Ease of use, just connect to a span port on your core switch and you're ready to go. Of course, you will see a bunch of white noise, but the built-in auto tuning system does a great job of detecting legitimate services and devices on the network, and from there you white-list the ones which you've confirmed to be known goods. Built in sandboxing provides an additional layer of defense to shake out suspicious objects and processes. This works especially well if you're running Trend Micro's Office Scan Endpoint Protection, where DDi is able to generate a new virus definition via the sandbox, and push it out to the Office Scan AV engine to provide protection across your network.
Improvements to My Organization
DDi rapidly discovers C2 traffic and pinpoints the offenders, source and recipient. It also provides a set of eyes to keep track of suspicious lateral movements between nodes. The out of the box rule set does a great job of hunting down previously unflagged threats, but can easily be customized for those that like to tweak and refine.
Room for Improvement
Not too much to complain about, really. There were a few instances where legitimate traffic (WPAD) was flagged as C2 communication. There were some challenges in white-listing it, which resulted in a bunch of alerts/noise.
Use of Solution
It can get expensive if you wish to monitor all core switches across many satellite offices. My suggestion is to put one or more DDi appliances at core switches nearest to where your critical data is housed.
Customer Service and Technical Support
Customer service is very good. Technical Support
FireEye. Fire Eye is incredibly expensive, and requires multiple appliances which together, scan far less protocols than DDi. It also hasn't fared so well in terms of detection rates, in independent tests against competing products.
Implemented in-house along with Trend's team.
Be sure to implement Trend's Control Manager module (free) for more flexible reporting, along with integration with other Trend products (strongly suggest using this along with Office Scan and Deep Discovery Endpoint Sensor, which is an EDR solution).
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Apr 15 2016