Get the specialized threat detection, real-time intelligence, adaptive protection, and rapid response you need to combat targeted attacks and Advanced Persistent Threats (APTs). At the heart of the Trend Micro Custom Defense solution, Deep Discovery uniquely detects and identifies evasive threats in real-time, then provides the in-depth analysis and actionable intelligence you need to discover, remediate, and defend against targeted attacks in your organization.
Reduce the risk and impact of APT attacks
Deep Discovery is at the core of the Trend Micro Custom Defense solution, which enables you to not only detect and analyze APTs, but also to rapidly adapt protection and respond to these attacks. Deep Discovery provides network-wide monitoring powered by custom sandboxing and relevant real-time intelligence to enable early attack detection, enable rapid containment, and deliver custom security updates that immediately improve your protection against further attack.
Deep Discovery’s proven approach provides the best detection with the fewest false positives and the greatest coverage by identifying malicious content, communications, and behavior across every stage of the attack sequence. Through detection and in-depth analysis of both advanced malware and evasive attacker behavior, Deep Discovery provides enterprises and government organizations with a new level of visibility and intelligence to combat APTs and targeted attacks across the evolving computing environment.
Deep Discovery enables advanced threat protection
The Deep Discovery solution is comprised of two components. The Deep Discovery Inspector provides network traffic inspection, advanced threat detection and real-time analysis and reporting. The optional Deep Discovery Advisor provides open, scalable custom sandbox analysis, visibility to network-wide security events, and security update exports—–all in a unified intelligence platform.
This network security solution is purpose-built for detecting APT and targeted attacks. Deep Discovery Inspector uses a 3-level detection scheme to perform initial detection, then sandbox simulation and correlation, then ultimately, a final cross-correlation to discover “low and slow” and other evasive attacker activities discernable only over an extended period.
Specialized detection and correlation engines provide the most accurate and up-to-date protection aided by global threat intelligence from Trend Micro Smart Protection Network and dedicated Threat Researchers. The results are high detection rates, low false positives, and in-depth incident reporting information designed to speed the containment of an attack.
Advanced Threat Detection
Deep Discovery Inspector focuses on indentifying malicious content, communications, and behavior indicative of advanced malware or attacker activity across every stage of the attack sequence, using a non-intrusive, listen-only inspection of all types of network traffic.
Threat Tracking, Analysis, and Action
Deep Discovery Inspector provides real-time threat visibility and deep analysis in an intuitive format that allows security professionals to focus on the real risks, perform forensic analysis, and rapidly remediate issues.
Deep Discovery Inspector integrates with leading SIM platforms to deliver improved enterprise-wide threat management from a single SIEM console.
Flexible, High-Capacity Deployment
Deep Discovery Inspector features a high-performance architecture designed to meet the demanding and diverse capacity requirements of customers of all sizes. The product is available on a full range of hardware, software and virtual appliances supporting multi-gigabit corporate backbones down to remote office locations.
This threat intelligence solution provides expanded threat analysis and visibility into network-wide security events and security update exports.
Deep Discovery Advisor Features
The Threat Analyzer is an optional component designed to offer in-depth simulation and analysis of potentially malicious sample files including executables and common office documents. It can augment and centralize the simulation of Deep Discovery Inspector as well as provide advanced detection and analysis security for professionals or any security product or service via an open web services interface.
Threat Intelligence Center
The Threat Intelligence Center is a complete analysis environment for event data from the Threat Analyzer as well as security events and logs collected from Deep Discovery Inspector, other Trend Micro products, and third-party solutions. Using these sources and integrated Threat Connect intelligence, Threat Intelligence Center provides in-depth insights to drive risk-based incident assessment, containment and remediation.
Security Update Server
The Security Update Server provides the means to export useful security blocking information learned from Threat Analyzer simulation. This information includes newly identified malicious IP/URL addresses and file hash codes that can be useful to a variety of security products. Deep Discovery Inspector and certain other Trend Micro products automatically receive this information. The information can also be manually exported via CSF files.
Deep Discovery Inspector
Deep Discovery Advisor Hardware Appliance