www.trendmicro.com
Open in
urlscan Pro
104.111.231.15
Public Scan
URL:
https://www.trendmicro.com/en_in/research/21/d/how-trend-micro-helps-manage-exploited-vulnerabilities.html
Submission: On December 16 via manual from IN — Scanned from DE
Submission: On December 16 via manual from IN — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>Text Content
Critical Log4j vulnerability Technical Support Info > Background >
dismiss
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Business
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Us
* Locations Worldwide
* # 011 – 66213200
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
For Home
Products Products
Hybrid Cloud Security
Workload Security
Conformity
Container Security
File Storage Security
Application Security
Network Security
Open Source Security
Network Security
Intrusion Prevention
Advanced Threat Protection
Industrial Network Security
Mobile Network Security
User Protection
Endpoint Security
Email Security
Mobile Security
Web Security
Industrial Endpoint
Detection & Response
XDR
Endpoint Detection & Response
Zero Trust Risk Insights
Powered by
AI/Machine Learning
Global Threat Intelligence
Connected Threat Defence
All Products & Trials
All Solutions
Service Packages
Small & Midsize Business Security
Solutions Solutions
For Cloud
Cloud Migration
Cloud-Native App Development
Cloud Operational Excellence
Data Centre Security
SaaS Applications
Internet of Things (IoT)
Smart Factory
Connected Car
5G Security for Enterprises
Risk Management
Ransomware
End-of-Support Systems
Compliance
Detection and Response
Industries
Healthcare
Manufacturing
Knowledge Hub
Why Trend Micro Why Trend Micro
The Trend Micro Difference
Customer Successes
Strategic Alliances
Industry Leadership
Research Research
Research
About Our Research
Research and Analysis
Research, News and Perspectives
Security Reports
Security News
Zero Day Initiative (ZDI)
Blog
Research by Topic
Vulnerabilities
Annual Predictions
The Deep Web
Internet of Things (IoT)
Resources
DevOps Resource Center
CISO Resource Center
What is?
Threat Encyclopedia
Cloud Health Assessment
Cyber Risk Assessment
Enterprise Guides
Glossary of Terms
PROJECT 2030
How will the world of cybersecurity evolve by 2030?
Let’s take a look at what the future holds.
Explore our expert video series
Services & Support Services & Support
Services
Service Packages
Managed XDR
Support Services
Business Support
Log In to Support
Technical Support
Virus & Threat Help
Renewals & Registration
Education & Certification
Contact Support
Downloads
Free Cleanup Tools
Find a Support Partner
For Popular Products
Deep Security
Apex One
Worry-Free
Worry-Free Renewals
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Marketplace
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Tools and Resources
Find a Partner
Education and Certification
Partner Successes
Distributors
Partner Login
Company Company
Overview
Leadership
Customer Success Stories
Strategic Alliances
Industry Accolades
Newsroom
Webinars
Events
Security Experts
Careers
History
Corporate Social Responsibility
Diversity, Equity & Inclusion
Internet Safety and Cybersecurity Education
Investors
Privacy and Legal
×
Folio (0)
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Business
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Us
* Locations Worldwide
* # 011 – 66213200
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* No new notifications at this time.
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Business
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Us
* Locations Worldwide
* # 011 – 66213200
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
Cyber Threats
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Content added to Folio
Folio (0) close
Cyber Threats
HOW TREND MICRO HELPS MANAGE EXPLOITED VULNERABILITIES
As technological innovations evolve, protecting companies from cyber threats
tomorrow secures their businesses today. Read how Trend Micro protects customers
from vulnerability exploits by blocking them as early as possible.
By: Jon Clay April 28, 2021 Read time: 7 min (2062 words)
Save to Folio
--------------------------------------------------------------------------------
Photo credit: pxhere
As technological innovations evolve, protecting companies from cyber threats
tomorrow secures their businesses today. Exploiting known vulnerabilities to
successfully compromise an organisation has long been a common tactic used by
malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon,
threat actors take advantage of newly disclosed vulnerabilities in their
attacks. But even with thousands of new vulnerabilities disclosed every year
(18K+ in 2020 according to NIST), the reality is that only so many are
weaponized into exploits and used in attacks. As such, businesses have had to
rethink their patch management process due to this proliferation of known
vulnerabilities as well as the shrinking time window from patch to exploit and
to decide what to patch now and what can wait.
For over 30 years, Trend Micro has defended enterprises against malicious cyber
activities and has blocked both zero-day exploits and n-day vulnerabilities as
early as possible. Supported by the Zero Day Initiative (ZDI), the world’s
largest vendor agnostic bug bounty programme, and our n-day vulnerability
research team, Trend Micro has one of, if not the largest, vulnerability
research organisation in the world and uses this to protect our customers from
exploits. In 2020, our TippingPoint IPS solution was able to protect customers
on average 81 days prior to a patch being disclosed for bugs submitted to the
ZDI. Host-based and network-based IPS technology is used to deploy a virtual
patch that can protect a system from an exploit. Even when a new vulnerability
is disclosed that ZDI does not help disclose, our vulnerability research team
analyses many of the critical bugs and works to ensure a new IPS filter is made
available as quickly as possible for our customers. As part of our constant
collection and analysis of newly disclosed vulnerabilities, let’s dive into a
recent case study to give you an example of how this works.
Case Study of How Trend Micro Protects Customers from Vulnerability Exploits
In October 2020, the National Security Agency (NSA) named 25 vulnerabilities
that had been exploited by Chinese state-sponsored cyber actors to acquire
sensitive intellectual property, economic, political, and military information.
13 of the 25 vulnerabilities were newly published in 2020, and the oldest
vulnerability could be traced back to 2015. The threats these bugs posed were
real, with 15 rated Critical according to their CVSS v3.1 score.
CVE Published Date CVSS v3.1 severity CVSS v3.1 base score Vendor Trend IPS
Filter (Y/N) CVE-2015-4852 11/18/15 NA NA Oracle Y CVE-2017-6327 8/11/17 High
8.8 Symantec Y CVE-2018-6789 2/8/18 Critical 9.8 Canonical Y Debian Y Exim Y
CVE-2018-4939 5/19/18 Critical 9.8 Adobe Y CVE-2019-3396 3/25/19 Critical 9.8
Atlassian Y CVE-2019-0803 4/9/19 High 7.8 Microsoft Y CVE-2019-11510 5/8/19
Critical 10 Pulse secure Y CVE-2019-0708 5/16/19 Critical 9.8 Microsoft Y
CVE-2019-11580 6/3/19 Critical 9.8 Atlassian Y CVE-2019-1040 6/12/19 Medium 5.9
Microsoft Y CVE-2019-18935 12/11/19 Critical 9.8 Telerik Y CVE-2019-19781
12/27/19 Critical 9.8 Citrix Y CVE-2020-0601 1/14/20 High 8.1 Microsoft Y
CVE-2020-2555 1/15/20 Critical 9.8 Oracle Y CVE-2020-8515 2/1/20 Critical 9.8
Draytek Y CVE-2020-3118 2/5/20 High 8.8 Cisco N CVE-2020-0688 2/11/20 High 8.8
Microsoft Y CVE-2020-10189 3/6/20 Critical 9.8 Zohocorp Y CVE-2020-5902 7/1/20
Critical 9.8 F5 Y CVE-2020-15505 7/7/20 Critical 9.8 Mobileiron Y CVE-2020-8193
7/10/20 Medium 6.5 Citrix Y CVE-2020-8195 7/10/20 Medium 6.5 Citrix Y
CVE-2020-8196 7/10/20 Medium 4.3 Citrix Y CVE-2020-1350 7/14/20 Critical 10
Microsoft Y CVE-2020-1472 8/17/20 Critical 10 Canonical Y Fedoraproject Y
Microsoft Y Opensuse Y Samba Y Synology Y
Source: Trend Micro
Speed matters in the battle against cyber-attacks. No matter it’s a zero-day
vulnerability, or known vulnerabilities still on the long “To be patched” list,
Trend Micro provides clients with quick and pain-free solutions.
Trend Micro Research tracked these vulnerabilities and helped enterprises defend
against potential exploits. Our products offer virtual patching and
vulnerability shielding to protect against known vulnerabilities. Specific
vulnerability protections include:
* Trend Micro – Cloud One Workload Security provides comprehensive server and
virtual desktop (VDI) protection for virtual, cloud, and hybrid deployments.
* TippingPoint Threat Protection System proactively detects and prevents
vulnerability attacks and network exploits.
In this case study, 25 cloud-based rules and 28 TippingPoint filters cover the
vulnerabilities on NSA’s list and only one CVE (CVE-2020-3118) does not have
coverage. Let’s look at how vulnerabilities are covered under each scenario:
1. Virtual patching before official protection released
Zero-day vulnerabilities pose enormous cybersecurity threats. They are usually
exploited long before an official patch released from vendors, making targeted
companies hard to defend themselves against attacks. To protect companies
against malicious activities, Trend Micro runs the world’s largest bug bounty
programme, Zero Day Initiative (ZDI), to capture exploits before it’s being used
in the dark web, and then develop a digital vaccine to protect client companies.
CVE-2020-2555 is a perfect example of how Trend Micro covers zero-day
vulnerabilities. It’s a vulnerability that exists in the Oracle Coherence
product of Oracle Fusion Middleware. This easily exploitable vulnerability
allows unauthenticated attackers with network access via T3 to compromise Oracle
Coherence. As a critical vulnerability rated at 9.8 in CVSS3.1 base score, it
was captured by Jang from VNPT ISC, who worked with Trend Micro ZDI programme.
TippingPoints soon developed a virtual patch to CVE-2020-2555, 57 days prior to
the official patch from Oracle.
The virtual patch came in at the right time. The first attack recorded was
merely 45 days after the patch published. As time went by, more cyber actors
weaponized this vulnerability and the overall attacks reached a peak in August
2020. At the end of 2020, the total attacks of CVE-2020-2555 amounted to 4.23k.
Source: https://www.oracle.com/security-alerts/cpujan2020.html
2. In-time coverage with pain-free solutions
For the vulnerabilities that are not captured through the ZDI programme, Trend
Micro syncs up with the vendor and offers in-time coverage.
CVE-2020-1350 is a critical vulnerability rated at 10, which has been targeted
by cyber actors since August 2020. It is a Remote Code Execution (RCE)
vulnerability that exists in Windows DNS servers when they fail to properly
handle requests. Microsoft published this vulnerability on July 14, 2020 and
offered an official patch. On the same day, Trend Micro leveraged its solid
research power and released virtual patches through TippingPoint and Deep
Security. Through virtual patching, Trend Micro offered clients pain-free
solutions to defend their systems, avoiding the hassle of manual patching.
The protection was invaluable. By the end of 2020, our virtual patches for this
CVE have blocked 2.9 million attacks from cybercriminals.
Source:
https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/
https://media.defence.gov/2020/Jul/16/2002458198/-1/-1/0/CSA_CVE20201350-V_1_0%20-%20COPY.PDF
3. Complete shield in less than 30 days of vulnerability debut
In some cases, it might take longer to form a complete shield for certain
vulnerabilities. For those more complicated vulnerabilities, Trend Micro manages
to launch virtual patching in less than 30 days from when they were introduced
publicly.
CVE-2020-0688, for example, demonstrates how Trend Micro protects clients
against potential exploits. This is a Microsoft Exchange validation key remote
code execution vulnerability, which exists when the software fails to properly
handle objects in memory. It was captured by an anonymous researcher who worked
with Trend Micro ZDI programme. ZDI later reported the vulnerability to the
vendor, Microsoft, who published an official patch on Feb 11, 2020. Trend Micro
soon published its virtual patches through TippingPoint and Deep Security in 13
days and 28 days respectively. Soon, Trend Micro blocked the first attack
recorded on March 14 and protected clients from around 1,760 attacks in 2020.
Source:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688
How to Protect Your Organisation from Vulnerability Exploitation
Traditional security measures should always be applied to watch for compromised
accounts and networks, malicious traffic, and other Indicators of Compromise
(IoCs). A good resource for identifying In-The-Wild exploits of vulnerabilities
is Google Project Zero’s site:
https://github.com/googleprojectzero/0days-in-the-wild Identifying what
vulnerabilities need to be patched or virtually patched is a good start.
Prioritisation is critical:
* Continuously conduct an exposure assessment to determine what CVEs past and
present are in your environment at all times
* Assess the criticality of those systems that contain those CVEs
* Conduct a continuous but simple risk assessment:
* Assess the Probability-likelihood of those identified CVEs are or will be
exploited in the wild against the severity-impact of those CVEs used in an
attack
* Is a POC available
* Is it In-The-Wild
Preventative measures are also a good option: Intrusion prevention systems and
antimalware software for the network and the host devices (all endpoints) to
monitor for ransomware, viruses, and other threats are critical. Logs need to be
collected, centralised, and analysed by a SIEM (Security Information & Event
Manager), which can be done automatically through the Trend Micro Vision One
platform. Vision One simplifies the process of prioritising and analysing
security event logs, allowing IT and SOC teams to spend their time on the most
critical threats.
* Regularly update online infrastructures. While this may seem like a reactive
strategy, applying patches to systems, servers, and networks as soon as
they’re available lowers the number of flaws and the exploits that target
them. Accordingly, organisations should also factor critical/high severity
vulnerabilities as well as those with a public POC and/or are being actively
exploited in-the-wild into their patch management policies as well as
incident response and remediation strategies.
* Secure the email gateways, servers, and networks. Attacks can take the form
of threats that may target different parts of an organisation’s online
infrastructure — either to facilitate the execution of malware, deliver
payloads, or perform lateral movement — which is why it’s important to secure
them equally.
* Enforce the principle of least privilege. Many threats abuse legitimate and
open-source penetration testing and system administration tools to
successfully exploit a vulnerability. Restricting and securing their use
helps reduce the risks of attackers gaining access to the entire network or
system.
* Nurture and practice cybersecurity hygiene. Fostering a culture of
cybersecurity, which includes increasing user awareness on phishing attacks,
helps just as much as the security solutions that are deployed by the
organisation.
* Employ multilayered security defences. Additional layers of security reduce
an organisation’s attack surface. Firewalls and intrusion detection and
prevention systems, for instance, help filter malicious traffic and network
activities. Application control and behaviour monitoring prevents dubious
executables and malware-related routines from running,
while sandboxes quarantine suspicious and malicious files.
Here’s how virtual patching augments an organisation’s existing security
technologies as well as vulnerability and patch management policies:
* Buys additional time so security teams can assess the vulnerability, test and
apply the necessary patches. For in-house applications, virtual patching
provides time for developers and programmers to fix flaws in their code.
* Avoids unnecessary downtime by providing enterprises more freedom to enforce
their patch management policies on their own schedule. This mitigates the
potential revenue loss caused by unplanned or superfluous disruptions in
business operations.
* Improves regulatory compliance by helping organisations meet timeliness
requirements, such as those imposed by the EU General Data Protection
Regulation (GDPR) and Payment Card Industry (PCI).
* Provides an additional layer of security controls to components in the IT
infrastructures for which patches are no longer issued (e.g., legacy systems
and end-of-support OSs like Windows Server 2008) or are prohibitively costly
to patch.
* Provides flexibility by reducing the need to roll out workarounds or
emergency patches. It eases the task, for instance, of gauging specific
points in the network that require patching (or if a patch needs to be
applied to all systems).
Trend Micro provides comprehensive security solutions for businesses of all size
and industries, no matter where they are in their digital transformation journey
and include a virtual patch feature.
Cloud One Workload Security enhances runtime protection for cloud-based
workloads. To shield users’ information from being stolen, Apex One offers
automatic, insightful, all-in-one endpoint security. TippingPoint Threat
Protection System with NGIPS defends the network against known, unknown, and
undisclosed vulnerabilities. For small and medium businesses, Worry-Free
Services Suites offers simple and complete protection for your endpoints and
beyond. Each of these solutions offer a virtual patching feature that can shield
an organisation from exploits of vulnerabilities without the need of the vendor
patch. And our TippingPoint customers had the added benefit of being shielded
on average 81 days ahead of the vendor patch for vulnerabilities submitted to
our Zero Day Initiative in 2020. With 15 research centres across the globe,
Trend Micro Research provides customers with the latest insights on the
cybersecurity landscape.
To learn more about how Trend Micro can protect your business from
vulnerabilities, please visit:
https://www.trendmicro.com/en_us/business/products/network/intrusion-prevention/threat-intelligence.html.
Tags
Cloud | Expert Perspective | Exploits & Vulnerabilities | Cyber Threats |
Endpoints | Network | Articles, News, Reports
AUTHORS
* Jon Clay
Director, Global Threat Communications
Contact Us
RELATED ARTICLES
* Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
* Volatile and Adaptable: Tracking the Movements of Modern Ransomware
* Collecting In the Dark: Tropic Trooper Targets Transportation and Government
See all articles
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Centre
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2021 Trend Micro Incorporated. All rights reserved.
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
WELCOME TO TREND MICRO
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.
{{opt_in}}
Accept
Learn more
AddThis Sharing Sidebar
Share to FacebookFacebookShare to TwitterTwitterShare to PrintPrintMore AddThis
Share optionsAddThis
0
SHARES
Hide
Show
Close
AddThis