Continuous monitoring is not just a nice thing to have in today’s hostile threat landscape – it’s been at the heart of a White House initiative to harden the US government and its agencies from cyber attack since 2010. These attacks have become more successful, more sophisticated and better resourced than ever before. They may come from state-sponsored adversaries or financially motivated gangs. The solution had to be a radical change in the way we look at information security. Now government agencies and the system integrators (SI’s) they rely on to provide them with the right technology solutions need a trusted partner to go into battle with. Here’s why we think that partner should be Trend Micro.
As we discussed in the previous blog post, the five year Continuous Diagnostics and Monitoring (CDM) Program announced in January 2013 will see The Department for Homeland Security provide $6 billion to ensure continuous monitoring is implemented across all government agencies as a service. CMaaS will ensure the automated gathering, monitoring, analysis and correlation of enterprise security metrics on a continuous basis so agency technology and security leaders can maintain the integrity of their IT systems and gain the cyber situational awareness necessary to locate and drive out the bad guys from their networks.
The Trend Micro difference:
Trend Micro understands the importance of continuous monitoring. In fact, it’s at the heart of our comprehensive Deep Security platform which is listed as a key tool being offered on the BPA (Blanket Purchase Agreement). It helps secure organizations’ physical, virtual and cloud environments from data loss and business disruption. Couple this platform with our network-based APT-hunter Deep Discovery and you have a chance to change the equation on the attackers.
Trend Micro is committed to supporting the four key pillars of CMaaS – hardware, software, vulnerability, and configuration management – and in doing so, help government organizations gain visibility insight and control across all their cloud ecosystems. This includes providing file integrity monitoring technology, a key component of configuration management; virtual patching, deep packet inspection and agentless AV to boost vulnerability management efforts; and finally network detection and patching capabilities for better software asset management and endpoint security analysis.
In a bit more detail, here are some of the key challenges for government IT/security chiefs considering CMaaS and how can Trend Micro help:
- The challenge in detecting and deflecting threats today is overwhelming. Two new pieces of malware are created every second and, according to the US-CERT, a cyber intrusion occurred every 5 minutes in 2012. Faced with an enemy this formidable it’s vital to have a CMaaS system that leverages correlated threat intelligence to protect against “zero hour” attacks.
Deep Security and Deep Discovery are powered by Trend Micro’s Smart Protection Network, a comprehensive cloud-based threat protection system that mines more than 7TB of global threat data daily, from a worldwide sensor network of sandnets, submissions, feedback loops, web crawling technologies, customers, partners, and thousands of TrendLabs researchers. It uses big data analytics to correlate attack components, model cyber-criminal behavior and identify new threats for Trend Micro’s global Deep Security customers. It’s the best chance we have against the tsunami of zero day threats and targeted attacks facing government systems every day.
- Deep packet inspection and Host Intrusion Prevention Systems (HIPS) are another vital cog in a fully functioning CMaaS system. Deep Packet Inspection (DPI) is key to intrusion detection and prevention, especially in spotting those complex APT-style attacks which often go undetected. Host intrusion technologies, meanwhile, harness the notion of “self-defending assets” for greater protection, as opposed to traditional “outside in” approaches to security which are no longer effective. Virtualized environments present greater challenges for DPI/HIPS, as the technology needs to be able to analyze virtual switches used by hypervisors without sacrificing performance. Recommendation scans ensure the right rules and patches are implemented based on the profile of the system and its respective applications.
Deep Security’s DPI/HIPS technology is designed not only to inspect all traffic in virtual environments, which is key to preventing inter-VM attacks, but will also shield vulnerabilities in physical and virtual environments until they can be patched. This is a highly effective compensating control for keeping pace with the constant churn of critical patches needing to be applied against our operating systems and critical business applications. Virtual patching is especially important given that virtual machines often come online with little or outdated security protection and will be peace of mind considering the 72-hour patching window government agencies have for critical vulnerabilities. Deep Security’s agentless architecture also means none of the performance hits, such as AV storms, that can come from using traditional security solutions in virtual environments. System administrators and security operations staff can improve their approach to patch management while keeping critical business applications safe and online.
- Any effective CMaaS must also feature file integrity monitoring to analyze in real-time for any unauthorized changes. It’s important to choose a vendor which offers industry standard predefined rules to ensure continuous monitoring is effective and not generating needless noise. Again, in virtual environments performance can be an issue if non virtual-ready products are used.
Deep Security not only automatically monitors critical operating system and application files according to industry standard baselines but, in virtual environments, performs integrity monitoring at the hypervisor level to avoid performance hits and extend security and compliance.
- Log inspection is the final piece in the jigsaw puzzle, and, like integrity monitoring, a vital tool to combat covert targeted attacks on systems which have already breached the perimeter, perhaps thanks to a successful phishing email. The problem for the modern IT admin is the sheer volume of logs generated by a tidal wave of threats targeted especially at the web and application tiers, and the huge number of devices that need to be scanned for integrity.
Deep Security streamlines log inspection by unifying log collection, protection, and inspection/remediation capabilities in a single platform. This enables IT managers to carry out continuous monitoring efforts more efficiently, react to security events with greater agility and ultimately defend physical, virtual and cloud environments more effectively. It also allows for Security Information Event Management (SIEM) integration. Further validating it as a comprehensive threat mitigation solution.
An advanced persistent response
CMaaS is all about turning away from traditional perimeter-based approaches to security and focusing on a risk-based strategy in which on-going awareness of vulnerabilities and threats means we look inside our networks as well as correlating threat intelligence from outside. Only by doing this can government agencies gain the cyber situational awareness needed to plot an advanced persistent response to the avalanche of targeted attacks coming their way.
Designed with an open and scalable architecture in mind, Deep Security allows for interoperability and integration through our application programming interfaces and web services frameworks. This allows agencies and system integrators the opportunity to exchange information between ecosystems for improved detection, response and remediation.
With our Smart Protection Network-powered Deep Security and Deep Discovery line-up and 25 years of experience protecting our customers, we think Trend Micro is in the perfect position to help.
Click here to read Part 1, “CMaaS: the government fightback against modern cyber threats intensifies.”
Click here to read part 3 in our CMaaS series, “Continuous Monitoring: Next Steps to a Safer Future for Government Organizations.”