Trend Micro Command & Control (C&C) Contact Alert Services provides
enhanced detection and alert capabilities to mitigate the damage caused by advanced
persistent
threats and targeted attacks. C&C Contact Alert Services are integrated with Web Reputation
Services which determines the action taken on detected callback addresses based on
the web
reputation security level.
The C&C IP list further enhances C&C callback detections using the Network Content
Inspection Engine to identify C&C contacts through any network channel.
For details on configuring the Web Reputation Services security level, see Configuring a Web Reputation Policy.
C&C Contact Alert Services Features
|
Feature
|
Description
|
|
Trend Micro Smart Protection Network compiles the Global
Intelligence list from sources all over the world and tests and evaluates the risk
level of
each C&C callback address. Web Reputation Services uses the Global Intelligence list
in
conjunction with the reputation scores for malicious websites to provide enhanced
security
against advanced threats. The web reputation security level determines the action
taken on
malicious websites or C&C servers based on assigned risk levels.
|
|
|
Smart Protection Servers can integrate with Virtual Analyzer to
obtain the Virtual Analyzer C&C server list. Virtual Analyzer evaluates potential
risks
in a secure environment and, through use of advanced heuristics and behavioral testing
methods, assigns a risk level to the analyzed threats. The Virtual Analyzer populates
the
Virtual Analyzer list with any threat that attempts to connect to a possible C&C server.
The Virtual Analyzer list is highly company-specific and provides a more customized
defense
against targeted attacks.
Trend Micro Apex One
retrieves the list from Virtual Analyzer and can evaluate all possible C&C threats
against both the Global Intelligence and the local Virtual Analyzer list.
For details on connecting the Virtual Analyzer Suspicious Objects lists, see
Configuring Suspicious Object List
Settings.
|
|
|
Suspicious Connection Service
|
The Suspicious Connection Service manages the User-defined and Global IP C&C lists,
and monitors the behavior of connections that endpoints make to potential C&C
servers.
For details, see Suspicious Connection Service.
|
|
Administrator notifications
|
Administrators can choose to receive detailed and customizable notifications after
detecting a C&C callback.
For details, see Configuring C&C Callback Notifications
for Administrators.
|
|
Agent notifications
|
Administrators can choose to send detailed and customizable notifications to
end users after detecting a C&C callback on an endpoint.
For details, see C&C Contact Alert Notifications for Agent
Users.
|
|
Outbreak notifications
|
Administrators can customize outbreak notifications specific to C&C callback events
and specify whether the outbreak occurs on a single endpoint or across the entire
network.
For details, see C&C Callback Outbreaks.
|
|
C&C callback logs
|
Logs provide detailed information regarding all C&C callback events.
For details, see Viewing C&C Callback Logs.
|