Features and Benefits

Deep Discovery Director (Consolidated Mode) includes the following features:

Feature/Benefit

Details

Advanced threat analysis

Deep Discovery Director (Consolidated Mode) integrates with Deep Discovery Director - Network Analytics to provide advanced threat analysis using correlation data.

Deep Discovery Inspector log aggregation

Deep Discovery Director (Consolidated Mode) aggregates Deep Discovery Inspector detection logs. Using the same intuitive multi-level format, the Deep Discovery Director (Consolidated Mode) management console provides real-time threat visibility and analysis. This allows security professionals to focus on the real risks, perform forensic analysis, and rapidly implement containment and remediation procedures.

Product intelligence

Deep Discovery Director (Consolidated Mode) consolidates suspicious objects and C&C callback addresses from registered Deep Discovery appliances.

Custom intelligence

Deep Discovery Director (Consolidated Mode) can distribute YARA rules to registered appliances and import threat intelligence using the Structured Threat Information eXpression (STIX) format. You can also add user-defined suspicious objects that have not yet detected on your network, as well as exceptions that you consider harmless.

Feed Management

Deep Discovery Director (Consolidated Mode) allows you to subscribe to and monitor intelligence feeds for threat information that can be used to complement your product and custom intelligence.

Threat intelligence sharing

Deep Discovery Director (Consolidated Mode) can share threat intelligence data with other products or services through TAXII and HTTP or HTTPS web service.

Auxiliary products/services

To help provide effective detection and blocking at the perimeter, Deep Discovery Director (Consolidated Mode) can distribute threat intelligence data to auxiliary products and services.

Dashboard

The Dashboard screen and Deep Discovery appliance widgets allow administrators to view network integrity, system threat data, and email message detection and security information.

Detections

The Detections screen provides access to real-time information about various detection categories.

Syslog

The Syslog screen allows Deep Discovery Director (Consolidated Mode) to send suspicious objects lists and detection and appliance related logs to up to three Syslog servers.

System alerts

Administrators can view the details of triggered alerts directly on the management console. Custom rules can be created to be alerted of specific threats.

Role-based access control

Built-in roles allow administrators to control which management console screens and features can be accessed. Custom roles can be created to control which appliances a role can see and manage, and which email message detections a role can see.

Storage configuration

Administrators can add extra available disk space to Deep Discovery Director (Consolidated Mode) partitions to increase the number of logs or repository files that can be stored.

Directory

The Directory displays information about Deep Discovery appliances that are registered to Deep Discovery Director (Consolidated Mode).

Plans

Plans define the scope and schedule of deployments to target appliances.

Repository

The Repository screen displays all update, upgrade, and Virtual Analyzer image files hosted by the server. Upload and delete files from here.

Component updates

Deep Discovery Director (Consolidated Mode) uses components to display related information about detections.

Updates

The Updates screen enables you to install hotfixes, patches and firmware upgrades to Deep Discovery Director (Consolidated Mode). After an official product release, Trend Micro releases system updates to address issues, enhance product performance, or add new features.

Microsoft Active Directory Integration

Deep Discovery Director (Consolidated Mode) allows Active Directory accounts to access the management console.

System Logs

Deep Discovery Director (Consolidated Mode) maintains system logs that provide summaries about user access, setting changes, and other configuration modifications that occurred using the management console.