Skip to content

Smart Protection Network – Data Mining Framework

When it comes to threat intelligence, size matters

Find out why managing big data is a big deal for your security

Read AimPoint Group white paper

< >

The Trend Micro Smart Protection Network™ cloud data mining framework rapidly and accurately identifies new threats, delivering global threat intelligence to all our products and services. Ongoing advances in the depth and breadth of the Smart Protection Network allow us to look in more places for threat data, and respond to new threats more effectively, to secure data wherever it resides. Read datasheet

Handling the 3 Vs: Volume, Variety, Velocity

Today’s threat environment means vendors have to deal with the 3 Vs of big data: volume, variety, and velocity. Each of these is growing at an astounding rate and has required a shift in how security vendors data mine and manage today’s threats.

We collect massive amounts of threat-specific data, then use big data analytics to identify, correlate, and analyze new threats. This produces actionable threat intelligence we use to deliver immediate protection through our proven cloud infrastructure.

Trend Micro’s ability to collect, identify and protect through the Smart Protection Network data mining framework ensures the volume, velocity and variety of threat data is managed efficiently and effectively.

To understand more, see how CTO Raimund Genes, in his latest CTO Insights video blog, explains the use of big data within the Smart Protection Network framework to deliver improved protection against today’s threats.

Smart Protection Network’s global threat intelligence

  • Collects more threat data from a broader, more robust global sensor network to ensure customers are protected from the volume and variety of threats today, including mobile and targeted attacks
  • Identifies new threats faster using finely tuned custom data mining tools to root out new threats within the large data streams
  • Protects through a proven cloud-based infrastructure that provides the fastest possible protection against new threats and minimizes the risk associated with an attack
Smart Protection Network at a Glance(01:39)

White paper: Big Data for Advanced Threat Protection: Key Criteria for Cutting Through the Clamor (PDF)
"Leveraging Big Data for information security purposes not only makes sense but is necessary."
Mark Bouchard, Aimpoint Group

White paper: Addressing Big Data Security Challenges: The Right Tools for Smart Protection (PDF)
Understand how Big Data is analyzed in the context of cyber security to ultimately benefit the end user.

The Smart Protection Network framework works in three distinct areas: data collection, identification, and protection.

Collecting data in volume

Sixty-five million new attacks emerge every year. Smart Protection Network is designed to seek out the massive volume of data that can uncover these attacks.

  • Collects and mines more than 15 terabytes of threat data each day from across the globe for greater visibility into the nature of attacks
  • Continuously taps a worldwide network of sandnets, submissions, feedback loops, web crawling technologies, customers and partners, and TrendLabs researchers
  • Seeks out extensive variety of potential threat sources including IP, domain, file, vulnerabilities and exploits, mobile apps, command and control communications, network communications, and threat actors


Identifying global threats through big data analytics

We pioneered the use of big data analytics for threat intelligence when we started building the Smart Protection Network some seven years ago. We host thousands of event feeds and stream billions of events in our data centers, and have become experts in the data mining tools and techniques required to make sense of the variety of threats and attacks being perpetrated.

  • Correlates critical relationships among all components of an attack
  • Models cybercriminal behavior and the environments they work in to quickly determine whether something is good or bad
  • Proactively identifies new threats from the data streams using behavioral-based identification methods


Protecting customers wherever their data resides

It’s critical to match the velocity of attacks with an equally fast response. We consistently demonstrate faster time to protect in independent tests.

  • Proven cloud infrastructure rapidly delivers threat intelligence across physical, virtual, cloud, and mobile environments
  • Processing threat information in the cloud reduces demand on system resources and eliminates time-consuming signature downloads
  • Higher performance and lower maintenance reduce operating cost


open all


Mobile App Reputation

An industry first, Trend Micro Mobile App Reputation dynamically collects and rates mobile applications for malicious activity, resource usage and privacy violations.



Trend Micro has been using an in-the-cloud whitelist (GRID – Goodware Resource and Information Database) for many years to protect against false positives.


Vulnerabilities and Exploits

Cybercriminals exploit vulnerabilities in software programs to steal data and perform other malicious acts.


Network Traffic Intelligence

Trend Micro operates large sandnets that are constantly fed from various global sources of malware samples.


Threat Actor Intelligence

Trend Micro threat researchers actively investigate and research the cybercriminal underground.


Enhanced Web Reputation

With one of the largest domain-reputation databases in the world, Trend Micro’s web reputation technology tracks the credibility of web domains.


Email Reputation

Trend Micro’s multilayer email reputation technology combines IP reputation, content analysis, and backend correlation to respond to email threats in real time.


Enhanced File Reputation

File reputation decouples the pattern file from the local scan engine and conducts pattern file lookups over the network to a Smart Protection Server, which may reside in a public or private cloud.


Big Data Analytics and Data Mining Correlation

Using customized tools for analyzing the massive amount of threat data received daily, and correlating the different components of an attack, allows us to continuously update our global threat intelligence.


Smart Protection Server

For those organizations that have limited bandwidth or are concerned with privacy, Smart Protection Server keeps communications and queries within the local network.


Smart Feedback

Attackers carefully select their targets, moving away from launching large-scale attacks to focus on more specific and somewhat more “personal” targets.

Using information provided by the Smart Protection Network and cybercriminals themselves we are able to examine how these attacks happen, identify unique patterns from hacker data, correlate it with other threat intelligence, and prevent malicious attacks. The infographic below is case study of how we tracked the threat known as #OpUSA .

Connect with us on