In a Nutshell: Machine learning serves as a heavy lifter in security software protecting businesses’ data from cyber criminals’ exfiltration efforts. Since the first deluge of spam created the demand for email security, Trend Micro has been researching and implementing strategies for combining computer intelligence with the wisdom of human experience. Its XGen™ Smart Protection Suite focuses on endpoint, email, and web security, all of which are regularly exploited by criminals. By using a multilayered approach, Trend Micro can prevent the wrong kinds of headlines that occur when a brand’s customer data is compromised.
Cyber criminals are as creative as they are relentless in their tactics, sneaking into business systems through insecure endpoints and digging for customer information buried deep within databases. Once they’ve uncovered anything of value, they can launch ransomware attacks that drain bank accounts and the confidence consumers once had in a brand.
Retailers lacking layered security software are practically leaving the door unlocked and inviting them in, and this is especially the case for those who haven’t made the switch to EMV chip card readers.
“The POS (point of sale) terminals have been the main target over the past several years,” said Jon Clay, Director of Global Threat Communications at Trend Micro, a global security software company. “We’ve seen POS malware coming up and being utilized, mainly in the United States because we still have a lot of swipe terminals.”
Data breaches create the wrong kinds of headlines, but these incidents are avoidable with a complete approach to security.
“As an organization, you have to have visibility across your entire network because the threat actors are not monolithic,” Jon said. “They’re not just going to target the endpoint. They’re going to target the endpoint as a beachhead. Then, they’re going to laterally move inside your organization and around your network to identify the data they want to steal or the systems they want to compromise.
“Once they’ve done that, they will establish themselves inside the network, stay underground for as long as possible, and then they will exfiltrate that data out of your organization. And they won’t do that in one fell swoop. They’ll do it in increments, and potentially use the organization’s legitimate applications and communications channels.”
Trend Micro has been on the frontlines of computer security for more than 27 years. Its XGen™ Smart Protection Suite provides layered protection across all endpoints, protecting a company’s employees from ill-intentioned criminals who try to access networks through POS devices, phishing emails, and website-based watering hole attacks.
“It’s a massive amount of effort, but it pays off because our customers are much more protected today than they ever have been in the past,” Jon said.
Threats Aren’t Monolithic, and Security Shouldn’t Be Either
Trend Micro’s Smart Protection Suite was designed with businesses in mind, providing advanced and constantly updated protection for endpoints, mobile devices, email, and ensuring users are safe while browsing the web. These areas are where cybercriminals focus their infiltration efforts so it’s imperative that companies keep them out.
“If you think about the attack on a retail organization, likely it’s going to start with an email or web-based attack. A phishing email will be sent to an employee to establish the beachhead inside the organization,” Jon said. “That’s where email security is very critical. Whether you’re using a hosted service that we offer or you have an on-premise SMTP server or Microsoft Exchange server, we can sit there and check those emails for compromise.”
Like crocodiles ambushing a thirsty herd of impala at an African oasis, criminals set up malware traps at commonly visited websites by particular industries for maximum web-browsing devastation in what are known as watering hole attacks.
“They may look for retail sites that somebody in the industry may visit and look to compromise those and infect people,” Jon said. “We can identify malicious websites, or even if a website is redirecting you to a malicious server that’s feeding up that malware, and we can block those.”
Endpoint protection is crucial as many attacks start on one device. Criminals are constantly creating new forms of malware, which is why Jon emphasized keeping security software updated.
“There are cases where a lot of the security firms — and us included — we may not enable something out of the box because it’s a brand-new technology,” Jon said. “Customers need to look at their endpoint security to make sure they’ve enabled all of the latest and greatest technologies that are offered at the time. And if they are running an older version, we definitely recommend they get up to speed with the latest versions of their endpoint security products.”
While it’s not included in the Smart Protection Suite, Trend Micro recommends retailers employ its Endpoint Application Control product. Many retailers use flexible mobile POS devices that serve as smartphones or tablets when they’re not being used for transactions.
“App control allows you to lock down those POS devices, which don’t have to run more than one application,” Jon said. “They can be locked down because they are doing very specific things within the organization. It can lock down the OS files and applications that are running, and only allow those approved applications and OS files to run.”
Harnessing Machine Learning for Automated Protection
Cyber criminals are always trying to find ways to stay ahead of the security software put in place to keep them out. As signatures are disseminated across the globe, security is updated to identify it as a threat and keep it out. However, cyber criminals are clever and now create malware for one-time attacks.
“Today, the challenge with malware is it’s really a one-and-done situation,” Jon said. “You have one piece of malware, and it will only see one device. Our back-end data shows over 90% of malware we see appears on only one device. The first victim is the only victim, so we have to protect them.”
Trend Micro uses machine learning in its products to increase its capacity to process large amounts of data, but the threat of false-positives bringing down a network has led to the company’s systematic approach of backing machine learning with human experience and expertise to catch errors and retrain computers to not make the same mistakes twice.
Machine learning is nothing new at Trend Micro, which introduced the technology when massive amounts of spam email began pouring into inboxes more than 10 years ago.
“Hundreds of millions of emails were coming in,” Jon said. “We couldn’t do anything manually with that so we had to develop machine learning.”
From there, Trend Micro evolved its machine learning capabilities to identify malicious websites and social media accounts, and it’s now used in endpoint protection.
“Over the last two years with the explosion of ransomware, we started seeing our customers demanding a better capability at the endpoint to detect a zero-day threat,” Jon said. “As we saw malware shift from the one-to-many to the one-to-only model, we absolutely had to put machine learning at the endpoint, and that’s why we released the XGen product in late 2016.”
Trend Micro’s Research Team Keeps the Software Ahead of New Threats
While the Trend Micro team faces new malware threats each day, the company is able to stay ahead of criminals by placing an emphasis on future challenges. Along with its commitment to developing software that safeguards businesses and users around the world, Trend Micro also plays an active role in research.
“We have a forward-looking threat research team whose job is to look at the future threat landscape and computing landscape, and the combination of those,” Jon said. “They analyze the threat actors and look at what they could be using tomorrow, in a year, in 3 years from now, and that team has been developing some machine learning capabilities for us.”
The company’s research is published regularly on its site as breaking news and blog posts that keep users up to date on what they need to know about modern online threats. Trend Micro’s combination of experience and innovation is why its users have come to rely on the company to keep their devices and networks safe.
“We’ve been in this business over 27 years now and understand the threat landscape,” Jon said. “We’re thrown curveballs on a regular basis by the cyber criminals, but our job is to understand it. That’s why we have the number of threat researchers and data scientists on staff to support us and build those new models.”