Find out why managing big data is a big deal for your security
The Trend Micro Smart Protection Network cloud data mining framework rapidly and accurately identifies new threats, delivering global threat intelligence to all our products and services. Ongoing advances in the depth and breadth of the Smart Protection Network allow us to look in more places for threat data, and respond to new threats more effectively, to secure data wherever it resides. Read datasheet
Today’s threat environment means vendors have to deal with the 3 Vs of big data: volume, variety, and velocity. Each of these is growing at an astounding rate and has required a shift in how security vendors data mine and manage today’s threats.
We collect massive amounts of threat-specific data, then use big data analytics to identify, correlate, and analyze new threats. This produces actionable threat intelligence we use to deliver immediate protection through our proven cloud infrastructure.
Trend Micro’s ability to collect, identify and protect through the Smart Protection Network data mining framework ensures the volume, velocity and variety of threat data is managed efficiently and effectively.
To understand more, see how CTO Raimund Genes, in his latest CTO Insights video blog, explains the use of big data within the Smart Protection Network framework to deliver improved protection against today’s threats.
White paper: Big Data for Advanced Threat Protection: Key Criteria for Cutting Through the Clamor (PDF)
"Leveraging Big Data for information security purposes not only makes sense but is necessary."
—Mark Bouchard, Aimpoint Group
White paper: Addressing Big Data Security Challenges: The Right Tools for Smart Protection (PDF)
Understand how Big Data is analyzed in the context of cyber security to ultimately benefit the end user.
The Smart Protection Network framework works in three distinct areas: data collection, identification, and protection.
Thirty million new attacks emerge every year. Smart Protection Network is designed to seek out the massive volume of data that can uncover these attacks.
We pioneered the use of big data analytics for threat intelligence when we started building the Smart Protection Network some seven years ago. We host thousands of event feeds and stream billions of events in our data centers, and have become experts in the data mining tools and techniques required to make sense of the variety of threats and attacks being perpetrated.
It’s critical to match the velocity of attacks with an equally fast response. We consistently demonstrate faster time to protect in independent tests.
Mobile App Reputation technology can be easily integrated by service providers and application developers to provide apps of higher quality and better security to app stores, while users avoid privacy risks and high resource consumption.
Correlation with other reputation technologies ensures Trend Micro customers are protected from malicious mobile apps and web pages where these apps are located.
Our endpoint products query the whitelist whenever a suspicious file is identified to check if the file is a known good file. The database is also used by threat researchers to quickly eliminate known good files from being analyzed during our processes for identifying malicious content.
Trend Micro researchers are constantly monitoring and working with 3rd party vendors whose applications may be exploited by criminals. We also monitor exploits at various sources and monitor criminal communications and sites for active code.
This allows us to quickly identify and correlate the threat intelligence needed to block exploits from taking advantage of software vulnerabilities, known or unknown. This enables us to protect our customers against software vulnerabilities.
This provides our researchers with gigabytes of malicious network traffic that is filtered, processed, and analyzed to create and test intelligent rules to detect malicious communications and behaviors. Additionally, threat researchers perform penetration testing in simulated enterprise network environments providing them with rich network traffic for further rule development and testing.
Analyzing the tools and techniques used by threat actors allows us to develop models of behavior and tools that help us identify new threats. Applying these tools and models to the data we receive from our global sensornet lets us quickly identify any new threats that may be propagating.
This research also allows us to develop proactive detection of new threats before they are used by the cybercriminals.
We assign a reputation score based on factors such as a website’s age, historical location changes and indications of suspicious activities discovered through malware behavior analysis. We’ve advanced how we apply web reputation to keep pace with new types of criminal attacks that can come and go very quickly, or try to stay hidden.
1st Generation Web Reputation
2nd Generation Web Reputation
The first layer of defense validates IP addresses by checking them against a reputation database of known spam sources; the second layer uses machine learning to identify malicious or spam-like content; the third layer correlates email with our other threat data so that, for example, it can immediately block a link to a malicious URL identified by our web reputation technology.
This in-the-cloud approach eliminates the need to deploy a large number of pattern files to hundreds or thousands of endpoints. As soon as the pattern is updated on the Smart Protection Server, protection is immediately available to all clients.
We continually enhance file reputation to improve malware detection. Smart Feedback allows Trend Micro to use community feedback of files from millions of users to identify pertinent information such as the prevalence of a file, geo-location, age, first seen, last seen and other data that helps determine the likelihood that a file is malicious.
Used in conjunction with our in-the-cloud whitelisting ensures few false positives occur. This new technology is used today in our backend infrastructure and is making its way into our solutions in the future.
Trend Micro has the distinct advantage of being able to respond in real time, providing immediate and automatic protection from the multitude of threats.
As such, it is more important than ever to obtain feedback from customers to identify new sources of attacks. This collaboration between Trend Micro and our customers allows us to improve the protection for everyone—“a neighborhood watch” system of community protection via 24x7 communication between Trend Micro products, research centers and technologies for "better together" security.
If the tools and technologies that comprise the Smart Protection Network took on a life of their own you wouldn’t see a squad of super heroes with magical powers, but a diligent investigative team with the brains and brawn of a special forces squad that tackles cyber crime wherever it lurks.