Deep Discovery Director (Consolidated Mode) includes the following features:
|
Feature or Benefit
|
Details
|
|
Trend Vision One™ integration
|
Deep Discovery Director (Consolidated Mode) integrates with Trend Vision One to enable Deep Discovery appliances to send their activity data, and to enable Trend Vision One to gain access to Network Analytics correlation data.
|
|
MITRE ATT&CK™ Framework
Tactics and Techniques information
|
Deep Discovery Director (Consolidated Mode)
detection details and analysis reports include MITRE ATT&CK™ framework Tactics and Techniques information.
|
|
Advanced threat analysis
|
Deep Discovery Director (Consolidated Mode) can integrate with multiple Deep Discovery Director
(Internal Network Analytics Version) servers operating in Deep Discovery Director
(Standalone Network Analytics Mode) or Deep Discovery Director - Network Analytics
as a Service to provide advanced threat analysis using correlation data.
|
|
Deep Discovery Inspector log aggregation
|
Deep Discovery Director (Consolidated Mode) aggregates Deep Discovery Inspector detection logs. Using the same intuitive multi-level format,
the Deep Discovery Director (Consolidated Mode) management console
provides real-time threat visibility and analysis. This allows security professionals
to
focus on the real risks, perform forensic analysis, and rapidly implement containment
and
remediation procedures.
|
|
Deep Discovery Email Inspector log aggregation
|
Deep Discovery Director (Consolidated Mode) aggregates Deep Discovery Email Inspector detection, email message tracking and MTA logs. Using the same intuitive multi-level
format that Deep Discovery Email Inspector users are accustomed to, the Deep Discovery Director (Consolidated Mode) management console provides real-time threat visibility and analysis.
|
|
Product intelligence
|
Deep Discovery Director (Consolidated Mode) consolidates suspicious objects and C&C callback addresses
from registered Deep Discovery appliances.
|
|
Custom intelligence
|
Deep Discovery Director (Consolidated Mode) can distribute YARA rules to registered appliances and import
threat intelligence using the Structured Threat Information eXpression (STIX 1.x,
2.0)
format. You can also add user-defined suspicious objects that have not yet detected
on your
network, as well as exceptions that you consider harmless.
|
|
Feed management
|
Deep Discovery Director (Consolidated Mode) allows you to subscribe to and monitor intelligence feeds for
threat information that can be used to complement your product and custom intelligence.
|
|
Threat intelligence sharing
|
Deep Discovery Director (Consolidated Mode) can share threat intelligence data with other products or services
through TAXII (1.x, 2.0), OpenDXL, and HTTP or HTTPS web service.
|
|
Auxiliary products and services
|
To help provide effective detection and
blocking at the perimeter, Deep Discovery Director (Consolidated Mode) can distribute threat intelligence data to auxiliary products and
services.
|
|
File passwords syncing
|
Deep Discovery Director (Consolidated Mode) can configure and sync File Passwords settings with registered Deep Discovery Analyzer and Deep Discovery Email Inspector appliances.
|
|
Dashboard
|
The Dashboard screen and Deep Discovery appliance widgets allow administrators to view network integrity, system threat data,
and email message detection and security information.
|
|
Detections
|
The Detections
screen provides access to real-time information about various detection categories.
|
|
Appliance logs
|
The Logs screen where users can find Deep Discovery appliance related logs such as Email Message Tracking, MTA, and Message Queue logs. |
|
Syslog
|
The Syslog screen allows
Deep Discovery Director (Consolidated Mode) to send suspicious
objects lists and detection and appliance related logs in CEF and LEEF to up to three
Syslog servers.
|
|
System alerts
|
Administrators can view the details of triggered alerts
directly on the management console. Custom rules can be created to be alerted of specific
threats.
|
|
Reports
|
Deep Discovery Director (Consolidated Mode) can generate scheduled and on-demand Network Security and Email Security reports.
|
|
Simple Network Management Protocol
|
Deep Discovery Director (Consolidated Mode)
supports Simple Network Management Protocol (SNMP) and can use it to send SNMP trap
messages
to notify administrators about events that require attention, and to listen to SNMP
manager
requests for system information and status updates.
|
|
Role-based access control
|
Built-in roles allow administrators to control which
management console screens and features can be accessed. Custom roles can be created
to
control which appliances a role can see and manage, and which email message detections
a
role can see.
|
|
Storage configuration
|
Administrators can add extra available disk space to Deep Discovery Director (Consolidated Mode) partitions to increase the
number of logs or repository files that can be stored.
|
|
Directory
|
The Directory displays
information about Deep Discovery appliances
that are registered to Deep Discovery Director (Consolidated Mode).
|
|
Plans
|
Plans define the scope and schedule of deployments to target
appliances.
|
|
Repository
|
The Repository screen
displays all update, upgrade, and Virtual Analyzer image files
hosted by the server. Upload and delete files from here.
|
|
Component updates
|
Deep Discovery Director (Consolidated Mode) uses components to display related information about
detections.
|
|
Updates
|
The Updates screen
enables you to install hotfixes, patches and firmware upgrades to Deep Discovery Director (Consolidated Mode). After an official product
release, Trend Micro releases system updates to
address issues, enhance product performance, or add new features.
|
|
LDAP server integration
|
Deep Discovery Director (Consolidated Mode)
allows LDAP accounts to access the management console.
|
|
SAML for single sign-on (SSO)
|
Deep Discovery Director (Consolidated Mode) supports the Security Assertion Markup Language (SAML)
authentication standard using Okta and Active Directory Federation Services (ADFS)
identify
providers to allow users to single sign-on to the Deep Discovery Director (Consolidated Mode) console when they sign in
to their organization's portal.
|
|
System Logs
|
Deep Discovery Director (Consolidated Mode) maintains system logs that provide summaries about user access,
setting changes, and other configuration modifications that occurred using the management
console.
|
|
Quarantined Messages screen
|
Deep Discovery Director (Consolidated Mode) provides access to quarantined email messages in the enhanced Detections section.
|
|
Email message queue management
|
Deep Discovery Director (Consolidated Mode) can be used to manage the email queue of registered Deep Discovery Email Inspector appliances.
|
|
End-User Quarantine
|
Deep Discovery Director (Consolidated Mode) includes the End-User Quarantine (EUQ) feature to improve spam management.
|
|
Trend Micro Apex
Central™ integration
|
Deep Discovery Director (Consolidated Mode)
integrates with Trend Micro Apex Central for
the express purpose of retrieving endpoint analysis reports to provide Deep Discovery Director - Network Analytics
as a Service with even more data for more thorough advanced threat
analysis.
|
|
Web API access
|
Deep Discovery Director (Consolidated Mode) now
allows the creation of user accounts that are only allowed system access via web API.
Web
API can be used to automate certain threat intelligence related tasks.
|