Capability Domains met by Trend Micro

Deep Discovery

Deep Discovery Inspector detection engines deliver expanded APT and targeted attack detection including custom virtual analyzer and new discovery and correlation rules designed to detect malicious content, communication, and behavior across every stage of an attack sequence.

The Advanced Threat Scan Engine is an upgrade from the standard virus scan engine, which protects against viruses, malware, and exploits to vulnerabilities in software such as Java and Flash. Integrated with the Trend Micro Virus Scan Engine, the Advanced Threat Scan Engine employs signature-based, behaviorbased, and aggressive heuristic detection. Major features include the following:

  • Detection of zero-day threats
  • Detection of embedded exploit code
  • Detection rules for known vulnerabilities
  • Enhanced parsers for handling file deformities
  • Deep Discovery Inspector

    Deep Discovery Inspector can detect unauthorized operating system commands targeting the kernel application programming interface.

    Deep Discovery Inspector Virtual Analyzer

    The Deep Discovery Inspector Virtual Analyzer is a secure virtual environment used to manage and analyze suspicious network and file samples. Sandbox images allow observation of file and network behavior in a natural setting without any risk of compromising the network. Virtual Analyzer performs static analysis and behavior simulation to identify potentially malicious characteristics. During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings.

    Deep Discovery Email Inspector

    Deep Discovery Email Inspector investigates email messages for suspicious file attachments, embedded links (URLs), and characteristics. If an email message exhibits malicious behavior, Deep Discovery Email Inspector can block the threat and notify security administrators about the malicious activity.

    After investigating email messages, Deep Discovery Email Inspector assesses the risk using multi-layered threat analysis. Deep Discovery Email Inspector calculates the risk level based on the highest risk assigned between the Deep Discovery Email Inspector email scanners and Virtual Analyzer.

    The Deep Discovery Email Inspector Virtual Analyzer sandbox environment opens files, including password-protected archives and document files, and URLs to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.

    Deep Security

    Deep Security Anti-Malware module protects Windows and Linux workloads against malicious software, such as malware, spyware, and Trojans. Powered by the Trend Micro Smart Protection Network, the Anti-Malware module helps to instantly identify and remove malware and blacklist domains known to be command and control servers. The Anti-Malware can be configured to provide:

  • The applicable real-time policies that apply during different periods of the day/week
  • The policy for full scheduled or manual scans
  • Exclusions of file types and directories
  • Real-time behavior (scanning reads and/or writes) and applicable actions
  • The Deep Security Intrusion Prevention Module is both a host based Intrusion Detections System (IDS) and an Intrusion Prevention System (IPS) which protects host computers from being exploited by attacks against known and zero-day vulnerability attacks as well as against SQL injections attacks, cross-site scripting attacks, and other web application vulnerabilities. Shields vulnerabilities until code fixes can be completed.

    It identifies malicious software accessing the network and increases visibility into, or control over, applications accessing the network. Intrusion Prevention prevents attacks by detecting malicious instructions in network traffic and dropping relevant packets.

    Tipping Point

    TippingPoint is a high-speed, security system that includes the Intrusion Prevention System (IPS), Local Security Manager (LSM), Digital Vaccine, the Security Management System Appliance, and the Core Controller. TippingPoint’s security system provides a single, integrated, adaptive security system that includes hardware and a management interface. The SMS Server is an enterprise-class management platform that provides centralized administration, configuration, monitoring and reporting for well over a hundred TippingPoint IPS devices. The SMS provides the following functionality:

  • Enterprise-wide device status and behavior monitoring — Stores logs and device status information, manages updates, and monitors filter, device, software, and network status.
  • IPS networking and configuration — Stores device information and configures devices according to the settings that are modified, imported, or distributed by clients. These settings affect the flow and detection of traffic according to device, segment, or segment group.
  • Filter customization — Stores filter customizations in profiles as maintained by the SMS client. These settings are distributed and imported to devices, which can be reviewed and modified by local clients. If a device is managed by the SMS Server, the local clients cannot modify settings.
  • Filter and software distribution — Monitors and maintains the distribution and import of filters, Digital Vaccine packages, and software for the TippingPoint Operating System and SMS client. The SMS client and Central Management Server can distribute these packages according to segment group settings.
  • TippingPoint Threat Suppression Engine

    TippingPoint Threat Suppression Engine (TSE) can prevent the execution of malicious commands. The TSE uses Digital Vaccine (DV) filters to police the network and to screen out malicious or unwanted traffic. In addition to the DV filters, the IPS also provides Traffic Management filters, which are custom filters that react to traffic based on source IP address, destination IP address, port, protocol, or other defined values. Traffic management filters are applied to traffic before DV filters. Depending on how the filters are configured, traffic might or might not require further inspection.