Skip to content

Combating Advanced Persistent Threats (APT)

Trend Micro Custom Defense Solution

Detect, analyze, adapt, and respond
to the attacks that matter to you

See whitepaper 

Today’s most damaging attacks are targeted specifically at your people, your systems, your vulnerabilities, and your data. The advanced targeted attacks are stealthier and more sophisticated than traditional approaches, using insidious social engineering techniques to quietly penetrate your organisation to deploy customised malware that can live undetected for months. Then when it has collected the information it is looking for , cybercriminals can remotely and covertly steal your valuable information—from credit card data to the more lucrative intellectual property or government secrets—potentially destroying your competitive advantage, or in the case of government even putting national security at risk.

Many organizations feel that they have been specifically targeted for their data. Recently the Ponemon Institute found that 67 percent of organizations admit that their current security activities are insufficient to stop the new form of advanced targeted attack. Not surprisingly, Trend Micro found that 55 percent are not even aware of intrusions, and fewer know the extent of the attack or who exactly is behind it. While necessary to thwart the majority of today’s attacks, standard defences have proven insufficient to handle these targeted attacks. These custom attacks require a custom defence approach.

The Trend Micro Custom Defence is the industry’s first advanced threat protection solution that enables you to detect and analyse these new targeted attacks, and to rapidly adapt, and customise your protection and respond to specific attacks.

This comprehensive Custom Defence solution integrates software, global threat intelligence, and specialised tools and services to provide a custom insight about the specific threat and cybercriminals involved. Recent advances in command and communication (C&C) response help you stop suspicious behavior even before it endangers your intellectual property. With in-depth access to the information you need to fight back against your attackers, you can block these cyber attacks and shut them down before real damage occurs.

The Trend Micro Custom Defense is a comprehensive solution that equips you to detect, analyze, adapt and respond to the attacks that matter most to you. We provided the most comprehensive advanced protection solution in the industry to address advanced targeted attacks that may be targeting your organization.

Detect - Specialized threat detection capability at network and protection points

At the heart of the Trend Micro Custom Defense solution is Deep Discovery, a specialized threat protection platform that performs network-wide monitoring to detect zero-day malware, malicious communications, and attacker behaviors that are invisible to standard security defenses. Uniquely integrated with other Trend Micro security control points across the network, the solution can detect and block attacks occurring via corporate and personal email, social media applications, mobile devices, and more . It can also detect and block command and control communications back to the cybercriminal, or attempts to move laterally to other valuable systems within the network. Unlike competitive offerings that use generic ‘sandboxes’ in the hope that one will trigger and detect the attack, the Trend Micro Custom Defense allows for multiple, customer-defined sandboxes that better reflect your real-life environment and allow you to determine whether you have been breached. The Trend Micro Custom Defense sandbox detonates suspect code in a safe, controlled environment optimized to evade hacker techniques that are on the lookout for sandboxing solutions.

Analyze - Deep analysis uses custom sandboxing and relevant global intel to fully assess threats

Upon detection, the Trend Micro Custom Defense solution best enables you to profile in depth the risk, origin and characteristics of the attack, and uniquely delivers actionable intelligence that guides rapid containment and remediatiation. To aid in the threat investigation, Threat Connect offers a customized view of threat intelligence that is specific to your environment, and offers you the ability to tap into the power of a global, cloud-based threat intelligence network.

Adapt - Custom security blacklists and signatures block further attack at network, gateway, and endpoints

To immediately adapt and strengthen protection against further attacks, the Trend Micro Custom Defense helps you create custom responses to these targeted attacks, such as IP blacklists, custom spear phishing protection, and coming soon, custom signatures—all specific to each attack. The solution automatically updates the Smart Protection Network  and issues these custom security updates to Trend Micro gateway, endpoint, and server enforcement points. Built using an open and extensible platform, the solution can also send security updates to non-Trend Micro security products that may already be an important part of you defense in-depth strategy.

Respond - Attack profiles and network-wide event intelligence guide rapid containment and remediation

Finally, the solution delivers 360-degree contextual visibility of the attack, arming you with the insight needed to respond to your specific attackers. The solution can deliver insight such as what information is being targeted, how the attack works, who the attacker is, and perhaps most importantly, who is actually sponsoring the attack. Armed with this information you can more rapidly contain and remediate the attack and contact appropriate authorities for further action.

Deep Discovery

Trend Micro Deep Discovery uniquely detects and identifies evasive threats in real-time, and provides the in-depth analysis and relevant actionable intelligence that fuels the Trend Micro Custom Defence solution. Only Deep Discovery provides:

  • Best Detection: Using multiple threat detection engines and rules powered by Smart Protection Network and Trend Micro Threat Researchers
  • Custom Sandboxing: Detects targeted threats against the exact host configurations in use.
  • Threat Connect: Puts Trend Micro intelligence at your fingertips for rapid attack assessment, containment and remediation
  • Open APIs: Integrate sandbox analysis and adaptive security updates with any product to create a Custom Defense
  • Lowest TCO: Flexible form factors and single-appliance architecture minimizes cost of deployment

Messaging Security

As part of the Trend Micro Custom Defence solution and for better protection across the network, advanced threat detection capabilities are integrated into Trend Micro mail gateway and server security products. Trend Micro™ ScanMail™Suite for Microsoft® Exchange™, Trend Micro™ ScanMail™ Suite for IBM® Lotus® Domino™, and Trend Micro™ InterScan™ Messaging Security have been integrated with Deep Discovery to send suspicious files for sandbox analysis and detection of previously unknown malware. In addition, these products feature an exploit detection engine that identifies email attachments that contain exploits for vulnerabilities in major Adobe, Microsoft Office, and other programs and blocks or quarantines them, furthering the level of protection provided.

Other Trend Micro Enterprise Security Products

All Trend Micro security products will integrate more tightly with the adaptive updates of Deep Discovery. Additional product integrations will be announced soon.

Smart Protection Network and Threat Connect

The Trend Micro Smart Protection Network cloud security infrastructure rapidly and accurately identifies new threats, delivering global threat intelligence to secure data wherever it resides. It looks in more places for threat data, and uses big data analytics to deliver actionable threat intelligence across mobile, physical, virtual and cloud environments.

The Threat Connect information portal is accessible via Deep Discovery. It provides you with the full breadth of relevant Trend Micro threat intelligence about specific threats— aiding in the rapid assessment, containment, and remediation of an attack.

Attack Response Tools and Services

For years, Trend Micro has been helping its customers effectively identify and remediate targeted cyber-attacks. A full suite of tools and services enables Trend Micro support engineers to discover and analyse advanced threats in mail stores and network traffic, as well as for searching log files for traces of attack activity. Proven effective for incident response and forensics, these tools are now available to Trend Micro customers and the Trend Micro partner ecosystem.

The new Cyber Attack Sequence

ATP Lifecycle

  1. Intelligence Gathering
    Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack.
  2. Point of Entry
    The initial compromise is typically from zero-day malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. (Alternatively, a web site exploitation or direct network hack may be employed.)
  3. Command & Control (C&C) Communication
    C&C communication is typically used throughout the attack, allowing the attacker to instruct and control the malware used and to enable the attacker to exploit compromised machines, move laterally within the network, and exfiltrate data.
  4. Lateral Movement
    Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control.
  5. Asset/Data Discovery
    Several techniques (ex. Port scanning) are used to identify the noteworthy servers and the services that house the data of interest.
  6. Data Exfiltration
    Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations under attacker’s control.


Connect with us on