Author Archives: Trend Micro

You’re In Safe Hands with Trend Micro Home Network Security

A three-part series on using Home Network Security to protect your home

Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.

Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.

Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:

  • Part 1 of the series centers on initial setup and configuration. Choose the right security settings in HNS to maximize its effectiveness in your network.
  • Part 2 is devoted to configuring Parental Controls to best fit your family.
  • Part 3 targets some best practices for daily and weekly monitoring and maintenance over time.

Sound good? Let’s get started with Part 1!

Part 1: Home Network Security: Setup and Configuration

Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:

  1. Plug the Power and the Ethernet cables provided into the station.
  2. Plug the Ethernet cable into your router and then the power adapter into an outlet.
  3. Watch for the green blinking light while you connect your smartphone to the same network via WiFi. This indicates it’s ready to activate.
  4. Download the Home Network Security app from Google Play or Apple App Store and install it.
  5. When prompted, enter your 16-character Pairing Code in the screen, provided in your box and on the back of your HNS Station.
  6. Upon the Connection Successful message, sign into your Trend Micro Account to complete activation.
  7. HNS will register to your Account and automatically scan your network for connected devices. You’re already protected!

Configuration Modes

Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.

However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.

While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.

Some additional information about HNS’s station Modes:

  • Modes 1-3 do not require any changes to your router.
  • A 4th DHCP Mode allows you to configure Home Network Security as a DHCP Server (which assigns IP addresses to your devices on the network) but this requires you to first disable your router’s DHCP server. You can find details about it on the HNS DHCP eSupport page.

If you change the mode, run a Test Status check 5 minutes after changing the settings.

Off to a Good Start

As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)

At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.

If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.

Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.

Recommended Network and Security Settings

There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.

  • New Device Approval asks for your permission to approve network access when a new device attempts to join your home network. This component gives you control over the devices that are allowed access to your home network.
  • Remote Access Protection limits remote desktop programs from connecting to your devices. This feature prevents Tech support scams that usually begin with fraudulent phone calls, or infected websites with malicious and fake popups, which can lead to fraudsters installing remote access software on the victim’s computer to gain access to its content. Those working from home who need to use remote access programs need not worry because they can set exceptions for their specific device and app.
  • Voice Control lets you issue voice commands to Alexa to perform specific functions on HNS. You can conduct a scan, obtain your home network’s security status, pause internet usage, disable internet access for a user, and so on.
  • Router Access Protection prevents malicious router attacks by blocking unauthorized access to your Primary Router’s Admin Console.
      1. Ad Block lets you filter out unwanted ads on all your connected devices for privacy protection and a better web browsing experience.
      2. Early Access Program features let you try the latest protection from HNS, while providing feedback to Trend Micro to help these features improve and evolve.
      3. Cyberattack Shield proactively protects all the devices in your home network from threat outbreaks by remotely deploying firewall policies.

For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.

For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.

The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .

Network security simplified with Amazon VPC Ingress Routing and Trend Micro

AWS APN partnerToday, Amazon Web Services (AWS) announced the availability of a powerful new service, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to customers—enabling new approaches to network security. Trend Micro™ TippingPoint™ and Trend Micro™ Cloud One integrate with Amazon VPC Ingress Routing deliver network security that allows customers to quickly obtain compliance by inspecting both ingress and egress traffic. This gives you a deployment experience designed to eliminate any disruption in your business.

Cloud network layer security by Trend Micro

A defense-in-depth or layered security approach is important to organizations, especially at the cloud network layer. That being said, customers need to be able to deploy a solution without re-architecting or slowing down their business, the problem is, previous solutions in the marketplace couldn’t meet both requirements.

So, when our customers asked us to bring TippingPoint intrusion prevention system (IPS) capabilities to the cloud, we responded with a solution. Backed by industry leading research from Trend Micro Research, including the Zero Day Initiative™, we created a solution that includes cloud network IPS capabilities, incorporating detection, protection and threat disruption—without any disruption to the network.

At AWS re:Invent 2018, AWS announced the launch of Amazon Transit Gateway. This powerful architecture enables customers to route traffic through a hub and spoke topology. We leveraged this as a primary deployment model in our Cloud Network Protection, powered by TippingPoint, cloud IPS solution, announced in July 2019. This enabled our customers to quickly gain broad security and compliance, without re-architecting. Now, we’re adding a flexible new deployment model.


Enhancing security through partnered innovation

This year we are excited to be a Launch Partner for Amazon VPC Ingress Routing, a new service that allows for customers to gain additional flexibility and control in their network traffic routing. Learn more about this new feature here.

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

By enabling customers to redirect their north-south traffic flowing in and out of a VPC through internet gateway and virtual private gateway to the Trend Micro cloud network security solution. Not only does this enable customers to screen all external traffic before it reaches the subnet, but it also allows for the interception of traffic flowing into different subnets, using different instances of the Trend Micro solution.

Trend Micro customers now have the ability to have powerful cloud network layer security in AWS leveraging Amazon VPC Ingress Routing. With this enhancement, customers can now deploy in any VPC, without any disruptive re-architecture and without introducing any additional routing or proxies. Deploying directly inline is the ideal solution and enables simplified network security without disruption in the cloud.


What types of protection can customers expect?

When you think of classic IPS capabilities, of course you think of preventing inbound attacks. Now, with Amazon VPC Ingress Routing and Trend Micro, customers can protect their VPCs in even more scenarios. Here is what our customers are thinking about:

  • Protecting physical and on-premises assets by routing that traffic to AWS via DirectConnect or VPN
  • Detecting compromised cloud workloads (cloud native or otherwise) and disrupting those attacks, including DNS filters and geo-blocking capabilities
  • Preventing lateral movement between multi-tiered applications or between connected partner ecosystems
  • Prevention for cloud-native threats, including Kubernetes® and Docker® vulnerabilities, and container image and repository compromises occurring when pulled into VPCs


Trend Micro™ Cloud One ­– Network Security

Amazon VPC Ingress Ingress Routing will be available as a deployment option soon for Cloud Network Protection, powered by TippingPoint, available in AWS Marketplace. It will also be available upon release of our recently announced Trend Micro™ Cloud One – Network Security, a key service in Trend Micro’s new Cloud One, a cloud security services platform.

The post Network security simplified with Amazon VPC Ingress Routing and Trend Micro appeared first on .

Stalking the Stalkerware

A recently released survey interviewed black hat hackers to get a better sense of the strategies and methodologies today's cybercriminals are using.

Ever get the feeling you’re being followed? Unfortunately, when it comes to our digital lives, this is increasingly the case. But while we’re all keen to boost our followers on social media, it’s a different matter when it comes to anonymous third parties secretly stalking us online. Yes, we’re already tracked by ISPs every time we go online, or by web providers like Google and social sites like Facebook and Twitter. But in these cases, we do get a little back in return: more streamlined, personalized services, and at the least, more relevant (if annoying) advertising. In the best scenario, though, we’d never be tracked without our consent.

With a phenomenon known as stalkerware, however, there’s zero gain for the victim. This is nothing short of government-style surveillance software used by individuals to spy on others – usually someone you know.

What is stalkerware?

We’re all spending more time on our smartphones. For the first time ever this year, time spent on mobile devices exceeded that spent in front of the TV. By 2021, it’s predicted that Americans will be glued to their handsets for nearly four hours per day. We chat and flirt with friends on social media. We post our photos and status updates. We email, text, IM and call via our devices. We also shop, hail taxis, or navigate around town, listen to music or watch YouTube or TV, and even bank online – all from the mini-computer in the palm of our hands.

Unfortunately, for some of us, there are people out there that want to know what we’re doing and who we’re with at all times. It could be a jealous partner, a jilted ex, over-protective parents, or even a suspicious employer. For them, a whole mini-industry has appeared over the past couple of years selling monitoring software, or more treacherously, trojan spyware and code that can hide itself, so you don’t even know it’s on your device. For just a few dollars, individuals can get their hands on an app which can monitor everything you do on your device. This includes

  • SMS messages
  • GPS coordinates/location
  • Emails
  • Web browsing
  • Keystroke logging
  • Photo, video, and audio recording

Breaking the law

Let’s be clear: it’s when monitoring software—and certainly, spyware—is used for stalking that it really becomes stalkerware. That means firms selling monitoring software may be operating in a grey area ethically and legally, depending on how the software is used. While they’re technically legitimate, the surveillance software is usually branded in such a way as to keep them just this side of the law. Think of concerned parents who want to ensure their children are safe, or of employers who want to ensure their staff are where they should be during work hours. That said, those who use such software to spy on individuals without their knowledge or consent are violating ethical standards and breaking the law. And if the software or code is specifically designed to hide itself, as with trojan spyware or spying code—then a line has certainly been crossed. You’re now neck deep in the shady gumshoe world of stalkerware.

There’s a huge range of “spyware” or “monitoring” apps available on the market today, including Retina-X, FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, Spyera, SpyBubble, and Android Spy. Given the often covert nature of the industry, it’s hard to get an accurate picture of exactly how widespread the use of such software for stalking is, although the number of titles on the market should give some indication. Reports from 2017 suggested 130,000 people had an account with Retina-X or FlexiSpy, while it was claimed a few years prior that mSpy had as many as two million users.

Stalkerware, or the use of monitoring software for stalking, represents not only a gross intrusion into your privacy, but also a possible security concern if the companies running these apps are themselves hacked or accidentally leak data belonging to victims of their customers.

How do I know if my phone has been hit?

It can be quite difficult for users of stalkerware to install the spying app on your device without physical access to it. However, malicious links in emails, texts, on websites, or even on social media could represent a potential threat vector if attackers manage to trick you into clicking through to an unwanted install. Although iOS devices are difficult to tamper with unless they’re jailbroken—and jailbreaking itself is trickier than it used to be—Android users are more exposed.

While ‘legitimate’ GPS trackers and the like (such as Life360 and other monitoring apps) are available on Google Play and can be installed as visible apps, stalkerware is typically available on 3rd-party app stores, is installed without the user’s consent, and will do its best to stay hidden on your device, potentially disguising itself under different app or process names. So here are a few things you can do to spot the tell-tale signs something is not quite right:

  • Check the setting which allows apps to be downloaded outside the official Google Play store (which doesn’t allow stalkerware). The UI can vary depending on manufacturer, but try Settings -> Security -> Allow unknown sources. If it’s on and you didn’t turn it on, you might have a problem.
  • Check to see if there are any unusual apps on your phone that you can’t remember downloading/installing.
  • Check Settings ->Applications -> Running Services to see if there are any unusual looking services running on your device. Try Googling ones you’re unfamiliar with.
  • Stalkerware could slow your device down, so if you’re noticing any major hit to performance, it could be worth investigating further.
  • Of course, if you start getting messages from the stalker, as in “I’m watching you!” it’s time to scour your device for the offending spying app or code.

How do I keep my device secure?

By its very nature, stalkerware is designed to stay hidden, so it can be hard to spot. But here are a few ideas to keep your device, and life, free from unwarranted snooping:

  • Don’t let your device out of your sight.
  • Don’t click on suspicious links in unsolicited emails, texts, social media messages, etc.
  • Install AV on your device from a reputable vendor who’s publicly addressed the stalkerware problem, to help spot any unusual/malicious activity like keylogging—as well as (potentially) the stalkerware itself. If the AV can catch potentially unwanted applications (PUAs), it could spot the stalkerware, though the AV industry as a whole needs to improve its algorithms for protection from stalkerware.
  • Keep an eye on what apps have been installed on the device.
  • Switch on two-factor authentication for your online accounts, so that even if a third-party has your passwords, they won’t be able to log-in as you, particularly for financial accounts.
  • Use a Password Manager to store long, strong and unique passwords for all your accounts, out of reach of a snooper.

How Trend Micro can help

Trend Micro can help you fight against stalkerware on your Android device with Trend Micro Mobile Security. It can scan your device before, during, and after a download to detect for:

  • Malware, defined as any software intentionally designed to cause damage, which can include theft of private data.
  • Potentially unwanted applications (PUAs), classified as “grayware” (as is stalkerware), which can be created by both legitimate and illegitimate publishers, but that are potentially a threat to your security or privacy.
  • High risk applications – An extension of PUAs, which clearly pose a serious risk to the user’s privacy by asking for too much access to your personal data.

Depending on the type of stalkerware, it could fall into any of the above categories—but Trend Micro Mobile Security can help fight against all of them. Below are typical test examples of the protection processes it provides against Android malware, PUAs, and stalkerware.

Trend Micro also offers protection from PUAs on PCs and Macs via Trend Micro Security, to deal with the broader threat of stalkerware across multiple fixed as well as mobile platforms. Trend Micro Antivirus for Mac also provides protection against webcam hacks, which can be used for stalking.

Together, both solutions can help protect you—and your Windows and Mac desktops and Android mobile devices—against stalkerware.

Tags: Stalkerware, Antimalware, Antivirus, Endpoint Security, Mobile Security

The post Stalking the Stalkerware appeared first on .

Warning! Windows 10 Fake Update is Actually Ransomware

Mobile devices could be the biggest ransomware threat.

Microsoft never sends updates via email. Many folks don’t know that, which is why a new ransomware campaign masquerading as a Windows 10 update is so pernicious.

You may have already gotten a fake notice saying “Install Latest Microsoft Update Now!” Or “Critical Microsoft Windows Update!”, with the body of the message asking you to “Please install the latest critical update from Microsoft attached to this mail,” with an apparent JPG file attached, (which is actually an executable .NET file).

Do NOT click on the attachment and delete the email immediately.

The file is a ransomware called Cyborg, which will encrypt all your files, lock their contents, and change their extensions to 777. As is typical of ransomware, you’ll also be delivered a file named “Cyborg_DECRYPT.txt,” which contains the instructions on how you can recover your files—if you pay the cybercriminal. You should never do that. There’s no guarantee that even if you fork over the cash, the cybercriminals will release your computer.

Trustware, which discovered the ransomware, says four variants are out there, spawned from somewhere in Russia, so you should be on the lookout for variations to the email notice, including those that are attached to other emails. The ransomware has the capacity to evade gateway controls.

Keep in mind that it’s always a best practice to be very cautious about unknown mails you get, and even those “apparently” from people you know, and never click on enclosed files in email unless you’re 100% sure of its source (which means: you need to make a separate effort to check it).

If you’re already infected, go to our Ransomware Prevention and Help page from another computer to get help. From there, you can contact our Technical Support for further assistance.

Know too, that Trend Micro Security has built-in protections against ransomware. Its Folder Shield protection can help stop it in its tracks from encrypting your precious files, as you can see in our video we’ve linked here.

When it comes to ransomware outbreaks, you can never be too cautious. Stay alert! Hoaxed emails can take many forms.


The post Warning! Windows 10 Fake Update is Actually Ransomware appeared first on .

Online Phishing: How to Stay Out of the Hackers’ Nets

Phishing scams and social engineering continue to cause problems for social media users.

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, over 24.3 billion were carried by email. That’s 91%. Many of these threats were made possible via phishing: a tried-and-true technique that hackers having been using for years.

Why is it so popular? Because it directly targets what they believe to be the weakest link in home cybersecurity: you, the user.

Phishing can lead to data theft, identity fraud, sextortion, ransomware, or infection with a host of dangerous malware. So what can you do to stay safe?

What is phishing, exactly?

Phishing at its heart is a confidence trick. Attackers use a technique known as social engineering to manipulate the victim into doing their bidding. Usually they achieve this by spoofing their email so that it appears as if sent by a legitimate entity, like a bank, an insurance provider, a popular technology company, or even a friend.

They either want your personal data, your money, or for you to unwittingly download malware to your machine — by clicking on a malicious link or opening a malicious attachment. So, in order to get you to do this without thinking too hard about it, they’ll typically create a sense of urgency. For example, your bank contacts you saying you need to urgently update your details to avoid extra charges, or the IRS says you owe them an outstanding sum that needs to be paid immediately.

Sometimes they use the “carrot” rather than the “stick” approach. Phishing emails can be crafted to offer huge discount sales on popular items, such as during the upcoming Black Friday holiday weekend. In fact, capitalizing on popular events is a classic phishing ploy: there have already been numerous warnings ahead of the upcoming US 2020 Census.

Harder to spot

Unfortunately, the days when phishing emails were easy to spot are long gone. Today, successful cyber-criminals are much savvier. There are fewer typos and grammatical mistakes in emails, and the sender’s domain, writing style and corporate logos are often convincingly spoofed.

Hackers have also been able to make their emails look more legitimate by packing them with more of your genuine details. Every time a company you have stored personal details with is breached or leaks its customer databases, hackers can gain access to a trove of personal data to use in follow-on phishing attacks. The latest was Adobe, although breaches at delivery firm DoorDash and the American Medical Collection Agency, among many others this year, exposed personal data on millions of Americans. Along with your email address, hackers get your full name, account details and history, which they can use to trick you into handing over more details.

What are the phishers after?

As mentioned, the hackers behind phishing attacks are basically shooting for a handful of outcomes. These are:

  • Data theft/identity fraud

They either want your personal and financial data to sell on the dark web to scammers, or to use themselves to commit identity fraud. The easiest way of getting this is by tricking the user into clicking through to a separate phishing page, where they’re prompted to enter their details. Like the email, the page itself is spoofed to appear as if hosted by a legitimate company.

Often, all they need is your log-ins, which provide the keys to your most sensitive online accounts, like internet banking, health insurance portals, and even Uber and Netflix. The latter can be sold on dark web marketplaces to offer unscrupulous buyers free streaming or taxi services, for example.

  • Malware downloads

By clicking through in a phishing email, you could also be unwittingly downloading malware to your machine. It could be ransomware designed to lock you out of your PC until a fee is paid, or covert crypto-jacking malware which will cause your machine to run slowly while it mines for cryptocurrency using your power supply. It could also be a banking Trojan designed to steal your banking log-ins.

  • Sextortion

An emerging extortion scam involves tricking the user into believing they have been filmed via their webcam in a compromising position. Usually, the attacker threatens to release the footage to all of the victims’ contacts if they don’t pay a ransom. Sometimes they use previously breached data, such as the target’s email password, to add legitimacy to the scam.

Trend Micro data reveals that these so-called “sextortion” schemes more than quadrupled from the second half of 2018 to the first half of 2019.

How can I stop it?

Fortunately, there are a number of things you can do to protect you and your family from the impact of phishing emails. A combination of user awareness and technology filters from a reputable cybersecurity vendor is a great place to start.

Consider the following:

  • Be wary of any unsolicited email, even if it appears to come from a reputable vendor
  • Don’t click through on any buttons in unsolicited emails, or download attachments
  • If an email asks you for personal data, check directly with the source independently, rather than clicking through/replying
  • Although becoming rarer, spelling and grammatical mistakes in emails are often a sign of phishing
  • Remember, if a special offer looks too good to be true, it usually is
  • Invest in anti-phishing cybersecurity tools from a trusted vendor

How Trend Micro can help

Trend Micro Security offers capabilities to filter out malicious phishing and spam emails before they even hit your inbox, or to examine them if they do. These include:

  • Antispam for Outlook analyses any links contained in emails, as well as checking the reputation of the sender, to block phishing emails. It also prevents the installation of malicious files on the user’s machine.

Click Internet & Email Controls > Spam & Emailed Files to open the panel. You can then check the boxes to:

  • Filter out unsolicited advertisements and other unwanted email messages from your Outlook inbox
  • Check for threats in files attached to email messages.

You can also increase the strength of your spam filter in Settings:

  • High detects almost all spam and fraudulent messages but may misidentify some legitimate email as spam
  • Medium detects most spam and fraudulent messages and runs only a moderate risk of misidentifying legitimate email as spam
  • Low detects only the most obvious spam and fraudulent messages, with only a slight chance of identifying legitimate email as spam
  • Fraud Buster uses cutting-edge AI technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user. It protects Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox on your PC, as well as Gmail on your Mac.

Once switched on, it will send a warning pop-up when you open a scam email, telling you to not follow any instructions contained in the email. You can then decide to Report Dangerous to report the scam or click on Looks Safe to bypass the warning (not recommended). There’s also an option to View Details in the popup to get more info on the scam.

To find out more about the dangers of phishing and malicious spam and how Trend Micro can help protect you, watch our YouTube videos:

For more information, go to our website for a Security Products Overview.

Tags: Phishing, Spam, Anti-Fraud, Internet Security

The post Online Phishing: How to Stay Out of the Hackers’ Nets appeared first on .

3 Reasons MSPs Must Evolve Beyond Endpoint Detection and Response

Endpoint protection is a critical component of a security strategy. But it’s not enough.

Today’s threat landscape is so wide and varied, it requires round-the-clock monitoring, full visibility into IT environments and a multilayered approach to keep hackers at bay. For MSPs, this creates a sizable opportunity to protect clients with a comprehensive security strategy that goes beyond endpoint detection and response.

But most MSPs are still too focused on endpoint detection and response, which can leave parts of the network unprotected. A lot of threats today are stealthy, disguising themselves and hiding until the right time to strike, and traditional environments aren’t set up to stop such threats because they’re often split into silos containing applications that perform specific tasks. The silos don’t communicate with each other, making it impossible to assemble a contextual view of threats and slowing down investigation and response.

MSPs can improve their clients’ security posture with a unified security approach that includes central visibility and monitoring, the ability to investigate threats that at first may appear harmless, and fast response capabilities. Here are three compelling reasons to deliver detection and response beyond the endpoint:

1. New threats demand new approaches
Security breaches have increased 67 percent in the past five years, growing 11 percent in the last year alone, according to Accenture. Yet two thirds of organizations say they have multiple security tools, which limits their effectiveness to detect and respond to threats.

Companies need technology that detects trouble at all levels of the network, uses machine learning to sift through massive volumes of threat data and identify previously undetected threats, and promptly responds to an attack by isolating threats and mitigating the risk of infection.

2. Slow response worsens attacks
The longer it takes to detect an attack, the higher its impact. Many malware variants work stealthily for months, spreading infection, stealing data and sending it out to a command and control server long before they are detected and stopped.

Without the tools to identify threat indicators, detection is slow and ineffective. Verizon estimates that a solid majority of breaches — 68 percent — take 197 days to discover. That’s six and a half months! By then, a lot of damage can be done, potentially compromising private employee, customer and partner data, as well as intellectual property.

3. In-house resources are scarce
Perversely, as the threat landscape gets more dangerous, it’s harder for businesses to obtain the necessary skill to combat threats. Cybersecurity professionals are scarce and expensive, which is why MSPs need to step in with managed security solutions to protect their clients’ environments.

Trend Micro helps MSPs accomplish this feat with Worry-Free XDR, which offers detection and response beyond the endpoint – correlating data automatically across email and endpoint in one console. The solution provides full visibility into customer’s environments, ensuring MSPs can move beyond the endpoint to offer clients the protection that today’s digital world demands.

The post 3 Reasons MSPs Must Evolve Beyond Endpoint Detection and Response appeared first on .

Trend Micro launches Trend Micro Cloud One™, a leading security services platform for cloud builders

Everything you need for cloud security


Today, Trend Micro is excited to announce the launch of Trend Micro Cloud One™, our new security services platform for cloud builders. This powerful new platform will help our customers simplify their hybrid and multi-cloud security.


Cloud One gives you the total package for cloud security. Comprised of six cloud security services, we can address workload, container, file object storage, serverless and application, and network security, along with security posture management.


No matter where you are in your cloud journey, Cloud One has you covered with the broadest and deepest solutions, and is designed to:

  • Work across code pipelines and cloud operations
  • Integrate with multiple cloud providers, such as AWS, Microsoft® Azure™, and Google Cloud Platform™, as well as data centers
  • Provide security for DevOps teams, who release frequently and continuously to market, with complete automation through a single set of APIs.


Making Trend Micro the obvious choice when it comes to comprehensive cloud security.


We’ve taken on the storm in the cloud


Customers are experiencing the perfect storm when it comes to securing what they are building in the cloud.


Organizations are rapidly adopting cloud infrastructure services, and the number of teams within an organization who are using the cloud, making cloud infrastructure choices, and security decisions continues to grow as individual teams and business units bypass IT. Making matters more complicated is the resulting explosion of security tools across the organization, as point products are used for every different type of infrastructure, like workloads, containers and serverless.  All of this introduces complexity and risk to the organization.


Cloud One is intentionally designed to help your business meet its cloud security objectives, without introducing friction or slowing you down. With Cloud One, we created a solution that evolves with the shifting technology landscape. And because it’s a single platform with multiple security services, it helps with operational simplicity by providing:

  • Single sign-on
  • Common user and cloud account enrollment
  • A single place for visibility
  • Common procurement and billing

Tackling the storm outside your organization


Beyond the internal factors of your organization, there are two other driving forces making cloud security complex: More demanding compliance requirements and new vectors for breaches.


Compliance has become headline worthy, and modern legislation, like GDPR, is proving to have teeth. Many organizations are no longer considering compliance to be the gold standard and recognize that threat and breach vectors are advancing and growing faster than regulations can keep up. Organizations are going beyond the minimally compliant approach and looking for the best cloud security, however, this can be a lot to take on.


Trend Micro has been helping customers secure cloud transformations since the birth of the cloud. With Cloud One, we are continuing to evolve our solutions to shift with the direction of the cloud and meet the needs of our customers.


Solving customer problems with simplicity


We work to ensure that our solutions are optimized for the cloud. Making them efficient from a resource and user perspective, allows us to address the three drivers for cloud security priorities.


  1. Cloud migration
  2. Modern application delivery
  3. Cloud operational excellence


Cloud migration is still a pressing issue for many organizations as they continue to balance and secure physical, virtual, and cloud environments efficiently.


Cloud-native application delivery is all about releasing code fast and often. This speed is made possible by shifting to DevOps processes and deployment models that leverage the cloud for storage and workloads, as well as new compute models, like containers and serverless.


Cloud operational excellence is a key priority in most organizations, with many creating cloud centers of excellence (CCoE).  Organizations making this move are focused on making cloud architectures repeatable and consistent, and are looking to optimize cost and performance.


What makes these drivers interesting is that they aren’t discrete within organizations, one customer could have all three cloud security drivers occurring at once and another could just have one. This is why Cloud One is so unique. It can help both of those organizations by providing security that fits their needs at the broadest and deepest level. We cover it all and keep it simple.


Trend Micro is the only cloud security services provider to offer all of these security services for cloud builders, all in one unified platform. To put it simply, Cloud One is everything you need to build securely.


Learn more about Cloud One and how it can simplify cloud security,

The post Trend Micro launches Trend Micro Cloud One™, a leading security services platform for cloud builders appeared first on .

Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers

We recently became aware of a security incident that resulted in the unauthorized disclosure of some personal data of an isolated number of customers of our consumer product.  We immediately started investigating the situation and found that this was the result of a malicious insider threat. The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.  

We immediately began taking the actions necessary to ensure that no additional data could be improperly accessed, and have involved law enforcement.   

Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls.    

That said, we hold ourselves to a higher level of accountability and sincerely apologize to all impacted customers for this situation. Based on the current status of our investigation, we believe that all of the consumers who were potentially affected have already received individual notices from Trend Micro, but we will continue to investigate and provide further notices in the event that any further affected customers are identified. 


In early August 2019, Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.  The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack. 

Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat. A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.   

Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor. We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation.  


If you have purchased our consumer product, you should know that Trend Micro will never call you unexpectedly. If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below. 

We encourage you to please contact us for further assistance if you need any help related to any technical issues that may have arisen from interaction with the scammers.  These technical assistance support services, as with all support services, are already covered by your active license subscription. 


  • We would like to reassure our business and government customers that our investigations have shown no indication that the criminal has accessed any enterprise customer data. 
  • While every maliciously accessed data set is one too many, our investigation has shown that this security incident affects less than 1% of Trend Micro’s 12 million consumer customers. 
  • Our investigation further shows that the criminals were only targeting English-speaking customers, and we have only seen data accessed in predominantly English-speaking countries.  


Official contact information for Trend Micro technical support in your region can always be found at Please contact us if you have any questions or concerns. 


[Update November 6, 2019: The estimated number of consumer customers affected is 68,000.]



The post Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers appeared first on .

Tips to Accelerating PCI Data Security Standard Projects with Deep Security as a Service

Does your organization need to meet PCI DSS requirements? Are you struggling with multiple security tools? Or stretching your already overstretched team to prepare for an audit? Time to hit the accelerator with Trend Micro!

If your applications deal with credit or payment card data, you need to go through a long and cumbersome certification process outlined by the Payment Card Industry (PCI).

The PCI Data Security Standard (DSS) requires annual audits to ensure appropriate security controls and processes are being used for any applications that deal with sensitive customer data.

If your applications are in the cloud, PCI compliance can be easier – as long as you choose the right service provider.

Trend Micro is happy to announce that the 2019 PCI re-certification for Deep Security as a Service (DSaaS) has completed successfully and the Attestation of Compliance (AOC) is now available for distribution to customers and partners.

Infrastructure as a Service (IaaS) providers like AWS and Microsoft Azure have Level 1 PCI DSS certification. This means they have validated their security controls, people and processes with auditors and take care of many aspects that you would be responsible for if your application was in a physical data center.

If you also use third party Software as a Service (SaaS) offerings, they are included in the scope of your PCI audit! (as of the latest version 3 of the standard)

This means if you are using SaaS offerings for log management, automation, monitoring or security, they also need to be PCI DSS certified, even if the service doesn’t directly deal with cardholder data.

Trend Micro™ Deep Security as a Service™ continues to be a PCI DSS Level 1 Service Provider with its 2019/2020 re-certification! This means you can streamline your PCI DSS certification process and take more items off of your to do list.

Deep Security as a Service removes the cost and effort of running the security management stack. All of your security policies and events are stored securely and managed by Trend Micro. Best of all you can get up and going with Deep Security as a Service in just a few minutes with our 30 day free trial.

Trend Micro has saved users months of resource time on PCI DSS projects by meeting many of the requirements with a single tool. A single agent provides critical controls that address multiple requirements like 11.4 Intrusion Prevention, 11.5 Integrity Monitoring, 5.1 Anti-malware and many, many more.

  • For Guess?, Inc., Deep Security helped the company segment traffic and fulfill multiple PCI requirements rapidly.
  • Coiney was able to achieve PCI DSS compliance for a payment service within a month!

For more detailed information on how Trend Micro Deep Security can help you accelerate PCI compliance, go here You can download a detailed matrix of PCI requirements and how Deep Security can help address them – written by the PCI Qualified Security Assessor (QSA) Coalfire.

If you have questions or comments, please reach out to Jason at

The post Tips to Accelerating PCI Data Security Standard Projects with Deep Security as a Service appeared first on .

3 Ways for MSPs to Increase Their Managed Security Footprint

Managed service providers looking to increase their business often face the choice of whether to focus on finding new customers or expanding their existing base. But there’s a growing opportunity making the latter option especially appealing.

The small and midsize businesses that comprise the bulk of the MSP customer base have a limited understanding of cyber attacks–an ever-escalating threat that can cause millions of dollars in remediation, recovery and reputational costs. SMBs need guidance to strengthen their cyber defenses, and MSPs are best positioned to address this need by delivering affordable managed security services.

Moreover, adding services for existing customers costs less than client prospecting. Existing customers don’t need to be pitched: If an MSP effectively deploys their services right, customers will trust them to deliver value and support their business goals, making them more willing to adopt the provider’s services.

With that in mind, here are three security services opportunities MSPs can explore with their existing customers:

1. Managed Email Services

Businesses increasingly rely on cloud-based applications such as Office 365 and Google Drive services to run operations. These services have built-in cyber protection, but it’s not enough to fully safeguard businesses against the previously unknown digital dangers that make up 95% of threats in the wild.

MSPs can deliver added protection for email and file-sharing platforms as a managed service, supplementing it with awareness and training programs that educate employees on cybersecurity. Cyber attacks frequently succeed because many end users have a poor understanding of security risks–for example, unwittingly clicking infected URLs or attachments that cause security breaches. With proper instruction on cyber dangers, users are much less likely to make these mistakes.

2. Protection Beyond the Endpoint

Endpoint detection and response remains a critical need, but only addresses part of the problem. Threat actors have become savvier at breaking into networks to disrupt operations and steal data in various ways–a lot of threats hide in the network unnoticed, waiting to strike.

Addressing these threats requires a multilayered approach to security that includes visibility and quick incident response capabilities. MSPs can help businesses via managed security services that are administered from a central console and deliver multiple layers of protection at the endpoint and beyond–servers, cloud workloads, email and the network itself.

3. Perimeter and Network Protection

Managed unified threat management (UTM) services with comprehensive security capabilities is another area where MSPs can play an essential role. Managed UTM further strengthens a company’s defenses against cyber attacks with features such as managed firewall, HTTPS scanning, URL filtering, intrusion detection, and protection against malware, email-borne threats and distributed denial of service (DDoS) attacks.

The ideal managed UTM solution should provide easy deployment and simple management from a single location. MSPs that deliver UTM services add significant value to customers by enhancing their security posture against cyber attacks that can disrupt operations and incur significant costs.

MSPs can increase their customer footprint by taking advantage of Trend Micro’s MSP Program. It helps providers add managed security services to their portfolio, boosting their business prospects and fortifying their clients against the cyber threats of today–and tomorrow.

The post 3 Ways for MSPs to Increase Their Managed Security Footprint appeared first on .