Outthink the Threat. How data-stealing malware is thwarting enterprise security

A Trend Micro eBook
How data-stealing malware is thwarting enterprise security -Tand what the Trend Micro Smart Protection Network is doing about it.A Trend Micro eBook / 2008
Table of Contents
1 Introduction: Rethink your security4
2 The most dangerous threat not on your radar: data-stealing malware4
3 Think traditional gateway and file-scanning technologies can protect your data? Think again.4
4 Think IDS, IPS, encryption, and DLP can keep you protected? Think again.4
5 Rethinking your protection: Trend Micro Smart Protection Network4
Fighting combined threats with a correlated approach4Making real-time response a reality4Web reputation technology4Email reputation technology4File reputation technology4Correlation technology and behavior analysis4
6 Think proactive protection4
7 Think about assessing your enterprise security - today4
OUTTHINK THE THREAT | A Trend Micro eBook Contents 2In the last few years, the Internet security environment has changed dramatically. Gone are the days when endpoint solutions and pattern file deployments were good enough to protect businesses. Today, Introduction: data-stealing malware circumvents industry-standard enterprise security solutions by exploiting their 1Rethink your security weaknesses with sophisticated methods of attack that evolve rapidly and make use of multiple modalities.
The cyber criminals behind data-stealing malware are smart and getting smarter, and they are after one thing: confidential, sensitive data they can turn into profit. They get it by:Hiding malicious programs within intriguing emailsRedirecting users from legitimate, well-known Web sites to spoof Web sitesSneaking data-stealing malware into corporate networks where they can remain undetected for months while transmitting sensitive data beyond corporate boundariesExploiting open entry points, like port 80, that are critical to a company's productivity
The results are not just lost data, but downtime, reduced productivity, costly clean up, and - perhaps most important - immediate and sometimes lasting damage to a company's reputation. Customer loyalty can plummet. And exposure to litigation threatens ongoing damage. While data-stealing malware becomes even more sophisticated, security professionals scramble to keep up, because industry-standard, endpoint antivirus solutions are falling short.
Clearly, it's time for a new kind of protection, for security that gets to threats before they get to you. Simply put, it's time to rethink your enterprise security.
In this eBook, Trend Micro gives an overview of data-stealing malware, discusses its ability to evade traditional security solutions, and presents a new approach to securing your business and your reputation.
OUTTHINK THE THREAT | A Trend Micro eBook Contents 3Data-stealing malware, a new kind of Web threat, is built to do one thing: steal proprietary information The most dangerous from compromised networks and machines. The cyber criminals who create this malware are often threat not on your radar: part of organized criminal networks, focused on making a profit. Often, their target is login credentials, 2Data-stealing malware online banking information, or credit card and associated personal information, which can be quickly converted to money. Confidential corporate information and intellectual property, however, is at even greater risk because the scale and value of such information is worth billions of dollars in the underground economy.
Highly sophisticated, data-stealing malware uses HTTP or HTTPS and other protocols as components of an attack. These threats are built to avoid detection and can be hidden within legitimate Web pages, designed to mimic actual Web sites, or masked with social engineering techniques (for example, an email can appear to be from a company's HR department and trick employees into clicking on a link or opening malicious files). Data-stealing malware often includes keyloggers, screen scrapers, spyware, adware, backdoors, rootkits, and bots to gain access to and steal corporate data, which is sent out of the network and used for fraud and identity theft.
Data-stealing malware is often made up of a number of threats, merging several seemingly innocuous programs to increase the likelihood of infiltrating a corporate network undetec... [download for more]