Trend Micro Custom Defense

The Trend Micro company provided in the fall of 2012 the new strategy for development of systems of security under the name Custom Defense for protection of corporate systems of customers against the directed threats. The operation principle of products is constructed on use of individual set of anti-virus signatures for each specific customer and an incident.

The strategy of "Custom Defense" (the name can be translated, as "protection with completion under the client") is intended to add traditional antivirus protection using the fixed set of signatures. Special selections of signatures for fight against the hidden, directed attacks should become individual addition. Such attacks which still carry to the class APT (Advanced Persistent Threat is expanded long-term threat), are directed to a compromise of the user PCs. The attack often begins with false letters in e-mail with the infected investment created especially for this addressee. If the target attack was successful, cyber-criminals hunt try to obtain the classified information. By the compromised machines the attack can often be revealed on attempts of certain programs to be connected to external servers of control and management to receive further commands and instructions, or for sending data. The new concept of Custom Defense just also should provide identification and blocking of the similar attacks.

The Trend Micro Deep Discovery technology provided this year is designed to become a basis of strategy of Custom Defense. This technology available in the form of software and hardware solutions detects signs of invasion into network. Recently the Trend Micro company added to this technology function under the name Deep Discovery Advisor which takes images of user machines and servers of the enterprise, and then starts them in the isolated "sandbox" to reveal the hidden harmful activity.

Within the new Custom Defense program the Trend Micro company also announced a number of specialized utilities for tracking of activity of the malware in network. One of these utilities monitors attempts of implementation in a directory service of Microsoft Active Directory as hackers often try to open at first this service to look who has administrative rights, and to turn an attack on this user. Other utility is intended for control of the mail server. The utility for control of behavior of the browser is also submitted to reveal characteristic indicators of the attack or a compromise.

Individual additional signatures represent normal signatures, only with adding of specific black lists to the IP addresses and domains which are revealed at the specific enterprise within detection of the APT attacks. By the end of the year the Trend Micro company is going to begin generation of individual anti-virus signatures. Such signatures will help to implement individually adapted protection for web gateways, mail gateways of ScanMail for Exchange and solutions for protection of termination points.