Network Analytics and Threat Sharing

Correlate and visualize advanced threat events to prioritize your response

Key Features

Visualize the attack

Trend Micro Deep Discovery Network Analytics correlates detection events, showing you:

  • What the first point of attack was
  • Who else in the organization is impacted
  • Where is the threat is calling out to
  • How the initial breach happened*

*requires Trend Micro Apex One™ Endpoint Sensor

Windows® Mac® AndroidTM iOS new Power Up

Standards-based sharing

Collect advanced threat intelligence from TAXII feeds or clients along with customer indicators of compromise (IoC) inputs, and share threat intelligence across your network, so you can stop worrying about missing new threats.

Windows® Mac® AndroidTM iOS new Power Up

Event correlation

Deep Discovery Network Analytics examines the relationship between events to help you understand the full extent of the attack, including both high and low severity events, allowing you to block all aspects of future attacks.

Windows® Mac® AndroidTM iOS new Power Up

Integrated products

  • Trend Micro Deep Discovery Director 3.0 or later
  • Trend Micro Deep Discovery Inspector 5.1 or later
     

Virtual appliance

  • Virtual machine with the following minimum specifications:
  • Hypervisor: VMware® vSphere ESXi 6.5, Microsoft® Hyper-V® in Windows® Server 2016
  • Deep Discovery Director Network Analytics is an appliance based on CentOS Linux® 7 (64-bit) 
  • Network interface card: 1 with 1 Gbps adapter
  • SCSI controller: LSI Logic Parallel
  • CPU: 1.8 GHz (8-12 cores)
  • Memory: 64 GB 
  • Hard disk: 6 TB (thick provisioned)
     

With this configuration and a typical enterprise level of network traffic, Deep Discovery Director Network Analytics can service:

On-Premises As a Service

Up to 4 Gbps of combined Trend Micro™ Deep Discovery Inspector™ throughput

Eg. 1 DDI 4000 or 4 DDI 1000

Up to 20 Gbps of combined Deep Discovery Inspector throughput

Eg  2 DDI 9000 or 5 DDI 4000

With this storage capacity, the amount of time for which network data can be retained and hence correlations are available as:

On-Premises As a Service

For 1 DDI 1000 device: 4-6 months

For 1 DDI 4K device: 40-45 days

6 months

Management console

  • Google Chrome latest version
  • Mozilla™ Firefox latest version
  • Microsoft® Internet Explorer® latest version
  • Recommended resolution: 1,280x800 or higher

Prioritize and simplify attack data

Detecting, alerting, and blocking threats can produce a glut of data. To assist security professionals in the time-consuming task of combing through potentially thousands of alerts or logs, Deep Discovery Network Analytics correlates all the events to show what the first point of entry was by identifying patient zero, who else has been breached, so you can see the full scope of the attack, where the threat is calling out to, and how the threat made its original infection.*

* requires Trend Micro Apex One Endpoint Sensor

Detect threats faster with advanced sharing

Staying ahead of the threat landscape is difficult, especially when you are managing multiple security solutions. Deep Discovery ingests the latest advanced threat intelligence, or IoCs, from threat feeds and custom inputs (STIX/TAXII and YARA) and shares the IoCs with Trend Micro and third-party solutions.

This enables all the connected products to detect and block the previous unknown threats, giving your security operations center (SOC) greater visibility and control against attacks.

Visibility from network to endpoint

When investigating an attack, you can’t just look at the network or endpoints independently. You need to see them together.

Deep Discovery Network Analytics integrates with Apex One Endpoint Sensor (EDR) to provide a view, from network to endpoint, across the same attack. See the root cause analysis of an attack, how it spread across the network, and to whom.

Get real-time visualization of targeted attacks

In some cases, you may think the attack started today, but, in fact, the breach happened weeks ago. An easy-to-read Sankey diagram lets you see every step of the attack, dating back 6 months. Deep Discovery Network Analytics extracts metadata from the network traffic and correlates the events in a graph for real-time visibility. You get faster resolution with fewer people involved and a bigger picture of the full attack.

Get started with Network Analytics and Threat Sharing

Analyst Working on Cloud Server

Protect more

Deep Discovery Inspector not only monitors inbound and outbound traffic, but also lateral movement to detect and block advanced threats that may have evaded existing security.

Deep Discovery Analyzer provides advanced sandbox analysis and detects threats to extend the value of security products.

Trend Micro TippingPoint® Threat Protection System gives you high-speed, inline IPS inspection, offering comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy and low latency.