Enterprises confront 'Ugly Truth of Hidden Malware' in their networks

Not as Secure as They Think:

Enterprises that thought they were secure discovered otherwise: The security threat assessment uncovered active malware and threats that had slipped through existing security infrastructures, and were residing undetected on corporate networks and endpoints on 100% of all participating companies from North America, Latin America, Europe and Asia Pacific. On average, these companies have over 11,000 employees and include those from the finance, heath care, government, education and manufacturing industries.

Chris Moore, General Manager, Trend Micro Middle East, Africa and Med, said:

"The results garnered from our security threat assessment prove that as threats become more numerous and sophisticated, conventional security technologies such as endpoint antivirus, Web security gateways, email security gateways and IPS solutions are struggling to keep up. The types of malware we found were more than just a nuisance, they were malicious and designed to steal data."

Trend Micro security threat assessment provides an opportunity for participating enterprises to measure the effectiveness of their current security infrastructure. In just two-weeks, Trend Micro can reveal the answer in a customized executive report that indentifies any security gaps and pinpoints exactly where the malware resides.

Between October 2008 and June 2009, Trend Micro performed over 100 assessments on enterprises worldwide and discovered that:
• 100% of them were infected with active malware.
• 50% had at least one data-stealing malware hidden in their networks.
• 45% had multiple data-stealing malware infections.
• 72% had at least 1 IRC bot.
• 50% had 4 or more IRC bots.
• 83% had at least 1 malware Web download.
• 60% had more than 20 malware Web downloads.
• 35% had at least 1 network worm.

What's Causing These Security Gaps?

While traditional security solutions are critical for a first line of defense, organizations still to face a number of security gaps that are continuously exploited by modern-day malware. Today's stealthy malware infiltrate corporate networks for a variety of reasons:
• Mobile users who go on and off the network with infected devices that compromise corporate networks.
• Inadequate remote office security, lack of onsite IT personnel, and lax policy enforcement impact security.
• Increased usage of easily exploited technologies such as P2P, file sharing, streaming media, and instant messaging.
• Unmanaged and unpatched endpoints such as legacy systems, contractors and guest laptops, USB devices, and other portable and mass storage devices.



Trend Micro security threat assessment utilizes a non-invasive, listen-only appliance that doesn't interfere with network operations.

Trend Micro engineers quickly install the assessment appliance at the network layer on the core switch where it monitors network traffic to detect resident malware activities, such as botnets. The appliance also monitors inbound email and Web traffic to detect potentially infected messages and suspicious Web sites.

Traffic received by the appliance is analyzed using a combination of Trend Micro's scanning engines and technologies and integrates with the Trend Micro Smart Protection Network, a next-generation, cloud-client security architecture that provides a unique approach to blocking viruses, spyware, spam, and Web threats before they reach business networks

At the end of the risk-free, 2-week assessment, Trend Micro will issue an enterprise-specific report that:
• Examines potential vectors of infection.
• Identifies malware, information stealers, affected assets, infection sources,
and disruptive applications.
• Pinpoints specific problem areas by IP address
• Increases visibility into the company's security network for better understanding of how the threats occurred, where they entered the network, and how to fill security gaps.

Part of Trend Micro Enterprise Security:

Trend Micro security threat assessment is part of Trend Micro Enterprise Security - a tightly integrated offering of content security products, services and solutions which is powered by the Trend Micro Smart Protection Network. Trend Micro Enterprise Security delivers immediate protection from emerging threats while greatly reducing the cost and complexity of security management.