SOLUTION BRIEF

Trend Micro™

DEEP DISCOVERY™ FAMILY

Advanced threat protection against targeted attacks

INTRODUCTION Key Benefits

Protection against attacks
Targeted attacks and advanced threats are customized to evade your conventional
security defenses. They remain hidden while stealing your corporate data, Unique threat detection technologies
intellectual property, and communications or encrypting critical data until ransom discover attacks before the damage is done.

demands are met. To detect targeted attacks and advanced threats, analysts Intelligence for a rapid response
and security experts agree that organizations should use advanced detection
Deep Discovery and global threat intelligence
technology as part of an expanded strategy to address today’s evasive threats. drive a rapid and effective response.

Trend Micro™ Deep Discovery™ is a family of advanced threat protection products Integration of your defenses
that enables you to detect, analyze, and respond to today’s stealthy, targeted Deep Discovery integrates with your Trend
attacks. Deep Discovery blends specialized detection engines, custom sandboxing, Micro and third-party security tools to help
and global threat intelligence from Trend Micro™ Smart Protection Network™, prevent successful targeted attacks.
providing the highest detection rate possible against attacks that are invisible to
Protection from integrated threats
standard security products. Deployed individually or as an integrated solution, Deep
Discovery works with Trend Micro and third-party products to provide advanced Trend Micro Network One™ solutions provide
threat protection across your organization. a blend of cross-generational techniques
that apply the right technology at the right
time. Trend Micro™ TippingPoint™ intrusion
prevention system (IPS) and Deep Discovery
advanced threat protection work closely
together to deliver integrated detection
and prevention of known, unknown, and
undisclosed threats.

Page 1 of 4 • SOLUTION BRIEF • DEEP DISCOVERY FAMILY

 Trend Micro™ Deep Discovery™ Inspector is a network appliance Managed Detection and Response
that monitors network traffic across all ports and more than 100 Let Trend Micro security experts and
protocols and applications. Using specialized detection engines and industry-leading artificial intelligence help
custom sandboxing, it identifies the malware, command and control you monitor and prioritize threats with
Trend Micro™ Managed XDR. Trend Micro
communications (C&C), and activities signaling an attempted attack.
analysts will monitor, investigate, and
Detection intelligence aids your rapid response and is automatically provide a response to advanced threats
shared with your other security products to block further attacks. discovered by Deep Discovery Inspector on
a 24/7 basis. Managed XDR doesn’t stop at
Trend Micro™ Deep Discovery™ Analyzer is an open custom sandbox the network layer, it extends across email,
analysis server that enhances the malware detection capabilities of endpoints, servers, and cloud workloads.
all your security products. Deep Discovery Analyzer supports out-of- By monitoring and correlating more threat
the-box integration with many Trend Micro products, manual sample vectors, it has broader context and can
provide better detection.
submission, and provides an open web services interface to allow any
product or process to submit samples and obtain results. It also offers
added sandboxing for other Deep Discovery products and extends the
value of Trend Micro and other security products.

Trend Micro™ Deep Discovery™ Director is an on-premises

orchestration that enables centralized deployment of product
and sandbox updates, with smart threat investigation on top of an
enterprise-ready deployment architecture. This virtual appliance
can also be your central point for advanced threat sharing. Using
standards-based formats (STIX and YARA) and transfers (TAXII) it will
pull threat information from several sources and share the indicators
of compromise (IoC) with Trend Micro and third-party products.

Trend Micro™ XDR for Networks provides prioritized visibility into an

attack. Leveraging Deep Discovery Inspector detection and network
metadata collection points, XDR for Networks utilizes expert rules to
correlate and connect threat detection events against network access
events, presenting threat investigators with a complete view of the
attack life cycle.

Trend Micro™ Deep Discovery™ Analyzer as a Service is an add-on to

the virtual Deep Discovery Inspector and Trend Micro Apex One™ as
a Service to provide cloud sandboxing capabilities. For environments
that require a virtual form factor and cloud-based sandboxing, this
solution will provide protection from advanced threats and targeted
attacks.

CAPABILITIES
Network content inspection. Deep Discovery Inspector monitors all traffic across physical and virtual network segments, all
network ports, and more than 100 network protocols to identify targeted attacks, advanced threats, and ransomware. Our
agnostic approach to network traffic enables Deep Discovery to detect targeted attacks, advanced threats, and ransomware
from inbound and outbound network traffic, as well as lateral movement, C&C, and other attacker behavior across all phases
of the attack life cycle.
Extensive detection techniques use file, web, IP, mobile application reputation, heuristic analysis, advanced threat scanning,
custom sandbox analysis, and correlated threat intelligence to detect ransomware, zero-day exploits, advanced malware, and
attacker behavior.
Custom sandbox analysis uses virtual images tuned to precisely match an organization’s system configurations, drivers,
installed applications, and language versions. This approach improves the detection rate of advanced threats and
ransomware designed to evade standard virtual images.

Page 2 of 4 • SOLUTION BRIEF • DEEP DISCOVERY FAMILY

 Flexible deployment. Deep Discovery Analyzer can be deployed as a standalone sandbox or in parallel with a larger Deep
Discovery Inspector deployment to add additional sandbox capacity. It is scalable to support up to 60 sandboxes in a single
appliance. Multiple appliances can be clustered for high availability or configured for a hot or cold backup.
Deep Discovery Inspector is available as both a hardware appliance or as a virtual appliance to help meet your deployment
objectives and needs.
XDR for Networks/Trend Micro™ Deep Discovery™ Network Analytics is available as a SaaS solution that takes full advantage
of extended detection and response (XDR). It is also available as an on-premises solution via virtual server or a physical
device.
Advanced detection with methods such as static analysis, heuristic analysis, behavior analysis, web reputation, and
file reputation ensure threats are discovered quickly. Deep Discovery also detects multi-stage malicious files, outbound
connections, and repeated C&C from suspicious files.
Threat intelligence. Deep Discovery will correlate and share advanced threat intelligence using standards-based formats
and transports like STIX/TAXII and YARA. This enables organizations to stay ahead of unknown threats that may breach the
network.
Threat Analytics will give you greater visibility into an attack, helping you prioritize the threats and show how the threat
breached the network, where it went from there, and who else has been impacted by the attack. Press play and watch the
entire attack play out step by step.
Integration. Deep Discovery is purpose-built to work with Trend Micro solutions as well as third-party products. With native
integration and a multitude of APIs, Deep Discovery will help automate security response, IoC sharing, and prevention of
advanced threats and targeted attacks.

BOLSTERING THE SOC

Security professionals need to understand the threat landscape. They need to know when threats are breaking and
how to stop them. A thankless job, but one that is incredibly valuable. To help members of the SOC and other security
professionals stay ahead of the latest threats, Deep Discovery will ingest the latest advanced threat intelligence or IoCs,
using standards-based formats and transfers (STIX/TAXII and YARA) from threat feeds and custom inputs. It will then
share the IoCs with Trend Micro and third-party solutions within the network. By creating this IoC exchange, you will be
able to improve your time to detect advanced threats, as all of the connected products will be able to detect and block
the previously unknown threats.

Native/Direct Trend Micro™ TippingPoint™ SMS

Custom IOCs input
Checkpoint OPSEC
from console (Blacklist/
IBM XGS
Whitelist/YARA/STIX)
Palo Alto Panorama/FW
Web Service (URL)
Push from TAXII clients Deep Discovery Eg. Bluecoat

Web Service (API)

Subscribed TAXII threat 3rd party integration
feeds (eg. Trend global Syslog
intelligence, 3rd party feeds)
3rd party integration
TAXII
3rd party TAXII 1.x clients,
eg. Splunk

Trend Micro Control Manager™

Connected Threat Defense

Deep Discovery Analyzer, more commonly known as a pure sandbox, will automatically take IoCs from other security
products, detonate, analyze the threat, and automatically send the results back for further action. Deep Discovery
Analyzer can also help security analysts or threat hunters by accepting manual submissions of potential threats. This
simplifies the analysis by providing a definitive answer to potential threats and suspicious objects.

Page 3 of 4 • SOLUTION BRIEF • DEEP DISCOVERY FAMILY

 PRIORITIZATION AND SIMPLIFICATION
Security products are great at detecting, alerting, and blocking threats trying to attack
the organization. The downside is they produce a lot of data, some of it relevant, some
of it not. It is up to the security professional in the organization to comb through the
potential thousands of alerts or logs each day to determine what is actually a threat
and if they need to respond.

To help prioritize and simplify

the attack data, XDR for
Networks will show you:
What was the first point of entry
of the attack?
Who else in the organization has
been impacted by the attack?
Where was the threat calling out
to? (C&C communication)

On the easy-to-read Sankey diagram (see above), you will be able to see every
step of the attack play out, dating back six months. XDR for Networks sequentially
extracts metadata from the network traffic and correlates the events in a graph
database for real-time visibility. This provides faster resolution with fewer people
involved and gives you a bigger picture of the full attack. In some cases, you may
think the attack started today, but in fact, the initial breach happened weeks ago. For details about what personal information we collect
and why, please see our Privacy Notice on our website at:
XDR for Networks will correlate the data and map out every step of the attack, https://www.trendmicro.com/privacy
giving you a better idea of how to respond and how to prevent future attacks.

A KEY PART OF TREND MICRO VISION ONE™

The XDR capabilities in Trend Micro Vision One break down the silos between email,
endpoints, servers, cloud workloads, and networks. It offers broader visibility and
expert security analytics, leading to fewer alerts and higher-confidence detection
for an earlier, faster response. With Trend Micro Vision One, you can identify and © 2021 Trend Micro Incorporated and/or its affiliates. All rights
respond more effectively and efficiently to threats, minimizing the severity and scope reserved. Trend Micro and the t-ball logo are trademarks or
registered trademarks of Trend Micro and/or its affiliates in the U.S.
and other countries. Third-party trademarks mentioned are the
of an attack on the organization. Deep Discovery Inspector and XDR for Networks property of their respective owners.

are valuable parts of the Trend Micro Vision One solution, providing critical logs and [SB04_DD_Family_Solution_Brief_210326US]

visibility into unmanaged systems, such as contractor/third-party systems, internet

of things (IoT) and industrial internet of things (IIoT) devices, printers, and bring-your-
own-device (BYOD) systems.

Page 4 of 4 • SOLUTION BRIEF • DEEP DISCOVERY FAMILY