The IT Nerd

Trend Micro Incorporated today announced the availability of its leading cloud solution, Deep Security as a Service, on the Microsoft Azure Marketplace. Launching at Microsoft’s Inspire 2019 event, this Trend Micro offering enables organizations to combine the benefits of security software-as-a-service (SaaS) with the convenience of consolidated cloud billing and usage-based, metered pricing.

Trend Micro’s Deep Security as a Service will provide Microsoft Azure customers a fully hosted security management experience with rapid delivery of innovations.

Trend Micro Deep Security delivers a multi-layered automated approach to protect hybrid cloud workloads and container environments against known and unknown threats including malware and vulnerabilities, helping to secure business data and applications all from within one solution. Deep Security consolidates security tools to help lower costs, decrease complexity, and simplify security and compliance.

To learn more about Trend Micro Deep Security as a Service, please visit:https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html.

Trend Micro Incorporated today announced results from a recent survey that shows despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must improve greatly to achieve success.

Led by independent research specialist Vanson Bourne, the company surveyed the attitudes toward DevOps held by 1,310 IT decision makers from within both enterprise and SMB organizations across the globe. Those surveyed are at various stages of the DevOps implementation as they integrate their teams, application development, information technology operations and security, to shorten and secure the development lifecycle.

While three-quarters (74%) claimed such initiatives had become more important over the past year, an even higher percentage argued that communication within the IT department needed to improve.

Some 89% said software development and IT security teams needed to be in closer contact, while 77% said the same for developers, security and operations. A third (34%) claimed that these siloes are making it harder to create a DevOps culture in the organisation.

Respondents indicated the best ways to drive this cultural change include: fostering greater integration between teams (61%); setting common goals (58%); and sharing learning experiences across teams (50%). Yet over 78% of IT decision makers said improvement is needed in these areas.

Only a third (33%) of respondents said DevOps is a shared responsibility between software development and IT operations, which is another indication of the current communication breakdown between teams. It appears that each department feels responsibility or ownership to lead these projects.

Part of the challenge is believed to be — despite enthusiasm for DevOps, which has seen 81% of organisations already implement or currently work on projects — nearly half of respondents (46%) have only partially developed their DevOps strategy. IT leaders polled confirmed that enhancing IT security is more of a priority (46%) in DevOps than any other factor.

To learn more about Trend Micro’s approach and solutions for securing DevOps, please click here.

Trend Micro announced that they uncovered a cyberespionage campaign targeting Middle Eastern countries. Now referred to as “Bouncing Golf” based on the malware’s code in the package named “golf”, the malware involved is notable for its wide range of cyberespionage capabilities.

Monitoring the command and control (C&C) servers used by Bouncing Golf, Trend Micro has so far observed more than 660 Android devices infected with GolfSpy. Much of the information being stolen appear to be military related.

What started out as a threat to Middle Eastern countries is likely to increase and diversify. To deep dive into what this means for the mobile threat landscape worldwide, learn best practices to protect users and understand how organizations should ensure that they balance mobility and security, please read the full report here.

Trend Micro Incorporated today announced the availability of the industry’s most complete security from a single solution protecting across cloud and container workloads. This leadership has been achieved through newly launched container security capabilities added to Trend Micro Deep Security to elevate protection across the entire DevOps lifecycle and runtime stack.

From virtual servers and data centers to public and private cloud workloads, containers are increasingly used and demand protection. Leading enterprises are bringing together their application development teams, IT operations and their security team to help the business deliver automated, secured applications to market quicker. Trend Micro connects teams with technology tools that bake security into the process while meeting compliance needs and reducing risk.

The new features available now in Trend Micro’s container security solution include:

Securing across the complete DevOps lifecycle 

 Within the software build-pipeline, Trend Micro has extended its container image scanning to include pre-registry scanning, providing earlier detection of vulnerabilities and malware over and above scanning the trusted registry for any future threats. Deep Security will now also scan for embedded secrets such as passwords and private keys and provide compliance and configuration validation checks, along with image assertion for digitally signed images.

Securing across the entire stack

At runtime of the container, Trend Micro has boosted container platform protection across Docker and Kubernetes. Deep Security has long ensured protection for the host and containers at runtime. This includes intrusion prevention system (IPS) rules, integrity monitoring to detect compromised instances of the platform, as well as log inspection.

To ensure complete protection, Trend Micro inspects all lateral and horizontal traffic movement (east, west, north, south) between containers and platform layers like Kubernetes and Docker.

Securing while granting full control

To increase automation and decrease manual tasks, security and operations teams using Trend Micro can now use any command shell to execute the application program interfaces (APIs). This additional option ensures full control of deploying policies, automation of monitoring, reporting and more. This completely new set of representational state transfer APIs have been written to automate security for application development and operations teams across the container orchestration tools and runtime environments.

To learn more on the Trend Micro container security solution, visit https://www.trendmicro.com/containers.

Trend Micro Incorporated has announced enhancements to its Deep Security and Cloud App Security products designed to extend protection to virtual machines on the Google Cloud Platform, Kubernetes platform protection, container image scanning integration with the  Google Kubernetes Engine (GKE) and Gmail on the G Suite.

To address this need, Trend Micro has created a Google Cloud Platform (GCP) Connector that enables automated discovery, visibility and protection of GCP virtual machine instances. This eases the management by giving an instant view of all GCP workloads while also showing any virtual machines that might have been deployed outside of security purview or under shadow IT projects. This feature of Trend Micro Deep Security has the ability to automatically deploy policy via automated workflows, combat advanced malware, enhance network and system security and capture workload telemetry for threat investigations.

Container users can benefit from Kubernetes platform protection at runtime with Deep Security intrusion prevention systems (IPS) rules, integrity monitoring and log inspection. Our IPS approach allows you to inspect both east-west and north-south traffic between containers and platform layers like Kubernetes. Additionally, Trend Micro’s Deep Security provides container image scanning in the build pipeline for vulnerabilities, malware, embedded secrets / keys and compliance checks. Deployed as a Kubernetes Helm Chart, this container image scanning simplifies security deployment on popular services like Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS) and Amazon Elastic Container Service for Kubernetes (Amazon EKS).

Research continues to show that email remains one of the most popular threat vectors which drove Trend Micro to expand its popular Cloud App Security platform to support Gmail users within G Suite. Organizations are increasingly looking to cloud email services to boost productivity and agility. Trend Micro has the most comprehensive email security coverage, with both Office 365 and now Gmail, to ensure malicious threats have no place to hide.

Collectively these innovations demonstrate Trend Micro’s commitment to the Google community. The company will be previewing these innovations in booth #1615 at this week’s Google Cloud Next in San Francisco, California.

In order to provide adequate food for the ever-increasing population without laying pressure on farmable land, high-tech tools and systems are being used by food production industries. Food production involves a gamut of functions – production of food items, storage, processing, waste management, and other tasks. IoT is used in most of these activities through connected devices for activities such as managing large tracts of land, track and feed large herds of animals, maintain specific storage environments, etc.

As we all know, new technology brings with itself new challenges and risks. Cybersecurity is one of the biggest threats of this decade and while IoT in food production is beneficial, there are critical security concerns. IoT is fairly new to the industry, so many are not prepared for or even aware of the industry-specific risks.

To help combat this threat and offer unique insights and solutions, Trend Micro has issued a study identifying the cybersecurity threats among the food production industry.Major threats discovered include:

• Exposed internet-connected systems
• Exposed records for food safety compliance
• Unsecured RTK base stations
• Online farm management platforms
• Other exposed supply chain operations

The study can be found here and is very much worth reading as security in general and specifically related to IoT should be top of mind

Trend Micro Incorporated today revealed that IT executives responsible for cybersecurity feel a lack of support from company leaders, and 33 percent feel completely isolated in their role.

IT teams are under significant pressure, with some of the challenges cited including prioritizing emerging threats (47 percent) and keeping track of a fractured security environment (43 percent). The survey showed that they are feeling the weight of this responsibility, with many (34 percent) stating that the burden they are under has led their job satisfaction to decrease over the past 12 months.

While 72 percent stated that cybersecurity is represented at the board level, many are still not benefitting from having a seat at the table, and the issue appears to be ineffective communication. Trend Micro’s survey showed that 44 percent struggle to translate complex threats to their organization’s leadership, and 57 percent say internal communication is the biggest cybersecurity challenge for their business.

Respondents revealed that it often takes a prominent cyberattack to get their voice heard, with 64 percent saying communication becomes easier in the wake of a high-profile cyberattack like WannaCry. This raises the question of how IT teams can break down these communication barriers before an incident occurs.

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud workloads, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and investigation, enabling better, faster protection. With more htan 6,000 employees in 50 countries and the world’s most advanced global threat research and intelligence, Trend Micro enables organizations to secure their connected world. For more information, visit www.trendmicro.com.

Trend Micro Incorporated a global leader in cybersecurity solutions, today released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. The report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights the growing threats faced by consumers and organizations that are exacerbated by the increasingly connected world.

The role of social engineering in successful attacks against businesses and individuals will continue to increase throughout the year. Since 2015, the number of phishing URLs blocked by Trend Micro has increased by nearly 3,800 percent. This offsets the lessening reliance on exploit kits, which has decreased by 98 percent in the same time. Additionally, attackers will continue to rely on known vulnerabilities that remain unpatched in corporate networks for 99.99 percent of exploits, as this remains a successful tactic.

Trend Micro also predicts attackers will leverage these proven methods against growing cloud adoption. More vulnerabilities will be found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining. This will lead to more damaging breaches due to misconfigured systems.

Attackers will also implement emerging technologies like AI to better anticipate the movements of executives. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.

SIM swapping and SIM-jacking will be a growing threat to take advantage of remote employees and everyday users. This attack method allows criminals to hijack a cell phone without the user’s knowledge, making it difficult for consumers to regain control of their devices. Additionally, the smart home will be an increasingly attractive target for attacks that leverage home routers and connected devices.

To find out more on these and many more 2019 predictions, read the full reporthere.

Trend Micro Incorporated has revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC). Despite a high incidence of these types of attacks, 50 percent of management teams still don’t know what these attacks are or how their business would be impacted if they were victimized.

In a BPC attack, criminals look for loopholes in business processes, vulnerable systems and susceptible practices. Once a weakness has been identified, a part of the process is altered to benefit the attacker, without the enterprise or its client detecting the change. If victimized by this type of attack, 85 percent of businesses would be limited from offering at least one of their business lines.

Global security teams are not ignoring this risk, with 72 percent of respondents stating that BPC is a priority when developing and implementing their organization’s cybersecurity strategy. However, the lack of management awareness around this problem creates a cybersecurity knowledge gap that could leave organizations vulnerable to attack as businesses strive to transform and automate core processes to increase efficiency and competitivenessⁱ.

The most common way for cybercriminals to infiltrate corporate networks is through a Business Email Compromise (BEC). This is a type of scam that targets email accounts of high-level employees related to finance or involved with wire transfer payments, either spoofing or compromising them through keyloggers or phishing attacks.

In Trend Micro’s survey, 61 percent of organizations said they could not afford to lose money from a BEC attack. However, according to the FBI, global losses due to BEC attacks continue to rise, reaching $12 billion earlier this year.

For more information on BPC and BEC attacks, read this Trend Micro Research report.

It’s no surprise that Canadians are preparing for the biggest holiday shopping event of the year. With Black Friday and Cyber Monday quickly approaching and online shopping at an all time high, it also means that cybercriminals are expected to be out in full force.

Canadians are no strangers to a great online deal, and so Trend Micro is shedding light on what online shoppers can do to protect their personal information. Below are the top 7 tips for avoiding cyber threats this shopping season.

Tips for Safe Online Shopping:

1. Check any email coming from banks that request verification.
2. Enable multi-factor authentication (2FA) for your online accounts and enable your credit card’s one-time password (OTP) feature.
3. Keep your e-receipts and compare them with your credit card statements.
4. Avoid connecting mobile devices to unsecure public networks.
5. Choose retailer sites with buyer protection.
6. When using voice-enabled assistants, monitor your publicly posted Personally identifiable Information (PII), these can be used as credentials to access IoT devices.
7. Look for the verifier symbols of brands and shops, especially when visiting “so-called” business pages on social media, before interacting, shopping, or providing information.

There is also a blog post available called When Cybercriminals Hitch On Your Holiday Spending: Online Shopping Trends and Threats that you should have a look at.