♦ Highest detection rates through the use of specialized modules and a customized isolation environment
♦ In-depth analysis comparing local and global threat data
♦ Rapid response with the use of advanced means of analyzing incidents on end devices and general data on the signs of hacking or contamination
Deep Discovery Inspector is a network solution that provides full control of traffic and allows detecting all manifestations of targeted attacks. Deep Discovery Inspector monitors traffic on all network ports for more than 100 protocols, thereby ensuring the highest possible degree of protection.
Specialized detection modules and customized isolated environments allow the detection and analysis of malicious programs, data exchange sessions with command centers, as well as hidden actions of intruders that are not fixed by standard security measures. In-depth threat analysis helps to react quickly to the situation, and the received data is automatically transferred to other security programs, which allows you to create a customizable system of protection against intruders, functioning in real time.
Deep Discovery Email Inspector is a solution for protecting e-mail based on advanced threat detection technologies and creating an isolated environment that can detect and block targeted e-mail messages with phishing content that are harbingers of most targeted attacks. It reduces the risk of attacks by adding a transparent level of additional checks that detect malicious content, attachments, and URL links that are not detected by standard e-mail protection solutions.
Email Inspector functions on the network, interacting with existing solutions to protect mail gateways and servers. This product can work in MTA (lock) and BCC (tracking only) modes, and its use does not need to change the policies or management scheme of existing solutions.
To unlock password-protected files and archives, various heuristic methods and the keywords offered by the client are used.
Deep Discovery Endpoint Sensor is a tool for monitoring security on endpoints with context. It captures actions at the system level and produces detailed reports, through which threat analysts can quickly assess the nature and scale of the attack. Analytical information about the attacks, obtained with the help of Deep Discovery, and other signs of hacking and infection allow you to compare the monitoring data of the end devices to detect penetrations and determine the entire context and the course of the attack.
Individual parameters, OpenIOC and YARA files, or threat information from other Trend Micro products can be used for analysis. They can be called from a special console or Control Manager.
Deep Discovery Analyzer is a server for analyzing data in a configurable, isolated environment. It increases the degree of protection against targeted attacks provided by Trend Micro products and solutions from other vendors. Deep Discovery Analyzer immediately integrates with Trend Micro solutions to protect e-mail and work on the Internet. This product also allows you to extend or centralize the analysis processes in an isolated environment, implemented in other Deep Discovery solutions.
In addition, it supports the Web Services API for integration with any products, as well as the manual sending of threat information. The customized sandboxes created with this solution correspond exactly to the software configurations of the target computers, which helps to identify threats more effectively and reduces the number of false detections.
Scalable Isolated Environment Services
Performance is optimized through the use of a scalable solution that efficiently serves e-mail, network, endpoints and any other sources of malicious samples. High-availability clustering technologies provide scalability and reliability.
Configurable Isolated Environments
Isolated environment settings for simulation and analysis exactly match the software configuration of your system, which ensures optimal detection rates and a low number of false positives. Scanning is based on IOC or YARA rules.
Analysis of a variety of files and URL
The solution analyzes various Windows executable files, Microsoft Office documents, PDF files, web content and compressed files using several detection modules and a customized isolation environment.
Detecting vulnerabilities in documents
The solution identifies malicious programs and vulnerabilities that are often found in office documents of common formats using specialized detection tools and an isolated environment.
The system performs page scanning and analysis of URLs specified by the user or automatically entered using the Web API in an isolated environment.
Full results of the analysis, including detailed information about the actions of malicious samples and the exchange of data with the command centers, are provided to the user through a centralized system of information panels and reporting.
Integration with Trend Micro products
It supports easy integration with the Deep Discovery solution and Trend Micro products to protect e-mail and work on the Internet.
Web services API and manual data sending
The solution accepts threat samples from any security management system or an authorized threat researcher. You can set priorities for manually sent data.
Integration with Network Defense
New data on detected signs of threats and penetration are automatically transferred to other solutions of Trend Micro and third-party products for security.