Skip to content

Only a Custom Defense Effectively
Combats Advanced Persistent Threats

More Options

The Trend Micro Custom Defense Solution

Detect, analyze, and respond
to the attacks that matter to you

See whitepaper

Today’s most damaging attacks are targeted specifically at your people, your systems, your vulnerabilities, and your data. Advanced persistent threats (APTs) are stealthier and more sophisticated than ever, using insidious social engineering techniques to quietly penetrate your organization to deploy customized malware that can live undetected for months. Then when you are least expecting it, cybercriminals can remotely and covertly steal your valuable information—from credit card data to the more lucrative intellectual property or government secrets—potentially destroying your competitive advantage, or in the case of government even putting national security at risk.

Many organizations feel that they have been targeted. The Ponemon Institute found that 67 percent of organizations admit that their current security activities are insufficient to stop a targeted attack. Not surprisingly, Trend Micro found that 55 percent are not even aware of intrusions, and fewer know the extent of the attack or who exactly is behind it. While necessary to thwart the majority of today’s attacks, standard defenses have proven insufficient to handle APTs and targeted attacks. A custom attack requires a custom defense.  

The Trend Micro Custom Defense solution is the industry’s first advanced threat protection solution that enables you not only to detect and analyze APTs and targeted attacks, but also to rapidly adapt your protection and respond to specific attacks. 

The Trend Micro Custom Defense is a comprehensive solution that equips you to detect, analyze, adapt and respond to the attacks that matter most to you. We provided the most comprehensive advanced protection solution in the industry to address advanced targeted attacks that may be targeting your organization.This interactive cyber security assessment tool will help you assess your security posture.

Detect - Specialized threat detection capability at network and protection points

At the heart of the Trend Micro Custom Defense solution is Deep Discovery, a specialized threat protection platform that performs network-wide monitoring to detect zero-day malware, malicious communications, and attacker behaviors that are invisible to standard security defenses. Uniquely integrated with other Trend Micro security control points across the network, the solution can detect and block attacks occurring via corporate and personal email, social media applications, mobile devices, and more . It can also detect and block command and control communications back to the cybercriminal, or attempts to move laterally to other valuable systems within the network. Unlike competitive offerings that use generic ‘sandboxes’ in the hope that one will trigger and detect the attack, the Trend Micro Custom Defense allows for multiple, customer-defined sandboxes that better reflect your real-life environment and allow you to determine whether you have been breached. The Trend Micro Custom Defense sandbox detonates suspect code in a safe, controlled environment optimized to evade hacker techniques that are on the lookout for sandboxing solutions.

Analyze - Deep analysis uses custom sandboxing and relevant global intel to fully assess threats

Upon detection, the Trend Micro Custom Defense solution best enables you to profile in depth the risk, origin and characteristics of the attack, and uniquely delivers actionable intelligence that guides rapid containment and remediatiation. To aid in the threat investigation, Threat Connect offers a customized view of threat intelligence that is specific to your environment, and offers you the ability to tap into the power of a global, cloud-based threat intelligence network.

Respond - Attack profiles and network-wide event intelligence guide rapid containment and remediation

To immediately adapt and strengthen protection against further attacks, the Trend Micro Custom Defense helps you create custom responses to these targeted attacks, such as IP blacklists, custom spear phishing protection, and coming soon, custom signatures—all specific to each attack. The solution automatically updates the Smart Protection Network and issues these custom security updates to Trend Micro gateway, endpoint, and server enforcement points. Built using an open and extensible platform, the solution can also send security updates to non-Trend Micro security products that may already be an important part of your defense strategy.

Finally, the solution delivers 360-degree contextual visibility of the attack, arming you with the insight needed to respond to your specific attackers. The solution can deliver insight such as what information is being targeted, how the attack works, who the attacker is, and perhaps most importantly, who is actually sponsoring the attack. Armed with this information you can more rapidly contain and remediate the attack and contact appropriate authorities for further action.

The APT Attack Sequence

ATP Lifecycle

  1. Intelligence Gathering
    Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack.
  2. Point of Entry
    The initial compromise is typically from zero-day malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. (Alternatively, a web site exploitation or direct network hack may be employed.)
  3. Command & Control (C&C) Communication
    C&C communication is typically used throughout the attack, allowing the attacker to instruct and control the malware used and to enable the attacker to exploit compromised machines, move laterally within the network, and exfiltrate data.
  4. Lateral Movement
    Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control.
  5. Asset/Data Discovery
    Several techniques (ex. Port scanning) are used to identify the noteworthy servers and the services that house the data of interest.
  6. Data Exfiltration
    Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations under attacker’s control.

Connect with us on