Vulnerabilities / Threats
9/27/2009
11:05 AM
Alexander Wolfe
Alexander Wolfe
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud

Eva Chen, CEO and co-founder of Trend Micro, talks about what cloud-computing users should do to secure their data and how her company is itself using the cloud to protect against the explosion of malware.

Welcome to the first in my periodic series of columns focusing on major security vendors. For the launch edition, I sat down with Eva Chen, CEO and co-founder of Trend Micro, to talk about changes roiling the industry. The discussion took place against the backdrop of an arena that's being buffeted by the rising tide of malware. (Click on the play icon right here to access the podcast, or scroll to the bottom to see the full player.)

Chen and I chatted after the panel I hosted at the InformationWeek 500 Conference, "Strategic Security: Maximizing The Business Value Of Your Security Investment." During that session, along with noting user concerns about cloud security, she emphasized how cloud computing is changing the way enterprises approach protecting their resources.

We returned to the cloud theme in the podcast, with Chen mentioning that the top concern repeatedly raised by cloud customers is security. She also pointed out that utilizing cloud resources creates a situation where a user's data, system and network could all be in different places. This, in turn, shifts the security focus squarely to locking down that data. Her advice: "The customer should insist that only they themselves have full access to their data," adding that not even the cloud provider should have such access.

Chan said that users need to go to their cloud provider and make sure their security policies match up. "They should [also] come up with a policy for how they want to secure their own data. For example, a new technology like identity based encryption can be used," she explained. "Customers can encrypt their own data with their identity, and therefore only they themselves can access that data."

Cloud has also been a key enabler for an advance Trend has brought to its own security products. Namely, Trend has moved its library of malware signatures to the cloud. This was done with an eye towards ending the frequent -- and frequently large -- downloads of signature updates common to client-side security programs. Maintaining malware signatures in the cloud allows them to be easily updated and rapidly accessed by end-user security programs.

"Every two seconds, there's a new piece of malware," Chen said. "It's impossible to store all the malware signatures on a tiny netbook. Therefore Trend Micro came up with the smart protection network -- we put all these signatures up in the cloud."

Trend maintains what it calls Threat Reputation Databases, comprised of Web, e-mail, and file threats. These are lengthy lists of phishing pages, spam sources, and dangerous executables. The word "reputation" comes into play because Trend uses a technique called reputation scoring to assess the relative threat, or "reputation" of a suspicious file or Web page. "Therefore customers can have a very lightweight agent on their machine and all these reputation databases in the cloud will provide the most up to date database list of threats," Chen said.

Enterprise Security

The advent of Windows 7 is also changing the landscape somewhat, because of its potent, policy-based security tools. For example, Microsoft's new operating system has features which enforce what apps can be run on individual users' systems and what data they can access.

However, Chen notes that attempts to lock down data, while laudable, won't necessarily be impenetrable when you're talking about enterprises with increasingly large mobile work forces.

As well, increased mobility kills the idea of a tight security perimeter. The upshot, says Chen, is you need to rethink your endpoint: "There's no way you can different between you network and my network. Every endpoint needs to be secure." (This includes USB drives walking data out of the company.)

At the end of the podcast, I asked Chen for a couple of advice takeaways. "Rethink your end-point security, because of all those mobile devices out there, which need to be secure," she said. "Second, secure your Web site. It's outward-facing -- that's where your company's reputation and brand are at risk."

For Further Reading

Trend Micro's TrendLabs Malware Blog;

My NetworkComputing blog: Cybersecurity Challenge: Is Your Network Safe? (Probably Not);

Another NetworkComputing post: Crypto Key Management Is Next Wave In Net Security;

What's your take? Let me know, by leaving a comment below or e-mailing me directly at alex@alexwolfe.net.

Follow me on Twitter: (@awolfe58)

Alexander Wolfe is editor-in-chief of InformationWeek.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.