The Art of Cybersecurity through the eyes of the Security teams

What if you could turn ugly into beautiful, complex into clear, and risk into revenue? What if you no longer saw threats as a burden, but as an opportunity? An opportunity to gain a competitive advantage by earning trust, increasing productivity, and driving transformation.

The Art of Cybersecurity through the eyes of the Security teams
The Art of Cybersecurity through the eyes of the Security teams

Depending on your role, that may mean delivering new digital products, services, and business models. Or gaining freedom from compliance headaches, allowing you to focus on getting things done. Or perhaps helping your workforce be more productive, cutting the number of interfaces and alerts you need to monitor so you can focus on the bigger picture.

In an increasingly connected and complex world, the combination of proven foresight, a cross-generational security strategy, and passionate people can help organizations remain resilient in the face of advanced threats, allowing you to focus on expanding your business and increasing revenue.

Read this article to discover how The Art of Cybersecurity can help you achieve something that adds value and learn how you can transform the chaos of cybercrime into something much more beautiful.

Content Summary

Introduction
Our Connected World
More Devices, More Connections
Infrastructure Shifts
Technology Advancements
Real-World Challenges
Threats Abound
The Compliance Puzzle
Risks Increasing and Shifting
Finding and Keeping Security Talent
The Art of Cybersecurity
Proven Foresight
XGen Security
Passionate People
Protecting Users
The Art of Securing the Hybrid Cloud
The Art of Defending Networks
Taking Something Chaotic and Making It Beautiful

Learn how to bring clarity to your complex security picture – spanning user, network, and hybrid cloud environments – so you can protect your business while detecting and responding to attacks far more effectively. See how proven technology foresight, a cross-generational security strategy, and truly passionate people can enable you to outshine your competitors.

Discover how you can gain stronger visibility of your entire technology infrastructure, and detect and respond to threats faster. Learn how to use the latest artificial intelligence and automation to prioritize threats more effectively and reduce your workload. Ultimately, deliver the best possible cybersecurity for your organization.

Discover how Security teams can break free of the daily storm of security alerts and start thinking more strategically. Find out how the right technologies and tools can help you dramatically reduce your workload, improve security and build your confidence.

The security that runs deep through your organization

Strong customer trust. Business transformation. Uninterrupted productivity. Beautiful business outcomes are more than skin deep. In a complex and chaotic world, architecting a resilient business capable of consistently achieving them is the challenge. You need a clear picture of the actual threats you face above your blur of security alerts—and the ability to stop them. The true art of cybersecurity requires foresight, a clear strategy, and passion.

Trend Micro enables you to prepare for, withstand and rapidly recover from threats, giving you the freedom to focus on business outcomes.

Introduction

Remote working. Bring your own device (BYOD). Edge computing. Billions of endpoints connected to the Internet. The concept of the corporate network has taken on new meaning, with the role of IT becoming more complex and the challenge of defending your organization getting ugly. But what if you could turn ugly into beautiful, complex into clear, and risk into revenue? What if you no longer saw threats as a burden, but as an opportunity? An opportunity to gain a competitive advantage by earning trust, increasing productivity, and driving transformation.

That is the Art of Cybersecurity. Giving your organization the ability to implement a solid cyber resilience framework that provides a platform for you to focus on achieving something that adds value. Depending on your role, that may mean delivering new digital products, services, and business models. Or gaining freedom from compliance headaches, allowing you to focus on getting things done. Or perhaps helping your workforce be more productive, cutting the number of interfaces and alerts they need to monitor so they can focus on the bigger picture.

In this white paper, we look at the major security challenges facing organizations today, highlighting key areas that should be considered when defining and managing an effective security strategy. And we show you how Trend Micro approaches it in a way that enables beautiful outcomes.

  • You’ll learn how to achieve simple, high-performance security across both hybrid cloud and containers, with no need to buy multiple products in an already complex system.
  • You’ll discover a range of ways to ensure your users stay protected with a single agent, increasing security while reducing deployment complexity.
  • You’ll find an approach to shore up your network defense that provides high accuracy, flexibility, and performance.

All of which will help you prepare for, withstand, and rapidly recover from threats—freeing you to go further and do more.

Our Connected World

More Devices, More Connections

There are over 26 billion devices, including Internet of things (IoT) and industrial Internet of things (IIoT), connected to the internet today and predictions of 75 billion by 2025. Smart cities are a key example of where there is a key focus on deploying a fully networked infrastructure in support of improved economic and social development, introducing millions of new devices with internet connectivity. With accelerating urbanization and the prediction that 66 percent of all people on the planet will be urban dwellers by 2050, it is clear that these cities will need to be fully connected to deal with that population density. Even today, more and more devices connected to businesses are being used to drive efficiency. For example, 70 percent of professionals work remotely at least one day a week, while 53 percent work remotely for at least half of the week. This increase in “working from home” introduces the need for high speed, reliable connectivity in more locations. 5G is coming, but likely not mainstream until 2021/22. This means that employees today are accessing the corporate network from multiple locations outside the control of the enterprise and potentially insecure, including home and public hotspots. With the increasing focus of attackers on these as attack vectors—Trend Micro saw over 680 million home network attacks in 2018 and a 320 percent increase vulnerabilities in industrial control systems (ICS) now open to attack—this dynamic is an important one to factor into security strategy.

Infrastructure Shifts

The shifts in IT architectures over the past decade are unprecedented. The introduction of virtualization technologies from companies like VMware® took the deployment of servers from weeks to days, changing the way data center ops and security teams worked, and resetting expectations of speed for business project delivery. The onset of the public cloud, driven by offerings like AWS, Microsoft® Azure™, and Google, enabled the deployment of servers in minutes instead of days, empowering businesses to deliver new applications and projects at speeds that have never been seen before. With cloud now the norm even for technology laggards, it’s clear that the approach to the development and deployment of applications is shifting. For many, cloud service offerings like Microsoft® Office 365®, Salesforce.com, and Dropbox™ can instantly solve business needs and remove the need for ongoing application support. For application delivery in the enterprise, DevOps is a new approach enabled by the shift to cloud and containers designed to speed deployment and deliver business value faster for the organization. With clear positive impacts on organizations, both of these approaches also introduce complexity in the management of both security and data privacy.

Infrastructure Shifts
Infrastructure Shifts

Technology Advancements

Technology has advanced at breakneck speeds over the past 10 years, introducing changes into both our personal and work lives that were unimaginable only a few years ago. One major area of advancement has been in the area of artificial intelligence (AI), which is defined by Merriam-Webster as:

  1. A branch of computer science dealing with the simulation of intelligent behavior in computers.
  2. The capability of a machine to imitate intelligent human behavior.

The key to this definition is the ability to learn, defined as machine learning, which enables artificial intelligence to evolve based on data and experience. The use of AI is growing daily, with much of the focus on better dealing with data-intensive tasks like augmented analytics, with Gartner predicting that by 2020, more than 40 percent of data science tasks will be automated7. It has also expanded to be used in the creation of autonomous things like robotics, drones, vehicles—things that automate or augment processes or human actions. Gartner predicts that AI-driven development will become more and more commonplace, which bodes well for businesses and efficiency, but also introduces new tools and approaches for threat actors to use in evolving attacks.

Real-World Challenges

Threats Abound

The pace of attacks is showing no signs of slowing down, illustrated by the over 48 billion threats blocked and 200 new ransomware families discovered by Trend Micro alone in 2018. While many of these threats leverage existing proven approaches, innovation is not limited to legitimate business: In 2018, Trend Micro also detected over 5 billion new unique threats globally. The expectation is that this innovation will continue in 2019, including the use of:

  • Unconventional file extensions and less reliance on actual executables, including the use of “fileless” components, PowerShell, scripts, and macros
  • Digitally signed malware to subvert native-in security checks
  • New activation methods
  • Abuse of email accounts or online storage services and apps
  • Minimally modifying or infecting legitimate system files

Many of the threats facing organizations are related to leveraging email, the number one attack vector and entry-point to an enterprise. And some, like business email compromise (BEC) where companies’ C-level execs have been targeted by fraudsters, are predicted to expand their aperture soon. For BEC, this means expanding to also target the CxO’s secretary or executive assistant, or a high-ranking director or manager in the finance department. Attacks like BEC have introduced risks to organizations drawing real money out of the business. The FBI logged a 136 percent increase in identified global exposed losses between December 2016 and May 2018. The dramatic increase brings the total domestic and international exposed dollar losses to USD 12.5 billion.

With the use of AI evolving to threat actors, Trend Micro anticipates that it will be used to predict the movements of executives or other persons of interest (across hotels, routes, flights, other preferences, etc.) and then target them with highly specific attack approaches—likely via phishing—that will have a higher chance of success.

Finally, as has been the case for the many years, successful exploit-based attacks will involve vulnerabilities for which patches have been available for weeks or even months but have not been applied yet, with 99.99 percent of exploit-based attacks predicted to not leverage zero-day vulnerabilities.

The Compliance Puzzle

The prevalence of mega-breaches over the past several years has awoken the legislative sleeping giant on the issue of data privacy. While there have been rudimentary attempts to force organizations to protect user data in the past, the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, has changed the approach to enforcing data privacy in meaningful ways. The GDPR is much more stringent than any regulation before, with any organization worldwide that violates the privacy regulation facing fines of up to 4 percent of their annual global revenue or €20 million, whichever is greater. The regulation also has other potential sanctions, including the loss of an organization’s ability to process personal data. Separately, organizations that fail to comply with GDPR’s reporting requirements—72 hours after a breach—can also face fines of up to €10 million or 2 percent of annual global revenue.

With over 59,000 data breaches reported to GDPR authorities since the regulation took effect, it’s clear that the challenge of protecting private data and complying with hard-hitting regulations will not be easy. While most fines levied to date have been small, there are some recent large notable exceptions: Google was fined €50 million by French authorities, not for a breach, but non-compliance with the regulation. British Airways is facing a proposed £183 million fine for a data breach that exposed the data of 500,000 customers. While Facebook was fortunate to have missed the GDPR enforcement deadline with its Cambridge Analytica breach, it was fined £500,000 last year by the ICO in the UK. And it now faces significant penalties in the US, with the Federal Trade Commission (FTC) approving a $5 billion fine relating to the same incident. With the GDPR as a reference, many countries, including the new California Privacy Act coming online in 2020, will be introducing new privacy regulations in the coming years, making it more complicated to comply and increasing the importance of a security approach that helps to address privacy requirements more consistently.

Risks Increasing and Shifting

Your business operates in a complex world. And the cost associated with a successful attack leading to a data breach is real; according to IBM’s latest report, the average global cost of a data breach is $3.92M and climbing. The combination of technology and societal evolution (ex: the ‘BYOD revolution’) with infrastructure shifts that have changed not only the way networks are protected, but how applications are developed and deployed, has introduced new and evolving risks to the enterprise. For example, with the cloud now mainstream, attackers are shifting their focus to cloud infrastructure vulnerabilities. Both Docker and Kubernetes are widely adopted for use in cloud-based deployments. There have already been a few Kubernetes vulnerabilities disclosed in recent years, and a major one with a “critical” rating was discovered in December 2018. Meanwhile, in one notable instance, more than a dozen malicious Docker images were found by Kromtech to have been downloaded at least five million times by unsuspecting developers over a year before they were discovered and removed.

These risks, and costs, are exacerbated by the historical trend of adding new vendors to the mix when security requirements around new environments surface. Not surprisingly, the majority of enterprises use more than 25 different security tools, a reality that makes it difficult, especially in light of the global skills shortage, to respond effectively to threats and attacks.

Finding and Keeping Security Talent

The cybersecurity skill shortage has been a consistent issue over the past few years, introducing both challenges and risks to organizations struggling to deal with a combination of increasing threats and an ever-changing IT landscape. Even with increased technology spending by organizations, the needs gap continues to grow globally, highlighting an imbalance between supply and demand for skilled security professionals. In the 2018 (ISC)² Cybersecurity Workforce Study, the gap was quantified, showing that worldwide there were 2.93 million open positions for cybersecurity professionals. Interestingly, the study also highlighted a gender diversity gap that may be a major opportunity. With women only represent 24 percent of the cybersecurity workforce overall, it is a clear opportunity to implement industry and organizational programs to attract new talent to the cybersecurity field.

Source: (ISC)² Cybersecurity Workforce Study, 2018
Source: (ISC)² Cybersecurity Workforce Study, 2018

Keeping talent in a highly competitive field can be difficult, especially when the (ISC)2 survey shows that 29 percent of security professionals cite that they lack the resources to do their job effectively. Constantly rotating staff increases not only the workload across the team, but also introduces knowledge gaps and potential risk. Implementing security programs that benefit both the organization and the security teams, such as vendor consolidation for simplified management as well as augmentation with services that deliver expert security monitoring and advice, can reduce employee workload and stress. This can translate into the reduced churn and ultimately less risk to the organization.

The Art of Cybersecurity

In this ever-evolving world of cybersecurity, it’s clear that organizations must focus on finding ways to make the business more resilient as a path to growth and success. Whereas the day-to-day for many IT security teams involves complexity and chaos, Trend Micro’s experience and breadth across the enterprise gives us a unique ability to tackle the chaotic world of cybersecurity, allowing you to focus on going further and doing more. With the help of our proven foresight, a cross-generational security strategy (which we call XGen™), and passionate people, Trend Micro helps organizations be more resilient, freeing IT security teams to focus on beautiful outcomes built on trust, transformation, and productivity. By protecting your organization, Trend Micro helps to grow trust and build customer confidence. We support transformation by enabling you to implement a cyber-resilience framework that supports the change initiatives required by your business. And we improve productivity by delivering operational efficiencies that ensure your business can run without disruption.

Proven Foresight

For three decades, we’ve successfully bet on upcoming technology trends—proactively securing new environments like virtualization, cloud, and containers so you can take full advantage of them. Combine that with Trend Micro Research, our global threat research organization that includes the Zero Day Initiative (industry-leading bug bounty program), and you get the solutions you need to continuously stay a step ahead.

XGen Security

Our XGen security strategy, which powers all of our solutions, leverages a cross-generational blend of threat defense techniques to give you the right security at the right time. To maximize your protection, solutions powered by XGen security are smart, leveraging a wide range of advanced capabilities to deliver the most efficient and high-performance approach to stopping a threat. They are optimized to fit the different environments that make up your enterprise across endpoints, servers, and networks. This includes automated security for AWS and Azure, security for Office 365, as well as offering SaaS solutions to streamline both purchase and management of security. Our solutions are connected, sharing information across the enterprise to accelerate the protection from threats regardless of the environment they start in. And with Trend Micro™ XDR, you have central visibility that enables detection and response activities across multiple security layers, including email, where 94 percent of attacks originate.

XGen Security
XGen Security

Passionate People

At Trend Micro, we live and breathe cybersecurity, artfully applying our passion every day to make the world a better place. That means we’re with our customers every step of the way, providing the expertise, insights, and creative thinking they need to confidently do more. It also means that we focus beyond security on the needs of the world around us, delivering education programs like our Internet Safety for Kids & Families program to help over 2.5 million people around the world be safe online. It also means giving back, something that “Trenders” love to do, with donations of over $4.5 million through our corporate Give & Match program and tens of thousands of hours donated to worthy causes around the world.

For over 30 years, we have been focused on making the world safe to exchange digital information, constantly anticipating infrastructure shifts and strategically delivering new technologies and techniques to address the constantly changing threat landscape. Combined with our passion for doing the right thing for our customers and the world, Trend Micro delivers connected solutions for securing users, hybrid clouds, and networks that free our customers to go further and do more.

Protecting Users

Trend Micro has a long history of anticipating many trends around protecting users as the primary entry point for all types of attacks. Starting in 1996, with the industry-first internet gateway that focused on simplifying user protection, and continuing through to today, we have been evolving and adapting to the changing threat landscape for users. In today’s world, plagued by increasing threats and a serious skills shortage, Trend Micro identified early that protecting users needs to be streamlined even further and fit with the trend towards cloud services. This foresight has enabled us to deliver a solution today that offers advanced automated threat detection and response against an ever-growing variety of threats; leveraging a cross-generational blend of modern techniques with a single agent to provide highly-tuned endpoint protection as well as detection and response across on-premises and software as a service (SaaS) environments.

The Trend Micro User Protection Solution protects your users against today’s ever-changing threats, like file-less malware, targeted attacks, ransomware, phishing, business email compromise (BEC), and crypto-mining. Artfully leveraging XGen, our cross-generational security strategy, the solution enables the seamless application of multiple layers of protection across endpoint, email, web, and SaaS applications to protect your users regardless of device, application, network, or location.

Trend Micro has consistently anticipated shifts in user behavior and environments to deliver a comprehensive solution for protecting endpoints and email.
Trend Micro has consistently anticipated shifts in user behavior and environments to deliver a comprehensive solution for protecting endpoints and email.

It delivers actionable insights, meaningful investigative capabilities, and centralized visibility across multiple environments with an advanced detection and response (XDR) toolset, strong SIEM integration, and an open application programming interface (API) set.

And with email as the number one attack vector, where phishing representing 87 percent of all high-risk threats detected in 2018, Trend Micro has developed proven protection against BEC, including writing style DNA analysis, and a full range of phishing, ransomware, and internal email and file-sharing risks to address the shortcomings of Office 365’s native security and reduce enterprise risk of compromise. In fact, in 2018 close to 9 million high-risk attacks were detected and blocked on top of native Office 365 security.

To help organizations more effectively deal with threat investigation, a managed XDR service staffed by experienced security experts is available to boost your security team’s knowledge and responsiveness.

The Art of Securing the Hybrid Cloud

Recognizing early that infrastructure shifts would have a major impact on the way that workloads are secured, Trend Micro invested in building technology that would fit into new approaches like virtualization and public cloud. We led the way in 2009 with security optimized for VMware, and again in 2013 with security optimized for AWS and Azure. This foresight has enabled us to hold the market leadership position since 2010 in server workload security (IDC). And that early-mover advantage continues with integrated container workload and container registry scanning capabilities.

The Trend Micro Hybrid Cloud Security solution automates security within your DevOps processes and delivers multiple threat defense techniques in a single solution for protecting physical, virtual, cloud, and container workloads. It can help you prevent problems before your ever deploy software with container image scanning, and with Trend Micro’s XDR capabilities you can detect, investigate, and respond to threats across not only your server and container workloads, but also other potential threat vectors like email, endpoints, and the network. Shifting security left to finding malware and fixing vulnerabilities before deployment is far more cost-effective than after code is deployed. Reducing the number of security tools, a single dashboard delivers visibility across your full hybrid cloud, including VMware, AWS, and Azure. The solution lowers the cost and complexity of securing workloads across multiple environments, including purchase options aligned to the way organizations want to buy, automated deployment, extensive API integration, and security capabilities that can virtually shield servers from the latest advanced threats like ransomware and network-based vulnerabilities.

Trend Micro Hybrid Cloud Security Solution
Trend Micro Hybrid Cloud Security Solution

With a team passionate about our customer’s deployment success, we recognize that you need more than just the powerful security capabilities included in the solution. So we’ve invested in making sure that you’ve got the tools you need to streamline and automate the process of security across the hybrid cloud. Our Automation Center includes guides, API references with sample code, and direct engagement with our dedicated team of hybrid cloud security experts, all designed to help you automate security so that it fits seamlessly into security, dev, and ops processes and minimizes friction.

The Art of Defending Networks

Today’s next-generation intrusion prevention solutions (IPS) are ineffective against many advanced threats, leaving you overwhelmed as you manage risk and recover from attacks. Originally designed for physical, on-premises networks, they can increase your exposure to risk with inconsistent security in your cloud environment. A lack of automation and integration with other security components can also leave you with a slow and siloed response across security teams and tools.

As the sophistication of the network increased with virtualization and cloud, so too did the way attackers worked to infiltrate and spread across the network. This new dynamic was recognized by our research teams very early, enabling us to develop tools and capabilities to detect threats and protect across both north-south and east-west traffic. East-west traffic evaluation capabilities are a critical tool in understanding what is happening inside the network, and it can’t be limited to only a few ports and protocols—it needs to be comprehensive to reduce the risk of non-discovery and corporate damage.

Trend Micro understands the challenges you face defending your network, and has invested to ensure we have the capabilities you need to be more resilient. This includes the acquisition of TippingPoint in 2015, a market-leading Next-Generation IPS (NGIPS), which has been evolved to integrate with Trend Micro’s other network defense capabilities, including our ability to monitor all ports and over 105 different network protocols. This combination enables us to discover advanced threats and targeted attacks moving in and out of the network and laterally across it while delivering protection across the enterprise, including IoT and IIoT environments.

Powered by XGen security, Trend Micro Network Defense goes beyond next-gen IPS to provide a blend of cross-generational techniques that delivers faster time to protection against known, unknown, and undisclosed, threats. Trend Micro can protect against known vulnerabilities and all potential attack permutations inline at wire speed with minimal false positives. With an average of 61 days protection ahead of a vendor patch, Trend Micro protects against undisclosed vulnerabilities through exclusive access to vulnerability information from ZDI, the world’s largest bug bounty program. Trend Micro also leverages patented machine learning to identify, analyze, block, and convert unknown threats or suspicious objects into known threats moving inbound, outbound or laterally across the network.

The Trend Micro Network Defense Solution protects the enterprise network from attack and detects advanced threats that attempt to move across the network.
The Trend Micro Network Defense Solution protects the enterprise network from attack and detects advanced threats that attempt to move across the network.

While disconnected security layers with siloed tools and data sets have traditionally made it difficult for security teams to successfully correlate attack information, Trend Micro XDR offers complete visibility on a single platform to respond faster with less resources, providing teams with a consolidated view to uncover events and the attack path across not only the network, but also email, endpoint, servers, and cloud workloads. Delivering high performance and automated protection that fits your hybrid environment is a priority and Trend Micro provides unparalleled performance in a small physical footprint for large data centers and high capacity enterprise networks, delivering up to 120 Gbps inspection throughput with low latency.

Taking Something Chaotic and Making It Beautiful

Cybersecurity can be chaotic, and each year that passes presents a world that is progressively more complicated to secure, with increasingly difficult challenges presented every day. To make sense of the chaos, Trend Micro artfully combines proven foresight, XGen security and passionate people to enable you to create beautiful outcomes, including increased competitive advantage, higher productivity, and streamlined digital transformation. Our solutions for user protection, hybrid cloud security, and network defense are designed to make your business more resilient, freeing you to go further and do more.

Source: Trend Micro