Key Components

The Threat Management Solution includes the following three tiers:

• Threat Discovery Appliance — uncovers internal security threats and disruptive applications within the network.
  
  
• Threat Management Services — performs advanced threat correlation to uncover hidden threats, delivering customized threat reports, incident analysis, and threat recommendations.
  
  
• Threat Mitigator — acts on information provided by a monitoring device to perform automated damage clean-up, infection root-cause analysis, and policy enforcement.
  
  

Threat Discovery Appliance

Deployed at the network layer for comprehensive coverage, the Threat Discovery Appliance collaborates with the Smart Protection Network’s in-the-cloud servers to identify and respond to next-generation threats. The Threat Discovery Appliance monitors suspicious activities at the network layer to spot malware that traditional, pattern-based security applications fail to detect. In addition, the device detects Web or email content-based attacks such as Web exploits, cross-site scripting, and phishing.

In addition, the solution identifies potential security risks and disruptive applications such as instant messaging, P2P file sharing, streaming media, and unauthorized services such as the SMTP open-relay and rogue DNS. The Threat Discovery Appliance leverages Network Content Inspection Technology to inspect network traffic and Trend Micro’s Virus Scan Engine for analyzing file content. Flexible, out-of-band deployment ensures no network disruption.

The information gleaned during Threat Discovery Appliance feeds reports that provide insight into your network security for proactive planning.

Threat Management Services

Threat Management Services leverages the computing power of in-the-cloud servers to run advanced correlation for improved threat detection, root cause identification, forensics, and threat analytics. Integration with Trend Micro’s Smart Protection Network ensures that the most up-to-date threat data is available to perform this analysis. Access to Trend Micro’s global security intelligence also provides in-depth, real-time information based on twenty years of threat research, as well as new and emerging threats, for faster response to data loss and improved threat education and remediation.

Threat Management Services provides advanced threat analysis and reporting capabilities that generate a clear view of an organization’s state of security. IT administrators can generate daily administrative reports for incident response and remediation. Also, executives can receive threat summary reports on the overall security posture of their company’s networks.

Threat Mitigator

After the Threat Discovery Appliance detects a new threat, the Threat Mitigator automatically performs pattern-free clean-up of both new and known malware at the endpoint without impacting the host system. Scan, auto-clean, and custom-clean working modes allow for flexible clean-up options.

Threat Mitigator also runs a root-cause analysis to help IT administrators determine the chain of events that led to the malware infection. Threat Mitigator collaborates with Threat Management Services to provide incident reports detailing the malicious behavior detected, how it was cleaned, and where the incident originated. Forensic scanning uncovers malware components by analyzing behavior collected in real time during threat discovery.

Threat Mitigator also ensures that all network endpoints have a baseline security posture before being allowed to connect to the network. An endpoint found lacking in service updates or security patches, or that is found to be infected, is quickly quarantined to a local network until updates or clean-up is performed.

With Threat Mitigator, IT can choose between two deployment strategies—in-line and out-of-band. Flexible, out-of-band deployment ensures no interruption to existing services.