Say NO to ransomware
Four Layers of Security to Minimize Risk. Over 100 million threats blocked and counting.
Email & Web Protection
It all starts with your users—whether it’s falling for a phishing email or clicking on a malicious web link.
Using Microsoft Office 365 for Email?
Trend Micro Cloud App Security is easy. It sets up quickly, has no software to install, no user change settings—it just works! We have blocked more than 2 million threats in Office 365.
- Malware scanning and file risk assessment
- Sandbox malware analysis
- Document exploit detection
- Web reputation
Relying on an Email Gateway for on-premises Email Protection?
Improve your email gateway ransomware detection rates with a deeper level of email inspection. Trend Micro™ Deep Discovery™ Email Inspector works with your email gateway to block more spear phishing emails and malicious email attachments, a common delivery vehicle for ransomware.
- In-depth analysis of email attachments and URLs, including: Office Docs (+macros), PDFs, archives, executables, scripts, multimedia, and more
- In-depth virtual analysis of URLs, including: URLs embedded in body or subject of messages and URLs embedded within documents
- Script emulation and zero-day exploit detection to detect ransomware and related activity, including: mass file modifications, encryption behavior and other modifications
Minimizing the Risk from Web Traffic
Beyond email, your users are susceptible to ransomware by clicking on web sites that are intentionally malicious, or have been compromised. InterScan Web Security protects your users with:
- Scanning for zero-day exploits and browser exploits, a common way ransomware enters your organization
- Integration with Trend Micro Deep Discovery for sandbox analysis
- Real-time web reputation to determine if a URL is a known delivery vehicle for ransomware
Trend Micro detected 99% of ransomware threats in email messages or web links. That still leaves 1% that could make it through to your endpoint. Trend Micro™ XGen™ endpoint security delivers several capabilities that minimize the risk of ransomware to your endpoints, including:
- High-fidelity machine learning that analyzes files, not only before execution but also during runtime for more accurate detection. It includes noise cancellation like census and whitelist checking to reduce false positives.
- Behavior monitoring for suspicious behavior associated with ransomware, such as the rapid encryption of multiple files. The encryption process can be automatically stopped and the endpoint isolated before ransomware can spread and cause more damage to your data.
- Application control creates application white lists, which will only allow known good applications to execute, and prevents the execution of unknown applications, like ransomware
- Vulnerability shielding protects you from ransomware that takes advantage of unpatched software vulnerabilities
Email and web are common ransomware entry points, but other network protocols and attack methods can also subject you to ransomware. Trend Micro™ Deep Discovery™ Inspector is a network appliance that detects and blocks the ransomware on your network so it can’t spread to other endpoints and servers. It protects against ransomware with:
- Monitoring of all network ports and more than 100 protocols for ransomware, using pattern and reputation-based analysis, script emulation, and the detection of zero-day exploits and command and control traffic, to identify ransomware across the entire kill chain.
- Custom sandbox analysis to detect mass file modifications, encryption behavior and modifications that are consistent with ransomware.
- Integration with Trend Micro email and web gateways, and endpoint and server protection solutions to provide a connected threat defense so new threat information is shared across the multiple layers.
Ransomware is increasingly targeting servers, with recent high profile examples like SAMSAM (also known as SAMAS), where attackers targeted known software vulnerabilities to inject ransomware. Trend Micro™ Deep Security™ protects your servers, whether physical, virtual or in the cloud, from ransomware with:
- Suspicious Activity Detection and Prevention: If ransomware attempts to gain a foothold in a data center (e.g. via a compromised user connecting to a file server), Deep Security can detect suspicious network activity and prevent it from continuing, while also alerting that there is an issue.
- Vulnerability Shielding: Protects servers and applications from ransomware attacks by shielding them from exploits of known software vulnerabilities, ‘virtually patching’ them until a patch or fix can be applied.
- Lateral Movement Detection: If ransomware should get into the data center, Deep Security can also help to minimize the impact by detecting and blocking it from spreading to more servers.