c_admin_smart_prot_net
Deep Edge's Smart Protection Network (SPN) is the industry's highest performing cloud-based malware protection service. Smart Protection Network has the following malware detection components:
Web Reputation Services (WRS) is comprised of several correlated services that provide proactive detection and blocking against known bad web sites, domains, files and objects, as well as email related items - including anti-pharming and anti-phishing detection.
Domain reputation
Page reputation
Email reputation
File reputation
URL Filtering Service stores its URL database in the cloud for rapid updates and protects Trend Micro's global user base without the need to download and update URL database files on the Deep Edge server. This provides up-to-date URL information to every customer and accelerates the proactive protection capabilities to reduce the time between the discovery of a bad site and the time it is added to the URL database to protect all customers.
Feedback Loop provides real-time information from all of Trend Micro's products to update the SPN cloud-based components and URL filtering databases. Malware detected on customer premise equipment are fed back into the cloud architecture and used to fine-tune information in real time. This provides fast proactive protection with low false positives to Trend Micro’s global customer base.
Smart Protection Network (SPN) uses cloud-based services and relies on DNS queries for lookups. In order to ensure fast response and minimum latency, the Deep Edge device must be configured with a primary and a secondary DNS server.
The DNS servers must be able to support the volume of DNS requests made by Deep Edge. In general, before Deep Edge builds up its local DNS cache, two DNS requests will be made for each URL accessed. Make sure your DNS server is installed on a server with enough resources and performance to handle the extra DNS volume.
Your DNS server should have a fast network card and be installed on a fast network switch to reduce latency.
Trend Micro recommends on-site DNS servers versus ISP provided DNS servers that are housed outside of the company's network. In general, ISP DNS servers have higher latency and do not support large numbers of DNS queries from a single IP address. Many ISP DNS servers have throttling mechanisms that limit the number of DNS requests per second and can affect Deep Edge's Web Reputation Services (WRS) performance.
Try to place your DNS server as close to the Deep Edge unit(s) as possible to eliminate unnecessary network hops between the devices to improve network response time and performance.
WRS and URL Filtering requests are made over HTTP port 80. Do not block the Deep Edge management IP address for these ports on your firewall.