TDA Introduction
As a critical first step in the Trend Micro threat management solution, deploy a comprehensive, comprehensive coverage on each network hierarchy switch, locating malicious programs by monitoring suspicious activity on the network layer, and threatening discovery devices (Threat Discovery appliance-, TDA) Integrated trend technology "cloud security" technology, can fully support the detection of 2-7 layers of malicious threats to identify and respond to the next generation of network threats. This is a traditional, code-based approach to security products can not be done.
With the trend technology "cloud security" technology, TDA can detect attacks based on web threats or message content, such as Web attacks, Cross-site scripting attacks, and phishing. In addition, when malicious programs spread infection to other users on the network, they are tagged, including hidden malware that transmits information to the outside world or receives commands from a malicious source such as a zombie network. TDA can also identify unauthorized applications and service programs that violate security policies, disrupt networks, and consume large amounts of bandwidth or pose potential security threats. These applications and service programs include instant messaging (Bittorrent, Kazaa, edonkey, MSN, Yahoo Messenger), peer-to-peer file sharing, streaming media, and unauthorized services such as SMTP relay and DNS spoofing. TDA uses network content detection technology to detect network traffic and trends technology virus scanning engine analyzes its content and uses port scans on network switches to perform content checks in a mirrored way to create network packets to ensure that network services are not interrupted. The enterprise administrator can formulate the corresponding enterprise network security plan According to the feedback report information provided by TDA.
TDA function
Detects malicious behavior at the network layer, such as:
1. Malicious software that attempts to spread or infect other users;
2, to leak information or accept the command of the hidden malicious software;
3. Attacks based on Web or e-mail content, such as Web attacks, Cross-site scripting attacks, and phishing.
Application and service programs for detecting Rotten network resources:
1, the detection of non-work content of the network use, such as instant messaging, Peer-to-peer file sharing and streaming media;
2. Identify unauthorized services that pose a security threat, such as an abused DNS service for anonymous forwarding and tampering with SMTP.
Based on the network content detection technology analysis:
1, support from the network layer to the application layer of a variety of integrated protocol network traffic detection;
2. To determine the suspicious threat of related events;
3, the use of trend technology advanced virus scanning engine analysis file content.
Integration with trend technology threat management services:
1, the combination of "cloud security" technology and advanced correlation analysis engine to improve threat detection, root cause identification and threat analysis;
2, the use of trend technology Intelligent Network protection technology to ensure that the latest threat data access and analysis;
3, visit the Trend Technology Security Information Center to obtain detailed, current and timely threat information and the latest threat status.
Threat analysis and reporting capabilities:
1, the formation of the whole company to reflect the security situation of the overall view;
2. Manage the report and event information through the centralized management interface;
3, generate incident Response management Daily table, weekly/monthly execution summary to facilitate viewing the overall security situation, as well as event viewing and report comparison;
4, through the event information to browse more detailed interactive report;
5. Display the comprehensive threat information of granulation;
6, security policy improvements, controllable remedial measures and response recommendations.
Key Benefits
• Faster response to data leaks due to the early detection of new unknown malware
• Ability to proactively plan security infrastructure due to greater awareness of the root causes of network vulnerabilities and threats
• Save bandwidth and resources by detecting destructive applications and services in the network
• Easy management of threats and event information through centralized management
• Minimize disruption of existing service programs through flexible offline deployments
Hardware specifications