Trend Micro Cybersecurity Reference Architecture...

13
1 Trend Micro Cybersecurity Reference Architecture for Operational Technology 2017 November

Transcript of Trend Micro Cybersecurity Reference Architecture...

Page 1: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

1

TrendMicroCybersecurityReferenceArchitectureforOperationalTechnology2017November

Page 2: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

2

Thispageintentionallyleftblank

Page 3: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

3

ContentsSection1:ExecutiveSummary.....................................................................................................................4

Section2:Real-worldcyberattacks.............................................................................................................5

Section3:ReferenceArchitecture...............................................................................................................6

Section3.1:OTSecurityReferenceArchitecture.....................................................................................6

Section3.2:OTSecurityDomains............................................................................................................8

Section3.3:OTCybersecurityControls...................................................................................................9

Section4:Solutions.....................................................................................................................................9

Section4.1:TrendMicroIoTSecurity....................................................................................................10

Section4.2:TrendMicroSafeLock........................................................................................................10

Section4.3:TrendMicroPortableSecurity2........................................................................................11

Section4.4:TrendMicroTippingPoint..................................................................................................11

Section4.5:TrendMicroDeepDiscoveryInspector..............................................................................12

Section4.6:TrendMicroDeepSecurity................................................................................................12

Section5:Summary...................................................................................................................................13

Figure1:CybersecurityFence......................................................................................................................4Figure2:ICSSecurityReferenceArchitecture.............................................................................................7Figure3:TrendMicroOTCybersecurityReferenceArchitecure.................................................................9

Page 4: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

4

Section1:ExecutiveSummaryTherearetwosidestothecybersecurityfencewhenaddressingthreatsandotherconcerns.Thefirstsideiswhatwe'remostfamiliarwithincorporateITorInformationTechnology(IT):Internetaccess,emailservers,Intranetcontentresourcessuchasdatabaseapplications,webcontent,FTP,RemoteAccess,etc.,andmostimportantly,endpoints.CorporateITsecurityisusuallyfacilitatedbyalayeredprotectionthatstartsatthecloud,externaltotheenterprise,thenmovesintothecorporatenetworkstartingatthegateway,proceedingfurtherwithinprotectingmiddlewareresources.DeepwithinthecorporatenetworkaretheusersandtheirendpointdevicessuchasdesktopPC,laptops,andmobiledevices.

Figure1:CybersecurityFence

TheothersideofthecybersecurityfenceistheOperationalTechnology(OT).Typically,thesearetheindustrialplants,auxiliarybuildings,andremoteinstallationunits.Withinthesefacilitiesaretheindustrialcontrolsystems(ICS)whicharemadeupofsupervisorcontrolanddataacquisition(SCADA)systems,distributedcontrolsystems(DCS)andothercontrolsystemconfigurationssuchasprogrammablelogiccontrollers(PLC)andremoteterminalunits(RTU)foundintheindustrialcontrolsectors.ICSaretypicallyfoundinindustriessuchasretail,manufacturing,utilities(electric,hydroelectric,andnuclear).SCADAsystemsaregenerallyusedtocontrolassetsdistributedthroughoutafacilityusingcentralizeddataacquisitionandsupervisorycontrol.DCSaregenerallyusedtocontrolproductionsystemswithinaspecificallylocalizedareawithinthefacilityusingsupervisoryandregulatorycontrol.PLCsandRTUsaregenerallyusedtocontrolspecificapplicationsordiscretefunctionswithinthefacilityandgenerallyprovideregulatorycontrol.Typically,theseICS’shadnoconnectivity,andthehumanmachineinterfaces(HMI),programmablelogiccontrollers,remoteterminalunit(RTU)wereallconnectedbyeitherserial,parallelorspecializedinterfaces.

Note:Industrialcontrolsystem(ICS)isageneraltermthatreferstoseveraltypesofcontrolsystems,includingsupervisorycontrolanddataacquisition(SCADA)systems,distributedcontrolsystems(DCS),andothercontrolsystemconfigurationssuchasprogrammablelogiccontrollers(PLC)andremoteterminalunits(RTU)mostoftenfoundintheindustrialsectorsandtheircriticalinfrastructures.AnICSconsistsofcombinationsofcontrolcomponents(e.g.,electrical,mechanical,hydraulic,pneumatic)thatacttogethertoachieveanindustrialobjective(e.g.,manufacturing,transportationofmatterorgenerationofelectricity).

Initially,ICSenvironmentswithinOThadlittleresemblancetotheITsystems;ICSwereisolatedsystemsrunningproprietarycontrolprotocolsusingspecializedhardwareandsoftware.ManyICScomponentswereinphysicallysecuredareasandthecomponentswerenotconnectedtoITnetworksorsystems.

Page 5: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

5

However,theneedtolowercost,havebetterperformanceandefficiencyalongwithwidelyavailable,low-costnetworkdevices,hardware,andsoftwareapplicationshavereplacedtheseproprietaryICSsolutions.TheInformationTechnologysideofthecybersecurityfencewasgettingconnectedasnetworkdevicesbecamemorereadilyavailableandwerelessexpensiveandfastertoimplement.TheOTsideeventuallydecidedthattheirfacilitiescouldfurtherincreaseoperationalefficienciesbyleveragingthesameresourcesusedbyIT.Theseincludesolutionstopromotecorporatesystemsconnectivity,suchasremoteaccess,alongwithusingindustry-standardcomputers,operatingsystemsandnetworkprotocols.

AsICSadoptssolutionsusedwithinIT,OTenvironmentsarestartingtoresembletheirITcounterparts.Thisadoptionsupportsnewcapabilities,butprovidessignificantlylessisolationfromtheoutsideworldthanpredecessorICSconfigurations,creatingagreaterneedtosecurethesesystems.

WhilesecuritysolutionshavebeendesignedandproventodealwithsecurityissuesintypicalITenvironments,specialprecautionsmustbetakenwhenintroducingthesesamesolutionstoICSenvironments.Insomecases,newsecuritysolutionsareneededthataretailoredtotheICSenvironment.ICSenvironmentscontroltheattributesinthephysicalworldandanITenvironmentmanagesdata.ICShavemanycharacteristicsthatdifferfromtraditionalITsystems,includingdifferentrisksandpriorities.Someoftheseincludesignificantrisktothehealthandsafetyofhumanlives,seriousdamagetotheenvironment,andfinancialissuessuchasproductionlossesandnegativeimpacttoanation’seconomy.Securityprotectionsmustbeimplementedinawaythatmaintainssystemintegrityduringnormaloperationsaswellasduringtimesofacyber-attack.RevolutionarychangestoICSenvironmentshaveincreasedthepossibilityofcybersecurityvulnerabilitiesandincidentsthatwereonceoflittleconcern.

AfterthefirstIBMPCcompatiblevirus,theBrainbootsectorvirus,wasreleasedinJanuary1986,cybersecuritybecameamandatorydisciplinewithintheIT.However,itwasn'tamandatorydisciplineintheOTenvironments,andOTreliedonITfortheircybersecurityconcerns.Now,however,cyber-attacksonOTarecommonplace,andincreasingeveryyear

AneffectivecybersecurityprogramforanICSisastrategyknownaslayeredprotection,or“defense-in-depth,”layeringsecuritycontrolmechanismssuchthattheimpactofafailureinanyonelayerisminimizedthroughouttheICSenvironment.

Section2:Real-worldcyberattacksCyberattackershavesentphishingemailstoanumberofindustrialorganizationsintheMiddleEast,gainedunauthorizedaccesstoadaminupstateNewYork,leveragedBlackEnergymalwaretocauseapoweroutageandattackanairportinUkraine,inflicted“massive”damageataGermansteelmillbymanipulatingsomeofitsICSsystems,andcaused“somedisruption”atanunnamednuclearpowerplant.Andin2010,StuxnetattackedtheIranianICSnetworkforcontrollingcentrifuges.

AllOTindustrialorganizationsmustnowconfrontthepossiblethreatofadigitalinitiatedcyberattack.Tohelpdefendagainstthesebadactors,manyenterpriseshavetakenuponthemselvestoprotecttheirOTdomainswithlessrelianceontheirITdomaincounterparts.

Page 6: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

6

NolongercansecurityintheOTdomainrelyonsecurityfromtheITdomainforitsprotectionandisolation.IthasalreadybeenshownthatcompromisingtheITdomaineventuallyleaksovertotheOTdomain.ThefirstknownsuccessfulcyberattackonapowergridoccurredonDecember23,2015.HackerscompromisedtheUkrainepowergridandwereabletosuccessfullycompromiseinformationsystemsofthreeenergydistributioncompaniesandtemporarilydisruptelectricitysupplytocustomers.Thirtysubstationswereswitchedoffandabout230,000peoplewereleftwithoutelectricityforaperiodfrom1to6hours.

Atthesametimeconsumersoftwootherenergydistributioncompanieswerealsoaffectedbyacyberattack,butatasmallerscale.Thecyberattackwascomplex,beginningwithapriorcompromiseofITcorporatenetworksusingphishingemailswithBlackEnergymalware.LateralmovementwithintheITnetworkfoundasystemdedicatedtoaccessingtheOTdomain.Failuretouse2-factorauthenticationallowedthehackersaccesstoICSnetworksystem.TheyseizedSCADAcontrols,remotelyswitchedsubstationsoff,anddisabledordestroyedITinfrastructurecomponents(uninterruptiblepowersupplies,modems,RTUs,commutators).ThehackersalsousedtheKillDiskmalwaretodestroyfilesstoredonserversandworkstationsandlauncheddenial-of-serviceattacksonacall-centertodenyconsumersup-to-dateinformationontheblackout.Intotal,upto73MWhofelectricitywasnotsupplied,or0.015%ofdailyelectricityconsumptioninUkraine.

Section3:ReferenceArchitectureSection1discussedthattheOTrealmislookingmoreandmorelikeitsITcounterpartusingthesamehardware,operatingsystem,softwareandapplications.Therefore,OTrealmwillbesubjecttosimilarifnotthesamecybersecuritythreatsandincidents.WhilesecuritysolutionshavebeendesignedtodealwiththecybersecurityincidentsintheITnetworks,precautionsmustbetakenwhenintroducingsomeofthesesamesolutionsintotheOTnetworks.Insomeincidents,alternativesecuritysolutionsmustbeappliedtotheOTnetworks.

ItisbeyondthescopeofthisdocumenttodiscussalloftheCybersecurityrecommendationsandcybersecuritycontrolmechanisms.TherearepublishedguidelinesfromIndustrialControlSystemsCyberEmergencyResponseTeam(ICS-CERT),DepartmentofHomelandSecurity(DHS),NationalInstituteofStandardsandTechnology(NIST),andSANS.orgthatprovidesdetailsandrecommendations.AneffectivecybersecuritystrategyforanICSenvironmentshouldapplyalayeredprotection/defense-in-depth,atechniqueoflayeringcybersecuritycontrolsmechanismssothattheimpactofacompromisewithinasecuritydomainislocalizedandminimized.TheremainderofthedocumentwillfocusontheICSsecurityarchitecture,securitydomains,andcybersecuritycontrolsfromtheabovementionedorganizationsanditsgeneralrecommendapplication.

Section3.1:OTSecurityReferenceArchitectureDHS,ICS-CERT,NIST,andSANSallhavethesamerecommendationwhendesigningandimplementinganetworkarchitectureforanOTdeployment,thatitishighlyrecommendedtoseparatetheOTnetworkfromthecorporateITnetwork.Thenatureofnetworktrafficonthesetwonetworksisdifferent.Internetaccess,FTP,email,web,andremoteaccesswilltypicallybepermittedonthecorporateIT

Page 7: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

7

networkbutshouldnotbeallowedontheOTnetwork.Rigorouschangecontrolproceduresfornetworkequipment,configuration,andsoftwarechangesthatmaynotbeinplaceonthecorporateITnetwork,however,aretypicalforOTnetworks.Byhavingseparatenetworks,securityandperformanceproblemsonthecorporateITnetworkshouldnotbeabletoaffecttheOTnetworkandvice-versa.

TheaforementionedrecognizedinstitutionshaveallcreatedanOTreferencearchitecturespecificallyaddressingtheconcernsforICSnetworks,showninFigure2.ThisarchitectureindicatesthegeneralfunctionalrequirementstypicalforexistingICSnetworks(althoughactualimplementationsarehighlyvariable).Thisexampleonlyattemptstoidentifynotionaltopologyconcepts.ActualimplementationsofICSsegmentsmaybehybridsthatblurthelinesbetweenDCS,SCADA,PLC,andRTUssystemsdeployed.

Figure2:ICSSecurityReferenceArchitecture

Practicalconsiderations,suchascost-of-ownershipandresourcesrequiredtoinstallandmaintainanOTnetworkwithinthecorporateITinfrastructure,oftenmeanthataconnectionisrequiredbetweentheOTandcorporateITnetworks.Thisconnectionisasignificantsecurityriskandshouldbeprotectedbyboundaryprotectiondevices.TherecommendedboundaryprotectiondevicesarethroughaDMZandfirewallwithadditionalcybersecuritycontrolmechanisms,showninFigure2.

Note:ADMZisaseparatenetworksegmentthatisolatestheOTandITnetworkconnectionsdirectlythroughafirewall.

NetworkisolationviasegmentationandsegregationaddressestherequirementsoffurtherpartitioningtheICSnetworksdeploymentintodiscretesecuritydomains.OperationalriskanalysisshouldbeperformedtodeterminecriticalpartsofeachICSenvironmentsanditsoperations.Forexample,a

Page 8: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

8

separatesecuritydomaincouldbestructuredfortheHMI,SCADA/DCS,andinstrumentationssystemsdeployed,asinFigure2.Thebasicrequirementforsegmentationandsegregationistominimizeaccesstosystemsandresourcesacrosssecuritydomainsintheeventofacybersecurityattackorincident.

Traditionally,networksegmentationandsegregationisimplementedatthegatewaybetweendomains.WithintheOTnetwork,ICSenvironmentsoftenhavemultiplewell-definedsecuritydomains,suchasoperationalLANs,controlLANs,andinstrumentationLANs,forexample.Gatewaysconnecttonon-OTandlesstrustworthydomainssuchastheInternetandthecorporateLANs,showninFigure2.

Whenimplementingnetworksegmentationandsegregationcorrectlyyouareminimizingthemethodandlevelofaccesstosensitiveinformationandsystemresources.Thiscanbeachievedbyusingavarietyoftechnologiesandsecuritymethods,themostcommonofwhicharelistedbelow.Thisisonlyasubsetofthefullcomponentsavailable.Seethedocumentsfromtheaforementionedinstitutionsforamorecomprehensivelist.

• Networktrafficfiltering,whichcanuseavarietyoftechnologiesatvariousnetworklayerstoenforcesecurityrequirementsanddomains.

• NetworklayerfilteringthatrestrictswhichsystemsareabletocommunicatewithothersonthenetworkbasedonIPandroutinginformation.

• State-basedfilteringthatrestrictswhichsystemsareabletocommunicatewithothersonthenetworkbasedontheirintendedfunctionorcurrentstateofoperation.

• Portand/orprotocollevelfilteringthatrestrictsthenumberandtypeofservicesthateachsystemcanusetocommunicatewithothersonthenetwork.

• Applicationfilteringthatcommonlyfiltersthecontentofcommunicationsbetweensystemsattheapplicationlayer.Thisincludesapplication-levelfirewalls,proxies,andcontent-basedfilter.

Boundaryprotectionsecuritycontrolsshouldincludegateways,routers,firewalls,network-basedmaliciouscodeanalysis(sandboxing),virtualizationsystems,intrusiondetection/preventionsystems,VPNencryptedtunnels,forexample.

Section3.2:OTSecurityDomainsFromthesecurityreferencearchitecturethebasicrecommendationsisforfoursecuritydomainswithintheICSenvironments.Asmentioned,thisisonlyarecommendationandactualimplementationdependsonthephysicalnationoftheplantorfacility.AddingadditionalsecuritydomainsandsegmentationorsegregationoftheICSenvironmentswithfirewallsandDMZwillcomplicatethenetworkdesignandincreasethecostandmanagementoftoocomplexofanetwork.Thefourdomains:

1. SiteManufacturingOperationsandControls:Generalbusinessoperationsinthesupportoffacilityoperations.TraditionalusingthesamesecuritycontrolsdeployedwithintheCorporateITnetwork.

2. AreaControls:HMI,SCADA,DCS3. BasicControls:PLC,RTU4. Instrumentation:Sensors,actuators,meters,etc.

Page 9: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

9

Section3.3:OTCybersecurityControlsSection3.1discussesthehardwaresecuritycontrolmechanisms.Thissectiondiscussesthesoftwareandapplicationsecuritycontrols.Cybersecuritycontrols,includingmonitoringofsensorsandlogs,IntrusionDetections,antivirus,patchmanagement,policymanagementsoftware,andothercybersecuritycontrolmechanisms,shouldbedoneonareal-timebasiswherefeasible.

Itisinterestingtonotethattheaforementionedinstitutions'recommendationisthatanantivirusproductchosenforICSenvironmentforprotectingsystemsshouldnotbethesameastheantivirusproductusedforwithinthecorporateITnetwork.Asaresult,theinstitutionssuggestimplementingwhitelistinginsteadofblacklistingsoftware(typicallyantivirussoftwareusesblacklistingtechnology);thatis,grantaccesstotheknowngoodapplicationsandservices,ratherthandenyingaccesstoexecuteknownbadentities.Typically,thesetorsetsofapplicationsthatrunwithinICSenvironmentsisessentiallystaticandfew,makingwhitelistingmorepracticalandfeasibletomaintain.Thiswillalsoimproveanorganization’scapacitytoanalyzelogfilesandmaintenanceactivities.

ForisolatedordisconnectedsystemswithintheICSenvironment,itisrecommendedtoperiodicallyrunareal-timescanwithexternalsoftware.ThatissoftwarenotinstalledonthesystemswithintheICSenvironmentsbutratherusedbyattachinganexternaldeviceviaUSB,CD/DVD,etc.withup-to-datesoftwareforthescanningoperations.Theresultingoperationscanbeanalyzedatalaterdateifmalwareisnotdetectedimmediately.

Section4:Solutions

Figure3:TrendMicroOTCybersecurityReferenceArchitecure

Page 10: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

10

ThefollowingdescribesTrendMicro'sIoTcybersecuritysoftware.

Section4.1:TrendMicroIoTSecurityTheevolutionoftheInternetofThings(IoT)hasmadelifealotmoreconvenientandproductiveforbothconsumersandbusinessesalikeoverpastfewyears.Forexample,withasmartcamera,Consumerscancheckthestatusoftheirchildrenusingtheirmobiledevices,whileawayfromhomeandonbusiness.Butbecausesecurityisn'talwaysdesignedintothesedevices,theInternetofThingspresentslotsofsecuritychallengesforindividuals,businesses,andsecurityprofessionalsalike.

TheBusinessenvironment,suchastheautomobileindustry,facesanemergingchallengeintheareaofcybersecurity.Forautomobileoriginalequipmentmanufacturers(OEMs),Tier1suppliers,cardealers,serviceproviders,carownersanddrivers,cyberattacksarenowarealitythattheyhavetograpplewith.

IntheeraoftheInternetofThings(IoT),moreandmorekeydevicefunctionsrelyonsoftwareratherthanhardware.Thisisalsotruewithvehicles.Unfortunately,asvehiclesbecomeincreasinglyautomatedandconnectedwiththeoutsideworld,theytendtofacegrowingsecuritythreats.Vulnerabilitiesariseparticularlywhenjust-in-timemanufacturingandafasterspeedtomarketleavelesstimeforproductsafetytesting.Thesevulnerabilitiesmightnotbeuncovereduntilmillionsofvehicleshavebeenreleased,inwhichcasethenecessarypatchingprocedureisallbutcertaintoproveevenmorecostly—notonlytotheaffectedcarmaker’sfinancesbutalsotoitsreputation.It’simportant,then,forsecuritymeasurestobeproperlyappliedrightfromtheoutsetofthecarmanufacturingprocess,startinginthedesignphase.

Thatiswhyitisimportantfordevicemanufacturertointegratesecurityintothedeviceitself,toensureconsumersandbusinessesareprotectedfromthesechallenges,theminutetheyinstallyourIoTdevice.Becauseofthesechallenges,TrendMicrohavedevelopedacybersecuritysolutioncalledTrendMicroInternetofThing(IoT)SecurityconsistingofFileIntegritychecking,ApplicationWhitelisting,HostedIntrusionPreventionServices(HIPS),NetworkAnomalyScanningandDetection,SystemVulnerabilityScanning,andVirtualPatching.

TrendMicroIoTSecurity(TMIS)isbuilt-inIoTsecuritysoftwarethatmonitors,detectsandprotectsIoTdevicesfrompotentialrisks,includingdatatheftandransomwareattacks.Thisensuresfirmwareintegrityandreducestheattacksurface,whichnotonlypreventsharmtoyourIoTdevices,butalsominimizesdevicemaintenancecostsandprotectsyourreputation.

Section4.2:TrendMicroSafeLockSystemLockdownSoftwareforFixed-FunctionDevices

TrendMicroSafeLockforIoTTM

Protectfixed-functiondevicessuchasindustrialcontrolsystemsandembeddeddevices,terminalsinaclosedsystem,andlegacyOSterminalsagainstmalwareinfectionandunauthorizeduse.

Don’tgiveuponsecuritysoftwarebecauseoftheimpactonperformanceandtheneedtoupdate.TrendMicroSafeLockforIoTTMpreventstheexecutionofmalwarewithlockdown.

Page 11: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

11

Lockdownisatechniquethatlimitsasystemtorunningonlyday-to-dayoperationswhilecontrollingsystemresourcesandaccess.Wheremostanti-virussoftwareusesblacklistingtoforbidknownmalwarefromrunning,SafeLockuseswhitelistingtoallowonlyknownandapprovedprocessestorun.Thesetofapplicationsthatruninfixedfunctiondevicesisessentiallystatic,makingwhitelistingpracticalandeliminatingtheneedtoregularlyupdateablacklist.SafeLock'sapproachhasalimitedimpactonsystemperformanceandcanimproveanorganization’scapacitytoanalyzelogfiles.

TrendMicroSafeLockforIoTcanprotectterminalsreservedforcriticalcontrolsystems,embeddeddevices,andlegacyOSterminals.Also,itseasyuserinterfaceandcooperationwithTrendMicroPortableSecurityenablesrapiddeploymentandahighdegreeofoperability.

Section4.3:TrendMicroPortableSecurity2MalwareScanningandCleanupToolforStandalonePC&ClosedSystems;NoInternetconnectiondoesnotmeansafeandsecure.

TheInternetisnottheonlywaythatmalwarecaninfectPC.ATrendMicrosurveyofcompaniesinJapanfoundthat20%ofstand-alonecomputersandPCsinclosednetworkswereinfectedwithmalware.Devicesbroughtinfromoutsidethesystembyusers,aswellastheuseofUSBflashdrives,caninfectstand-alonePCsandthoseinclosesystems.

OrganizationalrestrictionsoninstallingsoftwareonthesePCsmeansthatvirusprotectionsoftwareeithercan’tbeinstalledatallorcan’tbeupdatedtocoverthelatestgenerationofmalware.WithoutaccesstotheInternet,PCsthatdohaveanti-virussoftwareinstalledaredifficulttoscanwiththelatestmalwarepatternfile.

TrendMicroPortableSecurityforIoTsolvestheproblem.

ThePortableSecurityforIoThand-heldtoolplugsintoaUSBporttodetectandeliminatemalware,withouttheneedtoinstallsoftwareonthePC.Thetoolchangescolortoindicatewhetherornotitdetectsmalwareandwhetheritiseliminatedorneedsfurtherintervention.ForPCsonanetwork,PortableSecurityforIoThasacentralizedmanagementprogramthatcanmanagemalwarepatternfilesandconfigurations.Itcanalsocompilethescanlogsofthescanningtoolsinmultiplelocationsinanintegratedfashion.Moreover,theeventlogofthesystemlockdownsecuritysoftware“TrendMicroSafeLock”(separatelycharged)canbeobtainedwiththePortableSecuritymanagementprogram.

Section4.4:TrendMicroTippingPointThethreatlandscapecontinuestoevolvebothinsophisticationandintechnology.Thismeansanewsecuritysystemthatisbotheffectiveandflexibleisneededduetothedynamicnatureofthelandscape—onethatallowsyoutotailoryoursecuritytomeettheneedsofyournetwork.Selectinganetworksecurityplatformisacriticaldecisionbecauseitservesasthefoundationforadvancednetworksecuritycapabilitiesnowandinthefuture.And,giventhebackdropofthechangingthreatlandscape,theimportanceofnetworksecuritycontinuestoincrease,makingitadifficulttask.TrendMicroTippingPointThreatProtectionSystem(TPS)isanetworksecurityplatformpoweredbyXGen™security,atechnologythatofferscomprehensivethreatprotectionshieldingagainst

Page 12: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

12

vulnerabilities,blockingexploitsanddefendingagainstknownandzero-dayattackswithhighaccuracy.Itprovidesindustry-leadingcoveragefromadvancedthreats,malware,andphishing,andotherthreatvectorswithextremeflexibilityandhighperformance.TheTPSusesacombinationoftechnologies,includingdeeppacketinspection,threatreputation,andadvancedmalwareanalysisonaflow-by-flowbasis—todetectandpreventattacksonthenetwork.TheTPSenablesenterprisestotakeaproactiveapproachtosecuritytoprovidecomprehensivecontextualawarenessanddeeperanalysisofnetworktraffic.Thiscompletecontextualawareness,combinedwiththethreatintelligencefromDigitalVaccineLabs(DVLabs),providesthevisibilityandagilitynecessarytokeeppacewithtoday’sdynamic,evolvingenterprisenetworks.

Section4.5:TrendMicroDeepDiscoveryInspectorHackersoftencustomizetargetedattacksandadvancedthreatstoevadeyourconventionalsecuritydefensesandtoremainhiddenwhilestealingyourcorporatedata,intellectualproperty,andcommunications,andsometimestoencryptcriticaldatauntilransomdemandsaremet.Todetecttargetedattacksandadvancedthreats,analystsandsecurityexpertsagreethatorganizationsshouldutilizeadvanceddetectiontechnologyaspartofanexpandedstrategy.DeepDiscoveryInspectorisaphysicalorvirtualnetworkappliancethatmonitors360degreesofyournetworktocreatecompletevisibilityintoallaspectsoftargetedattacks,advancedthreats,andransomware.Byusingspecializeddetectionenginesandcustomsandboxanalysis,DeepDiscoveryInspectoridentifiesadvancedandunknownmalware,ransomware,zero-dayexploits,commandandcontrol(C&C)communicationsandevasiveattackeractivitiesthatareinvisibletostandardsecuritydefenses.Detectionisenhancedbymonitoringallphysical,virtual,north-south,andeast-westtraffic.ThiscapabilityhasearnedTrendMicrotherankofmosteffectiverecommendedbreachdetectionsystemfortwoyearsrunningbyNSSLabs.

Section4.6:TrendMicroDeepSecurityVirtualizationandhybridcloudcomputingcanhelpyourorganizationachievesignificantsavingsindatacenterhardwarecosts,operationalexpenditures,andenergydemands—whileachievingimprovementsinqualityofserviceandbusinessagility.However,asdatacenterscontinuetotransitionfromphysicaltovirtualandnowincreasingly,cloudenvironments,traditionalsecuritycanslowdownprovisioning,becomedifficulttomanage,andcauseperformancelag.Asyouscaleyourvirtualenvironmentandadoptsoftware-definednetworking,evolvingyourapproachtosecuritycanreducetime,effort,andimpactonCPU,network,andstorage.TrendMicro’smoderndatacentersecurityisoptimizedtohelpyousafelyreapthefullbenefitsofyourvirtualizedorhybridcloudenvironment.Ourvirtualization-awaresecurityoffersmanyadvantagesincludingperformancepreservation,increasedVMdensities,andacceleratedROI.TrendMicro™DeepSecurity™offersacompletesetofsecuritycapabilitieswiththefeaturesyouneedtobenefitfromtheefficienciesofvirtualizedenvironmentsandhelpmeetcompliance.Thisintegratedsolutionprotectsphysical,virtual,cloud,andhybridenvironments.

Page 13: Trend Micro Cybersecurity Reference Architecture …iiot-world.com/wp-content/uploads/2017/12/Trend-Micro...DHS, ICS-CERT, NIST, and SANS all have the same recommendation when designing

13

Section5:SummaryThepurposeofthiswhitepaperistopresentsomeofthechallengesfacingcybersecurityprofessionalsmanagingandmaintainingOperationalTechnologydomainsandtheIndustrialControlSystemsandNetworkswithinthesenetworks.ByadheringtoareferencearchitecturebasedontheiSA95referencemodel,thecybersecurityprofessionalcandeploytime-provenandappropriatecybersecuritysolutionsthatareeasytodeploy,manage,andmaintain,andthatcaneasilyreachalevelofsecurityforanyOperationalTechnologyandIndustrialControlSystemwheresecuritymatters.


Trend Micro, the Trend Micro t-ball logo, Trend Micro ...origin-docs.trendmicro.com/all/smb/hes/vAll/en-us/... · About Trend Micro Hosted Email Security Trend Micro™ Hosted Email

Trend Micro, the Trend Micro t-ball logo, Trend Micro ...origin-docs.trendmicro.com/all/smb/hes/vAll/en-us/... · About Trend Micro Hosted Email Security Trend Micro™ Hosted Email

Copyright © 2013 Trend Micro Incorporated. All rights ...knowledgebase.mcgill.ca/.../trend-manuals/tmsm2.0_adminguide.pdf · Provides best practice ... Trend Micro Security (for

Copyright © 2013 Trend Micro Incorporated. All rights ...knowledgebase.mcgill.ca/.../trend-manuals/tmsm2.0_adminguide.pdf · Provides best practice ... Trend Micro Security (for

Trend Micro Administrator Guide

Trend Micro Administrator Guide

Trend Micro, the Trend Micro t-ball logo, OfficeScan, and ...€¦ · Trend Micro, the Trend Micro t-ball logo, OfficeScan, and Control Manager are ... available in the Trend Micro

Trend Micro, the Trend Micro t-ball logo, OfficeScan, and ...€¦ · Trend Micro, the Trend Micro t-ball logo, OfficeScan, and Control Manager are ... available in the Trend Micro

Trend Micro Cloud Protectionla.trendmicro.com/media/wp/cloud-protection-whitepaper...Page 4 of 8 | Trend Micro White Paper Trend Micro Cloud Protection Private Cloud Private clouds

Trend Micro Cloud Protectionla.trendmicro.com/media/wp/cloud-protection-whitepaper...Page 4 of 8 | Trend Micro White Paper Trend Micro Cloud Protection Private Cloud Private clouds

ANTISPYWARE ANTIVIRUS Trend Micro AntiVirus + AntiSpyware ... · TREND MICRO ANTIVIRUS + ANTISPYWARE I CONSUMER DATASHEET Page 1 of 2 Trend Micro AntiVirus + AntiSpyware is the essential

ANTISPYWARE ANTIVIRUS Trend Micro AntiVirus + AntiSpyware ... · TREND MICRO ANTIVIRUS + ANTISPYWARE I CONSUMER DATASHEET Page 1 of 2 Trend Micro AntiVirus + AntiSpyware is the essential

Trend Micro, the Trend Micro t-ball logo, Trend Micro ...docs.trendmicro.com/all/smb/hes/vAll/en-us/hes_ad_sync_tool_ug.pdf · Active Directory Synchronization Tool User Guide iv

Trend Micro, the Trend Micro t-ball logo, Trend Micro ...docs.trendmicro.com/all/smb/hes/vAll/en-us/hes_ad_sync_tool_ug.pdf · Active Directory Synchronization Tool User Guide iv

Trend Micro - 13martie2012

Trend Micro - 13martie2012

Trend Micro Corp Presentation

Trend Micro Corp Presentation

Service Pack 1 Installations- und Upgrade ... - Trend Micro€¦ · Sie in der Trend Micro Online-Hilfe und/oder der Trend Micro Knowledge Base finden. Trend Micro ist stets bemüht,

Service Pack 1 Installations- und Upgrade ... - Trend Micro€¦ · Sie in der Trend Micro Online-Hilfe und/oder der Trend Micro Knowledge Base finden. Trend Micro ist stets bemüht,

TREND MICRO SMART PROTECTION SUITESvn.trendmicro.com/.../business/brochures/br_smart-protection-suites.… · TREND MICRO™ SMART PROTECTION SUITES Maximum Trend Micro™ XGen™

TREND MICRO SMART PROTECTION SUITESvn.trendmicro.com/.../business/brochures/br_smart-protection-suites.… · TREND MICRO™ SMART PROTECTION SUITES Maximum Trend Micro™ XGen™

TREND MICRO DEEP SECURITY - Protezione Dati · TREND MICRO DEEP SECURITY Deployment Guide for EMC VSPEX Environments Trend Micro Solutions Team Abstract This document describes best

TREND MICRO DEEP SECURITY - Protezione Dati · TREND MICRO DEEP SECURITY Deployment Guide for EMC VSPEX Environments Trend Micro Solutions Team Abstract This document describes best

Trend Micro Titanium Internet Securitystatic.highspeedbackbone.net/pdf/Trend Micro 8092587... · 2012-01-20 · Trend Micro™ Titanium™ Internet Security Your digital life—protected.

Trend Micro Titanium Internet Securitystatic.highspeedbackbone.net/pdf/Trend Micro 8092587... · 2012-01-20 · Trend Micro™ Titanium™ Internet Security Your digital life—protected.

EdgeFire™ - Trend Micro

EdgeFire™ - Trend Micro

Trend Micro, the Trend Micro t-ball logo, Trend Micro ...€¦ · Trend Micro Remote Manager Trend Micro Remote Manager is a single pane of glass management console for Trend Micro

Trend Micro, the Trend Micro t-ball logo, Trend Micro ...€¦ · Trend Micro Remote Manager Trend Micro Remote Manager is a single pane of glass management console for Trend Micro

Trend Micro

Trend Micro

Trend Micro, the Trend Micro t-ball logo, OfficeScan, and

Trend Micro, the Trend Micro t-ball logo, OfficeScan, and

TREND MICRO DEEP SECURITY€¦ · TREND MICRO DEEP SECURITY Deployment Guide for EMC VSPEX Environments Trend Micro Solutions Team Abstract This document describes best practices

TREND MICRO DEEP SECURITY€¦ · TREND MICRO DEEP SECURITY Deployment Guide for EMC VSPEX Environments Trend Micro Solutions Team Abstract This document describes best practices

Trend Micro SMART PROTECTION FOR OFFICE 365€¦ · Smart Protection for Office 365 offers two great Trend Micro products in one, Trend Micro Hosted Email Security and Trend Micro

Trend Micro SMART PROTECTION FOR OFFICE 365€¦ · Smart Protection for Office 365 offers two great Trend Micro products in one, Trend Micro Hosted Email Security and Trend Micro

Choose Trend Micro for Security - insight.com · TREND MICRO Choose Trend Micro for Security only Trend Micro ™ Titanium delivers on everything you’ve always wanted in an antivirus

Choose Trend Micro for Security - insight.com · TREND MICRO Choose Trend Micro for Security only Trend Micro ™ Titanium delivers on everything you’ve always wanted in an antivirus