Issa jason dablow
-
Upload
issa-la -
Category
Technology
-
view
234 -
download
0
Transcript of Issa jason dablow
Jason Dablow
Sr. Sales Engineer
What is a Breach? … Exploited Weaknesses of Traditional Security
6/20/2015 Confidential | Copyright 2013 Trend Micro Inc.Copyright 2014 Trend Micro Inc.
Advanced Malware Targeted Attacks
Advanced Malware
Targeted Attacks
Employee Data Leaks
Traditional Malware
Vulnerability Exploits
220K new malware programs daily!
2
Who’s committing Attacks & Why
90% perpetrated by outsiders
10% committed by insiders
Motivating factors:
73% Financial
22% Espionage
5% Ideology/Fun
Copyright 2014 Trend Micro Inc.
Source: http://www.verizonenterprise.com/DBIR/
Victim
The Boss
Mercenary
Attackers
Data Fencing
The CaptainGarant
Bullet Proof Hoster
Crime Syndicate (Simplified)
$4
Victim Blackhat SEO
Attacker
$10
Attacker
Keywords
(Botherder)$2
Compromised
Sites (Hacker)
$6
$10
Programmer
$10
Cryptor
$10
Virtest
$5
Worm
Exploit Kit
Bot Reseller$1 $1
$1
Traffic
Direction
System$5
Garant$10
SQL Injection
Kit
$3
Carder$4
Money Mule
Droppers$1
Card Creator$2
Bullet Proof
Hoster
$5
Crime Syndicate (Detailed)
Attack Stages
Confidential | Copyright 2015 Trend Micro Inc.
1. Intelligence GatheringIdentify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack.
2. Point of EntryThe initial compromise is typically malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated.
3. Command & Control (C&C) CommunicationAllows the attacker to instruct and control the compromised machines and malware used for all subsequent phases.
4. Lateral MovementOnce inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control. 5. Asset/Data DiscoverySeveral techniques and tools are used to identify the noteworthy servers and the services that house the data of interest.
6. Data ExfiltrationOnce sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations.
Stage 1 - Intelligence Gathering
Acquire strategic information about the targets IT environment and organizational structure.
“res://” protocol
Confidential | Copyright 2015 Trend Micro Inc.
Data at Risk
• Corporate / Financial—board meeting records, legal proceedings, strategic plans, contracts, purchase agreements, pre-earnings announcements, executive salaries, M&A plans and pending patent filings.
• Manufacturing—Intellectual Property and manufacturing methods
• Retail—Financial records & transactions, customer profiles to generate revenue for identity theft
• Internal Organization—employee records and health claims for identity and insurance fraud
Confidential | Copyright 2015 Trend Micro Inc.
Stage 2 - Point of Entry
Gain entry into a target network using weaknesses found.
Weaponized
Attachment
Malicious
URLs
Attack Weakness found in:
• Infrastructure
• Systems
• Applications
• People
• 3rd Party OrganizationsConfidential | Copyright 2015 Trend Micro Inc.
Infection Options
Island HoppingCustomers
Trusted Partner
Attackers
Cloning websites of conferences victims will attend
Craft email for registration and have a fake
registration page (Repeatable)
Watering Hole Attacks
Spearphishing
Arrival Vectors in APT - Email
Attackers Try Everything
Poison Ivy
Multiple Ports
HTTPSHTTPIMAPIMAP
POP3SMTP
DNS
POP3S
HYPER TEXTHTTP_ALT
Monitoring a few ports is
not sufficient
Apps & protocols
Evilgrab
Monitoring a few apps & protocols is
not sufficient
Morphing
IXESHE
It’s extremely difficult to
track the attack
Changes in C&C,
IP addresses,
signatures & behavior
13
Evade detection with customized malware
Attacker
Malicious C&C
websites
Ahnlab's
Update
Servers
wipe
out files
Destroy
MBR
Destroy
MBR
wipe
out files
Unix/Linux Server
Farm
Windows
endpoints
Victimized
Business
A total of 76 tailor-made malware were used, in which
9 were destructive, while the other 67 were used for
penetration and monitoring.
Confidential | Copyright 2015 Trend Micro Inc.
Code for Sale
Confidential | Copyright 2015 Trend Micro Inc.
Ultra Hackers Tools for sale
Price is 0.0797 BTC (bitcoin) = $25 Virus Builders
1. Nathan's Image Worm
2. Dr. VBS Virus Maker
3. p0ke's WormGen v2.0
4. Vbswg 2 Beta
5. Virus-O-Matic Virus Maker
Scanners
1. DD7 Port Scanner
2. SuperScan 4.0
3. Trojan Hunter v1.5
4. ProPort v2.2
5. Bitching Threads v3.1
DoSers, DDoSers, Flooders and Nukers
1. rDoS
2. zDoS
3. Site Hog v1
4. Panther Mode 2
5. Final Fortune 2.4
Fake Programs
1. PayPal Money Hack
2. Windows 7 Serial Generator
3. COD MW2 Keygen
4. COD MW2 Key Generator
5. DDoSeR 3.6
Cracking Tools
1.VNC Crack
2.Access Driver
3.Attack Toolkit v4.1 & source code included
4.Ares
5.Brutus
Analysis :
· OllyDbg 1.10 & Plugins - Modified by SLV *NEW*
· W32Dasm 8.93 - Patched *NEW*
· PEiD 0.93 + Plugins *NEW*
· RDG Packer Detector v0.5.6 Beta - English *NEW*
Rebuilding :
· ImpRec 1.6 - Fixed by MaRKuS_TH-DJM/SnD
*NEW*
· Revirgin 1.5 - Fixed *NEW*
· LordPE De Luxe B *NEW*
LIST OF SOFTWARE INCLUDED IN THIS PACKAGE:
Host Booters
1. MeTuS Delphi 2.8
2. XR Host Booter 2.1
3. Metus 2.0 GB Edition
4. BioZombie v1.5
5. Host Booter and Spammer
Stealers
1. Dark Screen Stealer V2
2. Dark IP Stealer
3. Lab Stealer
4. 1337 Steam Stealer
5. Multi Password Stealer v1.6
Remote Administration Tools/Trojans
1. Cerberus 1.03.4 BETA
2. Turkojan 4 GOLD
3. Beast 2.07
4. Shark v3.0.0
5. Archelaus Beta
Binders:
1. Albertino Binder
2. BlackHole Binder
3. F.B.I. Binder
4. Predator 1.6
5. PureBiND3R by d3will
HEX Editor :
· Biew v5.6.2
· Hiew v7.10 *NEW*
· WinHex v12.5 *NEW*
Decompilers :
· DeDe 3.50.04
· VB ?Decompiler? Lite v0.4 *NEW*
· Flasm
Unpackers :
· ACProtect - ACStripper
· ASPack - ASPackDie
· ASProtect > Stripper 2.07 Final &
Stripper 2.11 RC2 *NEW*
· DBPE > UnDBPE
Keygenning : *NEW*
· TMG Ripper Studio 0.02 *NEW*
Packers :
· FSG 2.0
· MEW 11 1.2 SE
· UPX 1.25 & GUI *NEW*
· SLVc0deProtector 0.61 *NEW*
· ARM Protector v0.3 *NEW*
· WinUpack v0.31 Beta *NEW*
Patchers :
· dUP 2 *NEW*
· CodeFusion 3.0
· Universal Patcher Pro v2.0
· Universal Patcher v1.7 *NEW*
· Universal Loader Creator v1.2 *NEW*
Crypters
1. Carb0n Crypter v1.8
2. Fly Crypter v2.2
3. JCrypter
4. Triloko Crypter
5. Halloween Crypter
6. Deh Crypter
7. Hatrex Crypter
8. Octrix Crypter
9. NewHacks Crypter
10. Refruncy Crypter
100’s of Items
Today’s Reality – One & Done!
99 10% ofmalware
infect < victims
80 1% ofmalware
infect = victim
?
Confidential | Copyright 2015 Trend Micro Inc.
Stage 3 - Command & Control Communications
Ensure continued communication between the compromised target and the attackers.
Common Traits
• Uses typical protocols (HTTP)
• Uses legitimate sites as C&C
• Uses internal systems as C&C
• Uses 3rd party apps as C&C
• May use compromised internal
systems
Advantages
• Maintains persistence
• Avoids detection
Threat
Actor
C&C
Server
Confidential | Copyright 2015 Trend Micro Inc.
Trend Micro C&C Research
Confidential | Copyright 2015 Trend Micro Inc.
54% of C&C Lifespan
< 1 Day
Stage 4 - Lateral Movement
Seek valuable hosts that house sensitive information.
Pass the Hash
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Stage 5 - Data Discovery
Noteworthy assets are identified within the infrastructure then isolated for future data exfiltration.
Email servers are identified so attackers can read important email
in order to discover valuable information.
File lists in different directories are sent back so attackers can
identify what are valuable.
Data at Risk
Confidential | Copyright 2015 Trend Micro Inc. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Credit
Cards
Birth & Phone
records
Customer
PII
User
Credentials
Credit
Cards
PII leads
to fraud
Movies,
Ransoms,
Terrorism
Social Media Accounts
Copyright 2014 Trend Micro Inc.
Stage 6 - Exfiltration
Transmit data to a location that the threat actors control.
Common Traits
• Built-in file transfer (RATs)
• FTP, HTTP
• Tor network/Encryption
• Public File Sharing sites
Confidential | Copyright 2015 Trend Micro Inc.
Maintenance Stage (Anti-Forensics)
Maintain persistence within network for future attacks
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Source:
http://krebsonsecurity.com/2012/10/the-
scrap-value-of-a-hacked-pc-revisited/
Build an Security Ecosystem
Copyright 2014 Trend Micro Inc.
Timely Global Threat Intelligence
Essential Technologies – Combat Current Threat Techniques
Integrated Product Strategy – Automated Protection
150 Million+ Worldwide Sensors
Web Crawler
Trend MicroSolutionsTest Labs
3rd Party Feeds
Honeypot
CDN / xSP Researcher Intelligence
Copyright 2014 Trend Micro Inc.
Block malicious URL within 15 minutes once it goes online!
Timely Global Threat Intelligence
Data Science is Multidisciplinary
http://eduardoarea.blogspot.tw/2012/11/el-camino-de-un-data-scientist.html
Essential Technologies
Copyright 2014 Trend Micro Inc.
The challenges uncovered during the
stages of a targeted attack demonstrate
the need for sophisticated technologies
and services to secure the enterprise.
Essential Technologies: Community File Reputation
• Determines the prevalence and maturity of PE files
• Prevalence is a statistical concept referring to the number of times a file was detected by Trend Micro sensors at a given time
• If a file has not triggered any detections, we will become suspicious of that file if we have only seen it once or a few times
• Today over 80% of the malware is only seen once
2
Essential Technologies: Social Engineering Attack Protection
35
Essential Technologies:Advanced Threat Scan Engine (ATSE)How does ATSE determine a document is bad?
….d2hi.df..ga
@$#5^%&..so
60788-9-80-
=.//// ..)]}[\.......
Malicious
payloadGotcha!!
• Uses heuristic scanning and employs a rule-based system
– Analyses the document to get malicious/uncommon characteristics
• Payloads, malformed, obfuscation, Name tricks,…etc.
– Uses both CVE rules & heuristic rules• Zero-day exploits are malware taking advantage
of unpatched vulnerabilities but with similar exploitation techniques
• Therefore looking for “characteristics” of an exploit
36
Essential Technologies: Memory Inspection Analysis • Protect against most packer and variation
solution which obfuscate the file but not in memory
37
Execute
UnpackLog prefix with “RAV_”
Confidential | Copyright 2013 Trend Micro Inc.
Essential Technologies: Behavioral Trigger Analysis
Cryptoware Protection
Essential Technologies: URL Time Of Click
• It is important to evaluate URLs not only when they are first received but also when they are accessed, in order to defend against modified URLs.
39
Internet
Trend
Datacenter
Mail ServerMail Gateway
Hosted Email Security
InterScan Messaging
Security
Endpoint
Risk!
No Risk
Block!Mobile
Workers
Web
Gateway
Inside
Customer’s Network Perimeter
Outside
Customer’s Network Perimeter
Risk!
No Risk
Block!
Check URL
Reputation when
Clicked
Check URL
Reputation when
Clicked
Check URL
Reputation
In real time
URL has NO
reputation
Rewrite URL to
point to Trend
Cloud
Essential Technologies:Patching and Intrusion Prevention
• Each stage of an attack uses exploits to reach its goal.
• Typical patching cycle in an enterprise
Risk:
• Window of opportunity for hacker: 1 month, often 2 months
• Potentially “high risk” periods of 1-2 months(public exploit, patch not yet available, or patch not yet installed)
40
Virtual Patching
• In this day and age where new Workloads get instantiated at a high rate, Security Automation is a“must have”
• Operations and Security teams can focus on their core responsibilities
• Without touching the machine, any new VM gets the right protection
• Inventory and ensure protection throughout your environment
41
Essential Technologies: Security Automation
Deep Security
Essential Technologies: Virtual Analyzer/Sandboxing• A virtual environment used to analyze potential
malware samples
• It allows for the observation of file as well as network behavior in order to identify malware via potentially malicious characteristics
• Trend Solutions use custom sandboxes based on our customers environment
– Targeted malware validates it is on the right environment before infecting the machine, whether it is targeted against one company, one geography or one sector.
• Samples can be submitted by Trend products, via APIs or manually (depending on the implementation)
42
Interconnected Product Strategy –Automated Protection
Copyright 2014 Trend Micro Inc.
The Interconnected Threat Response Cycle is
the key to providing real-time response from just
discovered threat information from your own
environment
Midsize &
Enterprise
Business
The Interconnected Threat Response (ITR) Cycle
44
Analyze risk and nature
of attack and attacker,
and assess impact of
threats retrospectively
Update protection automatically,
prioritize areas for remediation and adapt protection
Detect advanced
malware, behavior and
communications
invisible to standard
defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
MONITOR &CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases - PreventSystem Lockdown• Hardens the system by not allowing any new applications
from executing
• Can be used in conjunction with other application control features to have a flexible, layered policy for each user
• Example:
– Lock down the system
– Block all Browsers, P2P and Online Storage apps
– Allow OS updates, IE, Office, Adobe and SafeSync
45
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Application Control
ITR Use Cases - PreventData Discovery and Encryption
46
TMCM OSCE Server
OSCE Client
DLP Data Discovery
SQLlite DB
Data Discovery Policy WCU
Data Discovery Widgets
Data Discovery Log Query
Data Discovery Reports
Database
OSCE proxyOfcCMAgent
Scan Configuration
Scan Report
ScanConfiguration
Scan Report
DLP SDK Interface
Scan Policy & Command
Scan Report
Scan Engine
Match Engine
Policy Engine
Scan ResultCache
LogProcessor
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Midsize &
Enterprise
Business
The Interconnected Threat Response (ITR) Cycle
47
Analyze risk and nature
of attack and attacker,
and assess impact of
threats retrospectively
Update protection automatically,
prioritize areas for remediation and adapt protection
Detect advanced
malware, behavior and
communications
invisible to standard
defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
MONITOR &CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases – Detect
OfficeScan
USB Sensor
Deep Discovery
Analyzer
IWSVAScanMail
for MS
ExchangeScanMail for
Domino IMSVA
Deep Discover
Inspector
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases - DetectC&C alerting via local intelligence
OfficeScan InterScan
Messaging
Security
Deep
Security
InterScan
Web
Security
Deep
Discovery
Analyzer
1. C&C list shared with local SPN
2. SPN enabled products will
obtain the latest C&C list
SPN Enabled
Trend product
Local SPN
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Custom Defense
ITR Use Cases - DetectSuspicious Object sharing via local intelligence
50
Control Manager
OfficeScan InterScan
Messaging
Security
InterScan
Web
Security
Deep Discovery
Inspector
ScanMailEndpoint
Sensor
1. Suspicious object list
2. Suspicious objects list shared
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
IP
URL
Domain
File hashes
Open IOC information
Midsize &
Enterprise
Business
The Interconnected Threat Response (ITR) Cycle
51
Analyze risk and nature
of attack and attacker,
and assess impact of
threats retrospectively
Update protection automatically,
prioritize areas for remediation and adapt protection
Detect advanced
malware, behavior and
communications
invisible to standard
defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
MONITOR &CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Analyze Impact and Scope (Endpoints)
52
From
To
To
Confidential | Copyright 2014 | © Trend Micro Inc. | Internal Usage Only.
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Visualize the Attack Phases (Network)MONITOR
&CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
Midsize &
Enterprise
Business
The Interconnected Threat Response (ITR) Cycle
54
Analyze risk and nature
of attack and attacker,
and assess impact of
threats retrospectively
Update protection automatically,
prioritize areas for remediation and adapt protection
Detect advanced
malware, behavior and
communications
invisible to standard
defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
MONITOR &CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases - Respond Outbreak Prevention via Mutex Sharing
55
Deep
Discovery
Inspector/
Analyzer
OfficeScan Endpoint Endpoint EndpointControl Manager
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases - RespondFile Hash Based Blocking
56
Deep
Discovery
Inspector/
Analyzer
Application
Control / Officescan
Endpoint Endpoint EndpointControl Manager
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases – Respond:
Suspicious objects can feed into 3rd
party products to extend protection:
• Bluecoat
• HP SMS/Tipping Point
• Palo Alto Networks
• IBM XGS
• And Others…
57
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
ITR Use Cases – Respond :Outbreak Prevention via NSX Security Tagging
58
• Mechanism: Automatic VM Quarantining
– If Deep Security detects (uncleanable/unblockable) malware (and in 9.5sp1 also IPS rules)
– Then Deep Security adds an NSX tag to the VM
– VMWare NSX adds the VM to a Security Group based on the tag value (dynamic membership)
– This NSX Security group has firewall settings that isolates the VM to a management network for remediation and to prevent further infections
MONITOR &
CONTROL
PREVENT
DETECT
RESPOND
ANALYZE
CENTRALIZED VISIBILITY & CONTROL
60
vCloud Air
Security that Fits
Thank You!
Backup Slides
Copyright 2014 Trend Micro Inc.
Deep Discovery – Custom DefenseAdvanced Threat Protection
Across the Attack Sequence
Malicious Content
Copyright 2014 Trend Micro Inc.
Suspect Communication
Attack Behavior360 degree view80 + Protocol across all ports
Custom Sandboxing – Windows, Android, Mac
Custom Defense – Gateway, Messaging, Endpoints
Threat Intelligence across platforms – Windows, Mobile, Mac, Linux
Security Echosystem
SOC in a Box
Complete User Protection
Anti-Malware EncryptionApplicationControl
Device Management
Data LossPrevention
ContentFiltering
Employees
IT Admin
Security
Email &Messaging
Web Access Device Hopping
Collaboration
Cloud Sync& Sharing
Social Networking
File/Folder &Removable Media
65
66
Cloud and Data Center Security
Anti-MalwareIntegrity
MonitoringEncryptionSSL
IntrusionPrevention
ApplicationScanning
Copyright 2014 Trend Micro Inc.
Data CenterOps
Security
Data Center
Physical Virtual Private Cloud Public Cloud
67Copyright 2014 Trend Micro Inc.
68
• Identified 65M unique cyber security
incidents (more than 180K per day on
average) Note: We blocked 80B threats
targeting our customers.
• Discovered 65M unique malware infections
due to ALL activity (almost 180K per day on
average)
• Logged over 160 million command-and-
control (CnC) communications (more than
five every second on average)
• Analyzed 39,504 unique cyber security
incidents (more than 100 per day on
average)
• Discovered 17,995 unique malware
infections due to APT activity (almost 50
per day on average)
• Logged over 22 million command-and-
control (CnC) communications (less
than one every second on average)
Source: https://www2.fireeye.com/advanced-threat-report-2013.htmlConfidential | Copyright 2014 Trend Micro Inc.
Smart Protection Network – Web Requests/Day
Source: http://www.symantec.com/security_response/publications/threatreport.jsp
6,000,000,0001,700,000,000
0
10,000,000,000
Trend Micro Symantec
Confidential | Copyright 2014 Trend Micro Inc.
Smart Protection Network – Web Attacks Blocked/Day
Source: http://www.symantec.com/security_response/publications/threatreport.jsp
13,700,000568,000
0
10,000,000
20,000,000
Trend Micro SymantecConfidential | Copyright 2014 Trend Micro Inc.
Why Trend Micro Over McAfee?
480 BILLION
Queries/Month
6B Queries/Day
150M Nodes
Confidential/Copyright 2014 Trend Micro Inc.
2.5B
Queries/Day
120M Nodes
Broader Coverage
Confidential | Copyright 2015 Trend Micro Inc.
Consumers Government
AgenciesSMB Partners & OEMEnt/VLE
Endpoints Servers Virtual
Servers
Messaging Network SaaSGateway
6 Billion URLs Processed Daily
User Traffic / Sourcing
CDN vender
Rating Server for Known Threats
Unknown & Prefilter
Page Download
ThreatAnalysis
6 billion/day
3 billion/day
300 million/day
50% filtered
90% filtered
50,000 malicious URL /day
99.95% filtered
Trend Micro Products / Technology
CDN Cache
High Throughput Web Service
Hadoop Cluster
Web Crawling
Machine LearningData Mining
Technology Process Operation
Block malicious URL within 15 minutes once it goes online!
Copyright 2014 Trend Micro Inc.
Endpoint Security -- Consumer Products
2009
5.2 h
38.0 h
15.6 h
7.5 h
19.6 h
39.5 h
46.1 h
31.9 h
30.5 h
0 h 5 h 10 h 15 h 20 h 25 h 30 h 35 h 40 h 45 h 50 h
Trend Micro
Kaspersky
Norton
McAfee
Norman
F‐Secure
AVG
Panda
ESET
Average time to protect
New socially engineered malware
Average time to protect
2010
New socially engineered malware
2014
2014 Tests
Co
py
99.60%
70.53%
95.52%
70.00%
80.00%
90.00%
100.00%
Trend Micro Microsoft VendorAverage
0-Day Protection: 2014
99.83%
86.10%
96.60%
85.00%
90.00%
95.00%
100.00%
Trend Micro Microsoft(Baseline)
VendorAverage
Real-World Protection 2014 Averages (Mar-Nov)
99.99%
96.99%
95.00%
96.00%
97.00%
98.00%
99.00%
100.00%
Trend Micro Vendor Average
Malicious Apps - Avg Nov'13 - Nov'14 98.31%
97.20%
98.06% 97.34%96.64%
97.09%
97.40%
93.55% 93.67%
94.56% 94.63%93.68% 95.00%
95.77%
90.00%
92.00%
94.00%
96.00%
98.00%
100.00%
Q1'12 Q2'12 Q4'12 Q1'13 Q2'13 Q2'14 Q3'14
Opus One Anti-Spam Results Q1'12-Q3'14
Trend Micro Vendor Average
2014 Tests Cont’d
Co
py
2015 Attacks
Confidential | Copyright 2015 Trend Micro Inc.