Getting Started With Endpoint Security - Student Guide - V1
Getting Started With Endpoint Security - Student Guide - V1
Trend Micro, the Trend Micro logo, the t-ball logo, and [other Trend trademarks] are
trademarks or registered trademarks of Trend Micro Incorporated. All other company
and/or product names may be trademarks or registered trademarks of their owners.
Information contained in this document is subject to change without notice. Trend Micro,
the Trend Micro logo, and the t-ball logo Reg. U.S. Pat. & Tm. Off.
For details about what personal information we collect and why, please see our Privacy
Notice at trendmicro.com/privacy
Welcome
Objectives
Before We Start
? !
Post questions in Answer trainer Download your copy of the Student Guide
the Q&A pane only questions in the Chat pane from the Education Portal
Post any questions in the Q&A pane as it is being monitored by trainers. Use the Chat pane
to response to questions from the Instructor.
The Student Guide for this course can be downloaded from the Trend Education Portal. Log
into your account, click the Getting Started With Trend Vision One Endpoint Security
course. Scroll to the Course Syllabus section and click to download the Student Guide PDF.
Endpoint Protection
The servers/workloads and the end-user endpoints in your organization are under constant
attack from external sources. These important corporate resources must be protected from
attack. Compromise of these resources could harm financial results for the organization,
result in the disclosure of confidential corporate information or important intellectual
property, which can all lead to harming the company's reputation.
Trend Vision One Endpoint Security provides a single platform experience for deploying and
managing protection on endpoint computers, including end-user Windows or Mac desktop
computers and Windows and Linux servers and workloads. With Trend Vision One Endpoint
Security, administrators can manage security agent deployment and policy assignment
from the same Trend Vision One console they currently use for Risk Insights, Extended
Detection and Response and Attack Surface Risk Management.
There are several points at which threats could enter the system through endpoint
computers. A variety of automated threat detection techniques can be enabled to monitor
for threats on the endpoint.
The protection required for servers/workloads and end-user endpoints can be different as
the threats and type of attacks can be different.
For servers and workloads, threat actors typically attack by taking advantage of software
and configuration vulnerabilities, lateral movement, and stolen employee credentials.
An end-user endpoint are typically exposed through email, websites, cloud services or USB
drives.
These differences in threat exposure create a need for distinct security requirements and
protection strategies for end-user endpoints and server workloads.
https://www.trendmicro.com/en_us/business/products/endpoint-security.html
Ensure your security addresses the way server and cloud workloads are deployed and
attacked. Protect against vulnerabilities, malware, and unauthorized changes, and deploy
advanced security capabilities specifically designed for the server and cloud workload
environment.
Some of the protection features available for servers and workloads include the following:
Anti-Malware protection detects and blocks malicious software such as viruses, trojans,
spyware, ransomware and other applications intended to harm endpoints. Anti-malware
protection can occur in real-time, can be run on demand, or can be set up to run on a
schedule. A variety of techniques including behavior monitoring and machine learning
enable protection against emerging malware that would not be captured by traditional
pattern-based malware scanning.
Web Reputation protection tracks the credibility of websites and safeguards servers from
malicious URLs. Web Reputation blocks endpoints from accessing compromised or
infected sites, blocks users from communicating with Communication & Control servers
(C&C) used by cybercriminals and blocks access to malicious domains registered for
perpetrating malicious activities.
Firewall protection examines the header information in each network packet to allow or
deny traffic based on direction, specific frame types, transport protocols, source and
destination addresses, ports, and header flags. Firewall protection also prevents denial of
service attacks as well as blocking reconnaissance scans.
Integrity Monitoring protection monitors critical operating system and application files,
including directories, custom files, registry keys and values, open ports, processes and
services to provide real-time detection and reporting of malicious and unexpected changes.
The Integrity Monitoring modules tracks both authorized and unauthorized changes made to
a server instance. The ability to detect unauthorized changes is a critical component in a
cloud security strategy as it provides the visibility into changes that could indicate the
compromise of an instance.
Log Inspection protection collects and analyzes operating system and application logs for
suspicious behavior, security events, and administrative events across the data center. This
module optimizes the identification of important security events buried in multiple log
entries.
Application Control protection monitors computers for any software changes that drift away
from an approved software inventory. It detects all changes to executables, including users
installing unapproved software, new PHP pages or Java applications, unscheduled auto-
updates, and zero-day malware. This module can lock down software so that only approved
applications can execute or stop specific unwanted software from running.
Anti-Malware protection detects and blocks malicious software such as viruses, trojans,
spyware, ransomware and other applications intended to harm endpoints. Anti-malware
protection can occur in real-time, can be run on demand, or can be set up to run on a
schedule. A variety of techniques including behavior monitoring and machine learning
enable protection against emerging malware that would not be captured by traditional
pattern-based malware scanning.
Web Reputation protection tracks credibility of websites and safeguards servers from
malicious URLs. Web Reputation blocks endpoint computers from accessing compromised
or infected sites, blocks users from communicating with Communication & Control servers
(C&C) used by cybercriminals and blocks access to malicious domains registered for
perpetrating malicious activities.
Firewall protection examines the header information in each network packet to allow or
deny traffic based on direction, specific frame types, transport protocols, source and
destination addresses, ports, and header flags. The firewall prevents denial of service
attacks as well as blocks reconnaissance scans.
Outbreak Prevention shut down infection vectors and rapidly deploys attack specific
security policies to prevent or contain outbreaks before pattern files are available.
The method for implementing Trend Vision One Endpoint Security and adding endpoints
to the inventory will depend on your relationship with Trend
11 | ©2024 Trend Micro Inc.
The method for implementing Trend Vision One Endpoint Security and adding endpoints to
the inventory will depend on your relationship with Trend, for example, do you currently
use an Trend endpoint protection products, as well as whether they are cloud-based or on
premises.
The options for implementing Trend Vision One Endpoint Security include:
• The organization is new to Trend endpoint protection
• The organization would like to evaluate Trend Vision One Endpoint Security on a
selection of endpoints. Once the evaluation and testing is complete, the entire instance
can be updated to Trend Vision One Endpoint Security.
• The organization uses Trend on-premises endpoint protection
Common Terminology
Policy: A policy a collection of security settings that will be applied to servers, workloads
and endpoint computers.
Security Agent: A security agent is a software component that enforces the security
settings defined in the policy. Any security events captured by the agent are forwarded to
the Trend data lake for analysis. Security agents exist for servers and workloads and for
end-user endpoints, as well as for different operating systems.
First Steps
Before configuring endpoints and policies for Trend Vision One for Endpoint Security, the
following system configurations must be performed.
Proxy services
Configure global proxy services if you using a proxy server in your environment.
Firewall Exceptions
To ensure that Trend Vision One can properly communicate with your environment, you must
configure the appropriate Allow rules in your firewall.
Firewall exception requirements differ depending on the location hosting your Trend Vision
One environment. View the following article for more details:
https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-firewall-
permissions
Organization is new to
Install the Endpoint
Trend endpoint
Basecamp package created in
protection Trend Vision One on the
endpoints
i – Your organization
would like to evaluate Export and import policies and
custom objects
Trend Vision One
Endpoint Security
Update selected endpoints to report
to the new protection manager
ii – Your organization is
now ready to update to
Trend Vision One Allow Trend Vision One to update all
endpoints to report to the
Endpoint Security appropriate protection manager
Policy Deployment
Standard endpoints
19 | ©2024 Trend Micro Inc.
A policy a collection of security settings that will be applied to servers, workloads and
endpoint computers.
To simplify the transition for servers and workloads to Trend Vision One, the policy
deployment process is like what is used in Deep Security and Endpoint Security Cloud One
– Endpoint & Workload Security.
To simplify the transition for standard endpoints to Trend Vision One Endpoint Security, the
policy deployment process is like what is used in Apex Central as a Service.
1. In a Server & Workload Protection Manager, create a policy using one of three different
options (New, Duplicate, Import)
2. Modify the settings in the policy to reflect requirements
3. Assign the policy to the appropriate servers and workloads
Single console
experience Wide OS support
Wide variety of
Interface consistency
detection techniques
• Security is tailored to the type of endpoint being used, either server/workload or end-
user endpoint.
• Trend Vision One provide a single console experience, allowing endpoint management
from the same console used for XDR, Attack Surface Risk Management and more.
• A variety of detection techniques ensures that Trend Vision One Endpoint Security
captures malware at any phase of an attack.
• Support for multiple protection managers allows your organization to tailor their security
to their requirements as each protection manager can include distinct policies and
configurations.
• Wide OS support allow Trend Vision One to offer protection regardless of the operating
system being used.
• Interface consistency allows users to easily transition from Trend cloud-based or on-
premises endpoint protection products easily.
Best Practices
These are just a few of the best practices related to endpoint security.
• Endpoints should host both a security agent and an endpoint sensor
• Make sure endpoint security solutions are regularly updated and patched
• Monitor the Security Configuration tab of Executive Dashboard
Try it yourself
A 30-day full access trial of Trend Vision One is available for download.
Please complete the class survey at the following URL or by scanning the QR code:
https://www.surveymonkey.com/r/TrendMicroVisionOne
This helps guide the development of courses and helps ensure that content matches your
requirements.