Threat Sharing and Network Analytics

Block, detect, and understand advanced threats faster

Key Features

Play back an attack

With the click of a mouse, Trend Micro™ Deep Discovery™ Network Analytics allows you to watch an attack play out, giving you a clearer picture and an understanding of where to focus remediation and future prevention.

WindowsTM Mac AndroidTM iOS new Power Up

Standards-based sharing

Collect advanced threat intelligence from TAXII feeds or clients along with custom IOC inputs, and share this intelligence across your network, so you can stop worrying about missing new, advanced threats.

WindowsTM Mac AndroidTM iOS new Power Up

Event correlation

By correlating a large number of events and analyzing the relationship between them, Deep Discovery Network Analytics will help you understand how they are connected. A unique map of the attack will give you insight into how these events fit together over time.

WindowsTM Mac AndroidTM iOS new Power Up

Integrated products

  • Deep Discovery Director 3.0 or later
  • Deep Discovery Inspector 5.1 or later
     

Virtual appliance

  • Virtual machine with the following minimum specifications:
  • Hypervisor: VMware vSphere ESXi 6.5, Microsoft Hyper-V in Windows Server 2016
  • Deep Discovery Director - Network Analytics is an appliance based on CentOS Linux 7 (64-bit) 
  • Network interface card: 1 with 1 Gbps adapter
  • SCSI controller: LSI Logic Parallel
  • CPU: 1.8 GHz (8-12 cores)
  • Memory: 64 GB 
  • Hard disk: 6 TB (thick provisioned)
     

With this configuration and a typical enterprise level of network traffic, Deep Discovery Director - Network Analytics can service:

  • Up to 4 DDI-1000 devices
  • Up to 1 DDI-4K device
     

With this storage capacity, the amount of time for which network data can be retained and hence correlations are available as: 

  • For 1 DDI-1000 device: 4-6 months 
  •  For 1 DDI-4K device: 40-45 days
     

Management console

  • Google Chrome(TM) latest version
  • Mozilla(TM) Firefox(TM) latest version
  • Microsoft(TM) Internet Explorer(TM) latest version

Recommended resolution: 1280 x 800 or higher

Detect threats faster with advanced sharing

Staying ahead of the threat landscape is difficult, especially when you are managing multiple security solutions. Deep Discovery ingests the latest advanced threat intelligence, or Indicators of Compromise (IOCs), from threat feeds and custom inputs and shares the IOCs with Trend Micro and third-party solutions.

This enables all the connected products to detect and block the previous unknown threats, giving your Security Operations Center (SOC) greater visibility and control against attacks.

Prioritize and simplify attack data

Detecting, alerting, and blocking threats can produce a glut of data, some of it relevant, some of it not. To assist security professionals in the time-consuming task of combing through the potential thousands of alerts or logs each day, Deep Discovery Network Analytics shows: 

  • What was the first point of entry of the attack?
  • Who else in the organization has been impacted by the attack?
  • Where was the threat calling out to? (command and control communication)

Get real-time visibility into targeted attacks

In some cases, you may think the attack started today, but, in fact, the breach happened weeks ago. An easy-to-read Sankey diagram lets you see every step of the attack, dating back 90 days. Deep Discovery Network Analytics extracts metadata from the network traffic and correlates the events in a graph for real-time visibility. You get faster resolution with fewer people involved and a bigger picture of the full attack.

Get started with Threat Sharing and Network Analytics

Protect more

Protect more

Deep Discovery Inspector not only monitors inbound and outbound traffic, but also lateral movement to detect and block advanced threats that may have evaded existing security.

Deep Discovery Analyzer provides advanced sandbox analysis and detects threats to extend the value of security products.

TippingPoint® Threat Protection System gives you high-speed, inline IPS inspection, offering comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy and low latency.