Home  >  APT29  >  Results  >  Trend Micro  >  Configuration

Trend Micro Configuration

Product Versions

Management
  • Apex One™ as a Service 14.0.5169
  • Deep Security™ 12.0.296
  • Deep Discovery Inspector 5.6.1117
  • Trend Micro Managed XDR, managed detection & response (MDR) service
Endpoints
  • Windows Endpoint: Apex One™ as a Service Security Agent version 14.0.5171
  • Windows Server: Deep Security Agent version 12.0.0-360

Description

Apex One as a Service

Apex One as a Service provides multi-layered endpoint security. Delivered through a single-agent architecture, Apex One as a Service provides comprehensive prevention and detection capabilities, along with application control, DLP, device control, vulnerability protection, and EDR capabilities.

Apex One as a Service blends signatureless techniques including machine learning, behavioral analysis, variant protection, census check, exploit prevention, and good-file check with other techniques like file reputation, web reputation, and command and control (C&C) blocking to progressively filter out threats using the most efficient techniques for maximum detection.

EDR capabilities provide context-aware investigation, recording, and reporting of system-level activities. It collects endpoint telemetry from kernel mode, user mode and native system events. Users can perform IOC sweeping, IOA behavior hunting, custom-criteria search, and execute detailed root cause analysis enriched with threat intelligence from the Trend Micro Smart Protection Network.

Deep Security

Deep Security software is purpose-built for physical, virtual, cloud, and container environments, enabling consistent security, regardless of the workload.

Deep Security:

  • Protects physical and virtual servers against zero-day malware, including ransomware, cryptocurrency mining attacks, and network-based attacks, while minimizing operational impact from resource inefficiencies and emergency patching.
  • Secures dynamic workloads in the cloud, with automated discovery of workloads across cloud providers, including AWS™, Microsoft® Azure™, Google Cloud™. Deployment scripts and RESTful APIs enable security to be integrated with existing toolsets for automated security deployment, policy management, compliance reporting, and more.
  • Delivers advanced runtime protection for containers, defending against attacks on the host, container platform (Docker®), orchestrator (Kubernetes®), containers themselves, and even the containerized applications. With a rich set of APIs, Deep Security allows IT Security to protect containers with automated processes for critical security controls.
Deep Discovery Inspector

Deep Discovery Inspector is an advanced threat protection solution that provides visibility for connections from endpoints and intelligence to detect and respond to targeted attacks and advanced threats.

Product Configuration

Apex One™ as a Service

Summary of Apex One as a Service configuration

  • Enable Endpoint Sensor, Vulnerability Protection and Application Control
  • Enable Behavior Monitoring: Anti-Exploit
  • Disable all prevention controls

Deep Security

Summary of Deep Security configuration

Deep Discovery Inspector

Summary of Deep Discovery Inspector Configuration

  • Configured endpoint to use rpcapd (WinPcap module) to forward metadata to Deep Discovery Inspector in MITRE’s environment.
  • Configure advanced detection settings
  • For detailed information, please refer to appropriate product documentation.

Product Configuration Change

Apex One™ as a Service
  1. Pattern Update
    • Attack Discovery Detection
    • Grey Detection
  2. Enable PowerShell ScriptBlock logging
Deep Discovery Inspector™
  1. Pattern Update
    • NCIP (Network Content Inspection Pattern)
    • NCCP (Network Content Correlation Pattern)
For product configuration details please contact Trend Micro Support