Features and Benefits

Advanced Threat Assessment Service provides the following features and benefits:

Feature or Benefit

Description

Trend Micro Threat Investigation Center integration

Advanced Threat Assessment Service integrates with Trend Micro Threat Investigation Center to enable remote incident response capabilities.

Trend Micro Threat Investigation Center combines log aggregation and heuristic analysis to deliver real-time threat monitoring, in-depth global threat intelligence, and threat geographic maps. These allow security professionals to effectively respond to attacks by rapidly implementing containment and remediation procedures.

Forensic tasks for remote incident response

Administrators can approve forensic tasks in Trend Micro Threat Investigation Center and deploy the forensic agent on each endpoint to perform the following tasks:

  • Collect file samples

  • Run Trend Micro Forensic Toolkit (TMFK) for forensic analysis

Forensic agent

An executable file that administrators can deploy on endpoints to perform forensic tasks. After a task is complete, file samples and scan results are sent to Trend Micro Threat Investigation Center for analysis.

Assessment tool

An executable file that administrators can deploy on endpoints to perform a one-time scan for potential malware or evidence of compromise. The assessment tool runs in the background and does not modify any settings or files on endpoints.

The assessment tool collects samples of suspicious files detected on endpoints and includes the sample files in scan reports that are sent to the Advanced Threat Assessment Service server.

User-defined suspicious objects list and exceptions

Administrators can define scan exceptions and add objects that they consider suspicious.

Endpoint tag mapping

For easy endpoint identification, Advanced Threat Assessment Service supports endpoint tagging by matching tag information from an imported CSV file with endpoints and displaying the tag information on the web console.

Send reports and report download

Using the web console, administrators can send selected scan reports to one or more email recipients or download scan reports.