Overview

This section provides a system overview of Advanced Threat Assessment Service and describes the communication flow between the components.

Advanced Threat Assessment Service consists of a server component and two applications that administrators can deploy on endpoints.

Endpoint Assessment

For one-time security assessment, administrators can deploy the assessment tool to endpoints using Active Directory (AD) or System Center Configuration Manager (SCCM). After a scan is complete, the scan result and data sample are sent to the Advanced Threat Assessment Service server that generates the summary reports. Administrators can download and send the reports to information security experts for analysis.

To update the assessment tool components, administrators can configure the Advanced Threat Assessment Service server to check and obtain the latest component versions from the Trend Micro ActiveUpdate server.


Remote Incident Response

Advanced Threat Assessment Service integrates with Trend Micro Threat Investigation Center to enable remote incident response capabilities. To investigate an incident, information security experts can create new forensic tasks on Trend Micro Threat Investigation Center.

After a forensic task is approved on the Advanced Threat Assessment Service server, administrators can deploy the forensic agent on endpoints to perform the requested tasks (security scan or collect file samples). The scan result and file samples are sent to Trend Micro Threat Investigation Center for analysis.

The Advanced Threat Assessment Service synchronizes the forensic task lists from Trend Micro Threat Investigation Center.