Network Analytics and Threat Sharing

Correlate and visualise advanced threat events to prioritise your response

Key Features

Visualise the attack

Trend Micro™ Deep Discovery™ Inspector includes XDR capabilities to correlate detection events showing you:

  • What the first point of attack was
  • Who else in the organisation is impacted
  • Where the threat is calling out to
  • How the initial breach happened*
  • Others who may also be a target**

*requires Trend Micro Apex One™ as a Service with XDR
**requires Trend Micro™ Cloud App Security with XDR

Windows® Mac® AndroidTM iOS new Power Up

Standards-based sharing

Collect advanced threat intelligence from TAXII feeds or clients along with customer indicators of compromise (IoC) inputs, and share threat intelligence across your network, so you can stop worrying about missing new threats.

Windows® Mac® AndroidTM iOS new Power Up

Event correlation

Examines the relationship between events to help you understand the full extent of the attack, including both high and low severity events, allowing you to block all aspects of future attacks.

Windows® Mac® AndroidTM iOS new Power Up

Integrated products

  • Trend Micro™ Deep Discovery™ Director 3.0 or later
  • Trend Micro™ Deep Discovery Inspector 5.1 or later

Virtual appliance

  • Virtual machine with the following minimum specifications:
  • Hypervisor: VMware® vSphere ESXi 6.5, Microsoft® Hyper-V® in Windows® Server 2016
  • Deep Discovery Director Network Analytics is an appliance based on CentOS Linux® 7 (64-bit) 
  • Network interface card: 1 with 1 Gbps adapter
  • SCSI controller: LSI Logic Parallel
  • CPU: 1.8 GHz (8-12 cores)
  • Memory: 64 GB 
  • Hard disk: 6 TB (thick provisioned)
  XDR add-on: Trend Micro Deep Discovery Inspector Deep Discovery Network Analytics on-premises Deep Discovery Network Analytics 9000 Series appliance
Combined Deep Discovery Inspector throughput 1Gbps – 20Gbps 1Gbps – 4Gbps 5Gbps – 10Gbps
Form factor SaaS Requires on-prem storage (~2.3 TB per Gbps) 1U Rack-Mount, 48.26 cm (19”)
Event data retention Up to 180 Days Up to 180 Days Up to 180 Days
Prerequisite solution Trend Micro Deep Discover Director 5.3 or later (virtual appliance) optional Deep Discovery Director 5.8 or later (virtual appliance) None
Dimensions (WxDxH) N/A N/A 43.4 (17.08") x 72.8 (28.68") x 4.28 (1.69") cm
Weight N/A N/A 17.5kg (38.58 lb)
Data Ports N/A N/A 10/100/1000 BASE-T RJ x 1
AC Input Voltage N/A N/A 100 to 240 VAC
AC Input Current N/A N/A 7.4A to 3.7A
Hard Drives N/A N/A 7 x 1.92TB
RAID Configuration N/A N/A RAID 5
Power Supply N/A N/A 550W Redundant
Power Consumption (Max) N/A N/A 604W
Heat N/A N/A 2559 BTU/hr (Max.)
Frequency N/A N/A 50/60 Hz
Operating Temp N/A N/A 10 to 35 °C (50-95 °F)
Hardware Warranty N/A N/A 3 Years (extendable to 5 years)

With this configuration and a typical enterprise level of network traffic, Deep Discovery Director Network Analytics can service:

Deep Discovery Network Analytics XDR add-on: Deep Discovery Inspector
Up to 4 Gbps of combined Trend Micro™ Deep Discovery Inspector™ throughput

Eg. 1 DDI 4000 or 4 DDI 1000
Up to 20 Gbps of combined Deep Discovery Inspector throughput

Eg 2 DDI 9000 or 5 DDI 4000

Management console

  • Google Chrome™ latest version
  • Mozilla™ Firefox™ latest version
  • Microsoft® Internet Explorer® latest version
  • Recommended resolution: 1,280x800 or higher

Prioritise and simplify attack data

Detecting, alerting, and blocking threats can produce a glut of data. To assist security professionals in the time-consuming task of combing through potentially thousands of alerts or logs, Deep Discovery Inspector with XDR correlates all the events to show what the first point of entry was by identifying patient zero, who else has been breached, so you can see the full scope of the attack, where the threat is calling out to, how the threat made its original infection,* and others who may also be a target.**

* requires Trend Micro Apex One as a Service with XDR
**requires Trend Micro Cloud App Security with XDR

Detect threats faster with advanced sharing

Staying ahead of the threat landscape is difficult, especially when you are managing multiple security solutions. Deep Discovery ingests the latest advanced threat intelligence, or IoCs, from threat feeds and custom inputs (STIX/TAXII and YARA) and shares the IoCs with Trend Micro and third-party solutions.

This enables all the connected products to detect and block the previous unknown threats, giving your security operations centre (SOC) greater visibility and control against attacks.

See what you’ve been missing

When investigating an attack, you can’t just look at sensors independently. You need more context to see the full attack.

The XDR capabilities of Deep Discovery Inspector are enabled by its integration to the Trend Micro Vision One™ platform. Advanced detection and response capabilities not only for network, but extends to email, endpoints, and cloud workloads to give you visibility across the security layers. When seen by different security sensors, events that appear benign on their own suddenly become meaningful indicators of compromise. These higher-confidence alerts let you focus your response to the most pressing threats.

Get real-time visualisation of targeted attacks

In some cases, you may think the attack started today, but, in fact, the breach happened weeks ago. An easy-to-read Sankey diagram lets you see every step of the attack, dating back six months. Deep Discovery Inspector with XDR extracts metadata from the network traffic and correlates the events in a graph for real-time visibility. You get faster resolution with fewer people involved and a bigger picture of the full attack.

Get started with Network Analytics and Threat Sharing

Analyst Working on Cloud Server

Protect more

Trend Micro™ Deep Discovery™ Inspector not only monitors inbound and outbound traffic, but also lateral movement to detect and block advanced threats that may have evaded existing security.

Trend Micro Vision One provides XDR capabilities to let you see more and respond faster by correlating alerts from email, endpoints, servers, cloud workloads, and networks to provide greater fidelity in your detections.

Trend Micro™ TippingPoint™ Threat Protection System gives you high-speed, inline IPS inspection, offering comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy and low latency.