■

Trend Micro Deep Discovery Analyzer 7.6 Readme

• What's New  | Trend Micro Service Central

What's New in Deep Discovery Analyzer 7.6

Feature/Enhancement	Details
New hardware model support	This release of Deep Discovery Analyzer supports the new Deep Discovery Analyzer 1300 appliance with UEFI support.
Sandbox as a Service integration	With Sandbox as a Service integration, Deep Discovery Analyzer can receive and analyze samples submitted to Sandbox as a Service.
Enhanced Virtual Analyzer	The internal Virtual Analyzer has been enhanced to include new image support for Windows 10 22H2, Windows 11, and Ubuntu 20.04.
Enhanced Trend Vision One integration	This release of Deep Discovery Analyzer includes STIX files in investigation packages sent to Trend Vision One for intelligence report generation and Auto Sweeping.
Enhanced network share scanning	The network share scanning feature has been enhanced to include configuration settings for the following:

Output folder per risk level|

Cloud storage server address (AWS/Azure)	VirusTotal integration
This release of Deep Discovery Analyzer integrates with VirusTotal to query analysis reports for detected samples.
Inline migration from Deep Discovery Analyzer 7.5	On hardware models 1100 and 1200, Deep Discovery Analyzer can automatically migrate the settings of a Deep Discovery Analyzer 7.5 installation to 7.6.

What's New  | Trend Micro Service Central

• Features and Benefits  | Trend Micro Service Central

• Enable Sandboxing as a Centralized Service
  • Deep Discovery Analyzer ensures optimized performance with a scalable solution able to keep pace with email, network, endpoint, and any additional source of samples.
• Custom Sandboxing
  • Deep Discovery Analyzer performs sandbox simulation and analysis in environments that match the desktop software configurations attackers expect in your environment and ensures optimal detection with low false-positive rates.
• Broad File Analysis Range
  • Deep Discovery Analyzer examines a wide range of Windows executable, Microsoft Office, PDF, web content, and compressed file types using multiple detection engines and sandboxing.
• YARA Rules
  • Deep Discovery Analyzer uses YARA rules to identify malware. YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment.
• Document Exploit Detection
  • Using specialized detection and sandboxing, Deep Discovery Analyzer discovers malware and exploits that are often delivered in common office documents and other file formats.
• Automatic URL Analysis
  • Deep Discovery Analyzer performs page scanning and sandbox analysis of URLs that are automatically submitted by integrating products.
• Detailed Reporting
  • Deep Discovery Analyzer delivers full analysis results including detailed sample activities and C&C communications via central dashboards and reports.
• Alert Notifications
  • Alert notifications provide immediate intelligence about the state of Deep Discovery Analyzer.
• Clustered Deployment
  • Multiple standalone Deep Discovery Analyzer appliances can be deployed and configured to form a cluster that provides fault tolerance, improved performance, or a combination thereof.
• Trend Micro Product Integration
  • Deep Discovery Analyzer enables out-of-the-box integration to expand the sandboxing capacity of Trend Micro email and web security products.
• Sample Submissions
  • Deep Discovery Analyzer allows sample submissions using one of the following:
    • Integrated security products through web services API
    • Manual submissions on the management console
    • Email submissions from permitted sender domains and SMTP servers
    • ICAP clients
    • Network share scanning
    • Manual Submission Tool
• Custom Defense Integration
  • Deep Discovery Analyzer shares new IOC detection intelligence automatically with other Trend Micro solutions and third-party security products.
• ICAP Integration
  • Deep Discovery Analyzer supports integration with Internet Content Adaptation Protocol (ICAP) clients. After integration, Deep Discovery Analyzer can perform the following functions:
    • Work as an ICAP server that analyzes samples submitted by ICAP clients
    • Serve User Configuration Pages to the end user when the specified network behavior (URL access / file upload / file download) is blocked
    • Control which ICAP clients can submit samples by configuring the ICAP Client list
    • Bypass file scanning based on selected MIME content-types
    • Bypass file scanning based on true file types
    • Bypass URL scanning in RESPMOD mode
    • Scan samples using different scanning modules
    • Filter sample submissions based on the file types that Virtual Analyzer can process.

Features and Benefits  | Trend Micro Service Central