Trend Micro Smart Protection Complete
September 01, 2015
Trend Micro, Inc.Product:
Starts at $49 per user/year for 500+ users.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Completeness and ease of deployment and use; dual licensing of physical and cloud deployments.
- Weaknesses: None that we found.
- Verdict: This is pure Trend Micro – well thought-out and well executed.
Being Trend Micro - a well-known anti-malware vendor - one would expect the Smart Protection Complete suite to be an enhanced anti-malware product. And one would be wrong. While it does have a strong anti-malware component, it also features port and device controls, endpoint encryption and DLP. If you add the integration of the gateway level you can add web, email, instant messaging and SharePoint protection, including social engineering protection for emails. The gateway can be on-premises or in the cloud.
Not to be left out, the product also covers mobile devices and includes mobile device management. All of this is managed through the Trend Micro Control Manager. Policies are set by administrators and then deployed to endpoints, gateways and servers. The Smart Protection Complete suite is a superset of the Smart Protection for Endpoints Suite, which does not include gateway, instant messaging and collaboration capabilities. We reviewed the Smart Protection Complete suite.
Overall, the suite covers employee leaks, malware, vulnerability exploits, advanced malware, such as APTs, and targeted attacks where a single individual or identifiable group is targeted explicitly. The Trend approach is reminiscent of the old principle of defense-in-depth. It is decidedly data flow-based and begins at the gateway. Once a threat makes it through the gateway - if it does - it must contend with reputation checking for web, email and file, as well as application whitelisting. Its next challenge is passing vulnerability shielding, a sort of virtual patching, behavior monitoring (something Trend Micro pioneered), social engineering protecting, memory inspection and C&C blocking - if it should try to call home. If all else fails there still is traditional DLP and device control. Investigation of the breach also is part of the Complete suite, as is encryption.
Command-and-control (C&C) management is accomplished through a combination of identification and blocking. Data gleaned from multiple sources - ranging from endpoints to the data center - coupled with deep discovery, enables the suite to approach identification probabilistically. Then a suspected C&C server and its associated botnet can be blocked effectively.
Another difficult challenge in today's threat space is ransomware. Here, again, the suite has your back. As with most solutions to the ransomware problem, this solution depends in part - but only in part - on signatures and tools to stop the spread. Trend Micro, in addition, adds behavior monitoring of applications for changes to or encryption of files. Whitelisting allows filtering out known good applications. Immediately upon detecting a suspected ransomware, the Smart Protection Complete suite terminates execution and quarantines the suspect.
Complete suite also includes vulnerability shielding. This detects and blocks network-borne exploits. In this regard it acts a lot like a host intrusion prevention system (HIPS). It deploys and/or recommends deploying of new IPS rules. This is "virtual patching," according to the vendor. Harking back to its strong suit - behavior analysis - using that, protocol enforcement and advanced heuristics the suite can stop zero-day attacks. Vulnerabilities are identified using CVE and the suite can communicate with a SIEM for alerting and logging.
Complete suite also includes the Trend Mobile Suite. Based on policy, the Mobile Suite covers such things as email and web, and provides DLP, file encryption, separation of business and personal data and mobile app control.
One thing we particularly liked is that the offering can work on-prem or in the cloud. When the organization is ready to move to the cloud, no new licensing is require. This also is true if the organization wants to use a hybrid approach of both data center and cloud. Installation is by a deployment tool kit and selective installation is available any time, so administrators can change deployment parameters without starting over.
Finally, the use of Trend's Smart Filter ensures a small definition size for better performance and it means that at all times that not only prevalent and zero-day threats are protected but when a more rare, potentially older threat comes up, the Smart Filter detects it and adds the full signature for the rare threat as well.
Pricing is very reasonable and website and documentation are what you'd expect from an experienced leader.