Deep Discovery Inspector detection engines deliver expanded APT and targeted attack detection including custom virtual analyzer and new discovery and correlation rules designed to detect malicious content, communication, and behavior across every stage of an attack sequence.
The Advanced Threat Scan Engine is an upgrade from the standard virus scan engine, which protects against viruses, malware, and exploits to vulnerabilities in software such as Java and Flash. Integrated with the Trend Micro Virus Scan Engine, the Advanced Threat Scan Engine employs signature-based, behaviorbased, and aggressive heuristic detection. Major features include the following:
Deep Discovery Inspector can detect unauthorized operating system commands targeting the kernel application programming interface.
The Deep Discovery Inspector Virtual Analyzer is a secure virtual environment used to manage and analyze suspicious network and file samples. Sandbox images allow observation of file and network behavior in a natural setting without any risk of compromising the network. Virtual Analyzer performs static analysis and behavior simulation to identify potentially malicious characteristics. During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings.
Deep Discovery Email Inspector investigates email messages for suspicious file attachments, embedded links (URLs), and characteristics. If an email message exhibits malicious behavior, Deep Discovery Email Inspector can block the threat and notify security administrators about the malicious activity.
After investigating email messages, Deep Discovery Email Inspector assesses the risk using multi-layered threat analysis. Deep Discovery Email Inspector calculates the risk level based on the highest risk assigned between the Deep Discovery Email Inspector email scanners and Virtual Analyzer.
The Deep Discovery Email Inspector Virtual Analyzer sandbox environment opens files, including password-protected archives and document files, and URLs to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.
Deep Security Anti-Malware module protects Windows and Linux workloads against malicious software, such as malware, spyware, and Trojans. Powered by the Trend Micro Smart Protection Network, the Anti-Malware module helps to instantly identify and remove malware and blacklist domains known to be command and control servers. The Anti-Malware can be configured to provide:
The Deep Security Intrusion Prevention Module is both a host based Intrusion Detections System (IDS) and an Intrusion Prevention System (IPS) which protects host computers from being exploited by attacks against known and zero-day vulnerability attacks as well as against SQL injections attacks, cross-site scripting attacks, and other web application vulnerabilities. Shields vulnerabilities until code fixes can be completed.
It identifies malicious software accessing the network and increases visibility into, or control over, applications accessing the network. Intrusion Prevention prevents attacks by detecting malicious instructions in network traffic and dropping relevant packets.
TippingPoint is a high-speed, security system that includes the Intrusion Prevention System (IPS), Local Security Manager (LSM), Digital Vaccine, the Security Management System Appliance, and the Core Controller. TippingPoint’s security system provides a single, integrated, adaptive security system that includes hardware and a management interface. The SMS Server is an enterprise-class management platform that provides centralized administration, configuration, monitoring and reporting for well over a hundred TippingPoint IPS devices. The SMS provides the following functionality:
TippingPoint Threat Suppression Engine (TSE) can prevent the execution of malicious commands. The TSE uses Digital Vaccine (DV) filters to police the network and to screen out malicious or unwanted traffic. In addition to the DV filters, the IPS also provides Traffic Management filters, which are custom filters that react to traffic based on source IP address, destination IP address, port, protocol, or other defined values. Traffic management filters are applied to traffic before DV filters. Depending on how the filters are configured, traffic might or might not require further inspection.