Trend Micro Worry-Free Business Security Services is a solid offering for SaaS endpoint protection software for small to midsize businesses (SMBs), with a very good cloud portal. This software gets a lot right but falls short on several fronts, especially its enormous agent installation.
Trend Micro Worry-Free Business Security Services (which begins at $75.50 per year for two users) is an evolution of the company’s antivirus and security solution that was popular in the 1990s. The product has progressed nicely over time and is now a fully equipped cloud hosted endpoint protection product. It takes a lot of the burden of security management off the shoulders of an already weary small business IT professional. It supports the usual suspect of device types, including those based on Android, Apple iOS, Apple OS X, and Microsoft Windows. The next step up, Trend Micro Worry-Free Advanced Services, adds separate protection measures for email, cloud storage, and Microsoft Office 365 protection. For evaluation purposes, a 30-day trial is available on their website. Still, while it did well on most of our testing, it lagged somewhat when detected common script-based attacks. This is what keeps it behind current Editors’ Choice winner Bitdefender GravityZone Business Security.
Trend Micro Worry-Free Business Security Services is commanded from a well-constructed web console. It’s not overly complex but it’s not as overly simplistic as the ones I encountered on Avast Business Antivirus Pro Plus. With Trend Micro Worry-Free Business Security Services, computers can be added to the Devices tab by clicking the Add Device button and choosing whether they want to email an install link, immediately install to the current device, or download an installer package that can be distributed to multiple devices. Once registered, the device will display and can be organized into easily managed groups. Information such as the computer or device name, IP address, status, and infection statistics are all available at a glance.
The Live Status tab acts as an overview of outstanding threats, the type of threats detected, and how those threats break out in terms of affected device and style of attack. It also shows if any immediate action is required on the part of the administrator. It is simple to read with minimal fluff, which is important when calls start coming into the helpdesk.
If one or more of the devices are checked, then updates can be performed on the device, or the disk drives can be encrypted or decrypted by using whatever native software is available. For Microsoft Windows-based machines, that company’s BitLocker is used. For Apple OS X computers, File Vault will be the encryption method of choice. Policies may be set up and applied per group. This is a nice feature since travelers will often require a different level of latitude compared to well-controlled desktop PCs sitting in the office. Likewise, servers will have a higher level of scrutiny since they tend to be grand prize for most cyber-attacks. It is worth noting that, for all testing, I enabled all of the behavior monitoring options for all devices.
The Scans tab gives you some options for setting up manual and scheduled scans. The only atypical piece was the Vulnerability scan. This is not a full vulnerability scan like one would experience with Nessus or Metasploit Pro. It strictly looks for critical Windows security vulnerabilities with known patches. Still, this is a useful option since, as we all learned during the recent Equifax debacle, patching does have a tendency to lag, and when it does, the consequences can get very real. Trend Micro recognized this and gave admins a quick way to get an overview of which systems still require patch attention.
The Reports tab has a variety of report content that can be downloaded as a PDF file or sent to an email address. You can schedule reports on a weekly or monthly basis or between a specific date range. Either all devices or a specific group can be chosen for reporting, so it’s easy to break things out by servers, desktops, laptops, and mobile devices. While you might need to rejigger some things to get a report series done around organizational parameters (e.g., sales, accounting, etc.), it’s doable and the content of the report is both informative and well organized.
Using Trend Micro Worry-Free Business Security Services, MRG-Effitas, a research company that specializes in testing security and antivirus products, found that, out of the ransomware tested on protected systems, 67.3 percent of the threats were completely blocked. Meanwhile, 32.7 percent of the ransomware was blocked, but with unnecessary input required from the user. Lastly, 1.9 percent was blocked, with some files still encrypted. As a combined score, Trend Micro Worry-Free Business Security Services still protected against 100-percent of the threats but perhaps not as early as other products.
My initial independent testing involved using a known set of malware collected for research purposes. Each was stored in a password-protected ZIP file and was extracted individually. While Trend Micro Worry-Free Business Security Services faired the best when it came to the detection of viruses and malware, it did so only upon execution or a full-system scan. While several other products detected the presence of a malicious application at the time it was copied to the desktop, Trend Micro Worry-Free Business Security Services took a delayed approach. After a full scan completed, however, it detected 104 out of the 111 variants. That amounts to 93 percent of the threats presented. It’s worth noting that, since these files were not executed, this detection rate will be lower than if the payloads were run on the machine (since part of Trend Micro Worry-Free Business Security Services’ detection process includes program behavior analysis).
To test protection against harmful websites, I used a random selection of the 10 newest-reported websites on PhishTank, an open community that reports known and suspected phishing websites. All of the Uniform Resource Locators (URLs) I pointed at the target device resulted in a «Harmful website blocked» message in the browser.
Next, I attempted a more direct attack, which would involve users executing a file or opening a compromised document. However, when dealing with infected Microsoft Word documents and PDF files, Trend Micro Worry-Free Business Security Services had mixed results. It immediately recognized that the PDF files contained packed malicious exploits and prevented them from establishing a connection to the attacking system. In addition, it quarantined the infected file. But when I used the infected Microsoft Word document, which utilized macros, Trend Micro Worry-Free Business Security Services allowed a connection.
Script-based attacks succeeded as well, though Trend Micro Worry-Free Business Security Services isn’t alone in having some script-based weakness. Assuming a user launches the infected script, the attacker system will gain access without being detected by Trend Micro Worry-Free Business Security Services. This is not atypical since scripted attacks are a relatively new phenomenon that not all detection engines are equipped to deal with. However, assuming an attacker gained this much ground, it doesn’t get much better from this point on.
After getting a remote shell, I could elevate permissions to administrative, retrieve a listing of all hashed passwords, clear the event logs, add items to the Windows registry, upload and download files, encrypt files, and alter the Windows hosts file that correlates URLs to where they resolve to, and install a keylogger.
