Deep Discovery Analyzer includes the following features:
Deep Discovery Analyzer ensures optimized performance with a scalable solution able to keep pace with email, network, endpoint, and any additional source of samples.
Deep Discovery Analyzer performs sandbox simulation and analysis in environments that match the desktop software configurations attackers expect in your environment and ensures optimal detection with low false-positive rates.
Deep Discovery Analyzer examines a wide range of Windows executable, Microsoft Office, PDF, web content, and compressed file types using multiple detection engines and sandboxing.
Deep Discovery Analyzer uses YARA rules to identify malware. YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment.
Using specialized detection and sandboxing, Deep Discovery Analyzer discovers malware and exploits that are often delivered in common office documents and other file formats.
Deep Discovery Analyzer performs page scanning and sandbox analysis of URLs that are automatically submitted by integrating products.
Deep Discovery Analyzer delivers full analysis results including detailed sample activities and C&C communications via central dashboards and reports.
Alert notifications provide immediate intelligence about the state of Deep Discovery Analyzer.
Multiple standalone Deep Discovery Analyzer appliances can be deployed and configured to form a cluster that provides fault tolerance, improved performance, or a combination thereof.
Deep Discovery Analyzer enables out-of-the-box integration to expand the sandboxing capacity of Trend Micro email and web security products.
Deep Discovery Analyzer allows sample submissions using one of the following methods:
Integrated security products through web services API
Manual submissions on the management console
Email submissions from permitted sender domains and SMTP servers
Deep Discovery Analyzer shares new IOC detection intelligence automatically with other Trend Micro solutions and third-party security products.
Deep Discovery Analyzer supports integration with Internet Content Adaptation Protocol (ICAP) clients. After integration, Deep Discovery Analyzer can perform the following functions:
Work as an ICAP server that analyzes samples submitted by ICAP clients
Serve User Configuration Pages to the end user when the specified network behavior (URL access / file upload / file download) is blocked
Control which ICAP clients can submit samples by configuring the ICAP Client list
Bypass file scanning based on selected MIME content-types
Bypass file scanning based on true file types
Bypass URL scanning in RESPMOD mode
Scan samples using different scanning modules
Filter sample submissions based on the file types that Virtual Analyzer can process.