Trend Micro – Digital IT News

Trend Micro Empower MSSPs to Elevate SOC Capabilities

Digital IT News Editors — Thu, 24 Aug 2023 21:35:47 +0000

Trend Micro Incorporated announced an extension to its partner program and launched a new offering designed to empower MSSPs, service partners and pure-play managed detection and response (MDR) companies to build or grow their MDR and SOC-as-a-service offerings. The new program will further enable the global ecosystem of MSSP partners that customers rely on amidst a cybersecurity skills shortage.

“Breaches are on the rise, but many global organizations can’t afford the investment of time, resources and staff that a full SOC requires,” said Louise McEvoy, vice president of US channels at Trend. “And those that can often find their analysts frustrated by tool sprawl and overwhelmed by alerts. This opens a lucrative and important opportunity for MSSPs to deliver more value to customers, as long as they can find the right platform to deliver SOCaaS.”

Trend Vision One for Service Providers provides turnkey threat detection and response with extended SOAR capabilities built for managed security service partners, offering multi-tenant SOC capabilities and hundreds of third-party integrations across the IT environment and with other security vendors.

Out-of-the-box value, via incident response playbooks which reduce the need to build custom solutions
Comprehensive, end-to-end SOC technology, from XDR to protection
Improved customer outcomes, with MTTR (mean time to respond, repair, resolve, recover) measured not in weeks but hours
Extensive integrations – hundreds of integrations that offer visibility, analysis and automation across Trend and a wide range of third-party products
Greater SOC inspection and analytics thanks to log inspection and analytics which capture event data from a wide range of sources across the organization, from Trend and third-party solutions
MSSP-ready capabilities – a multi-tenant offering delivered via a single pane of glass

The new Trend Vision One for Service Providers will help managed service partners adopt and scale their SOC/SOCaaS capabilities based on readiness and maturity, to meet the complex requirements of large organizations.

“Trend’s channel-first model means the company is well positioned to address the fast-growing MSSP market,” said Jay McBain, Chief Analyst at Canalys. “Applying their resources beyond technology and into channel-driven services and programs like this latest example will enable them to maintain this standing and better serve customers.”

Partners who sign up to Trend Vision One for Service Providers will also receive industry-leading benefits including:

White-glove onboarding and enablement, leveraging Trend’s industry know-how working with hundreds of SOCs to help partners accelerate adoption and delivery of SOCaaS and MDR
Highly competitive pricing to allow new and existing MSSPs to penetrate the market quicker
Choice of partnership, which means partners can choose the partnership right for their business:
- Fully managed MDR or SOCaaS
- API integration to offer co-managed services for “bring your own technology” clients, where MSSPs help configure and manage Trend SOAR solution deployed on customers’ premises

“As a trusted voice in cybersecurity, Trend has made significant and valuable upgrades to enable a more effective MDR service,” said Randy Watkins, chief technology officer (CTO) for Critical Start. “The Vision One platform addresses the growing demand for risk visibility without increasing the burden on security teams and empowers us to provide superior value to our customers and increase their cyber resilience.”

For more information visit the website here.

Top Security Challenges for Small Organizations is Lack of Budget

The post Trend Micro Empower MSSPs to Elevate SOC Capabilities appeared first on Digital IT News.

Trend Vision One Announced for Optimized Security for Endpoints

Taylor Graham — Mon, 24 Jul 2023 13:00:05 +0000

Trend Micro Incorporated announced Trend Vision One – Endpoint Security, the latest offering in its next-generation cybersecurity platform, which unifies prevention, detection, and response for user endpoints, servers, cloud workloads, and data centers. This comprehensive solution aims to support customers throughout their IT modernization.

Kevin Simzer, COO at Trend Micro: “Surging IT complexity is placing unprecedented demand on teams and providing determined adversaries with more opportunity to infiltrate an ever-expanding attack surface. In response to this challenge, our customers want to simplify security without compromising effectiveness. Trend Vision One – Endpoint Security is a direct answer to this need, helping IT and security organizations stop threats faster and take control of risk.”

By leveraging the consolidated power of Trend Vision One, customers gain access to powerful attack surface risk management, cross-layer protection, and leading XDR capabilities to streamline and harmonize security operations while simultaneously enhancing protection, scalability, and performance. This approach enables security teams to holistically manage the attack surface, including and extending beyond the endpoint to achieve faster, more accurate threat defense and risk mitigation.

Trend Vision One – Endpoint Security is built on market-leading capabilities. With a consistent history of endpoint security success, Trend has earned Leader recognition in every Gartner Magic Quadrant for Endpoint Protection Platforms since 2002^*1.

Trend has also ranked as the top provider for Cloud Workload Security Market Share (IDC) for an impressive five consecutive years.

By bringing industry-leading and context-rich visibility for user endpoints, servers, and cloud workloads to the platform, security organizations can significantly streamline operations:

Consolidate products, enhance visibility, and improve correlation: According to Gartner*², “A recent Gartner survey found that 75% of organizations are pursuing security vendor consolidation in 2022, up from 29% in 2020.” Minimize the cost and complexity associated with cybersecurity tool spread by consolidating point products and integrating user endpoint, server, and cloud workload security — reducing IT operation inefficiency and alert fatigue and closing exploitable security gaps while benefiting from high-fidelity detection and response alerting.
Optimize and customize hybrid IT protection: Leverage specialized security features designed and optimized for physical servers, virtual machines, and cloud workloads.
Improve the IT and SecOps workflow: Access prevention, detection, and response capabilities at your fingertips — including ransomware rollback, predictive machine learning, device control, host-based intrusion prevention, application control, file integrity monitoring, log inspection, and generative AI support — to accelerate and connect SecOps and IT Ops goals.
Reduce risk and pre-empt attacks: Proactively quantify and reduce endpoint and cross-layer risk with complete attack surface risk management (ASRM) with native network, cloud, and email data ingestion.

Trend Vision One provides security for every layer of an organization’s diverse IT infrastructure, including endpoint, servers, email, cloud services, networks, 5G, and OT (operational technology).

With centralized visibility and policy management for all endpoint types, this latest development provides comprehensive protection, detection, and response (EDR) for Windows, Mac, and Linux operating systems, whether on-premises or in the cloud, from within a single, user-friendly console.

Jason Cradit, CIO, CTO at Summit Carbon Solutions: “With the company’s environment being 100% in the cloud, having a solid understanding of the cloud was incredibly important. We needed a partner that could grow with us in a multi-cloud environment and move as fast as we needed them to while also providing us with a sense of peace that we are secure. Trend Vision One enables us to see and track a threat from potential to attack.”

Trend Vision One is now available on AWS Marketplace. Designed to seamlessly integrate into AWS environments, Trend Vision One offers a cybersecurity platform with a focus on empowering organizations to safeguard their cloud workloads. The platform provides advanced threat detection capabilities and in-depth insights, ensuring a resilient defense against evolving digital threats.

To learn more about Trend Vision One – Endpoint Security, please visit the website HERE.

Action1 $20M Investment for Security Vulnerabilities on Endpoints

GARTNER and MAGIC QUADRANT are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

*1 Gartner, Magic Quadrant for Endpoint Protection Platforms (Peter Firstbrook et al., December 31 2022)

*2 Gartner, Emerging Tech: The Impact of Emerging Trends on Security Solution Demand (Rustam Malik, October 7 2022)

The post Trend Vision One Announced for Optimized Security for Endpoints appeared first on Digital IT News.

Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses

Leigh Porter — Mon, 03 Apr 2023 18:07:09 +0000

Trend Micro, today published new research detailing how criminal cybercrime groups start behaving like corporations as they grow bigger, but that this comes with its own attendant costs and challenges and how they come to resemble legitimate businesses.

Jon Clay, VP of threat intelligence at Trend Micro: “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more ‘office politics,’ poor performers, and trust issues. This report highlights to investigators the importance of understanding the size of the criminal entities they’re dealing with.”

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations and cybercrime groups, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

Small criminal businesses (e.g., Counter Anti-Virus service Scan4You):

Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
Their members often handle multiple tasks within the group and also have a day job on top of this work.
Comprise the majority of criminal businesses, often partnering with other criminal entities.

Medium-sized criminal businesses (e.g., bulletproof hoster MaxDedi):

Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
They usually have a pyramid-style hierarchical structure with a single person in charge.

Large criminal business (e.g., ransomware group Conti):

Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
Feature relatively large numbers of lower management and supervisors.
Implement effective OPSEC and partner with other criminal organizations.
Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization and cybercrime groups can provide critical clues to investigators, such as what types of data to hunt for.

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

Netwrix Launches a New SaaS-based Solution for MSPs and Upgrades Product Portfolio

The post Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses appeared first on Digital IT News.

Threats are Becoming More Targeted According to Trend Micro

Taylor Graham — Tue, 25 Jan 2022 19:47:01 +0000

Trend Micro Incorporated announced that its industry-leading threat intelligence infrastructure, Smart Protection Network (SPN), stopped 94.2 billion* cyber-threats heading for consumer, government and business customers in 2021. Global cybersecurity leader, Trend Micro, helps make the world safe for exchanging digital information.

The volume of detections represents a 42% increase on the number of detections recorded in 2020. It reveals that attacks surged by over 53 billion in the second half of 2021 after Trend Micro blocked 41 billion threats in 1H 2021.

The threats were detected by more than five trillion threat queries, a 36% year-on-year increase from queries in 2020. Trend Micro’s SPN leverages over 250 million sensors across the broadest attack surface globally to proactively protect organizations and individuals faster.

“Trend Micro detects threats across endpoints, mobile, servers, IoT/IIoT, home networks, messaging, network, web and cloud environments,” said Jon Clay, vice president of threat intelligence for Trend Micro. “That’s a testament to our continuous effort to expand attack surface protections and improve our advanced detection technologies deployed to 500,000 commercial and government accounts and millions of consumer customers. But it also underscores the mounting threat from bad actors, as outlined in our 2022 predictions report.”

Despite a double-digit surge in detected cyber-threats from 2020 to 2021, Trend Micro blocked 66% fewer ransomware attacks over the period, reinforcing the theory that these threats are becoming more targeted. Another contributing factor in this decrease is that more ransomware attacks are being blocked in earlier stages before being deployed. Over 14 million attacks were proactively stopped in 2021 before they could impact customers.

Even with Trend Micro’s comprehensive cloud-first protection capabilities, security teams must be prepared for another onslaught of threats in 2022. Trend Micro predicts that IoT systems, global supply chains, cloud environments and DevOps functions will come under increasing scrutiny from attackers over the coming year.

Enhanced risk-based patching, XDR, server hardening, Zero Trust, network monitoring and DevSecOps practices will be critical to prevent spiraling cyber risk in 2022.

*The figure stands at 94,289,585,240 threats.

Learn more about Trend Micro, Trend Micro’s 2021 Midyear Cybersecurity Report, Trend Micro Security Predictions for 2022

Image licensed by pixabay.com

Log4j Corporate Solution to Fully Identify and Remediate Vulnerabilities

The post Threats are Becoming More Targeted According to Trend Micro appeared first on Digital IT News.

80% of Global Organizations Expect to Experience a Breach of Customer Records in the Next Year

Leigh Porter — Wed, 04 Aug 2021 08:44:03 +0000

Trend Micro Incorporated revealed that the risk of cyber attacks has increased in the last year. According to a new survey, 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months.

The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.

Read a full copy of the report, produced by the Ponemon Institute, here: https://www.trendmicro.com/cyberrisk.

The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.

“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Jon Clay, vice president of threat intelligence for Trend Micro. “To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”

Organizations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.

Key findings from the report include:

86% said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months, compared to 83% last time
24% suffered 7+ cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
21% had 7+ breaches of information assets, versus 19% in the previous report.
20% of respondents said they’d suffered 7+ breaches of customer data over the past year, up from 17% in the last report.

“Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk,” said Dr. Larry Ponemon, CEO for the Ponemon Institute. “Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”

Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.

The top cyber risks highlighted in the report were as follows:

Man-in-the-middle attacks
Ransomware
Phishing and social engineering
Fileless attack
Botnets

The top security risks to infrastructure remain the same as last year, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers. In addition, respondents identified customer turnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organizations globally.

The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.

Image licensed by: Pixabay.com

68% of Sysadmins Say Their Organizations Faced Increased Risk of Cybersecurity Attacks Due to the Shift to Remote Work

The post 80% of Global Organizations Expect to Experience a Breach of Customer Records in the Next Year appeared first on Digital IT News.

Nearly a Quarter of Exploits Sold on Cybercriminal Underground Are More Than Three Years Old

Taylor Graham — Thu, 15 Jul 2021 09:22:03 +0000

Trend Micro Incorporated, a global cybersecurity leader, released new research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.

Trend Micro Research found that 22% of exploits for sale in underground forums are more than three years old.

To view a full copy of the report, The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground, please visit: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/trends-and-shifts-in-the-underground-n-day-exploit-market.

“Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken advantage of,” said Mayra Rosario, senior threat researcher for Trend Micro. “The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums. Virtual patching remains the best way to mitigate the risks of known and unknown threats to your organization.”

The report reveals several risks of legacy exploits and vulnerabilities, including:

The oldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE.
CVE-2016-5195, known as the Dirty Cow exploit, is still ongoing after five years.
In 2020, WannaCry was still the most detected malware family in the wild, and there were over 700,000 devices worldwide vulnerable as of March 2021.
47% of cybercriminals looked to target Microsoft products in the past two years.

The report also reveals a decline in the market for zero-day and N-day vulnerabilities over the past two years. This is being driven in part by the popularity of bug bounty programs, like Trend Micro’s Zero Day Initiative, and the rise of Access-as-a-Service – the new force in the exploit market.

Access-as-a-Service has the advantages of an exploit, but all the hard work has already been done for the buyer, with underground prices starting at $1000USD.

These trends are combining to create greater risk for organizations. With nearly 50 new CVEs released per day in 2020, the pressure on security teams to prioritize and deploy timely patches has never been greater – and it’s showing. Today, the time to patch averages nearly 51 days for organizations patching a new vulnerability. To cover that gap in security protection, virtual patching is key. It is based on intrusion prevention technology and offers a hassle-free way to shield vulnerable or end-of-life systems from known and unknown threats indefinitely.

Image licensed by pixabay.com

PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords

The post Nearly a Quarter of Exploits Sold on Cybercriminal Underground Are More Than Three Years Old appeared first on Digital IT News.

84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

Taylor Graham — Wed, 14 Jul 2021 18:53:22 +0000

Trend Micro Incorporated, a global cybersecurity leader, published new research revealing that half of US organizations are not effective at countering phishing and ransomware threats.

The findings come from an Osterman Research study commissioned by Trend Micro and compiled from interviews with 130 cybersecurity professionals in mid-sized and large organizations.

Trend Micro Osterman Survey Infographic

A full copy of the report, How to Reduce the Risk of Phishing and Ransomware, is available here: https://resources.trendmicro.com/rs/945-CXD-062/images/Reduce-Phishing-Ransomware_Trend-Micro.pdf

“Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,” said Jon Clay, vice president of threat intelligence for Trend Micro. “Organizations need multi-layered defenses in place to mitigate these risks. These range from phishing simulations to advanced threat detection and response platforms like Trend Micro Vision One, which alert security teams before attackers can make an impact.”

The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

Key takeaways from the report include:

50% rated themselves ineffective overall at tackling phishing and ransomware.
72% consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks.
Only 37% believed they were highly effective at following 11 or more of the highlighted best practices.

The report further split the threat landscape into 17 types of security incident and found 84% of respondents had experienced at least one of these—highlighting the prevalence of phishing and ransomware. Most common were successful:

Business email compromise (BEC) attack – 53%
Phishing messages resulting in malware infection – 49%
Account compromise – 47%

Phishing remains among the top vectors for threat actors. Although it can be the first stage in a ransomware attack, it’s also used in BEC raids, or to infect victims with malware including info-stealers, banking trojans, spyware, crypto-miners, and more.

Ransomware has become a modern epidemic, hitting government, hospitals, schools and private enterprises and any other targets deemed vulnerable to extortion and capable of paying. It results most often in both data loss and potential serious IT service outages.

The security issues flagged by respondents as most concerning were:

65% phishing attempts landing in user inboxes
65% users clicking on phishing links or opening attachments
61% data theft via ransomware actors

The report also contains a trove of useful information for organizations including typical attack TTPs, effective mitigations and capabilities to look out for in commercial cybersecurity solutions.

High success rates for both phishing and ransomware campaigns mean both are likely to intensify over the coming years. The report recommends that organizations embrace the following best practices to mitigate cyber-risk:

Focus on root causes of compromise using a risk-based approach to address the most damaging threats
Improve authentication via use of password managers, tweaking policies, monitoring for credential breaches and even using passwordless authentication
Take a people, process and technology approach including user training, incident response processes and technology like Vision One to detect and respond to threats early on
Don’t wait for a breach before developing an incident response plan. Reach out to law enforcement, managed services providers, your security vendors, and other key stakeholders now

Image licensed by pexels.com

PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords

The post 84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months appeared first on Digital IT News.

Trend Micro Launches First and Only SecOps Solution to Slay Open Source Code Bugs

Leigh Porter — Mon, 10 May 2021 17:29:52 +0000

Trend Micro Incorporated launched a new, co-built SaaS solution with Snyk, the leader in cloud native application security. The first of its kind, it’s designed to provide continuous insight into open source vulnerabilities for enhanced risk management to drive data-driven decisions.

Trend Micro Cloud One – Open Source Security by Snyk is the newest Cloud One service and the first partner addition to the platform, which is available through the channel as well as AWS Marketplace.

Surface the Unknown.

To find out more visit: https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html

This is the first service that provides visibility into open source software vulnerabilities for security operation teams. The use of these open source code components is exploding thanks to the speed, flexibility, extensibility and quality they offer application development teams. According to Snyk, 80% of application code today is open source.

In their Market Guide for Software Composition Analysis, Gartner stated that “Open-source software is used in nearly all organizations. This introduces risks from readily exploitable vulnerabilities; an expanded attack surface through which malware and malicious code can gain access, compromising proprietary code and infrastructure; and legal and intellectual property exposures.”ⁱ

Snyk has observed 2.5x growth in open source vulnerabilities over the past three years, making it more necessary than ever to deliver security further into the DevOps pipeline. However, process gaps, mismatched toolsets and communication challenges between SecOps and DevOps are commonplace. Too often, this means security practitioners face an uphill battle and lack visibility into application build-time risks. This cloud service from Trend Micro and Snyk bridges the long-standing cultural challenges between security and development teams with a unified solution that delivers unique visibility sooner in the software development lifecycle to further protect the stack.

“Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer,” said Geva Solomonovich, Global Alliances CTO for Snyk. “Adding Snyk’s developer-first security technology to Trend Micro’s Cloud One allows more customers to tackle open source risk on a single platform, minimizing the need to manage multiple vendors and tools. We look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers.”

Almost all applications developed across the world in the last 25 years have been built using open source code. As the pressure to build and deliver new cloud-native applications continues to increase, organizations often lose sight of older applications, their component inventories, and maintenance and update cycles—creating further opacity and risk.

“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps,” said Kevin Simzer, chief operating officer for Trend Micro. “This offering can save over 650 hours of development time per application through increased automation, helps to manage risk and liability with license requirements, and gives security teams visibility into a part of our functional code base that has not been accessible before.”

Trend Micro Cloud One – Open Source Security by Snyk also enables SecOps to identify vulnerabilities and issues related to licensing. This empowers security teams to better monitor, prioritize and communicate risk and exposure rates within DevOps projects over time. This happens with:

Data-driven security decisions
Continuous monitoring of threat levels
Effective prioritization of risks and remediation recommendations

Built-in automation also helps security teams quickly identify and gain awareness of indirect open source dependencies that both security and developer teams may not be aware exist in their applications. Approximately eight hours can be saved per vulnerability through automation and early discovery.

Image Licensed by Adobe Stock

PC Matic Survey Finds Majority of Americans Lack Confidence in U.S. Federal Government’s Cybersecurity Preparedness

The post Trend Micro Launches First and Only SecOps Solution to Slay Open Source Code Bugs appeared first on Digital IT News.

Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G

Taylor Graham — Wed, 14 Apr 2021 17:13:07 +0000

Fujitsu Limited and Trend Micro Incorporated, a global cybersecurity leader, have collaborated to focus on the security of private 5G networks. The companies will demonstrate the effectiveness of Trend Micro’s security for private 5G using a simulated smart factory environment and an operational Fujitsu environment prior to the product’s public availability.

Private 5G network technology will be the catalyst for true smart factories globally. Connectivity and automation will link factory devices and business applications, improving production capabilities and overall factory performance. However, the expanded IT infrastructure within operational technology (OT) environments can lead to exposed risk for cyberattacks. There is an urgent need to implement cybersecurity measures to secure private 5G networks to protect against potential attacks.

Fujitsu and Trend Micro have incorporated Trend Micro’s 5G security solution into a private 5G system that simulates an actual smart factory environment equipped with high-definition monitoring cameras and automatic guided vehicles (AGV) at the FUJITSU Collaboration Lab in Kawasaki, Japan. This environment was used to visualize and centrally manage the status and security of systems, as well as correlate threat detection and prevention data from the devices and network.

The security solution, Trend Micro Mobile Network Security, leverages embedded endpoint security within the IoT device’s SIM card and network security running on a private 5G system. Benefits of the product include:

Detect and protect against threats at the private 5G network
Authenticate devices trying to connect to the 5G network
Block unauthorized communication in real time

This demonstration shows how the Trend Micro solution protects smart factories from internal threats, such as unauthorized or malware-infected devices, as well as external threats attempting to enter the factory through the 5G network.

“Fujitsu aims to realize a society in which people, goods, and services are connected in real time through 5G technology and to solve problems facing the world,” said Tomonori Goto, corporate executive officer, senior vice president and head of 5G vertical service office at Fujitsu. “To this end, we believe that this security solution, created together with Trend Micro, represents a key technology for applying private 5G to mission-critical areas. Fujitsu will continue to cooperate with Trend Micro to create new value through the power of co-creation.”

Fujitsu and Trend Micro will conduct a field trial until September 2021 at Fujitsu’s Oyama Plant. Based on the results of this trial, the partners will consider commercializing a security solution for private 5G.

“We’re delighted to be joining forces with Fujitsu to tackle the immense challenge of cybersecurity for private 5G,” said Akihiko Omikawa, executive vice president for Trend Micro. “Together, we are making smart manufacturing more secure to ensure production isn’t stopped due to a cyberattack.”

For more information on Trend Micro’s Mobile Network Security solutions please visit:
https://www.trendmicro.com/tmmns.

Image licensed by Pexel.com

With 5G Adoption, Come New Cybersecurity Risks to Mitigate

The post Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G appeared first on Digital IT News.

Smart Factory Cyber Attacks Knock Out Production for Days

Leigh Porter — Mon, 29 Mar 2021 19:25:07 +0000

Trend Micro Incorporated revealed that most (61%) manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk.

Trend Micro commissioned independent research specialist Vanson Bourne to conduct an on-line survey with 500 IT and OT professionals in the United States, Germany and Japan and found that over three-fifths (61%) of manufacturers have experienced cyber incidents, with most (75%) of them suffering system outages as a result. More than two-fifths (43%) said outages lasted more than four days.

These findings and more can be found in the report, “The State of Industrial Cybersecurity: Converging IT and OT with People, Process, and Technology.” A full copy of the report can be found at https://resources.trendmicro.com/Industrial-Cybersecurity-WP.html.

“Manufacturing organizations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack.” said Akihiko Omikawa, executive vice president of IoT security for Trend Micro. “That’s why Trend Micro has integrated IT and OT intelligence and provides a comprehensive solution from the shop floor to the office. We’re helping put visibility and continuous control back in the hands of smart factory owners.”

The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and process (67%) were also cited as top challenges by many respondents. However, fewer than half of the participants said they’re implementing technical measures to improve cybersecurity.

Asset visualization (40%) and segmentation (39%) were the least likely of cybersecurity measures to be deployed, hinting that they are the most technically challenging for organizations to execute. Organizations with a high degree of IT-OT collaboration were more likely to implement technical security measures than those with less cohesion. There was a particularly big gulf between organizations with high IT-OT collaboration verses those with little to no IT-OT collaboration in the use of firewalls (66% verses 47%), IPS (62% verses 46%) and network segmentation (54% verses 37%).

Standards and guidelines were cited as the top driver for enhanced collaboration in the United States (64%), Germany (58%) and Japan (57%). The National Institute of Standards and Technology’s (NIST) Cyber Security Framework and ISO27001 (ISMS) were among the most popular guidelines.

The most common organizational change cited by manufacturers in all three countries was appointing a factory Chief Security Officer (CSO).

Trend Micro recommends a three-step technical approach to securing smart factories and keeping their operations running:

Prevention by reducing intrusion risks at data exchange points like the network and DMZ. These risks could include USB storage devices, laptops brought into a factory by third parties, and IoT gateways.
Detection by spotting anomalous network behavior like Command & Control (C&C) communication and multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organization.
Persistence is crucial to protect smart factories from any threat that has evaded prevention and detection stages. Trend Micro TXOne Network’s industrial network and endpoint security solutions are purpose-built for OT environments. They work at a wide range of temperatures and are easy to use with minimal performance impact.

Image licensed by unsplash.com

Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic

The post Smart Factory Cyber Attacks Knock Out Production for Days appeared first on Digital IT News.