Security Market Segment LS
Tuesday, 05 March 2019 17:05

Time to review endpoint security: Trend Micro exec

By
Trend Micro global vice-president of market strategy Eric Skinner Trend Micro global vice-president of market strategy Eric Skinner

Changes in the threat landscape mean organisations should take a fresh look at their endpoint security measures, Trend Micro global vice-president of market strategy Eric Skinner has told iTWire.

Fileless malware represents "a rapid evolution in the threat landscape" and its incidence increased by 819% between August 2017 and December 2018, Skinner observed.

One reason for the rapid increase in fileless malware was because most organisations had managed to get ransomware under control, so "the attackers have shifted to something new".

The technique generally involves using legitimate software such as PowerShell to perform unauthorised actions on victim systems. This makes it effectively invisible to older types of endpoint security software, he said.

Endpoint security was a "sleepy space" around five years ago, he said, and some administrators had got into the habit of disabling the advanced features of their security software.

But simply scanning files is not going to be effective against fileless malware, so endpoint security software needs to look at the way the system is behaving. For example, is PowerShell being launched by another application? Is there an unusual pattern of memory activity?

This means administrators need to ensure that their incumbent security product is being used to its full potential, said Skinner, and to consider other options if they are using a product that isn't up to the job in 2019.

Email is currently the most common method of launching attacks, and while Trend Micro says the traditional shotgun approach (blasting an email to millions of addresses in the hope that even a small percentage of recipients will be taken in) is still in use and relatively easy to spot, carefully targeted emails are being used for spearphishing and BEC (business email compromise) attacks.

In both cases, the messages show a good command of English, address the recipient by name, and indicate a degree of research (eg, using information drawn from sites such as LinkedIn), Skinner said.

Around a year ago, Trend Micro introduced Writing Style DNA to help determine how likely it is that a particular email actually originated from the apparent sender.

More recently, it has begun rendering the destination pages of the links in an email and applying machine vision to the resulting image to help detect spoofed login pages designed to steal the victim's credentials (phishing). The advantage of this approach is that it doesn't require knowledge of domains used for phishing: if the page resembles (say) the Office 365 login page but isn't part of the relevant Microsoft domain(s), then it is highly suspicious.

Ideally, email-borne threats should be detected before they are delivered. But the growing tendency for people to work off-site (at clients' premises, at home or in cafes, for example) coupled with the use of personal email accounts, means that the software on the device must be kept up-to-date (or at least subject to virtual patching) and equipped with endpoint security software that is capable of detecting and blocking relevant threats when the organisation's servers and firewalls haven't had the opportunity to inspect the traffic.

"The endpoint has to defend itself," Skinner said.

Another consideration is the requirement to adequately report data breaches. While older endpoint products lack forensic capabilities, newer products incorporate (often as an optional extra) endpoint detection and response technology, providing customers with an investigative toolset that can, for example, show where malware came from, whether or not it was blocked before it could take any action, which files (if any) were accessed by the malware, and whether any data was exfiltrated.

In addition, Trend Micro offers managed EDR. Unlike incident response services, managed EDR is an ongoing service that reports any detected improper activity and identifies when data breaches have occurred.

Trend Micro's cloud-based platform uses a variety of techniques including machine learning to process telemetry data from customers' systems before bringing exceptions to the attention of the company's international team of security analysts. This scale and automation means the service is "eminently affordable", he said.

With all these issues in mind, it is really important that organisations refresh their approach to endpoint security, whether they choose to stay with their incumbent vendor or move to a new provider, Skinner said.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments