HOW MALWARE DETECTION WORKS

Trend Micro Threat Management Services uses the Trend Micro Threat Discovery Appliance to discover malware that has evaded detection. The appliance is deployed out of band at the network layer on the core switch, where it can monitor the stealth techniques being used by modern malware.

Capable of analyzing traffic up to the application layer across 120 different protocols, the Threat Detection Appliance not only detects malware but also the mechanisms used by malware to propagate, including:

• Malware downloading additional components and updates
• Malware receiving and executing commands
• Malware transferring stolen information

A powerful combination of Trend Micro’s scanning engines and technologies

When traffic is received by the Threat Detection Appliance, a multi-step process occurs:

• Trend Micro file scanning engine determines if a file is known or new malware
• Trend Micro Web Reputation database identifies malicious URLs
• Trend Micro Virus Scanning Engine checks the traffic stream for exploits and network worms
• Trend Micro Network Content Inspection Engine correlates the different attributes of the network traffic to identify potentially malicious characteristics and behavior
• The appliance works with in-the-cloud servers and the Trend Micro Smart Protection Network™ to perform advanced correlation on information from multiple sessions

Removing the infection—and determining the cause

Once a threat is uncovered, the Threat Discovery Appliance sends a message to the Threat Mitigator, which will initiate a revolutionary pattern-free cleanup. The Threat Mitigator first removes the files and malware processes associated with the infection, then identifies the chain of events that led to the infection with a detailed root-cause analysis; for example, a malicious website download or an infected USB stick.

Gain greater visibility through reporting

The comprehensive reports provide valuable insight into your security posture including:

• malicious activity detected
• IP address of the hosts infected
• frequency of incidents and the departments or network domains affected

Expert advisors help you take the next steps toward improved security

If the Threat Mitigator is unable to clean the infection, it automatically sends all of the necessary forensic file data from the infected machines to the Trend Micro Threat Management Advisors. This team of seasoned security experts can then initiate an early warning communication in conjunction with diagnosis and remediation advisory services—helping you save valuable time.

As part of the infection learning phase, Trend Micro Threat Management Advisors provide proactive security planning services, including:

• customized corporate threat security management planning
• outbreak fire drills
• security infrastructure business impact briefings
• security best practices recommendations

Throughout this process of discovering and remediating network infections, you gain a crucial advantage—greater insight into your security posture.