Web Reputation

Web Reputation

Threat Discovery Appliance leverages Trend Micro smart protection technology, a cloud-based infrastructure that determines the reputation of websites that users are attempting to access. Threat Discovery Appliance logs URLs that smart protection technology verifies to be fraudulent or known sources of threats. The product then uploads the logs to TMSP for report generation.

• Logs are not available in the Threat Discovery Appliance web console.

For detailed information about smart protection technology, see Smart Protection Technology.

Complementary to smart protection technology is Smart Feedback, an opt-in subscription to the threat feedback system that is part of Smart Protection Network™. Smart Feedback collects information about new or potential threats and then sends the information to Smart Protection Network so that Trend Micro can analyze and address these threats. Your participation in Smart Feedback means that you are authorizing Trend Micro to collect network information, which is kept in strict confidence. Information includes:

•    This product’s name and version

•    URLs suspected to be fraudulent or possible sources of threats

•    URLs associated with spam or possibly compromised

•    Malware name for URLs that harbor malware

To configure web reputation settings:

• Detections > Web Reputation

1. Enable web reputation.

2. Select the smart protection source. Threat Discovery Appliance connects to the smart protection source to obtain web reputation data. For detailed information about the different smart protection sources, see Smart Protection Technology.

• Trend Micro Smart Protection Network: Select this option if you do not plan to set up a Smart Protection Server. Internet connection is required to connect to this Trend Micro hosted service.

• Smart Protection Server: Select this option if you have set up one or several Smart Protection Servers. Network connection is required to connect to this server.

3. If you choose Smart Protection Server:

1. Type the Smart Protection Server's IP address.

You can obtain the IP address from the Smart Protection Server console by navigating to Smart Protection > Reputation Services > Web Reputation tab. The IP address forms part of the URL listed in the screen.

2. Click Test Connection to check if connection to the server can be established.

3. Type a description for the server.

4. Select whether to query the Smart Protection Network if the Smart Protection Server cannot determine a URL's reputation.

The Smart Protection Server may not have reputation data for all URLs because it cannot replicate the entire Smart Protection Network data. When updated infrequently, the Smart Protection Server may also return outdated reputation data.

Enabling this option improves the accuracy and relevance of the reputation data. However, it takes more time and bandwidth to obtain the data. Disabling this option has the opposite effects.

If you enable this option, do the following to optimize web reputation queries:

• On the Smart Protection Server’s console, navigate to Smart Protection > Reputation Services > Web Reputation tab > Advanced Settings section. Disable Use only local resources, do not send queries to Smart Protection Network. This option prevents the Smart Protection Server from obtaining data from Smart Protection Network.

• Update the Smart Protection Server regularly.

You can disable this option if you do not want your organization’s data to be transmitted externally.

5. If you have configured Proxy Settings for Threat Discovery Appliance and want to use these settings for Smart Protection Server connections, select Connect through a proxy server.

• If you disable proxy settings, Smart Protection Servers that connect through the proxy server will connect to Threat Discovery Appliance directly. Under the Proxy Connection column, the status is Proxy Unavailable.

6. Click Add. The Smart Protection Server is added to the Smart Protection Server list.

7. Add more servers. You can add up to a maximum of 10 servers.

• Trend Micro recommends adding multiple Smart Protection Servers for failover purposes. If Threat Discovery Appliance is unable to connect to a particular server, it tries connecting to the other servers.

8. If you have added several servers, Threat Discovery Appliance connects to these servers in the order in which they appear in the list. Use the arrows under the Order column to move servers up and down the list.

4. Choose to enable or disable Smart Feedback.

5. Click Save.

To manage the Smart Protection Server list:

• Detections > Web Reputation

1. To verify the connection status with a Smart Protection Server, click Test Connection.

2. To modify server settings:

1. Click the server address.

2. In the window that appears, modify the server's IP address, description, and settings.

3. When you specify a new IP address, click Test Connection to confirm the connection.

4. Click OK.

3. To remove a server from the list, click Delete.

4. Click Save.

See also:

• Integration with Trend Micro Products and Services