Trend Micro today announced Deep Discovery, a threat-detection tool designed to monitor network traffic in order to detect signs of stealthy attacks aimed at stealing corporate data.
Deep Discovery is intended to focus on the question, "Is there human attacker activity in the network?" says Kevin Faulkner, senior enterprise product marketing manager at Trend Micro. He acknowledges Deep Discovery in large part represents a wholesale re-engineering of what Trend Micro previously called its Threat Management System, released last year. "It was rebuilt from the ground up," says Faulkner, noting that more than 500 business customers are now using it.
Some of the ways in which Deep Discovery is different from the past, he says, is it now has three times the processing power and takes what was a cloud-based management console, moving it out of the cloud and putting that console and analysis functions into the physical form that's now installed on the customer premises.
"Our customers didn't want this management running in cloud," says Faulkner. The product also has a security sandboxing feature that can allow malware to be safely detonated and observed.
Available as an appliance or software, the roadmap for further development of Deep Discovery includes giving it a capability to identify and track mobile devices and tell what apps they're accessing when their users have been granted access to the corporate network. Other roadmap goals, which should make it into the next release later this year, include templates for data-loss prevention so that sensitive information, such as Payment Card Industry cardholder data, for example, could be flagged if it appears to be traversing the network inappropriately.
With Deep Discovery, Trend Micro roughly aims to compete against the NetWitness threat-analysis product, which was acquired by RSA, the security division of EMC. Today, RSA also announced an expansion to the NetWitness Live 2.1 service of automated threat-intelligence feeds intended to be correlated in the NetWitness appliance to deliver actionable information.
According to Sam Curry, chief technology officer for identity and protection at RSA, the NetWitness Live service, which operates around the clock, aggregates relevant threat intelligence from more than 100 sources. Some of the new data sources include the RSA CyberCrime Intelligence service and the RSA eFraud Network, which are said to together aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide. New third-party intelligence feeds include VeriSign Threat Indicators and Critical Intelligence. For malware analysis, NetWitness Spectrum Live gains feeds from Bit9 and ThreatGRID.
In addition, RSA -- which itself suffered a data breach in 2011 that it blamed on a unnamed "nation-state" out to steal information related to SecurID -- will also make a plea for more collaborative sharing of threat data.
RSA will demonstrate a cloud-based framework and proof-of-concept technology aimed at improving threat-information sharing and collaboration among organizations and outside experts. RSA is calling it an "experimental collaboration platform" that it hopes will "help companies with limited experience in advanced threats augment their capabilities, and will enable broader sharing of threat intelligence across the industry." According to Bret Hartman, RSA's chief technology officer, "We'd like others in the global security community to join us in exploring new methods, such as this type of framework, to share threat information on a much larger scale."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.