The Changing Threat Landscape - Zift Solutions

The Changing Threat Landscape January 2009
Independent Validation of the Trend Micro Worry-Free Business Security Solution

Contents
3
4
6
7
11
13
17
18
The Changing Threat Landscape
Malware Multipliers
Business Mobility
Comparative Testing
West Coast Labs Conclusion
Critical Security Components for SMBs
The Business and Technical Benefits of Trend Micro WFBS-A
Footnote
2

The Changing Threat Landscape
In the last several years, malware has
become far more prevalent and stealthy,
targeting specific businesses and any
information assets they possess. As a
result, a computer security product must
now include the protection of business
information assets in its arsenal of
protective tools.
Indeed, security has become far more
than a technology issue. It is a business
issue where the protection of corporate
information assets is a priority not just for
IT and Security Managers, but also for C-
Level Executives in businesses of all sizes.
Businesses are operating in a global
economy where internet connectivity
and business mobility are essential. As
malware writers around the world “follow
the money”, they are targeting companies’
reliance on mobility and web use, which
they perceive to be the most vulnerable
parts of security infrastructures.
The exploitation of these weak links in
the security perimeter has produced an
exponential increase in malware threats
especially through web and email attack
vectors, to steal either personal or critical
business information for malicious gain.
For small business users (the focus of this
report), this creates a host of concerns
about which security products to purchase.
Which solution offers the most effective
security? Which solution is most relevant to
specific business needs? Which is the easiest
to use and manage? Which is the most costeffective?
Trend Micro’s Worry-Free
Business Security solution is offered as a
comprehensive, yet easy-to-use answer to
these questions.
The Key Business & Technical Requirements of a ‘Worry-Free Business Security’ Solution
• Proven security technology
• Comprehensive attack vector protection
• Relevance to business needs
• Ease of use
• Minimal system impact
• Effective technical support
3

Malware Multipliers
The malware* world is now largely
financially motivated, which means that
any sort of pertinent, saleable data can be
targeted. West Coast Labs’ own global
malware testing and research programme
continues to show how cybercriminals
worldwide are attacking companies and
individuals around the world, irrespective of
their geographical location.
Customer data (such as passwords, IDs,
or account numbers) as well as credit card
numbers and confidential business information
are valuable commodities that can also include
any sort of information that might make
socially-engineered attacks more effective.
Thus, malware has become more stealthy
and sophisticated, with more frequent
and specifically-targeted attacks from
locations around the world. The propensity
of malware attacks has grown by leaps
and bounds. AVTest.org estimated that
that the total number of malware at the end
of the first quarter of 2008 was almost 12
million files. This represented an increase
of nearly 4 million files from the beginning
of that year and it’s likely that this pace of
increase will continue for the foreseeable
future. A great deal of this increase has
been delivered through the web via
socially engineered attacks leading to
drive-by downloads. Google estimates
that 10% of all websites now contain
malicious content – a significant increase in
just a few short years.
Trend Micro states that while the number
of conventional worms has grown only 22%
since 2005, web threats have increased by
1564% during the same period. Companies
are feeling this effect in their network
environments given that IDC reports that,
“Up to 30% of companies with 500 or more
staff have been infected as a result of Internet
surfing, while only 20-25% of the same
companies experienced viruses and worms
from email.”
s
Malware Explained
Malware is the term used to describe a
variety of different types of malicious software
which can include Viruses, Trojans, Worms,
BOTs, Rootkits and Spyware which itself is a
generic term for different types of Backdoors,
Keyloggers, Financials, Proxies, Password
Stealers, Crackers, Downloaders, Hijackers,
and RATs. A complete description of each of
these types of malware can be found on the
West Coast Labs website at:
www.westcoastlabs.com/checkmark/glossary/
4

Malware Multipliers continued
At the same time, companies are
experiencing a dramatic increase in the
number of email-based attacks on their
employees and environments.
Spam, phishing, and targeted email attacks
not only affect employee productivity, they
affect company networks. These threats can
also expose companies to legal risks such as
compliance issues due to data leakage.
This drastic increase in both the volume of
malware and the wide variety of different
types of malware has had a technical impact
on the operating efficiency of security
solutions.
There has been a corresponding increase in
the deployment of traditional signature-based
anti-virus pattern files within anti-malware
solutions which affects both disk and
memory usage. Such an increase in pattern
file size can result in slower scanning times,
decreased performance, and increased
network load to download the pattern file
updates.
Trend Micro’s Worry-Free Business
Security has addressed this issue by
implementing a number of security features
beyond traditional signature-based scans,
which are customisable based on customers’
specific needs.
Trend Micro’s leading-edge reputationbased
scanning for email, file and web
threats, has moved a significant portion of its
malware detection technology to an in-thecloud
model to improve local response and
scan times.
5

Business Mobility
The average worker is now much
more mobile than ever before.
Business mobility is a critical part of
most commercial activity and customer
interaction.
According to Gartner, in 2007 40% of
new PC sales were for notebooks. It’s
estimated by DisplaySearch that this
percentage equates to 228.8 million
notebooks, which represents a tenfold
increase from the number sold in 2001.
This number was expected to climb
significantly in 2008, with the percentage
of new notebooks possibly equalling
desktop machines sold, for the first time
ever.
This mobility presents unique challenges,
as business notebooks are often used in
situations or environments where they are
generally outside a company’s security
infrastructure.
The combination of this new-found
mobility and the threat of malware
targeting sensitive corporate data
highlights the need for security software
development to respond accordingly, by
addressing these specific and consequential
business and technical needs.
Trend Micro Worry-Free Business
Security includes a number of new features
to address mobile workers such as
Location Awareness, a Wi-Fi Advisor, and
the previously-mentioned cloud-based
reputation scanning.
Trend Micro Worry-Free Business Security
This product is an
advanced multilayered
cloud/
server/client antimalware solution for laptops,
desktops, servers, and Exchange Servers
that balances in-the-cloud technologies (e.g.,
URL reputation, IP Address reputation) with
on-premise technologies (e.g., signatures,
behavior monitoring, etc.). It provides locationawareness
(In-office and Out-of-office settings
for the Firewall, Web Threat Protection, and the
TrendSecure Toolbars). www.trendmicro.com
6

Comparative Testing
Trend Micro commissioned West
Coast Labs to validate the functionality
and performance of key features
of Worry-Free Business Security
Advanced (WFBS-A) and to compare
them to two competitor products. Trend
Micro Worry-Free Business Security
was tested alongside McAfee Total
Protection Advanced and Symantec
Endpoint Protection, per Trend Micro’s
recommendation. Detailed test results
are available in a separate Test Report
which is available for download at www.
westcoastlabs.com/productTestReports/
with an overview of the findings as follows.
A particular hallmark of Worry-Free
Business Security is that installation
is straightforward and that it keeps its
footprint on the machine minimal, ensuring
optimum efficiency of the machine’s
operating system. It showed the lowest
number of file and registry changes of the
three products. Even when the WFBS-A
product is in use, its effect remains minimal.
Whether the system is idle or in use, the
WFBS-A memory footprint is lower than
that of its competitors.
Where the real effect of Trend Micro’s
technology comes to the fore is in
‘proactive protection’: Worry-Free
Business Security has a number of
proactive protection strategies which,
based on the testing carried out, appears to
provide it with a competitive advantage. The
first of these is in the realm of Web Threat
Protection, a technology which prevents bad
things on the web from happening up-front,
rather than having to implement a fix after a
security incident has taken place.
Engineers at West Coast Labs tested a list
of URLs against each product to see what
malicious content would be allowed to be
downloaded by each product.
Trend Micro provided the highest level
of protection, with URL blocking occurring
before any malicious content can be
downloaded onto a user’s machine. If a
s
The Comparative Test – Trend Micro Worry-Free Business Security
In a test program
commissioned by Trend
Micro, West Coast
Labs carried out a series of tests to validate the
functionality and performance of key features of
its Worry-Free Business Security Advanced
product, comparing it to the McAfee Total
Security Advanced product and Symantec's
Endpoint Protection Solution.
Worry-Free Business Security comes in
Standard and Advanced versions, the latter
adding security for email. Worry-Free
Business Security Advanced (WFBS-A) was
the version tested by WCL.
www.trendmicro.com
7

Comparative Testing continued
malicious website is registered in the Trend
Micro reputation database, a warning
box is displayed informing the user that the
website is dangerous and is then blocked.
For additional protection against webthreats,
Trend Micro has included
TrendProtect reputation scanning of
search engine results, another proactive
technology which rates the safety of
websites provided in web search engine
results before the sites are accessed.
WFBS-A was one of two products that
includes this functionality and was able to
classify more results on Google than the
other products tested.
In order to protect against financially
motivated malware, which targets
keystrokes entered into web-browsers,
Trend Micro has also included a
Transaction Protector which helps block
keylogging activities by encrypting
passwords, social security card numbers,
and credit card numbers so keyloggers
can’t get your data.* Without having access
to the samples before the independent
testing, WFBS-A was able to detect and
nullify all the keyloggers used in the tests.
In the event of a malware outbreak it’s
important to have a product which makes
threat containment and malware cleanup
simple and easy. WFBS-A has the Outbreak
Defense and Damage Cleanup features to
address threat containment needs, backed
by a policy-based technology which prevents
the spread of a malware outbreak whilst
automatically disinfecting and cleaning any
machines that might already be infected.
In addition to protecting against keyloggers,
WFBS-A adds the ability to filter IM and email
content for sensitive data, protecting against
the malicious or accidental external transfer of
confidential corporate data. As this technology
feature is customisable, not only can users
prevent their own proprietary data from
s
*Trend Micro has removed the keystroke encryption function in post-5.0 versions of Worry-Free Business Security Standard and Advanced.
8

Comparative Testing continued
leaving the company, they can also secure
commonly targeted data such as credit
card numbers or personally identifying
information such as Social Security
numbers. WFBS-A was the only product
tested that allowed the user to dictate what
content should be protected in their unique
business environment.
Securing the email attack vector poses
increasing challenges. With an everincreasing
level of unwanted emails such as
those with malware as well as phishing and
spam, it’s imperative to have good multi-layer
protection against these ever-present threats.
All the vendor products tested provide
malware detection for email-based
malicious threats, but WFBS-A was the
only product which offered host-based
spam blocking capabilities based on
IP addresses. This IP-based spam
technology was able to detect 89% of
spam with all functionality except the
POP3 plug-in disabled. When the spam
content filtering technology was fully
enabled WFBS-A’s multi-layered antispam
technologies blocked 96% of the
spam it received, using a combination
of IP-reputation technology and content
scanning technology.
To help protect the mobile user, Worry-Free
Business Security now contains Location
Awareness, which provides both in- and outof-office
security policy control for the Trend
Micro Firewall, Web Threat Protection, and
TrendSecure technologies, which are key
components of the overall WFBS-A solution.
In the tests carried out by West Coast Labs,
Worry-Free Business Security accurately
identified the transition from the known-good
network to that of the new one. The settings
were recorded as switching to the Out-of-
Office technology and users were protected as
if they were still within the corporate network.
The tests showed that Trend Micro’s
s
9

Comparative Testing continued
product has the highest level of protection
and warnings.
Of the three products examined in the test
program, Trend Micro WFBS-A was also
found to be the only product that caters
specifically to the use of wireless devices.
Trend Micro’s Wi-Fi Advisor - a second
utility provided by the Transaction Protector
technology - offered warnings when the
safety of a wireless network was uncertain-
-a critical feature in reminding users to be
extra-cautious with sensitive data when
they can’t be assured of the safety of the
Wi-Fi connection they’re on.
Trend Micro WFBS-A has three more
advanced security functions: the Firewall,
an Intrusion Detection System and
the Vulnerability Assessment Scanner.
While the competitors’ firewall and IPS
technology prevented the threat attacks
against which they were tested and
provided logs to show evidence that
intrusion attempts were taking place, only
the Trend Micro solution provided an
accurate report of the scale and nature of
the attacks and broke down the attempts
into individual entries for later analysis.
Trend Micro WFBS-A allowed scans
of client machines to be initiated from the
Administration console and the resulting
reports for these scans included links for
remediation advice and any required patch.
Both these features are invaluable to resellers,
IT, or Security staff, as it allows them to
remotely ensure machines are up-to date, and
to analyse any attacks found by the IPS to help
prevent future attacks.
With the Security Dashboard, resellers, IT, or
Security staff can keep track of activities within
their network. This shows a complete listing
of events which have occurred with client
machines.
10

West Coast Labs Conclusion
Trend Micro’s Worry-Free Business
Security is a security solution with
a host of highly effective business and
technical benefits. It provides broadbased
coverage of the security landscape
affecting today’s businesses with a range
of proactive technologies that provide
comprehensive security in a single, easyto-use
solution, protecting against attacks
on a wide variety of levels and business
situations.
Tests proved that its anti-malware
capabilities through Outbreak Defense
and Damage Cleanup protect effectively
in a variety of attack vectors - HTTP, FTP,
SMTP and IM - against a wide variety of
different types of malware.
While tests showed that the Web Threat
Protection technology had the highest
level of URL blocking, it was enhanced
by the TrendProtect facility which rates
the safety of websites provided in web
search engine results before the sites are
accessed.
Transaction Protector also proved to be
an extremely effective feature of WFBS-A
in the way that it successfully detected
and nullified keyloggers designed to steal
important financial data; while its IM and
email filtering technology provides effective
protection against the malicious or accidental
external transfer of confidential corporate
data.
The tests also showed that WFBS-A’s email
security technologies provide high levels
of protection against malware, phishing,
and spam with the effective combination of
leading-edge, multi-layered technologies.
In the field of uncertainty that surrounds
business mobility, Trend Micro’s Location
Awareness facility was proved to provide
the highest level of protection and out-ofoffice
security policy control, while the WiFi
s
11

West Coast Labs Conclusion continued
Advisor technology was the only one of
the three solutions examined to provide
confirmation of the security of wireless
networks.
With a further three advanced security
functions in the form of Firewall, IDS, and
Vulnerability Assessment technologies - all
tested and validated by West Coast Labs -
the overall technology feature set of Trend
Micro Worry-Free Business Security is
significantly enhanced.
product. It takes a unique approach in
these traditional technology areas, and
integrates a variety of additional proactive
technologies to create a complete
security solution that provides high levels
of security combined with maximum
efficiency for the small-to-medium size
business.
In conclusion, it is evident that Trend
Micro WFBS-A goes far beyond a
simple anti-malware, anti-spam, or firewall
West Coast Labs Test Report
The complete test report is available for download at:
www.westcoastlabs.com/producttestreports/
12

Critical Security Components for SMBs
With testing and research facilities
around the world, West Coast Labs
has a leading-edge insight into online
security risks and trends as well as the
relevance and performance of security
solutions in dealing effectively with them.
As threat vectors multiply and the need
for security and vigilance increases
across the whole spectrum of commercial
activities, businesses around the world
need proactive, enabling technologies
which enhance the implementation of
security strategies both within and on the
fringes of today’s networks.
To help organizations choose the right
security solutions for their organisations,
West Coast Labs can confirm from both
internal and external research that the
following types of security technology are
critical components in any security strategy
for a small business. Naturally, just as
individual businesses security needs vary
so will the solutions that are most relevant.
The following tabulations, compiled by
Trend Micro, identify a variety of critical
technical and business requirements
for any SMB security infrastructure and
highlight the specific technology features
that McAfee, Symantec and Trend
Micro have integrated into the solutions
examined in this report to satisfy such
needs.
The product ratings, shown in red in the
tabulations relate to actual tests also shown
in red, carried out by West Coast Labs
Test Engineers. These are reported in full
in the Test Report, which is available for
download at www.westcoastlabs.com/
productTestReports/. The report includes a
detailed listing of the individual technology
feature sets of each of the products, which
form a basis for the test project and this
narrative.
Further detailed information on each of the
products can be obtained from
www.mcafee.com, www.symantec.com and
www.trendmicro.com.
13

Key Technical Requirements
Trend Micro
Worry-Free Business Security
Advanced
v5.0
Symantec
Endpoint Protection
v11.0
McAfee
Total Protection Advanced
v4.5
Web Protection Technologies
Test Rating
Feature Rating
Email Protection Technologies
Test Rating
Feature Rating
File Protection Technologies
Test Rating
Feature Rating
URL Reputation ii
Browser Page Ratings Service
4 stars
5 stars
In-the-Cloud: IP Reputation xii
In-the-Cloud: Anti-spam, Antimalware
content scanning v
Exchange Server: Anti-spam,
Antivirus, Content Filtering
POP3 Anti-spam, Antivirus Plug-in
4 stars
5 stars
Real-time Anti-malware
Manual anti-malware scan
Scheduled scan
Behavior Monitoring
QuickBooks Protection
4 stars
5 stars
N/A iii
N/A
Not applicable
Not applicable
N/A
N/A
N/A ix
N/A
Not tested
3 stars
Real-time Anti-malware
Manual anti-malware scan
Scheduled scan
Behavior Monitoring
N/A
4 Stars
4 Stars
N/A
Browser Page Ratings Service
3 stars
4 stars
N/A
In-the-cloud: Anti-spam, Antivirus,
Content Filtering x
N/A viii
N/A
Not tested
4 stars
Real-time Anti-malware
Manual anti-malware scan
Scheduled scan
Behavior Monitoring
N/A
4 stars
4 Stars
14

Key Technical Requirements
Trend Micro
Worry-Free Business Security
Advanced
v5.0
Symantec
Endpoint Protection
v11.0
McAfee
Total Protection Advanced
v4.5
Perimeter Protection
Technologies
Test Rating
Feature Rating
Data Protection Technologies
Test Rating
Feature Rating
Mobile Protection Technologies
Test Rating
Feature Rating
Outbreak Protection
Technologies
Test Rating
Feature Rating
Firewall
IDS + Network virus scanning
5 stars
5 stars
Keylogger detection + Keystroke
Encryption xiii
Email/IM content filter
4 stars
5 stars
Location Awareness: Web Threat
Protection vi
Wi-Fi Protection: Wi-Fi Advisor
5 stars
5 stars
Outbreak Defense
Vulnerability Assessment
Damage Cleanup
4 stars
5 stars
Firewall
IDS/IPS
4 Stars
5 stars
Keylogger detection
Application and Device Control
4 Stars
4 Stars
Location Manager
Wi-Fi Protection: Anti-MAC spoofing
5 stars
5 stars
N/A
N/A
Remote Scanner (Damage Cleanup)
3 Stars
3 Stars
Firewall
N/A
4 stars
4 stars
Keylogger detection
Email content filter
3 stars
3 stars
N/A
N/A
Not applicable
Not applicable
N/A
N/A
N/A
Not applicable
Not applicable
15

Key Business Requirements
Trend Micro
Worry-Free Business Security
Advanced
v5.0
Symantec
Endpoint Protection
v11.0
McAfee
Total Protection Advanced
v4.5
Installation
Test Rating
Feature Rating
Memory Footprint
Test Rating
Feature Rating
Management
Test Rating
Feature Rating
TOTAL TEST RATING
TOTAL FEATURE RATING
Server Deployment: Setup Wizard
Client Deployment: Remote Install
Multiple Client Deployment Options
Not applicable
5 stars
Kernel Mode
User Mode
4 stars
Not applicable
Dashboard: Accuracy
Reporting
Notification
5 stars
5 stars
39 stars
45 stars
Server Deployment: Setup Wizard
Client Deployment: Remote Install
Multiple Client Deployment Options
Not applicable
5 stars
Kernel Mode
User Mode
3 Stars
Not applicable
Dashboard: Accuracy
Reporting
Notification
5 stars
5 stars
28 stars
34 stars
N/A
Client Deployment: Web Download
Multiple Client Deployment Options
Not applicable
4 stars
Kernel Mode
User Mode
3 stars
Not applicable
Dashboard: Accuracy
Reporting
Notification
5 stars
5 stars
22 stars
28 stars
ii Red Indicates feature was tested by West Coast Labs
iii N/A = Not Available
iv For the Email protection vector, West Coast Labs testing focused on Anti-spam
v Provided by InterScan Messaging Hosted Security Standard, which is bundled with WFBS-A
vi WFBS-A Location Awareness also applies to the Firewall and TrendSecure Toolbars
vii Disparate installation methods were not comparable (West Coast Labs)
viii GroupShield for Exchange was available as a separate download, as part of the Total Protection
Advanced license. This is not the Email Protection Service offered by the Total Protection hosted
service.
ix Symantec Mail Security for Exchange is shipped with Symantec Endpoint Protection, however a
separate license is required for Antispam protection. As such, Mail Security was not included in the
Email Protection test.
x While available, this technology was not tested as the project focussed on on-premise antispam.
xi This technology was not tested as anti-spam does not form part of the One Care Server solution.
xii ERS is activated within the on-premise WFBS-A Web console.
xiii Trend Micro has removed the keystroke encryption function in post-5.0 versions of Worry-
Free Business Security Standard and Advanced.
16

The Business and Technical Benefits of Trend Micro WFBS-A
Ease of use: straightforward Installation with various
options for user preferences.
Memory footprint: a smaller memory footprint versus the
number of technologies and features provided.
Web threat protection: using a reputation technology to
block or warn users about bad URLs.
Location awareness: provides both in-office and out-ofoffice
policy control for the Firewall, Web Threat Protection,
and the TrendSecure technologies.
Firewall and IDS/IPS: proactive technologies protecting
against attacks, system changes and network intrusion
attempts.
Transaction protector: proactive security functions to
provide both Keystroke Encryption* and a Wi-Fi advisor.
TrendProtect: uses Trend Micro’s Web Reputation
technology to provide URL page ratings and warnings for
search results.
Behaviour monitoring: protects users and applications
from malicious system changes.
Security dashboard: provides at-a-glance, up-to-date
profile of the protected network/computers.
Email protection vector: provides multi-layer protection
against a variety of security threats.
File protection vector: protects against a host of different
types of malaware in a variety of attack vectors.
Data leakage: protects against transfer of confidential
corporate data out of the office via email and Instant
Messaging.
Outbreak defense: protects a user’s network at the onset
of an outbreak, before signatures have been issued against
the threat.
Damage cleanup: provides automatic built-in cleanup of
infected networks/computers. Works in tandem with the
Outbreak Defense function to help clean up infections.
Vulnerability assessment: user can analyze when a
computer is vulnerable to threats and provides remediation
steps/advice.
www.trendmicro.com
* Trend Micro has removed the keystroke encryption function in post-5.0 versions
of Worry-Free Business Security Standard and
Advanced.
17

Footnote: While West Coast Labs is dedicated to ensuring the highest standard of security product testing in the industry, it is not always possible within
the scope of any given test to completely and exhaustively validate every variation of the security capabilities and/or functionality of any particular product
tested and/or guarantee that any particular product tested is fit for any given purpose.
Test results published within any given report should not be taken and accepted in isolation. Potential customers interested in deploying any particular
product tested by West Coast Labs are recommended to seek further confirmation that the said product will meet their individual requirements, technical
infrastructure and specific security considerations.
All test results represent a snapshot of security capability at one point in time and are not a guarantee of future product effectiveness and security capability.
West Coast Labs provide test results for any particular product tested, most relevant at the time of testing and within the specified scope of testing and
relative to the specific test hardware, software, equipment, infrastructure, configurations and tools used during the specific test process.
West Coast Labs is unable to directly endorse or certify the overall worthiness and reliability of any particular product tested for any given situation or
deployment.
18

US Sales: T +1 (949) 870 3250
Europe Sales: T +44 (0) 2920 548 400
China Sales: T +86 1 343 921 7464
Corporate Offices and Test Facilities:
US Headquarters and Test Facility
West Coast Labs, 16842 Von Karman Avenue,
Suite 125, Irvine, California, CA92606, USA
T +1 (949) 870 3250
F +1 (949) 251 1586
European Headquarters and Test Facility
West Coast Labs,
Unit 9, Oak Tree Court, Mulberry Drive,
Cardiff Gate Business Park, Cardiff
CF23 8RS, UK
T +44 (0) 2920 548400, F +44 (0) 2920 548401
Asia Headquarters and Test Facility
A2/9 Lower Ground floor, Safdarjung Enclave,
Main Africa Avenue Road,
New Delhi 110 029, India.
T +91 (0) 11 4602 0622
Test Facilities also in Hong Kong, London,
Singapore and Sydney
E info@westcoast.com
W www.westcoastlabs.com