This article gives a high-level overview of the security hardening and features implemented in Deep Discovery Analyzer (DDAN) appliance.
DDAN uses the Linux Kernel from Centos7 and remove unnecessary tools/software/services to secure the environment.
According to Trend Micro security policy, when DDAN receives a CVE or ZDI vulnerability report, DDAN will do CVSS evaluation. If the vulnerability has impacted DDAN, DDAN will release a critical patch or resolve it in next major release.
DDAN has informed customer to change the default password for admin in Admin Guide.
DDAN grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.
For local account, the password is controlled by Password Policy in Administration-System Settings-Password Policy. When enabled the strong password policy, DDAN will require the strong password with:
- At least 8 characters
- Alphanumeric characters (A-Z, a-z, 0-9) with both upper and lower case letters
- At least one special character
Observe the following guidelines for creating a strong password:
- Avoid words found in the dictionary.
- Intentionally misspell words.
- Use phrases or combine words.
- Use both uppercase and lowercase letters.
- Account Role.
DDAN has three kinds of account roles: Administrator, Investigator and Operator.
- The Administrator takes full control of DDAN.
The Investigator can:
- Submit objects to analyze
- Read-only access to submitted objects, analysis results, and product settings
- Download access to investigation package, including submitted objects
- The Operator has read-only access to submitted objects, analysis results, and product settings.
DDAN accesses several Trend Micro services to obtain information about emerging threats and to manage your existing Trend Micro products. For more information, refer to Appendices of the DDAN Administration Guide (Appendix A > Service Addresses and Ports).
DDAN has the ability to enforce TLS 1.2 ensuring compliance and security for data in motion. This is a new feature in DDAN 6.5.
DDAN can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.
DDAN can be reset by restoring it to factory default settings
The following settings cannot be backed up:
- Widget settings in Dashboard page
- User-defined Suspicious Objects
- Sandbox Management settings: Archive Passwords/Submission Settings/Smart Feedback/Sandbox for macOS/YARA Rules
- Alert Rules
- Report Schedules and Customization settings in Report page
- Component Updates Settings
- Smart Protection
- Microsoft Active Directory
- Log Settings
System Settings :
- Time (time zone and format)
- Password Policy
- Session Timeout
- Accounts and Contacts
- Data back up settings
- Deep Discovery Inspector 1000: Raid 5 configuration
- Deep Discovery Inspector 1100/1200: Raid 1 configuration