Deep Discovery Analyzer 7.5 and above use the Linux Kernel from Rocky Linux 9 and remove unnecessary tools/software/services to secure the environment.
According to Trend Micro security policy, when Deep Discovery Analyzer receives a CVE or ZDI vulnerability report, it will do CVSS evaluation. If the vulnerability has impacted Deep Discovery Analyzer, it will release a critical patch or resolve it in next major release.
Deep Discovery Analyzer has informed customer to change the default password for admin in Admin Guide.
Deep Discovery Analyzer grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.
For local account, the password is controlled by Password Policy in Administration-System Settings-Password Policy. When enabled the strong password policy, Deep Discovery Analyzer will require the strong password with:
- At least 8 characters
- Alphanumeric characters (A-Z, a-z, 0-9) with both upper and lower case letters
- At least one special character
Observe the following guidelines for creating a strong password:
- Avoid words found in the dictionary.
- Intentionally misspell words.
- Use phrases or combine words.
- Use both uppercase and lowercase letters.
- Account Role
Deep Discovery Analyzer has three kinds of account roles: Administrator, Investigator and Operator.
- The Administrator takes full control of Deep Discovery Analyzer.
The Investigator can:
- Submit objects to analyze
- Read-only access to submitted objects, analysis results, and product settings
- Reanalyze submitted objects
- Download access to investigation package, including submitted objects
- The Operator has read-only access to submitted objects, analysis results, and product settings.
Deep Discovery Analyzer accesses several Trend Micro services to obtain information about emerging threats and to manage your existing Trend Micro products. For more information, refer to Appendices of the Deep Discovery Analyzer Administration Guide (Appendix A > Service Addresses and Ports).
Deep Discovery Analyzer has the ability to enforce TLS 1.2 ensuring compliance and security for data in motion. This is a new feature in Deep Discovery Analyzer 6.5.
Deep Discovery Analyzer can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.
Deep Discovery Analyzer can be reset by restoring it to factory default settings.
The following table shows the screens and tabs with backed up configuration settings.
| Screen | Tab |
|---|---|
| Dashboard | Widget settings only |
| Virtual Analyzer > Submissions | Custom column and advanced filter settings |
| Virtual Analyzer > Suspicious Objects | User-defined Suspicious Objects |
| Virtual Analyzer > Exceptions | Not applicable |
| Virtual Analyzer > Sandbox Management | File Passwords |
| Scan Settings | |
| Interactive Mode | |
| Smart Feedback | |
| Sandbox for macOS | |
| YARA Rules | |
| Virtual Analyzer > Network Shares | Not applicable |
| Alerts / Reports > Alerts | Rules |
| Alerts / Reports > Report | Schedules |
| Customization | |
| Administration > Updates | Component Update Settings |
| Administration > Integrated Products/Services | Smart Protection |
| ICAP | |
| Microsoft Active Directory | |
| Email Submission | |
| Syslog | |
| Administration > System Settings | Network (secure protocol settings) |
| Proxy | |
| SMTP | |
| Time (time zone and format) | |
| SNMP | |
| Password Policy | |
| Session Timeout | |
| Administration > Accounts / Contacts | Accounts |
| SAML | |
| Contacts | |
| Administration > System Maintenance | Data back up |
| Storage maintenance |
- Trend Micro™ Deep Discovery Inspector™ 1000: Raid 5 configuration
- Trend Micro™ Deep Discovery Inspector™ 1100/1200/1300: Raid 1 configuration