printer friendly version

Machine-learning for defence

Trend Micro announced the latest enhancements to its network defence solutions based on the company’s XGen security.

Continuing its smart, optimised and connected security strategy, Trend Micro has infused patent-pending machine learning capabilities into its Trend Micro TippingPoint intrusion prevention system (NGIPS) solutions. This makes Trend Micro the first standalone NGIPS vendor to detect and block attacks in-line in real-time using machine learning.

TippingPoint NGIPS is part of the Trend Micro Network Defense solution which, in combination with advanced threat protection, is optimised to prevent targeted attacks, advanced threats and malware from embedding or spreading within a data centre or network. Network Defense is powered by XGen security, a blend of cross-generational threat defence techniques specifically designed for customer platforms and applications and fuelled by market-leading threat intelligence.

“Protecting an enterprise network is a vital part of a connected threat defence that should also include servers and endpoints,” said Steve Quane, executive vice president and chief product officer for Trend Micro TippingPoint. “As businesses grow, the need is greater to have a solution that can provide visibility and control within any customer environment while sharing threat intelligence across security layers.”

Trend Micro TippingPoint NGIPS applies machine learning statistical models to feature vectors extracted from network data on the wire to make a real-time decision on whether network traffic is malicious or benign. This evolution helps to better detect advanced malware behaviour and communications invisible to standard defences. TippingPoint NGIPS also applies machine-learning techniques to detect and block known and unknown malware families that use domain generation algorithms (DGAs) to generate domain names for infected hosts attempting to contact their command and control servers.

“Our enterprise clients enquire regularly about the need to protect their networks from existing and emerging threats,” said Andrew Braunberg, managing director of research for NSS Labs. “Enterprises are continuing to deploy NGIPS devices, particularly to protect high value assets, such as data centres. Advanced analytics, such as machine learning, and fully integrated global threat intelligence feeds are particularly important features for today’s leading NGIPS products.”

“With the addition of machine learning capabilities into the TippingPoint solution, we have been able to improve the accuracy of detecting malicious activity, which speeds up protection of our network across our business,” said Erwin Jud, senior security engineer for Swiss Railways. “When you blend that with exclusive vulnerability data, not only is my administrative security management reduced, but I feel confident that I have the most advanced threat techniques that continue to adapt now and in the future to keep my company’s data secure.”

One of the distinguishing features of Network Defense is pre-emptive threat prevention between discovery and patch availability for many known and undisclosed vulnerabilities. The Zero Day Initiative brings exclusive insight into undisclosed vulnerability data, which results in protection for customers 57 days on average before a vendor can provide a patch. When combined with the security intelligence from TippingPoint Digital Vaccine Labs (DVLabs) and data collected from the Smart Protection Network for threat correlation, each delivers unparalleled, real-time, accurate network threat insights. Information is seamlessly shared with security information and event management (SIEM), gateways, as well as both Trend Micro and third-party security investments.

TippingPoint NGIPS offers in-line comprehensive threat protection against advanced and evasive malware across data centres and distributed enterprise networks. It offers in-depth analysis of network traffic for comprehensive contextual awareness, visibility and agility necessary to keep pace with today’s dynamic threat landscape.

Share this article:

Further reading: