Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Transcription

1 Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond

2 Too many malware incidents

3 >90% Targeted Attacks Start with Attackers: Target specific companies or individuals Research targets to craft convincing s >90% used attachments vs. URLs 80% of malware is used only once Copyright 2014 Trend Micro Inc. 3

4 Ransomware Invades Business 100% YoY increase Copyright 2015 Trend Micro Inc. 4

5 Attachments Cloud Sharing Copyright 2015 Trend Micro Inc. 5

6 Before Cloud Apps Network boundary Most components are inside network boundary Can add layered protection including endpoint, SharePoint, DLP, gateways, sandboxing

7 Endpoints are frequently outside the corporate network and documents move to the cloud, gateways can t see them

8 An attacker sends a zero-day infected PDF to a remote employee s personal

9 The employee uploads to Office 365 Another employee sees the PDF and downloads it

10 And this employee sends the PDF to a customer Customer

11 Copyright 2015 Trend Micro Inc. 11 Introducing Trend Micro Cloud App Security FOR OFFICE 365

12 Trend Micro Cloud App Security Trend Micro Cloud App Security Direct cloud-to-cloud integration Advanced Threat Detection Finds zero-day and hidden threats Sandbox file analysis in the cloud True filetype blocking Web reputation for URL s w/in s and files DLP Discovery and visibility into confidential data usage 240 customizable templates Copyright 2015 Trend Micro Inc. 12

13 2 Minute Demo Video Now let s look at how Cloud App Security protects against this scenario: Copyright 2015 Trend Micro Inc. 13

14 Better Protection, Easier setup, and Higher Availability than a SaaS Gateway Redirect with MX-Record SaaS Gateway Security Products Single point of failure API Trend Micro Cloud App Security (inbound) (inbound+internal) Copyright 2015 Trend Micro Inc. 14

15 Challenges of Scanning Files and while in Transit for Malware Typical AV scanning Scan engines look for executable code 1 Malware engines update hourly 1 Challenge Criminals hide malware inside PDF, Word, and other office documents 2 12,500 new unique threats discovered every hour 2 Sources: 1. Exchange Online Antimalware FAQ, 4/28/ Trend Micro Targeted Attack Trends, 2014 Annual Report, 4/14/2015 Copyright 2015 Trend Micro Inc. 15

16 Office file types: frequent attack vectors 60% Source: TrendLabs 2014 Targeted Attack Campaign Report Copyright 2015 Trend Micro Inc. 16

17 Find Hidden and Zero Day Threats Document Exploit Detection Parses documents to look for attempts to exploit an application Known exploits identified for deletion/quarantine Files with suspect exploits sent to sandbox for behavioral analysis Key technology in helping Trend Micro discover more vulnerabilities in 1H 2015 than all other security vendors combined Copyright 2015 Trend Micro Inc. 17

18 2 Challenges with Scanning Files and while in Transit for Malware Typical AV scanning Scan engines look for executable code 1 Malware engines update hourly 1 Challenge In 60% attacks, criminals hid malware inside PDF, Word, and other office documents 2 12,500 new unique threats discovered every hour 2 Sources: 1. Exchange Online Antimalware FAQ, 4/28/ Trend Micro Targeted Attack Trends, 2014 Annual Report, 4/14/2015 Copyright 2015 Trend Micro Inc. 18

19 Find Hidden and Zero Day Malware Dynamic Sandbox Malware Analysis versus Static technique: Checking fingerprints for known bad criminals (similar to antimalware scanning) Dynamic technique: Observing criminal behavior with a surveillance camera (similar to virtual sandbox analysis) Copyright 2015 Trend Micro Inc. 19

20 Find Hidden and Zero Day Malware Dynamic Sandbox Analysis Leverages technology from Trend Micro Deep Discovery: Copyright 2015 Trend Micro Inc. 20

21 Cloud App Security Threat Detection API antispam antimalware https URL scan Doc exploit scan / File risk assessment Suspicious Files (~2%) https Sandbox Analysis Microsoft Office 365 Microsoft Azure DC Trend Micro DC Trend Micro Cloud App Security No /files stored Quarantines located in Office 365 All communications encrypted Copyright 2015 Trend Micro Inc. 21

22 Complimenting Office 365 s Built in Security for Better Overall Protection Antispam Office 365 includes Trend Micro Cloud App Security Adds Antimalware Document exploit detection to find malware hidden in office files Risk-based sandbox behavioral analysis of suspicious files/attachments to detect zero day malware URL scanning within attachments/shared files DLP for , OneDrive for Business, SharePoint Online E3 plan only Copyright 2015 Trend Micro Inc. 22

23 Complementing Office 365 s Built in Security for Better Overall Protection Office 365 built in security blocks known threats Trend Micro Cloud App Security finds hidden and unknown threats Copyright 2015 Trend Micro Inc. 23

24 Why Trend Micro for Office 365 Security? Control & Protection Advanced protection for Office 365 , SharePoint, OneDrive Leverages top rated Deep Discovery detection technology Trusted Security Vendor 26 years focused on security, now largest pure-play Trusted by 48 of top 50 global corporations Microsoft Gold Partner for 20 years Cloud Scale 10 years offering cloud services Direct cloud-to-cloud integration offers high performance and usability Copyright 2015 Trend Micro Inc. 24

25 GLOBAL SENSOR NETWORK Collects more threat information in more places 100s of millions of sensors 16B threat queries daily Files, IPs, URLs, mobile apps, vulnerabilities, and more Global Threat Intelligence Copyright 2015 Trend Micro Inc.

26 GLOBAL SENSOR NETWORK Collects more threat information in more places 100s of millions of sensors 16B threat queries daily Files, IPs, URLs, mobile apps, vulnerabilities, and more Copyright 2015 Trend Micro Inc.

27 GLOBAL SENSOR NETWORK Collects more threat information in more places GLOBAL THREAT INTELLIGENCE Accurately analyzes and identifies threats faster 100TB analyzed daily 500K new threats identified daily 50x faster time-to-protect than average* 100s of millions of sensors 16B threat queries daily Files, IPs, URLs, mobile apps, vulnerabilities, and more Copyright 2015 Trend Micro Inc. *NSS Labs Consumer EPP 2014 Test

28 GLOBAL SENSOR NETWORK Collects more threat information in more places 100s of millions of sensors 16B threat queries daily Files, IPs, URLs, mobile apps, vulnerabilities, and more GLOBAL THREAT INTELLIGENCE Accurately analyzes and identifies threats faster 100TB analyzed daily 500K new threats identified daily 50x faster time-to-protect than average* PROACTIVE PROTECTION Blocks new threats sooner 250M threats blocked daily 500,000+ business Millions of individuals and families Copyright 2015 Trend Micro Inc. *NSS Labs Consumer EPP 2014 Test

29 Global CLOSER TO THE SOURCE OF THREATS Real-time IDENTIFIES NEW THREATS FASTER Correlated IDENTIFIES ALL COMPONENTS OF AN ATTACK Proactive BLOCKS THREATS AT THEIR SOURCE Copyright 2015 Trend Micro Inc.

30 Cloud App Security for Office 365 Advanced Threat Protection and Data Loss Prevention Cloud-based sandbox malware analysis Anti-Malware, Web Reputation, File/Attachment Blocking Data Loss Prevention User/Group-Based Policy and Visibility Trend Customer License Portal (CLP) integration Trend License Management Portal (LMP) integration Hosted on both US and EU data center Copyright 2014 Trend Micro Inc.

31 Trend Micro Cloud App Security June 2015 Q Copyright 2015 Trend Micro Inc. 31

32 How is it different from Microsoft s new Advanced Threat Protection for ? Cloud App Security sandboxing since 2012 Protects Exchange Online plus SharePoint Online and OneDrive for Business Avoids unnecessary delays Risk assessment before sandboxing Efficient sandbox technology Copyright 2015 Trend Micro Inc. 32

33 Cloud App Security s DLP Functionality 240 built in templates which can be customized Import, create your own templates Q4 15 DLP policy and visibility integration with Trend Micro Control Manager Exchange Online SharePoint Online OneDrive for Business Discovery (manual scan of database) Visibility / Reporting Control blocking/quarantine Not available* * in-line blocking of outbound DLP violations is not available due to a limit of the API Copyright 2015 Trend Micro Inc. 33

34 Cloud App Security Service Delivery SLA Commitment: 99.9% Datacenter locations: Cloud App Security US: Microsoft Azure California EMEA: Microsoft Azure Netherlands (does not fail over to US) Sandboxing service (<3% of files): US: Trend Micro US (San Jose) EMEA: Trend Micro Germany (Munich) US and EMEA sites are not interconnected No /files stored by Trend Micro Quarantines are located within Office 365 All communications encrypted https Copyright 2015 Trend Micro Inc. 34

35 Product Screenshots Copyright 2015 Trend Micro Inc. 35

36 Advanced Threat Protection Policy Overview Copyright 2015 Trend Micro Inc. 36

37 Threat Policy: Malware Scan Copyright 2015 Trend Micro Inc. 37

38 Threat Policy: File blocking Copyright 2015 Trend Micro Inc. 38

39 Threat Policy: Web Reputation Checks URLs inside body + attachments Copyright 2015 Trend Micro Inc. 39

40 Threat Policy: Virtual Analyzer (sandbox) Copyright 2015 Trend Micro Inc. 40

41 Threat: Share C&C Block List Virtual analyzer will capture information on malware attempts to phone home to an attacker s Command & Control (C&C) server. Download the block list to share with network security Copyright 2015 Trend Micro Inc. 41

42 Threat Policy: Manual Scan Copyright 2015 Trend Micro Inc. 42

43 DLP Policy: Overview Copyright 2015 Trend Micro Inc. 43

44 DLP Policy: Select Targets Copyright 2015 Trend Micro Inc. 44

45 DLP Policy: Select Compliance Template Copyright 2015 Trend Micro Inc. 45

46 DLP Policy: Import Custom Templates Copyright 2015 Trend Micro Inc. 46

47 DLP Policy: Admin / User Notification Copyright 2015 Trend Micro Inc. 47

48 Deploying Cloud App Security Copyright 2015 Trend Micro Inc. 48

49 Deploying Cloud App Security Automatically creates delegated admin accounts Copyright 2015 Trend Micro Inc. 49

50 Deploying Cloud App Security Automatically creates delegated admin accounts Copyright 2015 Trend Micro Inc. 50