Trend Micro sets up forensic research lab

SECURITY solutions provider Trend Micro announced at the recent Cloudsec summit that it is bringing malware forensic and analysis capabilities to Singapore with the establishment of TrendLabs in the country.迷你倉出租The centre, Trend Micro's fourth in Asia, will provide round-the-clock threat surveillance, attack prevention and timely customised solutions delivery.Mobile malware, cross-platform attacks and more sophisticated threats that compromise legitimate Web browsers to steal data are key threat trends in 2013, according to Tom Kellermann, global vice-president of cyber security at Trend Micro.Trend Micro is a provider of security software and solutions.Mr Kellermann was speaking at the Cloudsec Congress 2013 in Singapore, where industry experts addressed a range of challenges and strategies in cyber-security. Attacks on industrial control systems (ICS) are also becoming mainstream, in large part due to some functions of these systems being migrated to Web-based, software-as-a-service-based or cloud-based operations.Trend Micro counts among its customers cloud service providers such as Amazon Web Services (AWS), Savvis, Singapore Telecommunications (SingTel) and StarHub. In Singapore, they also include organisations in the healthcare, government, education and manufacturing sectors."With targeted attacks, malware delivery is not the only goal. Instead, the end game is about establishing persistent foothold inside the network with the intent to steal data. Many organisations lack the skill sets or capacity, internally, to assess critical systems, to perform round-the-clock monitoring, and to respond to a breach," said Mr Kellermann.Mr Kellermann also cautioned that security is not just a question of isolating an organisation's own ecosystem and network from targeted attacks. Organisations need to ensure that their strategic partners or any party which has a direct pipe into their systems, with a VPN (virtual private network) connection, are just as secure. Otherwise, their partner's or even customer's hacked systems may be used to island hop into their own ecosystem.Cloud attacks are another rising security issue. While the cloud is better from a security perspective to prevent denial of service attacks, it is more easily infiltrated for advanced persistent threat (APT) attacks that cannot be detected with traditional security, said Mr Kellermann. In an APT, an unauthorised person gains access to a network and stays there undetected for a long period of time in order to steal data.In addition, many organisations are securing their cloud resources with the same security infrastructure that they use in the physical data centre 迷你倉nd this is causing problems, added Bill McGee, senior vice-president and general manager, cloud and data centre security, Trend Micro."In the cloud, 50 servers can be turned on right away. That's not something that really can happen in the physical world; it happens over the course of days or weeks. So the security infrastructure has to be dynamic enough to be able to deal with automatic policy assignment and context awareness. It could be the same machine with the same set of applications but where it's located makes a difference. You can't wait for a security administrator to take an action before the systems are protected. They have to be protected automatically," he explained.The need to fix this gap is critical especially as more and more data centres in South-east Asia are becoming virtualised or move to a public or hybrid cloud. According to Mr McGee, companies in Southeast Asia are expected to move towards a hybrid cloud model in 2014.To this end, Trend Micro released Deep Security 9, the latest version of its server and data security solution, last month in Asia-Pacific. The solution provides server, application and data security across physical, virtual and cloud environments.Tightly integrated modules easily expand to offer anti-malware, integrity monitoring, intrusion detection and prevention, Web application control, firewall and log inspection. Deep Security's agentless approach also enables the time spent on administration and installation to be significantly reduced.Trend Micro is partnering e-Cop, a managed security services provider headquartered in Singapore, to offer Trend Micro Custom Defence Services to customers across Asia-Pacific.The services include health checks of critical systems and network traffic for malicious activities, advisory services to keep security plans up-to-date, round-the-clock remote monitoring and alert services to augment day-to-day security operations, on-site breach investigations, cleaning up of compromised systems and development of customised signatures based on malicious files collected."The area of custom defence is still more focused on the human environment. What we've learnt as a security industry is that we can't protect everything, we can't block everything. And the challenge of blocking is that a false positive is very expensive for a customer," added Mr McGee."With deeper analysis, we don't have to initially block the attack. But we can contain it, give visibility that maybe one machine has been affected but then other machines are not. That's where virtualisation also helps in making security remediation much easier than it was in the physical world," he opined.儲存倉