Command & Control Contact Alert Services Parent topic

Trend Micro Command & Control (C&C) Contact Alert Services provides enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks. C&C Contact Alert Services are integrated with Web Reputation Services which determines the action taken on detected callback addresses based on the web reputation security level.
For details on configuring the Web Reputation Services security level, see Configuring Web Reputation Targets.
Feature
Description
Global Intelligence list
Trend Micro Smart Protection Network compiles the Global Intelligence list from sources all over the world and tests and evaluates the risk level of each C&C callback address. Web Reputation Services uses the Global Intelligence list in conjunction with the reputation scores for malicious websites to provide enhanced security against advanced threats. The web reputation security level determines the action taken on malicious websites or C&C servers based on assigned risk levels.
Virtual Analyzer list
Trend Micro Smart Protection Network compiles the Global Intelligence list from sources all over the world and tests and evaluates the risk level of each C&C callback address. Web Reputation Services uses the Global Intelligence list in conjunction with the reputation scores for malicious websites to provide enhanced security against advanced threats. The web reputation security level determines the action taken on malicious websites or C&C servers based on assigned risk levels.
ScanMail retrieves the list from Virtual Analyzer and can evaluate all possible C&C threats against both the Global Intelligence and the local Virtual Analyzer list.
For details on connecting the integrated Smart Protection Server to Deep Discovery Advisor, see the Smart Protection Server Administrator's Guide.
C&C categories
Web Reputation Services logs display information regarding the category of detected threats. C&C Contact Alert Services uses the following categories:
  • C&C Server: Servers/Repositories that harbor command-and-control (C&C) servers and dropzones in the C&C Global Intelligence list
  • Malicious Domain: Domains that host malicious payloads; such domains cannot be reclassified
  • New Domain: Newly-detected domains (for example, throwaway domains); domains that have not been classified by Trend Micro
  • C&C Server (Virtual Analyzer): Servers/Repositories in the C&C Deep Discovery Analyzer server list