AllGartner Newsletter: Prioritize and Remediate Active Vulnerabilities Impacting Your Network
Gartner Newsletter: Prioritize and Remediate Active Vulnerabilities Impacting Your Network
3
Real-Time Enforcement and Remediation:
Defend the network from the edge to the
data center to the cloud with real-time, inline
enforcement and automated remediation of
vulnerable systems.
Operational Simplicity: Simplify security
operations with flexible deployment options
that are easy to setup and manage through
a centralized management interface with
recommended settings that provide immediate
and ongoing threat protection.
Prioritize Critical Vulnerabilities in Your
Network with TippingPoint SMS Threat Insights
Security solutions have made significant strides
in providing massive amounts of information
regarding the status and security of the network,
but when an IT security organization has to
manage multiple solutions and make sense of
tens of thousands of alerts, their ability to make
sense of what’s going on and prioritizing critical
alerts can be challenging, if not impossible. They
need to understand and digest this information,
and also implement and execute security
policies based on threats that could affect their
organization.
FIGURE 1
TippingPoint SMS Threat Insights
Source: Trend Micro
Trend Micro’s TippingPoint SMS Threat Insights
is an aggregation portal that takes events from
the TippingPoint NGIPS, third-party vulnerability
management solutions, and sandboxing solutions
and displays them in one place to prioritize,
automate, and consolidate network threat
information. This allows multiple security groups
to have a common framework for evaluation and
resolution. By automating the aggregation of threat
data from multiple security tools, SMS Threat
Insights helps security professionals prioritize
incident response measures for breaches or
potential vulnerabilities, and highlights preemptive
actions already taken to protect their network. SMS
Threat Insights provides the ability to:
• Identify breached hosts that are infected or
under attack based on blocked or allowed
attempts.
* SMS Threat Insights can provide host-centric
visibility into which breached hosts require
the most attention. Information is provided
based on the number of times a host has been
breached and the number of times a threat has
been detected. If enterprises use Microsoft®
Active Directory, additional context can be
provided down to the user name.
“Employ mitigating
controls, such as
intrusion protection
systems, network
segmentation,
application control
and privileged identity
management, to prevent
vulnerabilities from
being exploited, when
you can’t patch in an
acceptable time frame
or there is no patch
available. These controls
help focus on the
vulnerabilities that are
being actively exploited
in the wild first.”
4
• Integrate with industry-leading third-party
vulnerability scan solutions to identify
vulnerabilities and optimize security policies.
* With the TippingPoint Enterprise Vulnerability
Remediation (eVR) feature, information is
pulled in from other third party vulnerability
management and incident response vendors.
CVEs are mapped to TippingPoint Digital
Vaccine® (DV) filters so that IT security
administrators can take immediate action
based on enhanced threat intelligence to
increase their security coverage.
• Distinguish potential threats classified as
malicious and determine whether suspicious
objects have been blocked or permitted.
* When a user downloads an unknown object,
the TippingPoint NGIPS decrypts and extracts
the suspicious object and sends a copy to
Deep Discovery Analyzer for analysis. Deep
Discovery Analyzer then detonates the object,
determines if it is malicious, and informs
the TippingPoint SMS. If an object is deemed
malicious, the TippingPoint SMS will then
inform the TippingPoint NGIPS so that any
lateral movement of the malicious object
will be automatically blocked by the
TippingPoint NGIPS.
• Determine if any active zero-day threats are
infiltrating the network.
* TippingPoint zero-day DV filters are
developed using exclusive access to
vulnerability data from the Zero Day
Initiative (ZDI). Filters that are labeled
“disclosed” indicates that the vendor has
issued a patch for the vulnerability. Filters
labeled “pre-disclosed” indicate that the
vendor has not issued a patch for the
vulnerability. SMS Threat Insights provides
visibility into vulnerabilities currently
protected by zero-day DV filters, as well as
vulnerabilities that may have a DV filter
available, but not applied.
threat intelligence that enables security operations
and incident response teams to manage, view,
prioritize, and remediate threats:
SMART Protection Network
Trend Micro Smart Protection Network is global
threat intelligence that rapidly and accurately
collects and identifies new threats, delivering
instant protection for data wherever it resides.
Trend Micro’s threat researchers and data
scientists use the latest big data techniques to
analyze the data, and combine their analyses with
automated processes such as machine learning
to identify threats in real time. This wealth of
global threat intelligence is rapidly collated using
predictive analytics to customize protection
against the threats that are most likely to impact
an organization. To maintain this immense scale
of threat protection, Trend Micro created one of
the world’s most extensive cloud-based protection
infrastructures in 2008. With the development of
automatic correlation of threats for customized
protection, Trend Micro delivers threat visibility
across platforms, security layers, and users
globally.
Zero Day Initiative
Founded in 2005, the Zero Day Initiative was
created to promote the responsible disclosure
of vulnerabilities. Recognized as the leading
global organization in vulnerability research and
discovery since 2007, the Zero Day Initiative
provides Trend Micro exclusive insight into
undisclosed vulnerabilities. When a vulnerability
is discovered through the Zero Day Initiative,
Trend Micro is the ONLY organization (other
than the affected vendor) that has access to the
vulnerability data. This results in pre-emptive
coverage for Trend Micro customers between
the discovery of the vulnerability and patch
availability. In 2016, Trend Micro protected
customers using TippingPoint solutions an
average of 57 days prior to public disclosure of a
vulnerability found through the Zero Day Initiative.
Digital Vaccine® Labs (DVLabs)
Integrated Advanced Threat Prevention Fueled
by Comprehensive Threat Intelligence
Trend Micro is uniquely positioned to protect
high-performance data centers and enterprise
networks from known, undisclosed, and unknown
vulnerabilities. By addressing the full threat
lifecycle, Trend Micro provides comprehensive
TippingPoint solutions provide real-time, accurate
threat prevention for known and zero-day
vulnerabilities through threat intelligence provided
by DVLabs. The Trend Micro TippingPoint DVLabs
team conducts advanced security research and
provides cutting-edge threat analysis and security
Please complete the form to gain access to this content
