We just raised a $30M Series A: Read our story

Trend Micro Deep Discovery OverviewUNIXBusinessApplication

Trend Micro Deep Discovery is the #10 ranked solution in our list of top Intrusion Detection and Prevention Software. It is most often compared to Darktrace: Trend Micro Deep Discovery vs Darktrace

What is Trend Micro Deep Discovery?

Deep Discovery is available as a physical or virtual network appliance. It’s designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.

Trend Micro Deep Discovery is also known as Trend Micro Deep Discovery Inspector, Trend Micro Deep Discovery Analyzer.

Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: October 2021

Trend Micro Deep Discovery Customers

Allied Telesis, Atma Jaya Catholic University of Indonesia, Babou, Blekinge County Council, Delacour, Hiroshima Prefectural Government, Live Nation Entertainment Inc., Mazda Motor Logistics Europe, McGill University Health Centre, Mikuni Corporation, OKWAVE, Sinar Mas Land, SWICA, UTOC Corporation

Trend Micro Deep Discovery Video

Archived Trend Micro Deep Discovery Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AA
Network Support Specialist at a financial services firm with 5,001-10,000 employees
Real User
Helped us to improve our security levels and protects our internal network from any external threats

Pros and Cons

  • "Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside."
  • "There are certain aspects of flexibility in the policies that should be added to Deep Discovery."

What is our primary use case?

We use the onsite version, not cloud. Our primary use case is for intrusion detection, including threats, malware, and basically anything that might be a threat. Traffic that is intercepted from emails going outbound or inbound is also analyzed.

What is most valuable?

Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside.

What needs improvement?

We haven't dealt with any issues in either the product itself or the graphical interface so far. I haven't seen anything that requires improvement as of now. I believe maybe with time we will see something because we have only been using this product for six months. With time, we might be able to identify certain aspects that we face in the future that could give us a better understanding of what requires improvement. As of now, however, I don't see that there is an improvement needed for the product as it is.

We have multiple other products that really have a non-friendly user interface. Deep Discovery compared to them is much easier. Trend Micro has also given us a quick course on how to use it. I might say I love them now. I think the interface itself is quite friendly to deal with adding, changing, or troubleshooting itself.

There are certain aspects of flexibility in the policies that should be added to Deep Discovery. At times, we are limited to a certain policy or certain changes that can be added or configured. I believe that certain infrastructures or networks require a little bit more flexibility to make changes throughout the full software, enabling users or admins to cover all the requirements needed.

For how long have I used the solution?

I've been using this solution for about six months.

What do I think about the stability of the solution?

Deep Discovery is very stable to use.

What do I think about the scalability of the solution?

I have no idea of its scaling potential because we have only used it for six months. I believe that we could grow with this solution as much as needed because we are not a small bank. We are not a small institute. We're growing day by day. As of now, we haven't had that kind of issue so I don't believe there will be a problem of scale.

I'm not a hundred percent sure how many users we have. I would say maybe over 50. The main users are for network and security, but we have also the infrastructure engineers and specialists that use it as well.

How are customer service and technical support?

We deal with the support here in Egypt. There is a team from Trend Micro that covers Egypt. They supported us from day one, from implementation to troubleshooting of any issues or problems that we faced throughout our time dealing with Trend Micro. We have been using them not just for Deep Discovery, but for a couple of years on different products that we introduced into our network. They have been more than helpful in regards to support and helping us understand their products better.

How was the initial setup?

I believe it was straightforward to set up because we haven't had something similar to it. There was no interference, but everything just went more smoothly than expected from day one of implementation by IT. We faced some issues in between in regards to certain aspects of sandboxing for the exchange. That was because of certain ways that software was interrupting emails from somewhere inside. They helped customize some hotfixes and inserted methods into the program just for us to be able to support it. There were issues that we faced in between, but the support team from Trend Micro did their best to customize, make changes, and support us to help us fix these issues.

What other advice do I have?

I would definitely recommend it based on how I have seen our network improve and the better insights we got on our traffic.

The only thing is that everything requires a little bit of studying to check the infrastructure and requirements. All in all, the variety of products provided by Trend Micro will give you a huge step up into checking and defending yourself from any threats. That includes threat prevention, as well as analyzing emails and endpoints in general. You have a full package of products to support every single aspect of the network.

I would give it an eight of ten, just because there's a little bit of improvement that can be done for the software. We also had some issues that required customization. I'll just give it an eight for the time being.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dmytro Ostapenko
Pre-Sales Engineer at Elcore Distribution AG
Real User
Intuitive, user-friendly, and easy to use solution that helps to detect advanced threats and attacks

Pros and Cons

  • "The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks."
  • "I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible."

What is our primary use case?

I work for a distribution partner company. We use the on-prem, physical model of this solution.

What is most valuable?

It's intuitive and has a user-friendly interface. It's also flexible. We can put files, web links in this solution through other Windows.

The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks. It helps to clone the internal structure, IT structure of some companies. So you could clone the computer of the director or the financial department and place it to the sandbox. The bad guys who are looking for a way to get into your organization when they get to a computer, they think that it's a real computer. They see software or something connected with finance and they think that this is a real computer and not a laboratory or a sandbox so they run the bad script and think that they're stealing some important information or encrypting some important information. Antivirus solutions can stop attacks when they know how these attacks play out. If we don't know how the attack is going to go, we can't identify it. It customizes the images and Trend Micro helps to identify these unknown attacks.

Different parts of the organization can quickly receive information about the bad scripts. It helps to protect the organization's infrastructure from these attacks. 

What needs improvement?

We'd like to see more video guides. I'd also like for them to increase the numbers of different virtual images. Now the solution can use only three different images. For example, it's Windows 7, Windows 10, and the Windows servers are 2016. Only three of them at the same time. It would be more useful if the solution can operate with around five or six different images like Windows 7 2019, Windows 8.1. I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible.

For how long have I used the solution?

I have been using this solution for a year and a half.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's a solution for enterprise antivirus protection. It's not for small companies. The price of this solution corresponds to its class.

In my company only I use this solution. It's a stand-alone laboratory. It's a stand-alone server that analyzes files, URLs, and messages from all IT infrastructure in an organization. It's not a solution for one person or 10 people. It's a solution for all employees inside an organization.

How are customer service and technical support?

We haven't had the need to contact technical support. It's very easy to use. 

Which solution did I use previously and why did I switch?

The main difference from other solutions is that it uses customized images inside sandboxes. They're similar in functionality. All of them run, scan, and notice every change that some files, some scripts, some links do inside the system. The environment is imported inside the sandbox and in this way, Trend Micro is the leader in the world's markets of sandbox solutions.

How was the initial setup?

The initial setup was straightforward and very easy. You don't need special knowledge or courses to complete an installation of this solution. It's very easy.

What about the implementation team?

We implemented it ourselves. 

What other advice do I have?

I would rate it a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Trend Micro, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: October 2021.
541,108 professionals have used our research since 2012.
ITCS user
Information Security Manager at a legal firm with 1,001-5,000 employees
Vendor
The built-in auto tuning system does a great job of detecting legitimate services and devices on the network.

What is most valuable?

Ease of use, just connect to a span port on your core switch and you're ready to go. Of course, you will see a bunch of white noise, but the built-in auto tuning system does a great job of detecting legitimate services and devices on the network, and from there you white-list the ones which you've confirmed to be known goods. Built in sandboxing provides an additional layer of defense to shake out suspicious objects and processes. This works especially well if you're running Trend Micro's Office Scan Endpoint Protection, where DDi is able to generate a new virus definition via the sandbox, and push it out to the Office Scan AV engine to provide protection across your network.

How has it helped my organization?

DDi rapidly discovers C2 traffic and pinpoints the offenders, source and recipient. It also provides a set of eyes to keep track of suspicious lateral movements between nodes. The out of the box rule set does a great job of hunting down previously unflagged threats, but can easily be customized for those that like to tweak and refine.

What needs improvement?

Not too much to complain about, really. There were a few instances where legitimate traffic (WPAD) was flagged as C2 communication. There were some challenges in white-listing it, which resulted in a bunch of alerts/noise.

For how long have I used the solution?

2 years

What was my experience with deployment of the solution?

No

What do I think about the stability of the solution?

Never

What do I think about the scalability of the solution?

It can get expensive if you wish to monitor all core switches across many satellite offices. My suggestion is to put one or more DDi appliances at core switches nearest to where your critical data is housed.

How are customer service and technical support?

Customer Service:

Customer service is very good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

FireEye. Fire Eye is incredibly expensive, and requires multiple appliances which together, scan far less protocols than DDi. It also hasn't fared so well in terms of detection rates, in independent tests against competing products.

How was the initial setup?

Straightforward setup.

What about the implementation team?

Implemented in-house along with Trend's team.

What other advice do I have?

Be sure to implement Trend's Control Manager module (free) for more flexible reporting, along with integration with other Trend products (strongly suggest using this along with Office Scan and Deep Discovery Endpoint Sensor, which is an EDR solution).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Trend Micro, Darktrace, Cisco, and more!