A managed security providing 24/7/365 expert monitoring and analysi of Deep Discovery Inspector to detect and respond to cyber threats.
Managed Security Service for Deep Discovery Inspector
Asgent Security Operations Center analysts continuously operate and monitor the Deep Discovery Inspector deployed in the customer’s environment on a 24/7/365 basis. Upon detection of a security incident, the analysts perform correlation analysts and promptly report the event details, along with recommended remediation and security measures.
What is Trend Micro Deep Discovery Inspector?
Trend Micro Deep Discovery Inspector is a network security solution that monitors and analyzes network traffic and email attachments to detect advanced threats within the enterprise network. By visualizing malicious behaviors and malware infections on inadequately protected endpoints, it enables comprehensive visibility into latent internal threats. This solution provides end-to-end protection against targeted cyberattacks by covering entry points, exit points, and internal network activity.
System administrators can identify attacking servers and affected endpoints in real time via the management console, and review necessary countermeasures using regularly generated automated reports.
Features
-
24/7/365 Log Monitoring
Asgent’s Security Operatoins Center provides 24/7/365 operational monitoring of Deep Discovery Inspector deployed in the customer environment. Upon detection of security alerts, notifications are immediately issued via email and telephone to designated contacts, including system administrators. -
Expert Correlation Analysis by Security Professional
Rather than simply reporting each detected event individually, highly skilled and experienced security analysts continuously perform correlated analysis across logs from the various detection functions. -
Recommendations for Permanent Countermeasures
For security events judged to have a high likelihood of attack or intrusion and to require initial response and threat analysis, we promptly notify you of the detection details and initial response procedures. After threat analysis is completed, we provide follow-up communication that includes recommendations for permanent countermeasures.
Service Details
Security Incident Monitoring
| Detection type | Monitored events and logs | |
|---|---|---|
| Threats | Unauthorized content | Downloaded viruses and malware |
| Grayware | Internal access to suspicious IP addresses and URLs | |
| Exploitation of security holes | External access attempts that exploit known vulnerabilities | |
| Unauthorized behavior | Internal access attempts that exploit known vulnerabilities | |
| Suspicious behavior | System events that have been classified as abnormal | |
| Applications of concern | P2P and IRC access from inside and outside the organization | |
| Malicious URLs | Access to URLs classified as suspicious | |
| Virtual analyzer | Analysis results of suspicious files | |
System Function Monitoring
We periodically verify the operational status of monitored devices by reviewing various system indicators to ensure stable operation
・ICMP response checks
・Status of various resources (CPU, memory, disk, sessions, and other utilization metrics)
・Log collection status, etc.
Dedicated Customer Portal and Monthly Reporting
Through a customer-specific portal , Asgent provide monthly reports (in PDF format) that summarize the responses carried out during the month and statistics on incidents. In addition, we also regularly provides information on important vulnerabilities, commentary on security cases, and recent trends. When a vulnerability is identified as having a significant impact, we issue an emergency notification.
