Home >
Enterprise >
Participants >
Trend Micro > Carbanak+FIN7 Configuration
|
Trend Micro Configuration
Product Versions
Management
- Trend Micro Vision One™
- Trend Micro Apex One™ as a Service
- Trend Micro Cloud One™ - Workload Security (C1WS)
- Deep Discovery Inspector™ 5.7.1178 hotfix 1199
Endpoints
- Windows Endpoint: Apex One™ as a Service Security Agent version 14.0.9211
- Windows Server: C1WS Agent version 20.0.0-1540
- Linux Server: C1WS Agent version 20.0.0-1540
Product Description
Trend Micro Vision One™
The XDR capabilities of the Trend Micro Vision One platform provides context-aware investigation, recording, and reporting of system-level activities. It collects detailed activity data from kernel mode, user mode and/or native system events across multiple security layers, including endpoint, servers, cloud workloads, email and networks. Users can perform IOC sweeping, IOA behavior hunting, custom-criteria search, and execute a detailed execution profile enriched with threat intelligence from the Trend Micro Smart Protection Network. It offers correlated detection and investigation simplifying the steps to achieving an attack-centric view of an entire chain of events across security layers with the ability to take immediate response actions directly from the platform.
Trend Micro Apex One™ as a Service
Trend Micro Apex One as a Service provides complete endpoint security with a blend of advanced threat protection techniques. Delivered through a single-agent architecture, Trend Micro Apex One as a Service provides comprehensive prevention and detection capabilities, along with application control, DLP, device control, vulnerability protection, and EDR investigation capabilities as part of the single agent solution.
Trend Micro Cloud One™ - Workload Security
Trend Micro Cloud One - Workload Security is purpose-built for physical, virtual, cloud, and container environments, enabling consistent security, regardless of the workload.
- Protects physical and virtual servers against zero-day malware, including ransomware, cryptocurrency mining attacks, and network-based attacks, while minimizing operational impact from resource inefficiencies and emergency patching.
- Secures dynamic workloads in the cloud, with automated discovery of workloads across cloud providers, including AWS™, Microsoft® Azure™, Google Cloud™. Deployment scripts and RESTful APIs enable security to be integrated with existing toolsets for automated security deployment, policy management, compliance reporting, and more.
- Delivers advanced runtime protection for containers, defending against attacks on the host, container platform (Docker®), orchestrator (Kubernetes®), containers themselves, and even the containerized applications. With a rich set of APIs, Cloud One - Workload Security allows IT Security to protect containers with automated processes for critical security controls.
Deep Discovery Inspector™
Deep Discovery Inspector is an advanced threat protection solution that provides visibility for connections from endpoints and intelligence to detect and respond to targeted attacks and advanced threats.
Product Configuration
Trend Micro Apex One™ as a Service
Summary of Apex One as a Service configuration
- Enable Endpoint Sensor, Vulnerability Protection and Application Control
- Enable Behavior Monitoring: Anti-Exploit
- Disable all prevention controls (Detection mode only)
Trend Micro Cloud One™ - Workload Security
Summary of C1WS configuration
- Import the defined policies for MITRE Evaluation and apply to the appropriate servers (Windows/Linux).
- Enable PowerShell Script and Module Logging through Group Policy on the Domain Controller.
- Enable LDAP logging on the Domain Controller through the registry. * Enable auditd on the Linux server based on this KB Article
Deep Discovery Inspector™
Summary of Deep Discovery Inspector configuration
- Employ rpcapd (a module in WinPcap) on endpoints to forward network flow to Deep Discovery Inspector
- Configure detection settings to give better visibility into potential threats
http://docs.trendmicro.com/en-us/enterprise/deep-discovery-inspector.aspx
Product Configuration Changes
For product configuration details please contact Trend Micro Support
Trend Micro Apex One™ as a Service
Pattern Update
- Endpoint Sensor Activity Filtering Pattern
- Gray Detection Pattern
- Malware Detection Pattern
Deep Discovery Inspector™
Pattern Update
- NCIP (Network Content Inspection Pattern)
- NCCP (Network Content Correlation Pattern)