We value continuous dialog with our customers very highly at Trend Micro. It can provide some great insight into the real world security challenges facing IT leaders all over North America and beyond. At IBM InterConnect this week we’re sharing one such customer story: the University of New Brunswick (UNB).
It’s a great example of the tireless effort we go to working with our partners and customers to enhance threat protection. And it highlights how organizations faced with similar challenges to UNB as it moves to a hybrid cloud environment can reap real benefits by teaming up with collaborative industry leaders like Trend Micro.
A tempting target
Founded in 1785, New Brunswick University is the oldest English-language public university in Canada. With over 14,000 students, faculty and staff spread out over four campuses, it’s a tempting target for cybercriminals keen to tap sensitive personal information for follow-up ID fraud; steal confidential IP; or take over the infrastructure to attack others. The university records a staggering 83 attempts per second to break into its network, and 300 “significant” security issues each year. Some 80 computers are infected with serious malware each month.
IT leaders are forced to respond to these increasingly targeted attacks, which are growing in sophistication all the time, with the same or fewer resources. And all this as the IT environment grows in complexity with UNB moving to a hybrid cloud set-up. The university has already deployed Office365 for students and there are more plans in the pipeline including the sale of IaaS and PaaS services to other institutions.
Hybrid cloud is increasingly the IT infrastructure of choice for IT managers. But it can add unwelcome complexity into the security environment which cybercriminals are keen to exploit. Try to apply traditional physical security solutions here and you run the risk of severe system performance issues. There are also potential security “instant-on” gaps which can arise when either new VMs or existing ‘dormant’ virtual machines come online without updated protection. And managing multiple environments and security tools with different interfaces can be a logistical nightmare.
The only way for organizations running hybrid environments to mitigate these and the specific risks associated with targeted attacks is layered protection: of servers, networks and users. In the server sphere Trend Micro was recently voted the market leader by IDC for the sixth straight year. Our flagship Deep Security platform features a comprehensive range of security functionality suitable for physical, virtual and hybrid cloud environments, all manageable from a single interface and designed to protect against things like instant-on gaps without any degradation in performance.
When it comes to those targeted attacks, we offer Deep Discovery. It’s what UNB decided to bring in as part of a revamped security architecture designed to integrate NAC, next gen firewall, SIEM, anti-malware and more. The idea was to create a “digital immune system” to automate threat detection, prevention, and remediation. The combination of Deep Discovery and IBM’s QRadar SIEM solution has helped to do just this. Trend Micro’s APT-hunter tool uses Smart Protection Network-powered threat intelligence, advanced sandboxing and other engines to detect targeted attacks that are otherwise invisible, and deliver that actionable insight into the SIEM tool.
QRadar then assesses these threats and correlates with other contextual data before remediation, containment and threat prevention.
It’s a marriage made in heaven. Deep Discovery provides network-wide visibility across all ports and 100+ protocols. And then any alerts show up in the QRadar offence dashboard, which can be configured to create email alerts so that it becomes part of the security team workflow. The partnership is already bearing fruit: Deep Discovery performed more than 13,000 automated threat analyses in one 30-day period alone, identifying around 4.25% of analyzed traffic as malicious. That’s a time saving of 2,100 hours compared to manual analysis.