Trend Micro Deep Discovery

Deep Discovery is a proven solution for protecting against targeted attacks and modern persistent threats
The Trend Micro Deep Discovery platform for threat protection allows you to detect, analyze and neutralize current, hidden, targeted attacks in real time. The Deep Discovery solution, which is deployed as separate components or a full-fledged information security platform, provides advanced protection against threats that any organization needs. The Deep Discovery platform, which underpins the Trend Micro Network Defense solution, integrates the existing security infrastructure into a comprehensive adaptable system that will protect your organization from targeted attacks.

♦ Highest detection rates through the use of specialized modules and a customized isolation environment

♦ In-depth analysis comparing local and global threat data

♦ Rapid response with the use of advanced means of analyzing incidents on end devices and general data on the signs of hacking or contamination

Network protection

Deep Discovery Inspector is a network solution that provides full control of traffic and allows detecting all manifestations of targeted attacks. Deep Discovery Inspector monitors traffic on all network ports for more than 100 protocols, thereby ensuring the highest possible degree of protection.

Specialized detection modules and customized isolated environments allow the detection and analysis of malicious programs, data exchange sessions with command centers, as well as hidden actions of intruders that are not fixed by standard security measures. In-depth threat analysis helps to react quickly to the situation, and the received data is automatically transferred to other security programs, which allows you to create a customizable system of protection against intruders, functioning in real time.


Main features

Integrated network security system 
Traffic is monitored on all ports for more than 100 protocols, which allows you to detect attacks anywhere on the network.

Detection of malicious programs, communication sessions with command centers, as well as the actions of intruders 
With the help of specialized detection modules, correlation rules and a customized isolation environment, it is possible to evaluate all aspects of a directed attack (and not only malicious programs).

Configurable Isolated Environments 
To detect attacks aimed at organizing, virtual images are used, exactly corresponding to the configurations of the serviced systems.

Global Threat Notification System 
Trend Micro™ Smart Protection Network used by detection systems and Threat Connect portal for attack analysis.

A wide range of protected systems 
Detection of attacks in Windows, Mac OS X, Android, Linux and other systems.

Simplicity and flexibility through the use of one solution 
The security infrastructure is simplified by using a single solution that is designed for different scales of application and deployed in a hardware or virtual configuration.

Improvement of existing protection systems 
Provides data exchange on the signs of hacking and infection, as well as automatic updating of Trend Micro products and other vendors to protect against further attacks.

E-mail Security

Deep Discovery Email Inspector is a solution for protecting e-mail based on advanced threat detection technologies and creating an isolated environment that can detect and block targeted e-mail messages with phishing content that are harbingers of most targeted attacks. It reduces the risk of attacks by adding a transparent level of additional checks that detect malicious content, attachments, and URL links that are not detected by standard e-mail protection solutions.

Email Inspector functions on the network, interacting with existing solutions to protect mail gateways and servers. This product can work in MTA (lock) and BCC (tracking only) modes, and its use does not need to change the policies or management scheme of existing solutions.

Main features

Analysis of mail attachments 
Attachments in e-mail messages are checked using various detection modules and an isolated environment. Among the analyzed attachments are various Windows executables, Microsoft Office documents, PDF and ZIP files, web content and a variety of archives.

Detecting vulnerabilities in documents 
Specialized detection and analysis technologies in isolated environments allow you to find malicious programs and vulnerabilities in standard office documents.

Configurable Isolated Environments 
To create an isolated environment and analyze data, models that are exactly the same as the software configurations of the systems served.

Analyzing nested URL 
Monitoring links in e-mail messages is done through reputation verification tools, content analysis, and an isolated environment. 

Checking passwords 
To unlock password-protected files and archives, various heuristic methods and the keywords offered by the client are used.

Flexible management and deployment 
Detailed scanning and processing of e-mail messages allows you to protect any environment. Email Inspector solution can work in conjunction with other products for secure e-mail in the MTA (lock) and the BCC (monitoring).

Integration and data exchange 
Information about detected threats (links to command centers, other signs of hacking and infection) is transferred to other security solutions.

Endpoint Protection

Deep Discovery Endpoint Sensor is a tool for monitoring security on endpoints with context. It captures actions at the system level and produces detailed reports, through which threat analysts can quickly assess the nature and scale of the attack. Analytical information about the attacks, obtained with the help of Deep Discovery, and other signs of hacking and infection allow you to compare the monitoring data of the end devices to detect penetrations and determine the entire context and the course of the attack.

Individual parameters, OpenIOC and YARA files, or threat information from other Trend Micro products can be used for analysis. They can be called from a special console or Control Manager.

Main features

Event logging on target devices 
The Endpoint Sensor system uses a resource-insensitive client that captures important actions on end devices and kernel-level communication events. He tracks these incidents in context and dynamics, which allows to create a detailed history available to analysts in real time.

Various search options 
On the end devices, you can control certain communication sessions, specific malicious programs, registry and account operations, running processes, and other parameters. the individual parameters can be used to search, OpenIOC files and YARA.

Different levels of contextual analysis and results 
On interactive monitoring panels, it is possible to monitor the dynamics of incidents in the isolated environment mode, the spread of events over time on various end devices, detailing the results, and exporting the analysis results.

Search and analyze in standalone mode and using Trend Micro Manager 
Search queries can be performed using the Endpoint Sensor console or the Control Manager, using data on hacking and infection symptoms, as well as information about events from other products.

Locally, remotely and in the cloud 
Endpoint Sensor generates detailed reports on incidents at the system level on all servers, workstations and laptops based on Windows OS, regardless of their location.

Enhanced protection against targeted attacks

Deep Discovery Analyzer is a server for analyzing data in a configurable, isolated environment. It increases the degree of protection against targeted attacks provided by Trend Micro products and solutions from other vendors. Deep Discovery Analyzer immediately integrates with Trend Micro solutions to protect e-mail and work on the Internet. This product also allows you to extend or centralize the analysis processes in an isolated environment, implemented in other Deep Discovery solutions.

In addition, it supports the Web Services API for integration with any products, as well as the manual sending of threat information. The customized sandboxes created with this solution correspond exactly to the software configurations of the target computers, which helps to identify threats more effectively and reduces the number of false detections.

Main features

Scalable Isolated Environment Services
Performance is optimized through the use of a scalable solution that efficiently serves e-mail, network, endpoints and any other sources of malicious samples. High-availability clustering technologies provide scalability and reliability.

Configurable Isolated Environments
Isolated environment settings for simulation and analysis exactly match the software configuration of your system, which ensures optimal detection rates and a low number of false positives. Scanning is based on IOC or YARA rules.

Analysis of a variety of files and URL
The solution analyzes various Windows executable files, Microsoft Office documents, PDF files, web content and compressed files using several detection modules and a customized isolation environment.

Detecting vulnerabilities in documents
The solution identifies malicious programs and vulnerabilities that are often found in office documents of common formats using specialized detection tools and an isolated environment.

URL Analysis
The system performs page scanning and analysis of URLs specified by the user or automatically entered using the Web API in an isolated environment.

Detailed reporting
Full results of the analysis, including detailed information about the actions of malicious samples and the exchange of data with the command centers, are provided to the user through a centralized system of information panels and reporting.

Integration with Trend Micro products
It supports easy integration with the Deep Discovery solution and Trend Micro products to protect e-mail and work on the Internet.

Web services API and manual data sending
The solution accepts threat samples from any security management system or an authorized threat researcher. You can set priorities for manually sent data.

Integration with Network Defense
New data on detected signs of threats and penetration are automatically transferred to other solutions of Trend Micro and third-party products for security.