Trend Micro Deep Discovery Inspector
Detect targeted attacks and targeted ransomware anywhere in your network
Targeted attacks and advanced threats are customized to evade your conventional security defenses, and remain hidden while stealing your corporate data, intellectual property, and communications, or encrypt critical data until ransom demands are met. To detect targeted attacks and advanced threats, analysts and security experts agree that organizations should utilize advanced detection technology as part of an expanded strategy.
Deep Discovery Inspector is a physical or virtual network appliance that monitors 360 degrees of your network to create complete visibility into all aspects of targeted attacks, advanced threats, and ransomware. By using specialized detection engines and custom sandbox analysis, Deep Discovery Inspector identifies advanced and unknown malware, ransomware, zero-day exploits, command and control C&C communications, and evasive attacker activities that are invisible to standard security defenses. Detection is enhanced by monitoring all physical, virtual, north-south, and east-west traffic. This capability has earned Trend Micro a 100% detection rate and a recommended breach detection system four years in a row by NSS Labs.
Lateral Movement
Detect and stop malicious east-west traffic
Strong perimeter-focused network security is essential to any successful security strategy. Stopping an intrusion or malware at the edge of the network is critical. This shouldn’t be a surprise to anyone however many organizations stop here — they miss the concept that perimeter-focused protection is ill-equipped to stop today’s targeted attacks and advanced threats. Today’s attackers are skilled and understand the security tools you are using to protect your network. They use evasion tactics to bypass even the best perimeter defenses. Once inside the network, perimeter-focused security has no visibility to the attack and is oblivious to its existence. The threat is free to move laterally across the network with little chance of being detected.
You need counter measures to ensure that malicious activity moving across your network from infected machines is detected and dealt with appropriately. Trend Micro Deep Discovery and TippingPoint solutions will work together to detect and prevent lateral movement.
Deep Discovery will:
- Inspect network traffic between client networks and critical server networks
- Receive alerts on Lateral Movement activities
- View Lateral Movement alerts alongside alerts from other attack phases
TippingPoint will:
- Deploy inline between client networks and critical server networks
- Receive alerts on attempted and thwarted Lateral Movement activities
- Leverage configuration options to easily go from detection to prevention
Monitoring lateral movement across protocols like SMB, RDP, SNMP, IRC is critical. If you don’t have tool that monitors these protocols you could be blind to an existing attack. On average, a threat will go several months undetected due to the perimeter-focused security strategy. Once the threat gets into the network there aren’t any monitoring this traffic, because the assumption is that the perimeter tools blocked all the attacks. Deep Discovery is designed to sit off a SPAN or TAP port so that it can monitor not only inbound and outbound traffic but also traffic moving across the network monitoring over 100 protocols and all ports. This broad visibility will help prevent undetected malware from moving freely across the network. Deep Discovery will share its findings with the IPS to provide real-time enforcement and remediation.