Trend Micro Deep Discovery OverviewUNIXBusinessApplication

Trend Micro Deep Discovery is the #8 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Trend Micro Deep Discovery an average rating of 8.6 out of 10. Trend Micro Deep Discovery is most commonly compared to Darktrace: Trend Micro Deep Discovery vs Darktrace. Trend Micro Deep Discovery is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: November 2022

What is Trend Micro Deep Discovery?

Deep Discovery is available as a physical or virtual network appliance. It’s designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.

Trend Micro Deep Discovery was previously known as Trend Micro Deep Discovery Inspector, Trend Micro Deep Discovery Analyzer.

Trend Micro Deep Discovery Customers

Allied Telesis, Atma Jaya Catholic University of Indonesia, Babou, Blekinge County Council, Delacour, Hiroshima Prefectural Government, Live Nation Entertainment Inc., Mazda Motor Logistics Europe, McGill University Health Centre, Mikuni Corporation, OKWAVE, Sinar Mas Land, SWICA, UTOC Corporation

Trend Micro Deep Discovery Video

Archived Trend Micro Deep Discovery Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Consultant at a consultancy with 10,001+ employees
Consultant
Protection that limits the threat quickly and is easy to set up

What is our primary use case?

The primary use case of this solution is to protect the equity, command, and control and botnet infections.

What is most valuable?

The most valuable features are the protection and that it is fast.

What needs improvement?

I would like to see them create a rule where It could integrate with the network and start mitigating with auto-detection.

For how long have I used the solution?

I have been working with this solution for six months.

Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
November 2022
Find out what your peers are saying about Trend Micro, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: November 2022.
655,711 professionals have used our research since 2012.

What do I think about the stability of the solution?

This solution is stable we have not had any issues.

What do I think about the scalability of the solution?

We have plans to scale it to FortiGate. We have checked it to 10GB and it was fine.

I am the only user.

How are customer service and support?

I have not contacted technical support.

Which solution did I use previously and why did I switch?

Previously, we have tried an open-source SIEM solution. SIEM is a traffic analyzer, and conflicts can be fixed. With Trend Micro, you can only categorize it.

How was the initial setup?

The initial setup was easy.

This solution can be deployed in two days.

What about the implementation team?

I did not use a vendor to implement this solution. I did it myself.

What other advice do I have?

We are trying this solution as a POC.

It's a nice product and it has really helped limit the attacks.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sanjeet Kumar Bhuyan - PeerSpot reviewer
Security Consultant and Cybersecurity Support at a tech services company with 51-200 employees
Real User
Good HTML file sandboxing and great technical support, but stability isn't 100%
Pros and Cons
  • "The HTML file sandboxing is very good."
  • "The stability of the solution could be improved. It should be 100% stable, but it's not there right now."

What is our primary use case?

Normally we use the solution to send the traffic. We get traffic on it and once I get the traffic, I get the SPN diagnosis and all the network services diagnostics and whatever else that I run in the office file server. It scans through that. For example, when we download some files, in our portal we are uploading some of the activity documents, as well as Excel and Word documents, etc. They get scanned through and we have DDI Rules that are enabled for the file management. 

Basically, any uploading, downloading, etc. of items from our website server get scanned and analyzed. 

What is most valuable?

The HTML file sandboxing is very good.

Their technical support is very good and extremely responsive.

The solution, overall, offers very good features.

What needs improvement?

The licensing costs could be improved and simplified.

If they could integrate the solution with the endpoint agent, that would be ideal. I understand that's not possible currently.

Since this is a technical device, it would be great if they could just allow us to integrate it with some of the existing VMs or our existing devices. These are all central devices. If they can offer the solution on VM boxes, like virtual systems, that would be great. That way, our hardware costs, electricity costs, and database space costs and all can be lowered.

Currently, a solution called Apex One is on the market and it has features that allow for more integrated security. They should try to emulate this a bit more. It has better bundles.

The stability of the solution could be improved. It should be 100% stable, but it's not there right now.

For how long have I used the solution?

I've been using the solution for more than one and a half years.

What do I think about the stability of the solution?

Sometimes there needs to be a stability test done. We did tests and checked up to around 20 or 25 samples. Out of those tests, two missed. There were two things that the solution didn't detect but were later detected on the endpoint. It's therefore not completely stable. It misses things.

What do I think about the scalability of the solution?

The scalability of the solution is okay. It's fast.

All of our users are currently on the solution.

How are customer service and technical support?

The technical support is good. They're immediately in contact with us the moment we reach out to them. That's never been a problem. We've been quite satisfied with the level of service they've provided.

Which solution did I use previously and why did I switch?

We previously used McAfee.

How was the initial setup?

The solution doesn't have a very common setup. The initial implementation is a bit different. However, anyone can handle it as long as they review the necessary documentation. They just need to read the manual, and then they can handle the implementation. I would suggest it has a medium level of difficulty.

For us, deployment took about three days. That includes configuring the solution as well.

What about the implementation team?

I handled the implementation and the configuration myself with the assistance of the solution's manuals.

What's my experience with pricing, setup cost, and licensing?

I don't handle the licensing. I don't know what the costs are for the solution.

Which other solutions did I evaluate?

I haven't evaluated the solution, but something called Apex One is now on the market, and it offers better bundles and better integrations in comparison to Trend Micro.

What other advice do I have?

The solution is very nice, but I would suggest to others that they test as many use cases as they can at the beginning.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
November 2022
Find out what your peers are saying about Trend Micro, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: November 2022.
655,711 professionals have used our research since 2012.
Network Support Specialist at a financial services firm with 5,001-10,000 employees
Real User
Helped us to improve our security levels and protects our internal network from any external threats
Pros and Cons
  • "Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside."
  • "There are certain aspects of flexibility in the policies that should be added to Deep Discovery."

What is our primary use case?

We use the onsite version, not cloud. Our primary use case is for intrusion detection, including threats, malware, and basically anything that might be a threat. Traffic that is intercepted from emails going outbound or inbound is also analyzed.

What is most valuable?

Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside.

What needs improvement?

We haven't dealt with any issues in either the product itself or the graphical interface so far. I haven't seen anything that requires improvement as of now. I believe maybe with time we will see something because we have only been using this product for six months. With time, we might be able to identify certain aspects that we face in the future that could give us a better understanding of what requires improvement. As of now, however, I don't see that there is an improvement needed for the product as it is.

We have multiple other products that really have a non-friendly user interface. Deep Discovery compared to them is much easier. Trend Micro has also given us a quick course on how to use it. I might say I love them now. I think the interface itself is quite friendly to deal with adding, changing, or troubleshooting itself.

There are certain aspects of flexibility in the policies that should be added to Deep Discovery. At times, we are limited to a certain policy or certain changes that can be added or configured. I believe that certain infrastructures or networks require a little bit more flexibility to make changes throughout the full software, enabling users or admins to cover all the requirements needed.

For how long have I used the solution?

I've been using this solution for about six months.

What do I think about the stability of the solution?

Deep Discovery is very stable to use.

What do I think about the scalability of the solution?

I have no idea of its scaling potential because we have only used it for six months. I believe that we could grow with this solution as much as needed because we are not a small bank. We are not a small institute. We're growing day by day. As of now, we haven't had that kind of issue so I don't believe there will be a problem of scale.

I'm not a hundred percent sure how many users we have. I would say maybe over 50. The main users are for network and security, but we have also the infrastructure engineers and specialists that use it as well.

How are customer service and technical support?

We deal with the support here in Egypt. There is a team from Trend Micro that covers Egypt. They supported us from day one, from implementation to troubleshooting of any issues or problems that we faced throughout our time dealing with Trend Micro. We have been using them not just for Deep Discovery, but for a couple of years on different products that we introduced into our network. They have been more than helpful in regards to support and helping us understand their products better.

How was the initial setup?

I believe it was straightforward to set up because we haven't had something similar to it. There was no interference, but everything just went more smoothly than expected from day one of implementation by IT. We faced some issues in between in regards to certain aspects of sandboxing for the exchange. That was because of certain ways that software was interrupting emails from somewhere inside. They helped customize some hotfixes and inserted methods into the program just for us to be able to support it. There were issues that we faced in between, but the support team from Trend Micro did their best to customize, make changes, and support us to help us fix these issues.

What other advice do I have?

I would definitely recommend it based on how I have seen our network improve and the better insights we got on our traffic.

The only thing is that everything requires a little bit of studying to check the infrastructure and requirements. All in all, the variety of products provided by Trend Micro will give you a huge step up into checking and defending yourself from any threats. That includes threat prevention, as well as analyzing emails and endpoints in general. You have a full package of products to support every single aspect of the network.

I would give it an eight of ten, just because there's a little bit of improvement that can be done for the software. We also had some issues that required customization. I'll just give it an eight for the time being.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Dmytro Ostapenko - PeerSpot reviewer
Pre-Sales Engineer at Elcore Distribution AG
Real User
Intuitive, user-friendly, and easy to use solution that helps to detect advanced threats and attacks
Pros and Cons
  • "The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks."
  • "I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible."

What is our primary use case?

I work for a distribution partner company. We use the on-prem, physical model of this solution.

What is most valuable?

It's intuitive and has a user-friendly interface. It's also flexible. We can put files, web links in this solution through other Windows.

The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks. It helps to clone the internal structure, IT structure of some companies. So you could clone the computer of the director or the financial department and place it to the sandbox. The bad guys who are looking for a way to get into your organization when they get to a computer, they think that it's a real computer. They see software or something connected with finance and they think that this is a real computer and not a laboratory or a sandbox so they run the bad script and think that they're stealing some important information or encrypting some important information. Antivirus solutions can stop attacks when they know how these attacks play out. If we don't know how the attack is going to go, we can't identify it. It customizes the images and Trend Micro helps to identify these unknown attacks.

Different parts of the organization can quickly receive information about the bad scripts. It helps to protect the organization's infrastructure from these attacks. 

What needs improvement?

We'd like to see more video guides. I'd also like for them to increase the numbers of different virtual images. Now the solution can use only three different images. For example, it's Windows 7, Windows 10, and the Windows servers are 2016. Only three of them at the same time. It would be more useful if the solution can operate with around five or six different images like Windows 7 2019, Windows 8.1. I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible.

For how long have I used the solution?

I have been using this solution for a year and a half.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's a solution for enterprise antivirus protection. It's not for small companies. The price of this solution corresponds to its class.

In my company only I use this solution. It's a stand-alone laboratory. It's a stand-alone server that analyzes files, URLs, and messages from all IT infrastructure in an organization. It's not a solution for one person or 10 people. It's a solution for all employees inside an organization.

How are customer service and technical support?

We haven't had the need to contact technical support. It's very easy to use. 

Which solution did I use previously and why did I switch?

The main difference from other solutions is that it uses customized images inside sandboxes. They're similar in functionality. All of them run, scan, and notice every change that some files, some scripts, some links do inside the system. The environment is imported inside the sandbox and in this way, Trend Micro is the leader in the world's markets of sandbox solutions.

How was the initial setup?

The initial setup was straightforward and very easy. You don't need special knowledge or courses to complete an installation of this solution. It's very easy.

What about the implementation team?

We implemented it ourselves. 

What other advice do I have?

I would rate it a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Information Security Manager at a legal firm with 1,001-5,000 employees
Vendor
The built-in auto tuning system does a great job of detecting legitimate services and devices on the network.

What is most valuable?

Ease of use, just connect to a span port on your core switch and you're ready to go. Of course, you will see a bunch of white noise, but the built-in auto tuning system does a great job of detecting legitimate services and devices on the network, and from there you white-list the ones which you've confirmed to be known goods. Built in sandboxing provides an additional layer of defense to shake out suspicious objects and processes. This works especially well if you're running Trend Micro's Office Scan Endpoint Protection, where DDi is able to generate a new virus definition via the sandbox, and push it out to the Office Scan AV engine to provide protection across your network.

How has it helped my organization?

DDi rapidly discovers C2 traffic and pinpoints the offenders, source and recipient. It also provides a set of eyes to keep track of suspicious lateral movements between nodes. The out of the box rule set does a great job of hunting down previously unflagged threats, but can easily be customized for those that like to tweak and refine.

What needs improvement?

Not too much to complain about, really. There were a few instances where legitimate traffic (WPAD) was flagged as C2 communication. There were some challenges in white-listing it, which resulted in a bunch of alerts/noise.

For how long have I used the solution?

2 years

What was my experience with deployment of the solution?

No

What do I think about the stability of the solution?

Never

What do I think about the scalability of the solution?

It can get expensive if you wish to monitor all core switches across many satellite offices. My suggestion is to put one or more DDi appliances at core switches nearest to where your critical data is housed.

How are customer service and technical support?

Customer Service:

Customer service is very good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

FireEye. Fire Eye is incredibly expensive, and requires multiple appliances which together, scan far less protocols than DDi. It also hasn't fared so well in terms of detection rates, in independent tests against competing products.

How was the initial setup?

Straightforward setup.

What about the implementation team?

Implemented in-house along with Trend's team.

What other advice do I have?

Be sure to implement Trend's Control Manager module (free) for more flexible reporting, along with integration with other Trend products (strongly suggest using this along with Office Scan and Deep Discovery Endpoint Sensor, which is an EDR solution).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Trend Micro, Darktrace, Cisco, and more!
Updated: November 2022
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Trend Micro, Darktrace, Cisco, and more!