Trend Micro Deep Discovery Reviews

Ease of use, just connect to a span port on your core switch and you're ready to go. Of course, you will see a bunch of white noise, but the built-in auto tuning system does a great job of detecting legitimate services and devices on the network, and from there you white-list the ones which you've confirmed to be known goods. Built in sandboxing provides an additional layer of defense to shake out suspicious objects and processes. This works especially well if you're running Trend Micro's Office Scan Endpoint Protection, where DDi is able to generate a new virus definition via the sandbox, and push it out to the Office Scan AV engine to provide protection across your network.

DDi rapidly discovers C2 traffic and pinpoints the offenders, source and recipient. It also provides a set of eyes to keep track of suspicious lateral movements between nodes. The out of the box rule set does a great job of hunting down previously unflagged threats, but can easily be customized for those that like to tweak and refine.

Not too much to complain about, really. There were a few instances where legitimate traffic (WPAD) was flagged as C2 communication. There were some challenges in white-listing it, which resulted in a bunch of alerts/noise.

2 years

No

Never

It can get expensive if you wish to monitor all core switches across many satellite offices. My suggestion is to put one or more DDi appliances at core switches nearest to where your critical data is housed.

Customer service is very good.

Very good.

FireEye. Fire Eye is incredibly expensive, and requires multiple appliances which together, scan far less protocols than DDi. It also hasn't fared so well in terms of detection rates, in independent tests against competing products.

Straightforward setup.

Implemented in-house along with Trend's team.

Be sure to implement Trend's Control Manager module (free) for more flexible reporting, along with integration with other Trend products (strongly suggest using this along with Office Scan and Deep Discovery Endpoint Sensor, which is an EDR solution).

The tool's most valuable feature is its collaboration with other products. Integrating with other security products was simple and easy. 

The tool's configuration can be made easier.

I have been using the product for a year. 

I rate the tool's stability a ten out of ten. 

Trend Micro Deep Discovery is scalable. My company has more than 1000 users. 

I haven't contacted technical support yet. I use the tool's documentation. 

I've also had experience using Cisco products. However, I found that Cisco's solutions can be quite expensive. Additionally, the integration between their various products tends to be more complex than Trend Micro Deep Discovery. One significant advantage of Trend Micro Deep Discovery is its centralized console, which allows us to manage almost all their products from a single location.

My company has ten technical staff for Trend Micro Deep Discovery. 

Trend Micro Deep Discovery can cover all security requirements. I rate it a seven out of ten.