Trend Micro Deep Security Agent Full Agent Bundle includes Firewall, Deep Packet Inspection, Integrity Monitoring + Log Inspection.
The Deep Security Agent is a server-based software component of the Deep Security solution. The agent enables IDS/IPS, web application protection, application control, firewall, integrity monitoring and log inspection. It defends the server or virtual machine by monitoring incoming and outgoing traffic for protocol deviations, content that signals an attack, or policy violations.
The Deep Security Firewall software module is enterprise-grade, bi-directional, and stateful. It can be used to allow communications over ports and protocols necessary for correct server operation and block all other ports and protocols reducing the risk against unauthorized access to the server.
The high-performance deep packet inspection engine examines all incoming and outgoing traffic, including SSL traffic, for protocol deviations, content that signals an attack, or policy violations. It can operate in detection or prevention mode to protect operating systems and enterprise application vulnerabilities. It protects web applications from application-layer attacks including SQL injection and cross-site scripting. Detailed events provide valuable information, including who attacked, when they attacked and what they attempted to exploit. Administrators can be automatically notified via alerts when an incident has occurred. Deep packet inspection is used for intrusion detection and prevention, web application protection, and application control.
The Deep Security Integrity Monitoring module monitors critical operating system files and critical application files (files, directories, registry keys and values, etc.), to detect suspicious behavior.
The Deep Security Log Inspection module provides the ability to collect and analyze operating system and application logs for security events. Log Inspection rules optimize the identification of important security events buried in multiple log entries. These events are forwarded to a Security Information and Event Management (SIEM) system or centralized logging server for correlation, reporting and archiving.
Virtual machine isolation
It allows VMs to be isolated in cloud computing or multi-tenant virtual environments, providing virtual segmentation without the need to modify virtual switch configurations.
Firewall rules can filter traffic on: IP addresses, Mac addresses, ports, different policies for each network interface can be configured.
Coverage of all IP-based protocols
Support for full packet capturing simplifies troubleshooting and provides valuable insight into understanding raised firewall events.
Detect reconnaissance activities such as port scan. Non-IP traffic such as ARP traffic can also be restricted.
The stateful firewall is flexible, allowing complete bypass of inspection, when appropriate, in a controlled manner. It addresses ambiguous traffic characteristics that can be encountered on any network, due to normal conditions, or as part of an attack.
Predefined firewall profiles
Group common enterprise server types ensuring rapid, easy, consistent deployment of firewall policy, even in large, complex networks.
With detailed logging, alerting, dashboards, and flexible reporting, Deep Security Firewall configuration changes is captured and tracked providing a detailed audit trail.
DEEP PACKET INSPECTION FEATURES:
Web application protection
Deep Security enables compliance with PCI requirement for the protection of web applications and the data that they process. Web application protection rules defend against SQL injections attacks, cross-site scripting attacks and other web application vulnerabilities, and shield these vulnerabilities until code fixes can be completed.
Application control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules can also be used to identify malicious software accessing the network, or to reduce the vulnerability exposure of your servers.
INTEGRITY MONITORING FEATURES:
Extensive file property checking
File and directories can be monitored for changes to: contents, attributes, and time and date stamp using out-of-the-box integrity rules. Additions, modification or deletions of Windows registry keys and values, Access Control Lists and log files may also be monitored and alerted.
The Integrity Monitoring module can display Integrity events within the Deep Security Manager dashboard, generate alerts, and provide auditable reports. It is also able to forward events to a SIEM via Syslog.
Security profile groupings
Integrity Monitoring rules can be configured for groups or individual servers to simplify deployment and management of monitoring rule sets.
Baseline security profiles may be established and used to compare for changes to initiate alerts and determine appropriate actions.
Flexible, practical monitoring
The Integrity Monitoring module offers flexibility and control to optimize the monitoring activities for your unique environment. This includes the ability to include/exclude files or wildcard filenames and include/exclude sub-directories in scan parameters.
LOG INSPECTION FEATURE:
Suspicious behavior detection
Log Inspection provides visibility into suspicious behavior that may be occurring on your servers.
Collecting events across your environment
The Deep Security Log Inspection module is able to collect and correlate: events across Microsoft Windows, Linux and Solaris platforms; application events from web servers, mail servers, SSHD, Samba, Microsoft FTP, etc. and custom applications log events.
Correlate different events
Collect and correlate diverse warnings, errors and informational events including system messages, application events and administrative actions.
Auditable reporting for complianceProduct Highlights
A complete audit trail of security events can be created which assists with meeting compliance requirements such as PCI requirement.
- On-demand or scheduled detection
This product can only be sold to College Students, Accredited Educational Institutions, Administrative Offices & Boards of Education, Public Libraries, and Public Museums. Students are limited to 1 copy of each product per calendar year. Students must supply either a clear copy of their student ID or a enrollment verification letter from the registrar's office, via FAX or e-mail(.jpg). Institutions must supply a signed purchase order. We cannot ship academic orders unless we receive valid credentials. Please click here for instructions.