Features and Benefits

Deep Discovery Analyzer ensures optimized performance with a scalable solution able to keep pace with email, network, endpoint, and any additional source of samples.

Deep Discovery Analyzer performs sandbox simulation and analysis in environments that match the desktop software configurations attackers expect in your environment and ensures optimal detection with low false-positive rates.

Deep Discovery Analyzer examines a wide range of Windows executable, Microsoft Office, PDF, web content, and compressed file types using multiple detection engines and sandboxing.

Deep Discovery Analyzer uses YARA rules to identify malware. YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment.

Using specialized detection and sandboxing, Deep Discovery Analyzer discovers malware and exploits that are often delivered in common office documents and other file formats.

Deep Discovery Analyzer performs page scanning and sandbox analysis of URLs that are automatically submitted by integrating products.

Deep Discovery Analyzer delivers full analysis results including detailed sample activities and C&C communications via central dashboards and reports.

Alert notifications provide immediate intelligence about the state of Deep Discovery Analyzer.

Multiple standalone Deep Discovery Analyzer appliances can be deployed and configured to form a cluster that provides fault tolerance, improved performance, or a combination thereof.

Deep Discovery Analyzer enables out-of-the-box integration to expand the sandboxing capacity of Trend Micro email and web security products.

Deep Discovery Analyzer allows sample submissions using one of the following methods:

• Integrated security products through web services API

• Manual submissions on the management console

• Email submissions from permitted sender domains and SMTP servers

Deep Discovery Analyzer shares new IOC detection intelligence automatically with other Trend Micro solutions and third-party security products.

Deep Discovery Analyzer supports integration with Internet Content Adaptation Protocol (ICAP) clients. After integration, Deep Discovery Analyzer can perform the following functions:

• Work as an ICAP server that analyzes samples submitted by ICAP clients

• Serve User Configuration Pages to the end user when the specified network behavior (URL access / file upload / file download) is blocked

• Control which ICAP clients can submit samples by configuring the ICAP Client list

• Bypass file scanning based on selected MIME content-types

• Bypass file scanning based on true file types

• Bypass URL scanning in RESPMOD mode

• Scan samples using different scanning modules

• Filter sample submissions based on the file types that Virtual Analyzer can process.