Monitor Lateral Movement with Trend Micro TippingPoint
It only takes a split second for a threat to enter your network. Once in it can work its way around your network for months undetected. See how Trend Micro TippingPoint can help you monitor and block threats moving in, out and laterally across your network.
Targeted attacks and advanced threats are customized to evade your conventional security defenses, and remain hidden while stealing your corporate data, intellectual property or communications. To detect targeted attacks and advanced threats, analysts and security experts agree that organizations should utilize advanced detection technology as part of an expanded strategy.
Trend Micro™ TippingPoint® Security Management System (SMS) enables “big picture” analysis with trending reports, correlation and real-time graphs on traffic statistics, filtered attacks, network hosts and services, and inventory and health status for TippingPoint devices. The TippingPoint SMS provides a scalable, policy-based operational model, and enables straightforward management of large-scale TippingPoint deployments.
TippingPoint Advanced Threat Protection for Networks, powered by XGen™ security, enables 360-degree detection of network-based targeted attacks and advanced threats.
TippingPoint will:
- Deploy inline between client networks and critical server networks
- Receive alerts on attempted and thwarted Lateral Movement activities
- Leverage configuration options to easily go from detection to prevention
By using specialized detection engines and custom sandbox analysis, TippingPoint Advanced Threat Protection for Networks identifies advanced and unknown malware, ransomware, zero-day exploits, command and control (C&C) communications, lateral movement and evasive attacker activities that are invisible to standard security defenses. This detection capability has earned Trend Micro the rank of most effective recommended breach detection system for two years running by NSS Labs.
Key Capabilities
- Inspects all network content Advanced Threat Protection (ATP) monitors over 100 network protocols and all network ports across all network traffic. This enables ATP to detect inbound and outbound threats as well as lateral movement, (C&C) and other attacker behavior across the entire attack lifecycle.
- Extensive detection techniques mean that ATP offers better and faster detection of zero-day exploits, advanced threats, and attacker behavior. ATP uses techniques such as file, IP and web reputation, static analysis, heuristic analysis, mobile app reputation, and custom sandbox analysis to detect known and unknown threats.
- Custom sandbox analysis uses virtual images that are tuned to precisely match an organization’s system configurations, drivers, installed applications and language versions. This approach improves the detection rate of advanced threats that are designed to evade standard virtual images. The custom sandbox environment includes safe external access to identify and analyze multi-stage downloads, URLs, C&C and more.
- Comprehensive threat intelligence ensures that local network insight is correlated with global threat insight from the Trend Micro™ Smart Protection Network™. This intelligence is correlated across all of the attack phases.
Integration with TippingPoint IPS and Threat Protection System Products
Integrated detection and enforcement
When ATP detects a threat, it will alert the TippingPoint Intrusion Prevention System (IPS) and Threat Protection System (TPS). Once alerted to an attempted breach, the IPS or TPS can block both inbound and outbound communication to the C&C servers. ATP also monitors lateral traffic moving across the network, so it can tell the IPS or TPS to block malicious east-west bound traffic to thwart attacks that may already be in the network.
Having one of the most effective breach detection solutions isn’t enough. If you can’t easily or automatically take action to stop current or future attacks, the solution won’t save you the time or money you need it to. ATP doesn’t stop at TippingPoint - it also integrates with SIEM solutions (ArcSight, Splunk and QRadar) and firewalls (Palo Alto Networks and Check Point). An open web API allows your organization to integrate ATP to any existing security investment, providing defense in depth protection that best meets your needs