With Trend Micro Deep Discovery, you get a tool for a network traffic analysis and intrusion detection system. In addition to detecting advanced attacks, you also get overview of the communications of all devices.

Functionality:

Traffic monitoring with support for more than 100 protocols, for example:

Basic: DHCP, DNS, FTP, HTTP, HTTPS, ICMP, TFTP, SSH, NTP, TCP, UDP, WebSocket
Authentication: Kerberos, RADIUS
File: CIFS, DCE-RPC, SMB, SMB2
Communication: IMAP4, IRC, LDAP, POP3, SMTP, Gmail, Hotmail, Yahoo Mail, AIM, Skype,Yahoo,
P2P: Bittorrent, Direct Connect, eDonkey, Gnutella…
Administration: TELNET, RDP, VNC,
OT: MODBUS, SCADA
Databases: MSSQL, MYSQL, ORACLE, POSTGRES, SQL
VoIP: RTMP, RTSP, WMSP, SIP2
ARP, IGMP, IP, SNMP

Detection of unknown servers and services (based on whitelisting)
Domains, IP addresses/ranges, Kerberos, Active Directory, FTP, SMTP, HTTP/S proxy, domain controller, database server, file server (SMB), radius, web server, vulnerability scanner (e.g. Nessus, Nexpose…), JA3, JA3S

Attacker detection
The solution detects: Vulnerabilities (CVE), Hacking tools (e.g. Cobalt Strike, Metasploit, Meterpreter, PsExec…), Ransomware activity, use of Exploits and more.

Configurable sandboxing for Windows
Set up custom applications and specific versions (e.g. Office, Adobe Reader…)
Custom language version settings
File support: exe, dll, vxd, doc, jtd, msg, ppt, xls, cell, xml, docx, xlsx, pptx, rtf, swf, pdf, chm, jar, class, lnk, cab, mime, js, jse, ps1, vbe, vbs, hta, cmd, bat, htm, hta, xdp, rar, 7zip, pkzip, lzh, arj, gzip, jpg, gif, quicktime, pub, svg, html, slk, igy, url, csv, xht, xhtml, mht, mhtml, com

MacOS Analysis
For systems with macOS OS, executable files can be analyzed – macho, dmg, pkg

Android Analysis
For android OS systems, executable files can be analyzed – Apk

Sharing threats with other solutions
Native sharing with TippingPoint, Checkpoint, PaloAlto, IBM
Via API – Fortinet, BlueCoat and more
Ability to share findings and threats in YARA, STIX, and TAXII formats.
Based on analysis of the generated message, PCAP, OpenIOC and STIX file
Pairing logs/detections with MITRE techniques/tactics

EXTENSION with Deep Discovery Analyzer – sandbox analysis

Specific file types analysis
Ability to analyze “any” file type even at the cost of an unsupported vendor type (e.g.JPG/TIFF/PNG, etc. and connect to a specific image viewer installed in the Sandbox virtual environment)

Email submission
With the email sending feature, Deep Discovery Analyzer can receive and analyze email messages from enabled sender domains and SMTP servers.

CIFS/NFS submission
Automatic files scanning in network folders via CIFS or NFS

CLOUD submission
Automatic files scanning in network folders on cloud storage in AWS (S3 bucket) or Azure (Blob)

API submission
Ability to upload files for analysis via API

High sandbox performance
Up to 38,000 samples per day per 1 HW box analyzed

Sandbox support for Linux
Linux operating systems can also be created and analyzed

Detailed report on the activity of the analyzed samples
Detailed analysis of PDF/HTML file (what activity the file performed on which operating system – a clear comparison of what files were attacked after opening PDF/ZIP, etc., what stages/types of attack the file shows and their numbers.

Advanced analysis capabilities
Support of 100 MB of large files or more
Insertion of a password dictionary to decrypt files (archives, pdfs, files encrypted in MS Office)
Extraction of nested archives

Support of domains of Act No. 69/2019 Coll. on cybersecurity

• Cybersecurity and information security risk management,
• Security in the operation of information systems and networks,
• Evaluation of vulnerabilities and security updates,
• Protection against malicious code,
• Network and communication security,
• Acquisition, development and maintenance of information networks and information systems,
• Event recording and monitoring,
• Solving cybersecurity incidents.