New in Trend Micro Deep Security 8.0 (Aug 29, 2012)
- Agentless Integrity Monitoring
- In Deep Security 7.5, Integrity Monitoring functionality was available only with the Deep Security Agent. In Deep Security 8.0, the Deep Security Virtual Appliance now also provides Integrity Monitoring to protect Agentless virtual machines.
- IPv6 Support
- Deep Security Relay:
- The Deep Security Relay is a server which relays Deep Security Updates from the Trend Micro Update Server to the Deep Security system. Relays improve performance by distributing the task of delivering updates to the Manager, Appliances, and Agents of your Deep Security installation.
- Multiple Deep Security Relays can be installed (at least one is required), and they can be arranged in hierarchies to optimize bandwidth (e.g. configuring the Agents on all computers in a remote office to use a particular Relay).
- Smart Protection Network:
- File Reputation Services: Deep Security Agents and Appliances store the Anti-Malware Pattern which is used as the initial file threat detection and elimination tool during scans. If the risk of the file cannot be determined by Agent/Appliance, a query is sent to the Smart Protection Network or Smart Protection Server to be assessed.
- Web Reputation Services: Web Reputation services track the credibility of Web domains by assigning a reputation score based on factors such as a Web site's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis. Web reputation services assign reputation scores to specific pages or links within sites instead of classifying or blocking entire sites.
- Web Reputation:
- Deep Security's Web Reputation module allows web pages to be blocked based on their web reputation ratings. Web Reputation uses the Trend Micro Smart Protection Network.
- Further configuration enables specific URLs to be blocked or allowed. End-users are redirected to a page explaining that the page they were trying to view was blocked by their administrator for security reasons and they are given a link to a site where they can request access to the blocked page.
- The Web Reputation protection feature is available with a Deep Security Anti-Malware protection license.
- Smart Feedback:
- Trend Micro Smart Feedback provides continuous communication between Trend Micro products and the company's 24/7 threat research centers and technologies. With Smart Feedback, products become an active part of the Trend Micro Smart Protection Network, where large amounts of threat data is shared and analyzed in real time. This interconnection enables never before possible speeds at identifying, analyzing, and stopping new threats—a level of responsiveness that addresses the thousands of new threats and threat variants released daily.
- Coordinated Approach:
- Changes in the way the coordinated approach is implemented mean that if you have a protection feature activated and capable at both the Deep Security Virtual Appliance and a Deep Security Agent on a virtual machine protected by that Appliance, then the protection feature will be in effect at the Agent only. The Firewall, DPI, and Web Reputation modules can take advantage of Coordinated Protection. Anti-Malware, Integrity Monitoring, and Log Inspection are not yet supported.
- Auto-Tagging and Trusted Source:
- As part of the Integrity Monitoring protection, Auto-Tagging allows administrators to automatically tag events from protected computers based on the similarity to selected known-good events. The source for known-good events can be a local Trusted Computer, or known good signatures from Trend Micro's Certified Safe Software Service. Tags can be used to organize Events in order to simplify the task of Event monitoring and management.
- Agent Notifier:
- The Deep Security Notifier is a Windows System Tray application that displays security notifications to users of protected computers. It also provides a pop-up user notification when the Deep Security blocks malware or access to web pages.
- The Notifier can be installed on its own on computers protected by a Virtual Appliance. It is automatically installed by default with the Deep Security Relay and Deep Security Agent on Windows.
- Agent Self-Protection:
- Administrators can use Deep Security Manager to prevent local end-users from uninstalling, stopping, or otherwise modifying the Deep Security Agents.