This is a combination product in that it covers all three phases of a ransomware attack. It can recognize ransomware in a phishing email and, should ransomware enter the system, it prevents it from detonating successfully. If it should be able to bypass protection, the tool stops it rapidly and rolls back any damaged files that the ransomware was able to encrypt.For testing, we selected a pre-configured client environment with Trend Micro OfficeScan XG, Vulnerability Protection, Control Manager, Endpoint Application Control, and a credit card text file with sample data.
In this attack scenario, it is assumed that pre-infection defenses have been breached, allowing for infection and post-infection phases to spring into action on the target machine. The infection began on our target (virtual) endpoint machine containing a folder with 10 sample files. Within the next three to five seconds, Trend Micro OfficeScan XG agent stopped the encryption attack-in-progress, automatically restored the first files affected by the attack, and immediately displayed a "Threats/Violations Found" alert screen.
Evidence of unauthorized encryption event can be further examined using the drill-down feature of the alert screen, along with other verification indicators available in OfficeScan dashboards and reporting options. Trend Micro Smart Protection Complete with OfficeScan XG agent is clean and straightforward, dashboards are very intuitive and easy to navigate. Agent Management is point-and-click through the various XG components. There is a provision for whitelisting any authorized encryption that might be used legitimately in the enterprise.
As part of the Smart Protection Complete offering, Trend Micro also includes "Connected Threat Defense" ecosystem, which provides an advanced way of protecting against targeted and ransomware attacks by extending interoperability across different protection nodes. Whenever a suspicious file (like ransomware) is detected at the endpoints, network, web or email, that file is sent to and detonated in the sandbox, where it is determined to be malicious.
Connected Threat Defense is capable of generating a rapid response signature on the fly, without the need for sending samples to TrendLabs, and deploys the protection for all endpoints, mail servers and gateways automatically.
7/24 support is standard, including both email and phone support, and there are extra cost assistance offerings for special circumstances. The website is what you would expect of a company such as TrendMicro. It is complete, has access both to the support portal and to additional resources, such as knowledgebase and FAQ.
Overall, this is a very complete system. Even so, it integrates, as one would expect, with other Trend Micro tools to provide a complete Trend Micro ecosystem. The document library on the web portal is one of the most complete we've seen and the documentation is solid and easy to use. We perused some documentation for products other than the one we are reviewing and found style and substance to be consistent. Having known Trend Micro products almost since their inception and having known personally the founders and the current CEO, this is no surprise to us. The company has always been meticulous in development, support and documentation of its products. This is just another solid example.
(Judy Traub contributed to this review)