Skip to content

Deep Discovery Advanced Network Security

Next-generation Protection from Advanced Persistent Threats

Get the advanced threat detection, real-time intelligence, adaptive protection, and rapid response you need to combat targeted network attacks and Advanced Persistent Threats (APTs). Deep Discovery specialized network security uniquely detects and identifies evasive threats in real-time, then provides the in-depth analysis and actionable intelligence you need to protect your organization from attack. 

Reduce the risk and impact of targeted attacks

  • Protect against advanced threats
  • Improve network security and visibility
  • Counter attacks with a complete custom defense


Advanced network security delivers targeted attack detection, in-depth analysis, and rapid response

Deep Discovery is at the core of the Trend Micro Custom Defense solution, which enables you to not only detect and analyze APTs, but also to rapidly adapt protection and respond to these attacks. Deep Discovery provides the advanced threat protection you need to immediately improve your protection against further attack. Network-wide monitoring powered by custom sandboxing and relevant real-time intelligence provides early attack detection, enables rapid containment, and delivers custom security updates to evolve your protection to stay ahead of threats.

Deep Discovery’s proven approach to network security provides the best detection with the fewest false positives and the greatest coverage by identifying malicious content, communications, and behavior across every stage of the attack sequence. Through advanced threat detection and in-depth analysis of both advanced malware and evasive attacker behavior, Deep Discovery provides enterprises and government organizations with a new level of visibility and intelligence to combat APTs and targeted attacks across the evolving computing environment.

Deep Discovery is at the heart of the Custom Defense solution

Deep Discovery Diagram

Deep Discovery enables advanced threat protection

  • Monitors your specific environment for malicious content, communication and behavior
  • Uses detection methods tailored to your specific host configurations
  • Leverages deep threat analysis to generate custom updates to your protection points
  • Provides the customer-tailored and relevant intelligence to guide your rapid response

The Deep Discovery solution is comprised of two components. The Deep Discovery Inspector provides network traffic inspection, advanced threat detection and real-time analysis and reporting. The optional Deep Discovery Advisor provides open, scalable custom sandbox analysis, deep visibility into network security events, and immediate security updates—all in a unified intelligence platform.

The Only Complete Solution for Advanced Threat Protection

Trend Micro Deep Discovery advanced threat protection software is unlike any other solution available today. Unlike products that focus on a single point of vulnerability (such as email), Deep Discovery delivers the network-wide visibility, insight, and control you need to effectively combat APTs and targeted attacks. Plus, Deep Discovery integrates your entire security infrastructure into a unique, customized, comprehensive defense. This Custom Defense detects and identifies evasive threats in real time, then provides the in-depth analysis and relevant, actionable intelligence you need to protect your data, network, and users.

Best Threat Detection

Deep Discovery detection engines and sandboxing technology discover advanced malware, command and control (CC) communications, and attacker activity targeting any device on your network—including Android, Mac, and Windows devices.

Deepest Cyber Intelligence

Deep Discovery is powered by the global threat intelligence that INTERPOL trusts for international investigations—the Trend Micro Smart Protection Network™. And when an attack is discovered, it puts this intelligence at your fingertips to guide a rapid assessment and response.

Lowest Security TCO

Deep Discovery does it all in a single platform covering web, email, and virtually all other types of traffic on your network. And with the flexibility of either hardware or virtual appliances, a typical Deep Discovery deployment delivers complete protection for about half the cost of competing (and less effective) solutions.

Deep Discovery Inspector

This specialized network security solution is purpose-built for detecting APT and targeted attacks. Deep Discovery Inspector uses a 3-level advanced threat protection scheme to perform initial detection, then sandbox simulation and correlation, then ultimately, a final cross-correlation to discover “low and slow” and other evasive attacker activities discernable only over an extended period.

Specialized detection and correlation engines provide the most accurate and up-to-date threat protection aided by global threat intelligence from Trend Micro Smart Protection Network and dedicated Threat Researchers. The results are high detection rates, low false positives, and in-depth incident reporting information designed to speed the containment of an attack.

Deep Discovery Inspector Features

Advanced Threat Protection
Deep Discovery Inspector focuses on indentifying malicious content, communications, and behavior indicative of advanced malware or attacker activity across every stage of the attack sequence, using a non-intrusive, listen-only inspection of all types of network traffic.

  • Dedicated Threat Engines and multi-level correlation rules deliver the best detection and minimize false positives
  • Virtual Analyzer uses custom sandbox simulation to provide additional detection and full forensic analysis of suspect content
  • Smart Protection Network intelligence and dedicated Threat Researchers provide continually updated detection intelligence and correlation rules to identify attacks

Threat Tracking,  Analysis, and Action
Deep Discovery Inspector provides real-time threat visibility and deep analysis in an intuitive format that allows security professionals to focus on the real risks, perform forensic analysis, and rapidly remediate issues.

  • Real-Time Threat Console places threat visibility and deep analysis at your fingertips
    • Quick access widgets provide critical information at a glance
    • In-depth analysis of attack characteristics, behavior, and communication
    • GeoTrack identifies the origins of malicious communication
  • Watch List delivers risk-focused monitoring of high severity threats and high value assets
    • Focused tracking of suspicious activity and events on designated hosts
    • Hosts to be tracked determined via threat detection or customer selection
    • Detailed event timeline tracks all attack activities involving target hosts
  • Threat Connect provides the threat intelligence you need to understand and remediate an attack
    • Direct access to Trend Micro intelligence portal for a specific attack or malware
    • Containment and remediation recommendations
    • Direction to available antivirus or other signature update for this threat

SIEM Management
Deep Discovery Inspector integrates with leading SIM platforms to deliver improved enterprise-wide threat management from a single SIEM console. 

  • Network detections,  confirmed incidents and contextual data are reported to SIEM
  • Deep network visibility enhances correlation and multi-dimensional attack profiling of SIEM
  • Enterprise-wide threat detection and management provided by SIEM as the central console

Flexible, High-Capacity Deployment
Deep Discovery Inspector features a high-performance architecture designed to meet the demanding and diverse capacity requirements of customers of all sizes. The product is available on a full range of hardware, software and virtual appliances supporting multi-gigabit corporate backbones down to remote office locations.

Deep Discovery Advisor

This threat intelligence solution provides expanded threat analysis and visibility into network-wide security events and security update exports.


Deep Discovery Advisor Features

Threat Analyzer
The Threat Analyzer is an optional component designed to enhance network security with in-depth simulation and analysis of potentially malicious sample files including executables and common office documents. It can augment and centralize the simulation of Deep Discovery Inspector as well as provide advanced detection and analysis security for professionals or any security product or service via an open web services interface.

  • In-depth threat simulation and analysis uses sandbox simulation and other advanced detection engines to classify and deeply analyze submitted files
  • Custom sandbox execution environments allow the customer to create and analyze multiple fully custom target images that  precisely match their host environments
  • Scalable architecture supports incremental capacity ranges up to 50,000 samples/day
  • Open, automated, and manual submission supports input from security analysts as well as automated loopback by Trend Micro products and third-party or custom products
  • Integration with Deep Discovery Inspector and other Trend Micro products provides expanded detection and analysis options to customers  

Threat Intelligence Center
The Threat Intelligence Center is a complete analysis environment for event data from the Threat Analyzer as well as security events and logs collected from Deep Discovery Inspector, other Trend Micro products, and third-party solutions. Using these sources and integrated Threat Connect intelligence, Threat Intelligence Center provides in-depth insights to drive advanced threat protection with risk-based incident assessment, containment and remediation.

  • In-depth analysis of incidents and events using automated analysis, visualization, and advanced search and investigation tools
  • Risk-focused monitoring and investigation
  • Network-wide security event collection of events/logs from most Trend Micro and third-party products ensures a full risk assessment and effective containment and remediation measures
  • Threat Connect intelligence is automatically integrated into analysis results, providing detailed threat characteristics and context-relevant intelligence for containment and remediation
  • Deep Discovery Inspector centralized reporting consolidates detection results from multiple Deep Discovery Inspector units into a single dashboard and customizable reports
  • SIEM connect with leading platforms delivers improved enterprise-wide threat management from a single SIEM console.

Security Update Server
The Security Update Server provides the means to export useful security blocking information learned from Threat Analyzer simulation. This information includes newly identified malicious IP/URL addresses and file hash codes that can be useful to a variety of security products. Deep Discovery Inspector and certain other Trend Micro products automatically receive this information. The information can also be manually exported via CSF files.

System Requirements


Deep Discovery Inspector

  • Model 1000:1Gbps Hardware Appliance
  • Model 500: 500 Mbps Hardware Appliance
  • Model VM:VMware Software Appliance

Deep Discovery Advisor Hardware Appliance

  • Can be clustered up to 5 units

Connect with us on