Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism

I would like to express my outrage over the brutal killings of George Floyd, Breonna Taylor, and Ahmaud Arbery – not as the CEO of an international company, but as a human being and a citizen of the world. It makes me very sad, but also intensely frustrated and angry to realize how little is being done around the world to overcome the blatant inequality and racism that persists. The disturbing, high-profile incidents in the past weeks expose in a cruel way how we live in a world where fear, uncertainty and discrimination continue to impact the lives of black people every single day.

As a global society, we should do better; we must be better.

At Trend Micro, we are committed to providing a safe, empathetic and respectful environment where we reject any form of racism and discrimination, with zero tolerance. We not only welcome diversity in our Trend Micro family, we encourage it, whether it is diversity of race, ethnicity, nationality, gender, gender identification, sexual orientation, physical ability, age, religion, veteran status, socio-economic status, and political philosophy. We believe it is our different backgrounds and experiences that make us who we are and make us as strong as we are. But we continue to listen and learn how to create equality for all.

I feel very strongly that we all need to do something and become a force for change. We have an obligation towards our communities and our children to leave this world in a better place. I am fortunate as a CEO to be able to use my voice to speak out against any kind of discrimination, against racism in any form. I ask that we all seek to expand our perspectives and heighten our awareness of others. We must open our eyes to the current and ugly truth and challenge any subconscious tendencies to avoid this painful reality of inequality!

Today I am inspired to lift up the voice of a young Trend Micro employee who posted on our internal web site:

“Progress is a process. Unity is part of the process.
Unity drives awareness…
Awareness drives education…
Education drives action…
Action drives change…
Let’s make a change!”

These are very difficult times for us as individuals, communities, and as nations. I ask you to join me in doing our part to fight racism – we can’t afford any more lives to be lost, any more children growing up deprived of their opportunities. First and foremost, we need to listen to our black communities and educate ourselves. And we must acknowledge that this is an ongoing issue – and continue to fight inequality every day, even when the protests don’t make headlines anymore. We can all make a difference. Speak out against injustice, listen to the stories of inequality, act, vote and make a change.

Together, we can make this world a better place!

Eva Chen

The post Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism appeared first on .

Smart Check Validated for New Bottlerocket OS

Containers provide a list of benefits to organizations that use them. They’re light, flexible, add consistency across the environment and operate in isolation.

However, security concerns prevent some organizations from employing containers. This is despite containers having an extra layer of security built in – they don’t run directly on the host OS.

To make containers even easier to manage, AWS released an open-source Linux-based operating system meant for hosting containers. While Bottlerocket AMIs are provided at no cost, standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.

Bottlerocket is purpose-built to run containers and improves security and resource utilization by only including the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose OS’s.

At Trend Micro, we’re always focused on the security of our customers cloud environments. We’re proud to be a launch partner for AWS Bottlerocket, with our Smart Check component validated for the OS prior to the launch.

Why use additional security in cloud environments

While an OS specifically for containers that includes native security measures is a huge plus, there seems to be a larger question of why third-party security solutions are even needed in cloud environments. We often hear a misconception with cloud deployment that, since the cloud service provider has built in security, users don’t have to think about the security of their data.

That’s simply not accurate and leaves a false sense of security. (Pun intended.)

Yes – cloud providers like AWS build in security measures and have addressed common problems by adding built in security controls. BUT cloud environments operate with a shared responsibility model for security – meaning the provider secures the environment, and users are responsible for their instances and data hosted therein.

That’s for all cloud-based hosting, whether in containers, serverless or otherwise.

Why Smart Check in Bottlerocket matters

Smooth execution without security roadblocks

DevOps teams leverage containerized applications to deploy fast and don’t have time for separate security roadblocks. Smart Check is built for the DevOps community with real-time image scanning at any point in the pipeline to ensure insecure images aren’t deployed.

Vulnerability scanning before runtime

We have the largest vulnerability data set of any security vendor, which is used to scan images for known software flaws before they can be exploited at runtime. This not only includes known vendor vulnerabilities from the Zero Day Initiative (ZDI), but also vulnerability intelligence for bugs patched outside the ZDI program and open source vulnerability intelligence built in through our partnership with Snyk.

Flexible enough to fit with your pipeline

Container security needs to be as flexible as containers themselves. Smart Check has a simple admin process to implement role-based access rules and multiple concurrent scanning scenarios to fit your specific pipeline needs.

Through our partnership with AWS, Trend Micro is excited to help ensure customers can continue to execute on their portion of the shared responsibility model through container image scanning by validating that the Smart Check solution will be available for customers to run on Bottlerocket at launch.

More information can be found here: https://aws.amazon.com/bottlerocket/

If you are still interested in learning more, check out this AWS blog from Jeff Barr.

The post Smart Check Validated for New Bottlerocket OS appeared first on .

Celebrating Decades of Success with Microsoft at the Security 20/20 Awards

Effective collaboration is key to the success of any organization. But perhaps none more so than those working towards the common goal of securing our connected world. That’s why Trend Micro has always been keen to reach out to industry partners in the security ecosystem, to help us collectively build a safer world and improve the level of protection we can offer our customers. As part of these efforts, we’ve worked closely with Microsoft for decades.

Trend Micro is therefore doubly honored to be at the Microsoft Security 20/20 awards event in February, with nominations for two of the night’s most prestigious prizes.

Better together

No organization exists in a vacuum. The hi-tech, connectivity-rich nature of modern business is the source of its greatest power, but also one of its biggest weaknesses. Trend Micro’s mission from day one has been to make this environment as safe as possible for our customers. But we learned early on that to deliver on this vision, we had to collaborate. That’s why we work closely with the world’s top platform and technology providers — to offer protection that is seamless and optimized for these environments.

As a Gold Application Development Partner we’ve worked for years with Microsoft to ensure our security is tightly integrated into its products, to offer protection for Azure, Windows and Office 365 customers — at the endpoint, on servers, for email and in the cloud. It’s all about simplified, optimized security designed to support business agility and growth.

Innovating our way to success

This is a vision that comes from the very top. For over three decades, our CEO and co-founder Eva Chen has been at the forefront of industry leading technology innovation and collaborative success at Trend Micro. Among other things during that time, we’ve released:

Two awards

We’re delighted to have been singled out for two prestigious awards at the Microsoft Security 20/20 event, which will kick off RSA Conference this year:

Customer Impact

At Trend Micro, the customer is at the heart of everything we do. It’s the reason we have hundreds of researchers across 15 threat centers around the globe leading the fight against emerging black hat tools and techniques. It’s why we partner with leading technology providers like Microsoft. And it’s why the channel is so important for us.

Industry Changemaker: Eva Chen

It goes without saying that our CEO and co-founder is an inspirational figure within Trend Micro. Her vision and strong belief that our only real competition as cybersecurity vendors are the bad guys and that the industry needs to stand united against them to make the digital world a safer place, guides the over 6000 employees every day. But she’s also had a major impact on the industry at large, working tirelessly over the years to promote initiatives that have ultimately made our connected world more secure. It’s not an exaggeration to say that without Eva’s foresight and dedication, the cybersecurity industry would be a much poorer place.

We’re all looking forward to the event, and for the start of 2020. As we enter a new decade, Trend Micro’s innovation and passion to make the digital world a safer place has never been more important.

The post Celebrating Decades of Success with Microsoft at the Security 20/20 Awards appeared first on .

What Worries CISOs Most In 2019

We recently held a valuable conversation (and a great dinner) with about a dozen senior IT security leaders in Atlanta, Georgia. I was fortunate to attend and discuss what plagues them most.

Here are some of their concerns.

Many face considerable change in their business environments – one third of the companies called out the high pace of acquisitions as a source of risk.

Acquisitions draw down information security resources disproportionately. First, IT security must participate in the due diligence phase, prior to the actual acquisition. Under significant time pressure, and strictly bound by the terms of the governing NDA, the InfoSec team must verify the integrity of the target environment’s IT infrastructure. It must render a judgment on the trustworthiness of the underlying procedures, the competence of the support team, the appropriateness of funding and staffing, the effectiveness of policy and awareness training, the fitness of the security technology judged against the changing mission of the target firm, and the accessibility of crucial information. In regulated industries, the acquirer has to review past certifications, audit findings and recommendations, and earlier security events, including how they were handled, and how the organization effectively integrated lessons learned into its updated way of doing business. Some of the attendees reported an acquisition every six weeks over the past two years or more. This pace requires efficient process maturity and open communication among the team members, and ample trust.

Some CIOs reported the challenge of balancing the executive team’s need to know with the managerial desire to optimize team focus on critical initiatives. In the Boardroom and among the C-suite, IT remains a hot topic and IT security is a known vulnerability. This leads some organizations toward micromanaging the IT security team. As we all know, this inappropriate focus has two costs: first, it distracts the Board and the C-suite from their primary missions. Second, it distracts the people doing the job from their task. One effective tactic some adopted is the weekly – or even daily – newsletter. This document provides the status for ongoing projects, notes about top performers, assessment of newly discovered vulnerabilities, and pointers towards effective risk mitigation the leadership team can bring to their respective operational areas. When a Board member has a question for the team, the CISO can intercept it and post a response through the newsletter.

Many CISOs discussed their challenges with BYOD policies. Some mentioned concerns with GDPR impeding their ability to wipe corporate applications and information from employee-owned devices. It’s unclear how to balance that business requirement with privacy concerns for smart phones. With laptops, one approach is to limit corporate access through a locked-down virtual desktop image accessed through a secure VPN. An evil-minded employee could take a picture of the screen, but that attack works on a corporate laptop just as well.

BEC remains a concern, along with phishing attacks leading to possible ransomware infections. One approach is to ignore emails from new domains – those that are less than two months old. This would exclude email from nearly all attackers; anyone legitimately trying to reach an employee will try again in time.

The meeting was quite open and convivial. It was an honor to participate in the discussion, and I look forward to similar meetings in the future. My thanks to the participants!

What do you think? Let me know in the comments below, or message me @WilliamMalikTM!

The post What Worries CISOs Most In 2019 appeared first on .