The following sections describe the Endpoint Sensor features and benefits:
Endpoint Sensor provides a central location to investigate for the existence of threats on multiple endpoints. All investigation criteria are fully customizable by the user. Endpoint Sensor can investigate both historical and current states of all managed endpoints. Each investigation provides a graphical breakdown of the threat's activities, which helps administrators re-construct the events of the security incident from start to end.
If regular monitoring is part of the organization's security plan, Endpoint Sensor provides the option to perform investigations scheduled at specified intervals.
Endpoint Sensor supports IOC and YARA rules which allow the creation, sharing and re-use of existing threat information. IOC and YARA rules are fully customizable to address targeted attacks. Additionally, Endpoint Sensor also provides its own set of IOC rules, which are regularly updated to provide protection from the most recent threats.
Endpoint Sensor allows administrators to monitor, manage and run investigations on endpoints through a web-based management console. The management console provides a means to configure the endpoints remotely, and view endpoint details —such as agent version, pattern version, etc. — all from a central location.
Endpoint Sensor can proactively monitor and discover suspicious files and behavior through user-defined IOC rules. Endpoint Sensor also leverages on Trend Micro's threat intelligence through the use of regularly updated IOC rules to provide protection from the latest threats.
Endpoint Sensor collects all files that match a monitoring rule. Once a suspicious file is found, it can be sent to a local file server, or sent to a Deep Discovery Analyzer server for further analysis. Deep Discovery Analyzer then provides Endpoint Sensor with a comprehensive set of threat details that can help administrators determine if a file is malicious or not.
For details, see Integration with Deep Discovery Analyzer.