Business
Improve your risk posture with attack surface management
Security that enables business outcomes
Gain visibility and meet business needs with security
Connect with confidence from anywhere, on any device
Secure users and key operations throughout your environment
Move faster than your adversaries with powerful purpose-built XDR, attack surface risk management, and zero trust capabilities
Maximize effectiveness with proactive risk reduction and managed services
Understand your attack surface, assess your risk in real time, and adjust policies across network, workloads, and devices from a single console
Drive business value with measurable cybersecurity outcomes
See more, act faster
Evolve your security to mitigate threats quickly and effectively
Ensure code runs only as intended
Gain visibility and control with security designed for cloud environments
Protect patient data, devices, and networks while meeting regulations
Protecting your factory environments – from traditional devices to state-of-the-art infrastructures
ICS/OT Security for the oil and gas utility industry
ICS/OT Security for the electric utility
Discover how to innovate securely in the cloud
Cybersecurity to protect citizen data
Stop threats with easy-to-use solutions designed for your growing business
Bridge threat protection and cyber risk management
Your generative AI cybersecurity assistant
Stop breaches before they happen
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Defend the endpoint through every stage of an attack
Optimized prevention, detection, and response for endpoints, servers, and cloud workloads
On-premises and cloud protection against malware, malicious applications, and other mobile threats
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
The most trusted cloud security platform for developers, security teams, and businesses
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Protect application workflow and cloud storage against advanced threats
Proactively discover, assess, and reduce cyber risk
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Expand the power of XDR with network detection and response
Protect against known, unknown, and undisclosed vulnerabilities in your network
Detect and respond to targeted attacks moving inbound, outbound, and laterally
Redefine trust and secure digital transformation with continuous risk assessments
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Stop phishing, malware, ransomware, fraud, and targeted attacks from infiltrating your enterprise
Stop phishing, ransomware, and targeted attacks on any email service including Microsoft 365 and Google Workspace
See threats coming from miles away
Learn about solutions for ICS / OT security.
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
End-to-end identity security from identity posture management to detection and response
Prevent, detect, respond and protect without compromising data sovereignty
Augment security teams with 24/7/365 managed detection, response, and support
Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks
Our trusted experts are on call whether you're experiencing a breach or looking to proactively improve your IR plans
Stop breaches with the best response and detection technology on the market and reduce clients’ downtime and claim costs
Grow your business and protect your customers with the best-in-class complete, multilayered security
Stand out to customers with competency endorsements that showcase your expertise
Deliver modern security operations services with our industry-leading XDR
Partner with a leading expert in cybersecurity, leverage proven solutions designed for MSPs
We work with the best to help you optimize performance and value
Discover resources designed to accelerate your business’s growth and enhance your capabilities as a Trend Micro partner
Accelerate your learning with Trend Campus, an easy-to-use education platform that offers personalized technical guidance
Access collaborative services designed to help you showcase the value of Trend Vision One™ and grow your business
Locate a partner from whom you can purchase Trend Micro solutions
See how Trend outperforms the competition
Crowdstrike provides effective cybersecurity through its cloud-native platform, but its pricing may stretch budgets, especially for organizations seeking cost-effective scalability through a true single platform
Microsoft offers a foundational layer of protection, yet it often requires supplemental solutions to fully address customers' security problems
Palo Alto Networks delivers advanced cybersecurity solutions, but navigating its comprehensive suite can be complex and unlocking all capabilities requires significant investment
Patch management is a fundamental component for handling vulnerabilities
Trend Detects NVIDIA AI Toolkit Vulnerability
Learn more >
The Illusion of Choice: Uncovering Electoral Deceptions in the Age of AI
Read report >
Shaping the Future of Attack Surface Management
See how >
2024 Cyber Risk Report
Get the latest insights >
Content has been added to your Folio
Cyber Threats
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilities disclosed every year (18K+ in 2020 according to NIST), the reality is that only so many are weaponized into exploits and used in attacks. As such, businesses have had to rethink their patch management process due to this proliferation of known vulnerabilities as well as the shrinking time window from patch to exploit and to decide what to patch now and what can wait.
For over 30 years, Trend Micro has defended enterprises against malicious cyber activities and has blocked both zero-day exploits and n-day vulnerabilities as early as possible. Supported by the Zero Day Initiative (ZDI), the world’s largest vendor agnostic bug bounty program, and our n-day vulnerability research team, Trend Micro has one of, if not the largest, vulnerability research organization in the world and uses this to protect our customers from exploits. In 2020, our TippingPoint IPS solution was able to protect customers on average 81 days prior to a patch being disclosed for bugs submitted to the ZDI. Host-based and network-based IPS technology is used to deploy a virtual patch that can protect a system from an exploit. Even when a new vulnerability is disclosed that ZDI does not help disclose, our vulnerability research team analyzes many of the critical bugs and works to ensure a new IPS filter is made available as quickly as possible for our customers. As part of our constant collection and analysis of newly disclosed vulnerabilities, let’s dive into a recent case study to give you an example of how this works.
Case Study of How Trend Micro Protects Customers from Vulnerability Exploits
In October 2020, the National Security Agency (NSA) named 25 vulnerabilities that had been exploited by Chinese state-sponsored cyber actors to acquire sensitive intellectual property, economic, political, and military information. 13 of the 25 vulnerabilities were newly published in 2020, and the oldest vulnerability could be traced back to 2015. The threats these bugs posed were real, with 15 rated Critical according to their CVSS v3.1 score.
Source: Trend Micro
Speed matters in the battle against cyber-attacks. No matter it’s a zero-day vulnerability, or known vulnerabilities still on the long “To be patched” list, Trend Micro provides clients with quick and pain-free solutions.
Trend Micro Research tracked these vulnerabilities and helped enterprises defend against potential exploits. Our products offer virtual patching and vulnerability shielding to protect against known vulnerabilities. Specific vulnerability protections include:
In this case study, 25 cloud-based rules and 28 TippingPoint filters cover the vulnerabilities on NSA’s list and only one CVE (CVE-2020-3118) does not have coverage. Let’s look at how vulnerabilities are covered under each scenario:
1. Virtual patching before official protection released
Zero-day vulnerabilities pose enormous cybersecurity threats. They are usually exploited long before an official patch released from vendors, making targeted companies hard to defend themselves against attacks. To protect companies against malicious activities, Trend Micro runs the world’s largest bug bounty program, Zero Day Initiative (ZDI), to capture exploits before it’s being used in the dark web, and then develop a digital vaccine to protect client companies.
CVE-2020-2555 is a perfect example of how Trend Micro covers zero-day vulnerabilities. It’s a vulnerability that exists in the Oracle Coherence product of Oracle Fusion Middleware. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle Coherence. As a critical vulnerability rated at 9.8 in CVSS3.1 base score, it was captured by Jang from VNPT ISC, who worked with Trend Micro ZDI program. TippingPoints soon developed a virtual patch to CVE-2020-2555, 57 days prior to the official patch from Oracle.
The virtual patch came in at the right time. The first attack recorded was merely 45 days after the patch published. As time went by, more cyber actors weaponized this vulnerability and the overall attacks reached a peak in August 2020. At the end of 2020, the total attacks of CVE-2020-2555 amounted to 4.23k.
Source: https://www.oracle.com/security-alerts/cpujan2020.html
2. In-time coverage with pain-free solutions
For the vulnerabilities that are not captured through the ZDI program, Trend Micro syncs up with the vendor and offers in-time coverage.
CVE-2020-1350 is a critical vulnerability rated at 10, which has been targeted by cyber actors since August 2020. It is a Remote Code Execution (RCE) vulnerability that exists in Windows DNS servers when they fail to properly handle requests. Microsoft published this vulnerability on July 14, 2020 and offered an official patch. On the same day, Trend Micro leveraged its solid research power and released virtual patches through TippingPoint and Deep Security. Through virtual patching, Trend Micro offered clients pain-free solutions to defend their systems, avoiding the hassle of manual patching.
The protection was invaluable. By the end of 2020, our virtual patches for this CVE have blocked 2.9 million attacks from cybercriminals.
Source: https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
https://media.defense.gov/2020/Jul/16/2002458198/-1/-1/0/CSA_CVE20201350-V_1_0%20-%20COPY.PDF
3. Complete shield in less than 30 days of vulnerability debut
In some cases, it might take longer to form a complete shield for certain vulnerabilities. For those more complicated vulnerabilities, Trend Micro manages to launch virtual patching in less than 30 days from when they were introduced publicly.
CVE-2020-0688, for example, demonstrates how Trend Micro protects clients against potential exploits. This is a Microsoft Exchange validation key remote code execution vulnerability, which exists when the software fails to properly handle objects in memory. It was captured by an anonymous researcher who worked with Trend Micro ZDI program. ZDI later reported the vulnerability to the vendor, Microsoft, who published an official patch on Feb 11, 2020. Trend Micro soon published its virtual patches through TippingPoint and Deep Security in 13 days and 28 days respectively. Soon, Trend Micro blocked the first attack recorded on March 14 and protected clients from around 1,760 attacks in 2020.
Source: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688
How to Protect Your Organization from Vulnerability Exploitation
Traditional security measures should always be applied to watch for compromised accounts and networks, malicious traffic, and other Indicators of Compromise (IoCs). A good resource for identifying In-The-Wild exploits of vulnerabilities is Google Project Zero’s site: https://github.com/googleprojectzero/0days-in-the-wild Identifying what vulnerabilities need to be patched or virtually patched is a good start. Prioritization is critical:
Preventative measures are also a good option: Intrusion prevention systems and antimalware software for the network and the host devices (all endpoints) to monitor for ransomware, viruses, and other threats are critical. Logs need to be collected, centralized, and analyzed by a SIEM (Security Information & Event Manager), which can be done automatically through the Trend Micro Vision One platform. Vision One simplifies the process of prioritizing and analyzing security event logs, allowing IT and SOC teams to spend their time on the most critical threats.
Here’s how virtual patching augments an organization’s existing security technologies as well as vulnerability and patch management policies:
Trend Micro provides comprehensive security solutions for businesses of all size and industries, no matter where they are in their digital transformation journey and include a virtual patch feature.
Cloud One Workload Security enhances runtime protection for cloud-based workloads. To shield users’ information from being stolen, Apex One offers automatic, insightful, all-in-one endpoint security. TippingPoint Threat Protection System with NGIPS defends the network against known, unknown, and undisclosed vulnerabilities. For small and medium businesses, Worry-Free Services Suites offers simple and complete protection for your endpoints and beyond. Each of these solutions offer a virtual patching feature that can shield an organization from exploits of vulnerabilities without the need of the vendor patch. And our TippingPoint customers had the added benefit of being shielded on average 81 days ahead of the vendor patch for vulnerabilities submitted to our Zero Day Initiative in 2020. With 15 research centers across the globe, Trend Micro Research provides customers with the latest insights on the cybersecurity landscape.
To learn more about how Trend Micro can protect your business from vulnerabilities, please visit: https://www.trendmicro.com/en_us/business/products/network/intrusion-prevention/threat-intelligence.html.
Jon Clay
Director, Global Threat Communications
Experience our unified platform for free
Country Headquarters
Trend Micro – Denmark (DK)
Lautrupvang 12,
DK-2750,
Ballerup,
Copenhagen, Denmark
Phone: TBD
Select a country / region
Privacy | Legal | Site map
Copyright ©2024 Trend Micro Incorporated. All rights reserved
Copyright ©2024 Trend Micro Incorporated. All rights reserved