Operation TIPS for Deep Security
Table of Contents
Tip 2 Alert settings
Tip 3 Log and Event Storage
Tip 4 Create Users / Roles
Tip 5 System health check
Tip 6 Each security features settings
Other useful links
How to contact Trend Micro Support
Tips 1 Scheduled Tasks settings
Deep Security has many tasks that can be useful to perform automatically. Scheduled Tasks are also helpful for keeping the system and security up-to-date during operation.
1-1. Daily security updates
Deep Security should always be kept up to date with security updates used to identify potential threats.
Trend Micro releases new rule updates every Tuesday and releases urgent updates when we find new critical threats.
Therefore, we recommend that you perform a security update once a day.
Also, when you plan to divide tasks by computer or group, we recommend to set different schedule to avoid performance issue.
* As default settings, the Scheduled Task "Daily Check for Security Updates" is created when DSM is installed.
Please refer to the following documents for details.
1-2. Weekly Scan Computers for Malware
Trend Micro recommends that all DSA be configured to perform scheduled scan once a week.
You can set scheduled scan for malware by using the Scheduled task.
Please refer to the following documents for details.
Tip 2 Alert settings
In Deep Security , alerts are issued under various conditions by default, such as system errors, warnings, and security events, in order to alert the administrator. In addition, the administrator can receive an email notification when an alert is issued.
Please refer to the following documents for details.
Tip 3 Log and Event Storage
Deep Security Agents record security event when a protection module rule or condition is triggered.
In addition, Agent and Deep Security Manager also record "system events " in the event of administrative or system-related events such as administrator logins or Agent software upgrades or agent software being upgraded.
However, storing too much data can affect database performance and size requirements, so you need to adjust data pruning period appropriately.
Please refer to the following documents for details.
Tip 4 Create Users / Roles
Deep Security allows you to manage login and permissions by creating users and roles.
Please refer to the following documents for details.
Tip 5 System health check
By monitoring that status of Deep Security, you can operate Deep Security stably. Please refer to the following documents for details.
Tip 6 Each security features settings
Here are some settings that you should check for each protection function that is often used in Deep Security.
6-1. Anti-Malware
Smart Scan settings
Smart scan leverages "Trend Micro Smart Protection Network" to allow local pattern files to be small and reduces the size and number of updates required by agents and Appliances..
When you enable smart scanning, verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs.
If agents are running in offline network and smart scanning is not required, it will cause performance degradation, so disable Smart Scan.
Please refer to the following documents for details.
Performance-related settings
To improve usage of system resources by anti-malware features, please refer to the following tips.
6-2. Web Reputation
Settings of blocking URLs
In the Web reputation settings, you can set the security level of the blocked page and set the URL list to be blocked or allowed independently, so check the setting as appropriate.
Note that HTTPS traffic is not blocked.
Please refer to the following documents for details.
The above document "Smart Protection in Deep Security" also applies to the Web reputation, so check it as well.
6-3. Intrusion Prevention
Check if there is an intrusion prevention rule for a specific vulnerability
With the latest rule update , select [ Policies ] - [ Common Objects ] - [ Rules ]-[ Intrusion Prevention Rules ], and in the search window at the top right of the screen. By entering the CVE number and performing a search, you can check the intrusion prevention rules that correspond to the CVE number vulnerability.
Please refer to the following documents for details of Intrusion Prevention settings.
Applying required Intrusion Prevention Rules
To minimize the number of required rules, ensure all available patches are applied to the computer operation system and any third-party software that is installed.
Also, use recommendation scans to detect intrusion prevention rules that should be applied.
Please refer to the following documents for details.
Various tips for using the intrusion prevention feature
please refer to following document that checking detection rules, override rule and excluding settings.
Other useful links
How to contact Trend Micro Support
Business Support Portal
Release information on product installation, version upgrade, operation, trouble, and threat
Business Support Portal (Deep Security Page)
I would like to consult about installation <Before inquiries>
We would appreciate it if you could check the Deep Security Welcome Page again.
There is also information on the Help Center page , so please check it as well.
<Inquiry method>
Please contact us from the inquiry form.
* You need to create a business support portal account and log in.