Network Analytics and Threat Sharing

Correlate and visualise advanced threat events to prioritise your response

Key Features

Visualise the attack

Trend Micro XDR for Networks (sold as - XDR add-on: Deep Discovery Inspector) correlates detection events showing you:

  • What the first point of attack was
  • Who else in the organisation is impacted
  • Where the threat is calling out to
  • How the initial breach happened*
  • Others who may also be a target**
     

*requires XDR add-on: Trend Micro™ Apex One™ as a Service
**requires XDR add-on: Trend Micro™ Cloud App Security™

Windows® Mac® AndroidTM iOS new Power Up

Standards-based sharing

Collect advanced threat intelligence from TAXII feeds or clients along with customer indicators of compromise (IoC) inputs, and share threat intelligence across your network, so you can stop worrying about missing new threats.

Windows® Mac® AndroidTM iOS new Power Up

Event correlation

XDR for Networks examines the relationship between events to help you understand the full extent of the attack, including both high and low severity events, allowing you to block all aspects of future attacks.

Windows® Mac® AndroidTM iOS new Power Up

Integrated products

  • Trend Micro™ Deep Discovery™ Director 3.0 or later
  • Trend Micro™ Deep Discovery Inspector 5.1 or later
     

Virtual appliance

  • Virtual machine with the following minimum specifications:
  • Hypervisor: VMware® vSphere ESXi 6.5, Microsoft® Hyper-V® in Windows® Server 2016
  • Deep Discovery Director Network Analytics is an appliance based on CentOS Linux® 7 (64-bit) 
  • Network interface card: 1 with 1 Gbps adapter
  • SCSI controller: LSI Logic Parallel
  • CPU: 1.8 GHz (8-12 cores)
  • Memory: 64 GB 
  • Hard disk: 6 TB (thick provisioned)
     

With this configuration and a typical enterprise level of network traffic, Deep Discovery Director Network Analytics can service:

Deep Discovery Network Analytics XDR add-on: Deep Discovery Inspector

Up to 4 Gbps of combined Trend Micro™ Deep Discovery Inspector™ throughput

Eg. 1 DDI 4000 or 4 DDI 1000

Up to 20 Gbps of combined Deep Discovery Inspector throughput

Eg  2 DDI 9000 or 5 DDI 4000

With this storage capacity, the amount of time for which network data can be retained and hence correlations are available as:

Deep Discovery Network Analytics XDR add-on: Deep Discovery Inspector

For 1 DDI 1000 device: 4-6 months

For 1 DDI 4K device: 40-45 days

6 months

Management console

  • Google Chrome™ latest version
  • Mozilla™ Firefox™ latest version
  • Microsoft® Internet Explorer® latest version
  • Recommended resolution: 1,280x800 or higher

Prioritise and simplify attack data

Detecting, alerting, and blocking threats can produce a glut of data. To assist security professionals in the time-consuming task of combing through potentially thousands of alerts or logs, XDR for Networks correlates all the events to show what the first point of entry was by identifying patient zero, who else has been breached, so you can see the full scope of the attack, where the threat is calling out to, how the threat made its original infection,* and others who may also be a target.**

* requires XDR add-on: Trend Micro™ Apex One™ as a Service
**requires XDR add-on: Trend Micro™ Cloud App Security

Detect threats faster with advanced sharing

Staying ahead of the threat landscape is difficult, especially when you are managing multiple security solutions. Deep Discovery ingests the latest advanced threat intelligence, or IoCs, from threat feeds and custom inputs (STIX/TAXII and YARA) and shares the IoCs with Trend Micro and third-party solutions.

This enables all the connected products to detect and block the previous unknown threats, giving your security operations centre (SOC) greater visibility and control against attacks.

See what you’ve been missing

When investigating an attack, you can’t just look at sensors independently. You need more context to see the full attack.

XDR for Networks integrates with XDR for endpoints, email, and cloud workloads to provide visibility across the security layers. When seen by different security sensors, events that appear benign on their own suddenly become meaningful indicators of compromise. These higher-confidence alerts let you focus your response to the most pressing threats.

Get real-time visualisation of targeted attacks

In some cases, you may think the attack started today, but, in fact, the breach happened weeks ago. An easy-to-read Sankey diagram lets you see every step of the attack, dating back 6 months. XDR for Networks extracts metadata from the network traffic and correlates the events in a graph for real-time visibility. You get faster resolution with fewer people involved and a bigger picture of the full attack.

Get started with Network Analytics and Threat Sharing

Analyst Working on Cloud Server

Protect more

Trend Micro™ Deep Discovery™ Inspector not only monitors inbound and outbound traffic, but also lateral movement to detect and block advanced threats that may have evaded existing security.

Trend Micro™ XDR lets you see what you have been missing by correlating alerts from email, endpoints, servers, cloud workloads, and networks to provide greater fidelity in your detections.

Trend Micro™ TippingPoint® Threat Protection System gives you high-speed, inline IPS inspection, offering comprehensive threat protection against known and undisclosed vulnerabilities with high accuracy and low latency.