigative toolset that can, for example, show where malware came from, whether or not it was blocked before it could take any action, which files (if any) were accessed by the malware, and whether any data was exfiltrated.

In addition, Trend Micro offers managed EDR. Unlike incident response services, managed EDR is an ongoing service that reports any detected improper activity and identifies when data breaches have occurred.

Trend Micro's cloud-based platform uses a variety of techniques including machine learning to process telemetry data from customers' systems before bringing exceptions to the attention of the company's international team of security analysts. This scale and automation means the service is "eminently affordable", he said.

With all these issues in mind, it is really important that organisations refresh their approach to endpoint security, whether they choose to stay with their incumbent vendor or move to a new provider, Skinner said.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments