Workshop Trend Micro

Assurez une protection 360° de
votre système d’information
Ramzi MOKADDEM
RFC – Directeur de Projets
Aymen MAMI
RFC – Consultant avant-vente
Mohamed BENNOUR
Config – Sales Director
Tarek BEN KHALFALLAH
Config – Consultant avant-vente
Lotfi FAIK
Trend Micro – Regional
Sales Manager NW Africa

Agenda le mardi 31 octobre 2017
à l’hôtel concorde les berges du lac
AU PROGRAMME :
-De 8H 15 à 9H 15 : ACCUEIL DES INVITES ET PETIT-DEJEUNER
-De 9h15 à 9h45 : Présentation RFC et CONFIG
-De 9h45 à 10h : Présentation générale Trend Micro ( Lotfi Faik )
-De 10h à 10h20 : Solution antivirale + Témoignage GEANT
-De 10h20 à 10h35 : Solution de détection et prévention des intrusions
-De 10h:35 à 10h55: Solution antispam + Témoignage MG
-DE 11h00 A 11H 10 PAUSE-CAFE
-De 11h10 à 11h:30 : Solution antispam (suite) + Témoignage TOYOTA
- De 11h30 à 11h45 : Solution de gestion et sécurisation de flotte mobile
- De 11h:45 à 12h : Solution de filtrage Web
- De 12h00 à 12h15 : Présentation Smart Protection Suite + Témoignage BTK
- De 12H30 à 13H30 : Cocktail déjeunatoire

Ramzi MOKADDEM
Directeur des projets
ramzim@rfc.com.tn
Vous accompagner dans votre
Transformation Numérique !
WWW.RFC.COM.TN
WWW.RFC.COM.TN
Présentation de RFC

Notre Activité
Consulting Formation
Réalisation de
Projets
Assistance &
Support
Service global
de la stratégie à
l'implémentation
technologique au
support
Activité
Commerciale
WWW.RFC.COM.TN
WWW.RFC.COM.TN

De solides partenariats
technologiques
Nos Partenaires

Nos Clients sous contact (Finance)

Nos Clients sous contact (Industrie et ressources naturelles)

Nos Clients sous contact (Commerce et Distribution)

Nos Clients sous contacts (Service)

Et plein d’autres clients…

Présentation Config
SOLUTION IT – SERVICES – FORMATION Mohamed BENNOUR

Notre métier
Fondé en 1981.
Acteur majeur dans la distribution de solutions IT.
Veille technologique permanente avec les éditeurs et constructeurs.
Offre de solutions complètes.
Un modèle de vente exclusivement indirect.
Une équipe d’ingénieurs et consultants qui vous accompagne.
Centre de formation agréé et certifiant – ATC.
27/02/2
017
©
CONFIG
1
2

Quelques chiffres
30,5 M€ -‐CA 2016.
24 éditeurs et constructeurs partenaires.
800 revendeurs dont 50% en France et 50 % à l’export: Vars, intégrateurs, SSUU spécialisés dans
la sécurité, Opérateurs, Xsp.
27/02/2
017
©
CONFIG
1
3

Equipe Config
80 collaborateurs répartis sur 6 pays et 2 continents.
Config France (Siège social)
32 rue de Cambrai
75019 Paris
www.config.fr
Config Algérie
Lotissement C Extension
Villa N°109 Draria
16003 Alger
Config Maroc
2 rue Brahim Ibnou Adham Mâarif
20100 Casablanca
www.config.ma
Config Tunisie
5 rue Fatma Fehria
1085Mutuelleville
www.config.tn
Config Suisse
Rue du Temple2
2072 St Blaise
www.config-‐it.ch
Config Afrique
Subsaharienne
Xp-‐sales@config.fr27/02/2
017
©
CONFIG
1
4

Un CA en progression
27/02/2
017
©
CONFIG
1
5

Une solution pour chaque environnement
FormationATC
Support et
transfert de
compétences
Réseaux
Radio
Vidéo
Sécurité IT
Système
Stockage
27/02/2
017
©
CONFIG
1
6

Trend Micro
Experienced, Innovative, Market Leader
Lotfi FAIK
Trend Micro Regional Sales Manager – North West Africa

Copyright 2017 Trend Micro Inc.19
Trend Micro
 29 years focused on security software
 Headquartered in Japan, Tokyo Exchange Nikkei Index (4704)
 Annual sales over $1B US
 Customers include 45 of top 50 global corporations
 5500+ employees in over 50 countries
500k commercial customers &
250M+ endpoints protected
Small
Business
Midsize
Business
Enterprise
Consume
r
Consumers

Q2 2017 Financial Highlights
INCOME STATEMENT BILLION ¥ YoY
Net Sales 35.388 +9 %
Operating Income 7.565 +4 %
Trend Micro IR data, August 2017
% YoY
Operating Margin 21% -4.5 %
¥ YoY
EPS 43.31 +25 %

Growth in Americas
Americas
29%
EMEA
16%
APAC
55%Americas
22%
EMEA
18%
APAC
60%
Source: Trend Micro IR data
FY-2016
FY-2012
41%
growth
Q2-17
APAC 54%
EMEA 15%
Americas 31%

Growth in Commercial Business
37%
Consumer
63%
Commercial
Consumer
27%
Commercial
73%
Source: Trend Micro IR data
FY-2016
FY-2012
29%
Consumer
71%
Commercial
Q2-17
Consumer 27%
Commercial 73%
41%
growth

LAN
Server
Security
1995 2000 2005 201520101990
LAN Server
Security
Leading
Consumer
Anti-Virus
MSN Hotmail
Protection
Gateway
Security
Integrated
Virtualization
Security
Cloud
Computing
Security
Advanced
Threat
Detection
Network
DefenseSmart
Protection
Network
29 Years of Innovation

Cloud and
Virtualization
Consumerization
Complex
Networks
Threats getting through
Broader attack surface
Limited visibility
Stealthier attacks
Many points to protect
High throughputStrong protection with
ability to audit
Performance
Operational efficiency

Cloud and
Virtualization
Consumerization
Complex
Networks

Application
Control
Behavioral
Analysis
Response &
Containment
Intrusion
Prevention
Machine
Learning
Sandbox
Analysis
Integrity
Monitoring
Anti-Malware &
Content Filtering
SMART
Maximizes protection

Application
Control
Behavioral
Analysis
Response &
Containment
Intrusion
Prevention
Machine
Learning
Sandbox
Analysis
Integrity
Monitoring
Anti-Malware &
Content Filtering
Application
Control
Behavioral
Analysis
Response &
Containment
Intrusion
Prevention
Machine
Learning
Sandbox
Analysis
Integrity
Monitoring
Anti-Malware &
Content Filtering
Application
Control
Behavioral
Analysis
Response &
Containment
Intrusion
Prevention
Machine
Learning
Sandbox
Analysis
Integrity
Monitoring
Anti-Malware &
Content Filtering
OPTIMIZED
Minimizes IT impact

CONNECTED
Speeds time to protect,
detect and respond

Safe files &
actions allowed
Investigation & Response
Custom Sandbox Analysis
Intrusion Prevention (IPS) & Firewall
Early Zero-Day Protection
Exploit Prevention & File/Web Reputation
Variant Protection
Application Control
Integrity Monitoring
Pre-execution Machine Learning
Behavioral Analysis
Runtime Machine Learning
Network Content Correlation
Malicious files &
actions blocked
SMART: Right Technique at the Right Time
LEGEND
Known
Good Data
Known
Bad Data
Unknown
Data
Noise
Cancellation

Market Leadership Position
The market leader
in server security
for the 7th straight year
Highest and Furthest to the Right in
the Leader’s Quadrant in the Gartner
Magic Quadrant for Endpoint
Protection Platforms, Jan 2017
#1 in protection and performance
• Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud Has
Transformed the Datacenter, January 2017 #US41867116
• NSS Labs Breach Detection Test Results (2014-2016);
NSS NGIPS Test Results, 2016
• http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
• https://resources.trendmicro.com/Gartner-Magic-Quadrant-
Endpoints.html
• av-test.org (Jan 2014 to Dec 2016)
Recommended Breach Detection System
for 3 straight years, and
Recommended Next-generation IPS
Leader in Gartner Magic Quadrant for
Intrusion Detection and Prevention
Systems, January 2017

Tarek Ben Khalfallah
Senior Presales Engineer
XGen Endpoint Security
OfficeScan XG

 29 ans d’activité dans la sécurité informatique
 Siège social à Tokyo au Japon
 Cotation au Nikkei
 Chiffre d’affaire 2016: 1,3 Mrd $
 + de 5200 employées, présent dans 50 pays dans le monde
 Protège 48 du top 50 des société mondiales
+ 500k clients &
+ 155M postes protégés TPE et PME
Moyennes
Entreprises
Grandes
Entreprises
Consume
r
Particuliers
Société Trend Micro
Un Leader dans la fourniture de solutions globales de sécurité

1996:
Sécurité des
passerelles1995:
Sécurité des
serveurs LAN
2010:
Intégration de la
virtualisation
2015:
Défense
interconnectée
2008:
Réputation
2012:
Défense
personnalisée
(Sandboxing)
2016:
XGen
Trend Micro
29 ans d’innovation

TMCM
PORTFOLIO TREND MICRO
Portable SecuritySafe Lock
PROTECTION DES SYSTÈMES
DE CONTRÔLE INDUSTRIEL (ICS)
PROTECTION
DES PASSERELLES
IMSVA
HES
IWSVA
IWSaaS
PROTECTION DES ENDPOINT
TMMSOfficeScan TMSM
TMEAC
TMVPData Protection
USB / DLP
TMEE
ServerProtect
For Storage
Deep Security
Deep Discovery
Email Inspector
Deep Discovery
Inspector
Deep Discovery
Analyzer
Endpoint
Sensor
TippingPoint
IPS
PROTECTION CONTRE LES
MENACES AVANCÉES
Deep Security
as a Service
PROTECTION DE LA MESSAGERIE & COLLABORATIF
PortalProtect
for Ms SharePoint
ScanMail
Exch. / Lotus
IM Security
for Lync/Skype
PROTECTION DES DATACENTER ET DU CLOUD
Cloud App
Security
PROTECTION DU SaaS

TMCM
PROTECTION
DES PASSERELLES
IMSVA
HES
IWSVA
IWSaaS
TMMSOfficeScan TMSM
TMEAC
TMVPData Protection
USB / DLP
TMEE
ServerProtect
For Storage
Deep Security
Deep Discovery
Email Inspector
Deep Discovery
Inspector
Deep Discovery
Analyzer
Endpoint
Sensor
TippingPoint
IPS
MENACES AVANCÉES
Deep Security
as a Service
PortalProtect
for Ms SharePoint
ScanMail
Exch. / Lotus
IM Security
for Lync/Skype
Cloud App
Security
PROTECTION DU SaaS

TMCM
PROTECTION
DES PASSERELLES
IMSVA
HES
IWSVA
IWSaaS
TMMSOfficeScan
Cloud App
Security
TMSM
TMEAC
TMVPData Protection
USB / DLP
TMEE
ServerProtect
For Storage
Deep Security
Deep Discovery
Email Inspector
Deep Discovery
Inspector
Deep Discovery
Analyzer
Endpoint
Sensor
TippingPoint
IPS
MENACES AVANCÉES
Deep Security
as a Service
PortalProtect
for Ms SharePoint
ScanMail
Exch. / Lotus
IM Security
for Lync/Skype
PROTECTION DU SaaS

Forrester Wave: Endpoint
Security Suites, Q4 ’16
The Forrester Wave™ is copyrighted by Forrester Research, Inc.
Forrester and Forrester Wave™ are trademarks of Forrester
Research, Inc. The Forrester Wave™ is a graphical representation
of Forrester's call on a market and is plotted using a detailed
spreadsheet with exposed scores, weightings, and comments.
Forrester does not endorse any vendor, product, or service
depicted in the Forrester Wave. Information is based on best
available resources. Opinions reflect judgment at the time and
are subject to change.

La protection des Endpoint
XGenTM ENDPOINT SECURITY SUITES

Combinaison de protection multi-
génération pour contrer les
menaces
S’appuie sur notre connaissance
globale des menaces
(Smart Protection Network)
Applique intelligemment la bonne
technique au bon endroitGen
TM

XGenTM Endpoint Security
Protection Maximale
Combinaison de
protection multi-
génération
Partenaire de sécurité
reconnus
Une réponse innovante
et adaptée à l'évolution
du paysage des menaces
Impact Minimal
Visibilité & contrôle
Centralisée, fable taux
de faux positifs et
technique efficace
contre les menaces

Il n’y a pas de solution miracle
“L'histoire a clairement montré qu'aucune approche unique ne sera réussie pour
contrecarrer tous les types d'attaques de logiciels malveillants. Les organisations
et les fournisseurs de solutions doivent utiliser une approche adaptative et
stratégique pour la protection contre les logiciels malveillants.”
- Gartner EPP Magic Quadrant 2016

Technique de protection: Les + & les -
Les + Les -
Antivirus par signature Très haute performance Manque des menaces inconnues
Protection web Bloque les sites web & les contenus
malveillants sur les sites
Fonctionne seulement sur le web
Analyse comportementale Reconnaît le comportement Consommateur de CPU
Blocage des vulnérabilités Bloque les vulnérabilités que les
utilisent des failles
Ne peut pas bloquer les menaces qui n’utilisent
pas des failles des applications/OS
Liste blanche d’application Bloques toutes les applications non
connues
Bloque seulement les EXEs
Investigation / Forensics
(EDR)
Historique des attaques & étendu des
infections
Analyse à postériori. Ne bloque pas pro-
activement les programmes malveillants.
Machine Learning –
pré-exécution
Fichiers EXE (PE) Taux de faux positif élevé, à besoin d’être
entrainer avec des fichiers spécifiques
Machine Learning - exécution Reconnaît le comportement Taux de faux positif élevé
Sandboxing Dissection complète du fichier Analyse asynchrone, technique d’évasion

En détail …
Copyright 2017 Trend Micro Inc.

SONDES RESEAUX
GLOBALES
• + 150M de sondes dans le monde
(n’inclut pas les 2Mrd de
Facebook et Twitter)
• 16Mrd de requêtes par jour
• Fichiers, IPs, URLs, Mobile Apps,
vulnérabilités, GRID, Census…
Smart Protection Network
Intelligence globale des menaces depuis 2006
• +100TB de données analysées par
jour
• +500,000 nouvelles menaces
identifiées par jour
• Vitesse de protection 50x +
rapide que la moyenne
TRAITEMENT DES
INFORMATIONS
• +250M de menaces bloquées
chaque jour
• + 500,000 clients entreprises
• Des millions d’individus et de
familles
PARTAGE DES
NOUVELLES MENACES

Protection Web
Réputation Web et protection des navigateurs

• Réputation Web
– Bloque l’accès aux URL/IP utilisées lors des phases
d’infection
– Blocage réseau (proxy transparent) non lié à un navigateur.
– Inclus tous types de trafic Web y compris les communication
C&C, les exfiltrations d’informations et le trafic HTTPS
• Protection des navigateurs
– Sécurise les utilisateurs et les Endpoints
– Technologie Zero-day, pas de mise à jour nécessaire
• Utilise de multiples techniques d’analyses heuristiques pour détecter
l’exploitation de codes
– Protège pro-activement les vulnérabilités des navigateurs
Ce site est il réel ? Est-il compromis ?
Réputation Web et protection des
navigateurs

• Base de données mondiale couvrant 98% du trafic
– 83 catégories
– 39 langages
• Catégorisation malware avancée :
– Ramsomware, Disease Vector, Malware Accomplice, phishing…
• Score de réputation
– Bas, moyen, haut
• Activité
– Première/dernière activité
– Principales sources de trafic (Géolocalisation)
Réputation Web
Evaluation en temps réel des IP, URL et domaines

• CVE 2015-0313
– 2 février 2015
• CVE 2015-0311
– 27 janvier 2015
• La protection du
navigateur à bloquer ces
deux menaces
Protection des navigateurs – Deux 0-day
exploits flash protéger par ce module

Analyse comportementale
Module anti-ransomware

Détection des ransomware avancées
Contrôle d’accès aux
documents (ADC)
Stratégie de restriction
logiciel (SRP)
Sauvegarde des fichiers
chiffrés (DRE)
Détection des
programmes compromis
(UMH)
Protection contre
les ransomware
• Détection par leurs comportements
suspects
• Disponible depuis OfficeScan 11 SP1
(11/2015)
• Détection des injections de codes
malveillants dans les processus légitimes
• Disponible depuis OSCE 11 SP1 CP 6054
(05/2016)
• Détection par des politiques spécifiques
(signatures)
• Disponible depuis OfficeScan 11 SP1
(11/2015)
• Pour récupérer ses fichiers chiffrés
lorsque le ransomware a été supprimé
• Disponible depuis OSCE 11 SP1 CP
6054 (05/2016)

GRID – Good Ressource and Information Database
• Plus grande base mondiales :
 + 820 millions de fichiers/programmes connus
 + 1100 Editeurs supportés
• Technologie de connaissance “à la source”
des fichiers légitimes
• Limite les faux positifs des logiciels connus
Service de haute Qualité
Liste de programmes légitimes

• Census peut donner la prévalence, la maturité d’un fichier
• Couvre + 300 million d’exécutable différents
• La prévalence des fichiers et leur maturité compte
beaucoup
– Le polymorphisme est la première arme des malwares
• Un binaire inconnu peut être une attaque ciblée
80% des malwares infectent moins 10 Endpoints
Produit
Trend Micro
Hash du fichier
Prévalence
CENSUS – Prévalence des fichiers

Prevalence Query for Downloads - Census
• Census fournit l'intelligence de
Cloud à l'agent pour se protéger
contre les fichiers téléchargés qui
sont rarement vus ailleurs dans le
monde
• Surveille les deux channels
essentielles : messagerie et Web

Machine Learning
Apprentissage automatique évolué

Apprentissage automatique évolué (Machine Learning)
Détection de
menaces (fichiers)
Endpoint
Octobre 2016
Détection des
Spam - 2005
Réputation d’URL et
Catégorisation - 2010
Comptes malveillants des
réseaux sociaux - 2015

Machine Learning haute-fidélité
• Utilise des algorithmes mathématiques pour prédire si un fichier est bon ou mauvais
• Approche double unique pour la plus haute-fidélité
Pré-exécution Machine
Learning
• Regarde les fonctions statiques
du fichier (+40 algorithmes)
• Réduit le risque de dommage
• Peut manquer les offuscations
ex. fichier Zip ou packing
Machine Learning à
l’exécution
• Regarde les caractéristiques de
comportement
• Peut détecter les malwares
offusqués
• Tue les processus pendant
l'exécution
Réduction des bruits et donc des faux positifs:
Pré-vérification par Census et GRID

Réputation Web & Fichier
Prévention des failles
Contrôle des Applications
Protection contre les variantes
Fichiers sûrs
autorisés
Fichiers malveillants
bloqués
Pré-exécution Machine Learning
LÉGENDE
Bonnes
données
connues
Mauvaises
données
connues
Données
non-
connues
Réduction
des bruits
Machine Learning à l’exécution
La bonne technique
au bon moment

Machine Learning Predictive Analysis

Sandboxing
des échantillons suspects

Soumission d'échantillons suspects
Deep Discovery
Analyzer
Trend Micro
Control Manager
1. Téléchargement de fichiers PE à faible prévalence via
Web et Email
2. Téléchargement des documents (potentiellement
dangereux) via Web et Email
3. Fichiers à faible prévalence lancés dans l’autorun USB
Serveur OfficeScan Agent OfficeScan

Protection et conformité des postes externes
(nomades…)
Serveur OfficeScan
Trend Micro
Control Manager
1. Rôle d’un serveur relai (Edge) en DMZ
2. Les clients externes se connectent au relai sans VPN
3. Les clients externes peuvent télécharger (upload) leur
échantillons suspects, remonter le statut des signatures/moteurs
et les logs de détections vers le serveur relai
Agent OfficeScan
(externe)Serveur OfficeScan
Edge (relai)
4. Les clients externes peuvent télécharger (download) les objets
suspects (SO) depuis le serveur Edge
port 443

Bénéfice Client
Mise en place des solutions:
 Trend Micro Office Scan
 Trend Micro Vulnerability Protection
 Trend Micro IWSVA
Infection virale et exploitation des vulnérabilités  Protection de nouvelle génération contre
les virus, ransomwares et nouvelles
menaces émergentes.
 Patch virtuel pour combler les failles de
sécurité des OS et des applications.
 Un filtrage flexible des URL pour fournir
une protection avancée contre les
menaces Internet.
Solution RFC
Problématique
Géant, le plus grand hypermarché de la Tunisie qui existe
depuis 2005.
Témoignage Géant
Existant
Node 32
TMG 2011
Yassine BEN ABDENNEBI
Directeur infrastructure système et réseau

Trend Micro
Vulnerability Protection

Origine de la solution
DEEP SECURITY  Vulnerability Protection

7
Deep Security: Une plateforme de
sécurité unifiée
Serveurs
Physiques
VDI
Integrity Monitoring
Log Inspection
Firewall
Intrusion
Prevention
Web
Reputation
Anti-malware
Serveurs
virtuels

Deep Security
Protéger du système à l’application
Antimalware
Integrity
monitoring
Firewall Web Reputation
Log
Inspection
IDS/IPS
• Collecte et analyse des logs systèmes,
applicatifs et sécurités
• Alerte en cas de comportement suspicieux
ou dangereux
• Envoi des évènements vers serveur syslog
• Surveillance des répertoires, fichiers ou
registres critiques
• Validation des évènements par modèle
• Pertinence des détections grâce au service
Trend Micro Certified Software
• Contrôle d’intégrité de l’hyperviseur. NEW!
• Protection contre les flux web suspicieux
• Basé sur la technologie Smart Protection
Network
• Moteur de filtrage L2-L4 stateful IPv4/IPv6
• Anti-scan de reconnaissance
• Détection des ports en écoute
• Utilisation des API vShield Endpoint pour
une protection sans-agent
• Légèreté du moteur grâce aux mécanismes
d’optimisation et de déduplication de scan
• Protection des environnements physiques
et virtuels
• Bloque les exploits de vulnérabilités
• Visibilité sur les flux réseaux & eapplicatifs
• Sécurisation des applicatifs Web (OWASP)
• Découverte automatique des vulnérabilités
présentes sur les machines

Trend Micro Vulnerability Protection

• Détecte et prévient les exploitations de vulnérabilités
réseaux
• Recommandation et déploiement automatiques des
règles IPS (patching virtuel)
• Analyse heuristique et comportementale des
protocoles pour bloquer des attaques 0-day
• Identification des failles présentes sur les machines
basée sur des CVE et identifiants Microsoft (MS-ID)
• Logs disponibles pour des audits et des rapports de
conformité (externalisable dans un SIEM en Syslog)
Blocage des vulnérabilités / Host-IPS

Peut prendre plusieurs mois
• Le patching virtuel Virtual patching est un processus pour sécuriser un Endpoint
en bloquant l’exploitation d’une faille présentes sur celui-ci avant qu’il ne soit
patché.
• Toutes les applications présentes sur les Endpoints (+40 catégories): Système
d’exploitation, applications office, navigateurs, client mail, Acrobat, java etc.
TEMPS
}
Réduction des risques !
• Processus habituel pour fixer une faille présente sur un poste
Sous maintenance
Blocage des vulnérabilités / patching
Virtuel

Vulnerability Protection: Virtual Patching
Protéger sans perturber
• Détection automatique des règles à appliquer
• Protection immédiate (OS à l’applicatif)
• Couverture des systèmes figés (Windows 2000)
Sécurité en toute circonstance
Haute disponibilité de la production
• Déploiement instantané
• Pas d’interruption de la production
• Donne du temps et de la sérénité
200+ applications analysées

A Typical Targeted Attack Intelligence Gathering
Identify & research target individuals using
public sources (LinkedIn, Facebook, etc) and prepare
a customized attack.
1
Point of Entry
The initial compromise is typically from zero-day malware
delivered via social engineering (email/IM or drive by
download). A backdoor is created and the network can now
be infiltrated. (Alternatively, a web site exploitation
or direct network hack may be employed.)
2
Command & Control (C&C) Communication
Allows the attacker to instruct and control the compromised
machines and malware used for all subsequent phases.
3
Lateral Movement
Once inside the network, attacker compromises additional
machines to harvest credentials, escalate privilege levels and
maintain persistent control.
4
Asset/Data Discovery
Several techniques (ex. Port scanning) are used to identify the
noteworthy servers and the services that house the data of
interest.
5
Data Exfiltration
Once sensitive information is gathered, the data is
funneled to an internal staging server where it is chunked,
compressed and often encrypted for transmission
to external locations.
6

Mouvement latéral
Nouvelles signatures pour surveiller et
prévenir:
• Mouvement latéral des pirates
• Attacker tools: spécialement, le trafic
des Remote Administration Tools (RATs)
sur le réseau – typiquement utilisé pour
les Call-Back vesr les C&C

Simplifier l’exploitation
Gérer des politiques de sécurité (duplicables)

Automatiser l’exploitation
– Programmations de tâches

Visibilité : Alertes personnalisables

Visibilté : Reporting
– Reporting planifié ou à la demande

Visibilité : Accounting
11/2/2017

Visibilité : Interopérable avec les SIEM

Email Security
Aymen MAMI
Sr. Presales Consultant – RFC

Trend Email Security with XGen®
Optimized for your
environment with flexible
deployment options
Better detection of
ransomware and email
fraud using A.I.
OptimizedSmart Connected
Central visibility & threat
info sharing with other
Trend Micro products

79% Ransomware Attacks Use Phishing Emails
00:00 01:00 02:00 03:00 04:00
Minutes
First user opens
phishing email
(average time)1
45 seconds to
entirely encrypt
an endpoint2
1. Verizon 2016 Data Breach Investigations
2. Teslacript 3.0
First user
opens email
attachment1
Attacker
sends
email

Phishing Attacks #1 Security Concern
Source: Black Hat Survey, July 2017
Phishing
Targeted attacks
Compliance
Advanced Threat
Ransomware
Cloud services
All of top 5
concerns
relate to
email

Why supplement the security included in Office 365?
• Exchange Online is designed and SLA backed to catch
100% known malware
If you bought a new home with
a smoke detector guaranteed to
detect 10% of fires would you
supplement it?
• But since 90% malware infects only 1 device,
Only 10% malware is known.
• Every customer needs a strategy to deal with unknown
malware at the email layer
• E5/ATP adds sandboxing but misses significant amount of
unknown malware and lacks BEC/fraud detection
• Office 365 popularity makes it worthwhile and easy for
attackers to QA test their attacks on Office 365

Trend Micro Email Security Portfolio
Email Gateway - SW
[InterScan Messaging Security]
Service Integration - SaaS
[Cloud App Security]
Service Integration - SW
[ScanMail for Exchange/ Domino]
Internet
Email Gateway - SaaS
[Hosted Email Security]

Safe emails
allowed
Sender Authentication & Reputation
Spam Content Analysis & Correlation
Anti-Malware & URL Reputation
Document Exploit Detection / Macro Analysis
SMART: Unique Blend to Protect Email
LEGEND
Known
Good
Known
Bad
Unknown
NEW!
Sandbox Analysis
Real-time URL Analysis at Click Time
Malicious emails
blocked
Machine Learning (Anti-Malware)
Machine Learning & Expert Sys (Fraud/BEC)

Malicious URL Protection
• Hundreds of millions of sensors
• 2 trillion threat queries yearly
• Correlates files, IPs, URLs,
vulnerabilities, and more
• Blocks 250M threats daily
URL reputation
check
Real-time
URL analysis
Pre-Delivery
Blocks most attacks
User clicks on link
Stops time bomb attacks
Internet
Email Gateway
Hosted Email Security
URL rewritten

Threat Protection
Document
Script files
executable
URL
Attachment
• Connection Layered Spam Protection
• Sender Authentication DMARC
• Content Layered Spam Protection
• High Profile User BEC Protection
1
• Web Reputation
(in email or attachment)
• Anti-Malware, prevalence
• Similarity detection
• File Type filtering
• Machine Learning
• Document Exploit scan
• Macro Detection
• Script Detection
• Machine Learning
2
• File Sandbox
• URL Sandbox
• URL click time protection
3
2
HTA

DLP for Email and Cloud File Sharing
• Over 200 built in templates
simplify compliance initiatives
– Customize or create your own
• Manual scan capability
provides discovery and risk
assessment
• Outbound (in-line) email
blocking
• Realtime scanning for internal
email, cloud file sharing
• Action: log (report), delete,
quarantine, tag

Trend Micro Email Encryption Service
Policy-driven Encryption
Encrypt based on content, sender, recipient,
subject
User-driven Encryption
User indicates what to encrypt with
training/policy based on starting subject with
“Encrypt” or “Confidential”
Availability
• Option for InterScan Messaging Security
• Included with Hosted Email Security
• Included with suites: Smart Protection Complete (both HES/IMS), Smart
Protection for Office 365 (HES), Worry Free Services Advanced (HES)

Consistently #1 in Spam Detection (Opus One)
Top for nine consecutive
quarters
Outperforming seven leading
vendors

Best Overall Average Score for 2.5 Years
Includes performance, protection (prevalent & 0-day) & usability
Source: av-test.org
Jan 2014 to June 2016
17.13 17.03 16.77
16.20
15.57 15.90
13.50
11.73
0.00
2.00
4.00
6.00
8.00
10.00
12.00
14.00
16.00
18.00
Trend Micro Kaspersky Symantec F-Secure Sophos Intel-McAfee Cylance Microsoft

Interscan Messaging Security

InterScan Messaging Security SaaS pre-filter
• No email is stored in cloud
• Questionable content
quarantined on premise
2
Email Reputation
Web Reputation
Layered Antispam
Anti-malware
Out bound email is inspected
for sensitive information and
optionally encrypted
3
90% of inbound email is blocked in the
cloud before it reaches the network
1
• Unified management and
reporting
• Deploy via MX Record change
• Included - no additional charge

InterScan Messaging Security virtual appliance
Ransomware Protection
Internet
Multi-layer Ransomware Prevention
Sandbox Analysis
* IMSVA only

Dashboard – Ransomware Widget
Table Pie Chart
Method of Ransomware detection
Bar Chart

Logs: Detected by “All”
106
Shows Policy Event logs for Ransomware detected by all sources
Click displays Details for this email.

Bénéfice Client
 Mise en place de la solution IMSVA «Interscan Messaging
Security Virtual Appliance » sur Azure
Problème de sécurisation et de disponibilité du service de
messagerie en mode hybrid
 Flexibilité et Sécurisation du Trafic email
entrant et sortant et neutraliser les
menaces
 La protection contre les SPAM et
tentatives de phishing
 Exploitation de la puissance et fiabilité de
la passerelle antispam sur le cloud
Solution RFC
Problématiques
MG est une chaîne de supermarchés tunisienne qui existe
depuis plus de 100 ans.
Témoignage Magasin Général
Existant
Exchange + Office 365
IMSVA on-premise
Zoubeir DAHMEN
Directeur Infrastructure et sécurité IT

ScanMail for Microsoft Exchange (SMEX)

Detect Attacks Already Inside your Organization
• Available via Service Integration (CAS)
• Inspects internal email for advanced threats, fraud
• Granular policies by active directory group
• Actions: tag (warning), delete, quarantine
Employee A
compromised device
or email credentials
Employee B
Malware/Fraud

ScanMail for Exchange: Search & Destroy
Situation: You have an urgent request to find email
– Security: remediation after an attack (ex: ransomware)
– Legal: requirement to delete all copies of certain
information
Challenge: Exchange command line tools are more difficult to
use, can’t use regular expressions, have weak reporting
ScanMail Search & Destroy performs targeted searches, reports
on results, and gives options for disposition
– Search mail store, group of mailboxes (including IRM
protected items) with keywords, regular expressions
– Multiple actions include permanently delete
– Additional admin access roles for Search & Destroy
administrator and operator
– Available for Exchange 2013, 2010

Response and Remediation for Exchange/Domino
Trend Micro ScanMail
Allows you to search
and delete

Why Hosted Email Security?
Frees IT staff for other
projects
Keeps email threats
completely off the
network
Reduces
infrastructure,
costs, and
administration
Preserves
bandwidth, storage,
and other costly
resources

• Hosted by Trend Micro -
maintenance free
• #1 spam protection &
antimalware
• Money backed SLA
• Protects on-site mail
servers and hosted emails
(ex: Microsoft Office 365)
• Cloud sandbox and email
encryption included with
no extra charge

HES Service Delivery
Germany
HES service (Primary) HES service (Backup)
Sandbox service (<2% files), hosted by Trend Micro
• EMEA datacenters for EMEA
customers only
• US datacenters for rest of
world customers
• US & EMEA sites are not
interconnected
• All communications use
encrypted HTTPS
US
Ireland

Bénéfice Client
 Mise en place du relai SMTP et antispam Trend Micro Hosted
Email Security
 Assurer son intégration avec le système d’information de la BSB
 Problème d’échange et traçabilité des emails avec leurs
partenaires au Japon
 Fiabilité et traçabilité
d’envoi/réception des emails
 Protection mise à jour en
permanence contre les spams, les
programmes malveillants et les
attaques de phishing
Solution RFC
Problématiques
BSB-SA est l’importateur officiel et le concessionnaire de la
marque TOYOTA en Tunisie, depuis 1985.
Témoignage BSB-TOYOTA
Haythem HELALI
Directeur Informatique

Smart Protection for Office 365

New! Smart Protection for Office 365
(Hosted Email Security) (Cloud App Security)

Unique and Proven Office 365 Protection
• The only 3rd party solution that provides
complete threat protection for Office 365
against phishing, BEC, ransomware, internal
email risks, and file sharing risks.
• For the last two years, Trend Micro has
stopped six million high-risk threats* that
weren’t caught by Microsoft
*Data from Cloud App Security deployed customers. July 2015 to July 2017.

Prevent Malware in Cloud File Sharing
• Trend Micro prevents threats from
spreading in OneDrive, SharePoint,
Box, Dropbox, Google Drive:
• Advanced threat scanning
– Machine-learning based antimalware
– Document exploit detection
– URL analysis
– Sandbox analysis
• On-demand scan to discover
existing threats
Problem: Cloud file services include only
basic AV - misses unknown malware.
Network Breach Detection Systems
don’t see traffic between off-network
devices and SaaS services

CONNECTED: Central Visibility with Control Manager
• User centric threat and DLP visibility across web, endpoint, email, cloud security layers
• Single viewpoint into hybrid Office 365 & on-premises Exchange architectures
• Shares logs to SIEM

Trend Micro Mobile Security

Enterprise Mobile Security Market Forecast
-
100,000,000
200,000,000
300,000,000
400,000,000
500,000,000
600,000,000
700,000,000
800,000,000
900,000,000
2011 2012 2013 2014 2015 2016 2017 2018 2019
Enterprise Mobile Client Security Market Value Forecast
2011 2012 2013 2014 2015 2016 2017 2018 2019
CAGR
2014 - 2019
20,349,860 53,050,794 94,008,933 169,081,286 371,251,765 620,590,588 705,925,512 761,595,486 778,085,886 36%
Source: Canalys

Over 21M Malicious Android App Detected
by Trend Micro

Top Five Android Malware (May 1, 2016 – May 1, 2017)
Name Percentage Description
Shedun (aka
HummingBad)
6.21%
Send SMS to premium services incurring changes without
user's consent. Install backdoor on the device and apply
for device administrator privilege. Mostly distribute as
pornographic applications.
SMSSnow 3.80% Intercept SMS and send SMS content to remote C&C
servers.
Smsspy 3.06% Charges users for content or services without users
awareness or authorization by misleading users.
Rootnik 2.01% Pretend as a porn player and download other malicious
application. It also gains root access to devices.
SLocker 2.01%
Ransomware that locks user screen or resets PIN password
or encrypts files in order to ask for money for
recovery.

Mobile Ransomware Types on Android
Lock Screen File Encryption PIN Hijack

Mobile Ransomware Demand Payment

Ransomware Penetrated Google Play in Jan 2017
• Mobile ransomware, “Charger”, detected from
Google Play in January 2017
• Embedded in an app named EnergyRescue
• Locks the device and demands 0.2 Bitcoin ($180)

Unique Mobile Ransomware Detected by Trend Micro
• Huge spike is
caused by SLocker
family.
• SLocker locks
screen or encrypts
files

iOS Malware hits non-jailbroken iOS devices
Name Date Description
InstaCare App
Scam
March 2016 Malware infected InstaCare app was available on Apple App store and
stole Instagram login credentials and hijacks the account
Youme Ad SDK October 2015 This advertising SDK mostly used in China abused private APIs in order to
collect more personal information than is allowed by Apple. 256 apps with
estimated 1 million downloads were found to be affected.
YiSpecter October 2015 Malware that gets installed in the form of apps signed with enterprise
certificate. YiSpecter can download, install and launch arbitrary iOS apps,
replace existing apps with those it downloads, hijack other apps’ execution
to display advertisements, change Safari’s default search engine,
bookmarks and opened pages, and upload device information to the C2
server.
XcodeGhost August 2015 XcodeGhost is a form of malware that was found in some unofficial
redistributions of Xcode targeted at Chinese developers. XcodeGhost
infects apps compiled with those versions of Xcode. It adds code that can
upload device and app information to a central server, create fake iCloud
password sign-in prompts, and read and write from the copy-and-paste
clipboard.

Security Powered by Cloud Based MARS
Mobile App Reputation Service is a cloud-
based technology that automatically identifies
mobile threats based on app behaviour
• Crawls & collects a huge number of
Android and iOS apps from various
markets
• Identifies existing and brand new mobile
malware
• Identifies apps that may abuse privacy and
device resources
• App repack and vulnerability assessment

TMMS 9.6 Security Features
Security Features Description Android iOS
Anti - Malware
• Detect malware infected apps √ √
• Real time scan of apps during installation √
• Scheduled scan of apps from the management server √ √
• Manual scan of the apps from the devices √ √
App Privacy Leak Detection
New
• Detect apps that are leaking privacy data and
information √
App Vulnerability Detection
New
• Identifies vulnerabilities in apps such as unauthorized
access, weak data storage practice, poor password
implementation, and poor SDK programming practice
√
App Repack Detection
New
• Detect apps that have been repacked √
Web Threat Protection
• Prevent users from accessing malicious websites
• Android supports Chrome browser √

Complete app security status visibility with
dashboard widgets
Able to drill down and identify
the devices with bad apps
installed

Installed apps table with complete security
status Able to drill down and identify
the devices with bad apps
installed

User Centric Visibility

Security policy configuration on the server
console

Web threat protection policy configuration
on the server console

Anti-malware manual scan on Android device
Malware Manual Scan Malware Scan SettingsDevice Status Security Scans

What happens after a malware is detected
on an Android device?
• Detection will be recorded in the
malware log
• Server dashboard and apps table
will identify the malicious apps
and devices
• Notification in device home
screen for threats found
• User can remove the malicious
apps from the TMMS app scan
result view
• TMMS cannot automatically
remove malicious apps due to
Android OS restriction

Anti-malware manual scan on iOS device
Device Status Security Scans Manuel Scan

What happens after a malware is detected
on an iOS device?
• Detection will be recorded
in the malware log
• Server dashboard and apps
table will identify the
malicious apps and devices
• TMMS cannot automatically
remove malicious apps due
to iOS OS restriction
TMMS iOS App Scan Result

TMMS 9.6 is Compatible with ALL Third
Party EMM Solutions
• For Enterprises already using another EMM
solutions but look for complimentary mobile
anti-malware solution
• Both Android and iOS TMMS apps are compatible
with ALL third party EMM solutions

Security Only Mode without MDM Features

TMMS Roadmap – 2016 and 2017
Released In ProgressLegend In Planning
Q1 2016 Q2 2016 Q3 2016 Q4 2016 1H 2017
TMMS 9.6 (Q1 2016)
Theme: Security
Improvement
• App vulnerability assessment
• App privacy leak assessment
• App repack assessment
• iOS app compatible with
third party MDM
• Server performance
improvement
• Reporting Improvement
• Japan customer requests
TMMS 9.7 (Q4 2016)
Theme: AirWatch Integration
• Integrate with AirWatch for
easy deployment and
security policy enforcement
• Ability to turn off / on MDM
features for customers using
a third party MDM solution
TMMS 9.8 (Q1 2017)
Theme: MobileIron Integration
• Integrate with MobileIron for
easy deployment and security
policy enforcement
TMMS 9.6 SP1 (Q2 2016)
Theme: Ransomware
Detection Widgets
• Ransomware detection
widgets for iOS and Android
• Auto activation for Android
• Usability improvements

InterScan Web Security
Aymen MAMI

Evolving Web Threat and Real Business
Risk
Malware Risk: Productivity Decline; Data Loss; Financial Loss
“…attackers have become more selective of their targets”*
Inappropriate/Illegal Content Risk: Productivity Decline; Legal
liability

Malware
Sandbox
Vulnerability
Shielding
Application
Control
Host Firewall
Memory
Inspection
File
Reputation
Web
Reputation
Email
Reputation
Web Gateway
Email Gateway
or Server
Behavior
Monitoring
Response &
Containment
Office 365
SharePoint
Server
Network
Inspection
Storage
Encryption
Investigation
Device Control
DLP
1

Complete Security and Control for Web Use
Anti-Malware
Granular
Application
Control
Advance Threat
Protection
URL Filtering
Real-Time Web
Reputation
Data Loss
Prevention
 Comprehensive protection against evolving threat landscape
 Complete visibility and control of web use
 Any device, any user, anywhere

Flexible Deployment Models
Employees
Corporate
Network &
Applications
Web
InterScan Web
Security as a
Service
In the Office
Mobile or Remote
InterScan
Web Security

Advanced Threat Protection
Employees
• Zero-day exploit detection
• Botnet and C&C Callback detection
• Threat sandboxing (InterScan Web Security Virtual Appliance only)
Threat
Sandboxing
Suspicious?

Real-Time Web reputation
Powered by Trend Micro Smart Protection
Network
Tracks the credibility of web domains by
assigning a reputation score
Admin can select preferred sensitivity
level and action
Blocks malicious webpages, including
those with ransomware, from being
accessed

URL Filtering
By user/ user group
By web categories
By day and time

Granular Application Control
• Granular application control on >1000 applications
• Allow, block, view only, block posting, block file transfer
• Scheduled and location-based controls
Application Categorized:
Instant Messaging
Webmail
Social Network
Streaming Media
Sync and Share
And more…..
IT Admin

Data Loss Protection
Employees Website
• Checks file against integrated data loss protection policy
• Low burden on IT:
• Single server, single management console
• Simple to use templates (200+)
• Low false positives
• Currently available for on-premise solution only
Integrated DLP

Real-time Visibility and Control
• Easy access to the
information that
means the most to
you
• Customizable visual
dashboard
• Standard and custom
reports

Central Visibility with
Control Manager

High Performance Cloud for SaaS Offering
InterScan Web Security as a Service Data Center
• High performance cloud
• Global footprint - lowest latency, best user experience and flexibility
• 14 data centers (as of Q1 2016) , including AWS and co-lo
• New data centers planned in 2016 and beyond

Why Trend Micro Web Gateway Solutions
Top anti-malware
Top advanced
threat
protection
(sandbox)
Central visibility &
control – Control
Manager
Flexible deployment

InterScan Web Security Gives You
• Secure all web access – in the office or remote
• Location and user-based policies
• Control access to most popular protocols and applications
Real-time security and
control – any device,
anywhere
• Easy authentication on any user device
• No impact on performance – near-zero latency
• Highly available
Transparent to users
• Real-time centralized management
• Monitor web use as it happens
• Support for directory services
Simple but powerful
management
• High performance cloud with global footprint
• Cost effective – no infrastructure to buy, manage, maintain
• Elastic capacity - grows with your business
Cloud Advantage

Smart Protection Suites
powered by XGen®
Aymen MAMI

Gartner Magic Quadrant for
Endpoint Protection Platforms
Jan. 30, 2017
This graphic was published by Gartner, Inc. as part of a larger research document and
should be evaluated in the context of the entire document. The Gartner document is
available upon request from https://resources.trendmicro.com/Gartner-Magic-
Quadrant-Endpoints.html
Gartner does not endorse any vendor, product or service depicted in its research
publications, and does not advise technology users to select only those vendors with the
highest ratings or other designation. Gartner research publications consist of the
opinions of Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.

Smart Protection Suites powered by XGen
Maximum Protection
Cross-generational blend
of threat defense
techniques
Proven Security Partner
Innovative and timely
response to changing
threat landscape
Minimum Impact
Central visibility &
control, lower false
positives and efficient
threat defense

Trend Micro Smart Suites
PROTECTION CAPABILITIES
SMART PROTECTION
COMPLETE
SMART PROTECTION
FOR ENDPOINTS
Central Management
Manage threat and data protection across the enterprise.
•Central management
•User-centric visibility ✔ ✔
XGen™ Endpoint Security
Secure physical and virtual desktops by infusing high fidelity
machine learning into a blend of threat protection techniques.
•Anti-malware
•Pre-execution and run-time machine learning
•Behavior analysis
•Data protection
•Intrusion prevention
•Application control
•Web filtering
•Desktop virtualization
✔ ✔
Mobile Security
Secure, track, monitor, and manage your employee's mobile
devices and company data.
•Mobile device management
•Data protection ✔ ✔
Email and Collaboration Security
Secure real-time collaboration and stop targeted attacks,
spam, phishing, viruses, spyware, and inappropriate content
from impacting your business.
•Office 365 security
•Cloud file sharing security: Box, Dropbox, SharePoint, OneDrive, Google
Drive
•Email gateway protection
•Email server protection
•Collaboration portal protection
•Instant message security
•Hosted email security
•Data protection
✔
Secure Web Gateway
Safeguards the web gateway from web threats.
•Anti-malware
•Advanced threat protection
•URL filtering
•Application control
✔

Bénéfice Client
 Mettre en œuvre la solution Trend Micro Smart Suite Complete
 Assurer son intégration avec le système d’information de la BTK
 Transférer les connaissances aux équipes métiers et techniques
de la banque
Perte de temps à identifier les incidents de sécurité
 Certaines dispositifs Fixe et Mobiles non sécurisés
 Le coût de cycle de vie (TCO) des produits de sécurité non
contrôlable
 Gestion centralisée de la sécurité
 Administration et gestion des
licences optimisée
 Maitrise de Budget
Solution RFC
Problématiques
BTK est adossé à l'un des plus grands groupes bancaires française
BPCE
BTK est une banque universelle. Elle s'adresse aussi bien aux
entreprises qu'aux artisans, commerçants , professions libérales mais
également aux particuliers, résidents et non résidents.
Témoignage BTK
Faouzi KHAMASSI
Directeur Système d’information

Merci pour votre attention
Ramzi MOKADDEM
RFC – Directeur de Projets
Aymen MAMI
RFC – Consultant avant-vente
Mohamed BENNOUR
commercial
Lotfi FAIK
Trend Micro – Regional
Sales Manager NW Africa

Workshop Trend Micro

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Workshop Trend Micro

Similar a Workshop Trend Micro (20)

Más de Aymen Mami

Más de Aymen Mami (10)

Último

Último (20)

Workshop Trend Micro

Notas del editor