Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security System Design TIPS

    • Updated:
    • 25 Apr 2021
    • Product/Version:
    • Deep Security All
    • Platform:
Summary

Introducing system design TIPS to implement Deep Security.

Details
Public

Operation TIPS for Deep Security

    Tip 1 Scheduled Tasks settings
    Tip 2 Alert settings
    Tip 3 Log and Event Storage
    Tip 4 Create Users / Roles
    Tip 5 System health check
    Tip 6 Each security features settings
    Other useful links
    How to contact Trend Micro Support

     

    Tips 1 Scheduled Tasks settings

    Deep Security has many tasks that can be useful to perform automatically. Scheduled Tasks are also helpful for keeping the system and security up-to-date during operation.

     
    In addition, the Scheduled Task can be set more flexibly by combining with the Smart Folders feature. And, it is also possible to set regular tasks for Scheduled Scan during nighttime and holidays when the resource usage is low.
     

    1-1. Daily security updates

    Deep Security should always be kept up to date with security updates used to identify potential threats.
    Trend Micro releases new rule updates every Tuesday and releases urgent updates when we find new critical threats.
    Therefore, we recommend that you perform a security update once a day.
    Also, when you plan to divide tasks by computer or group, we recommend to set different schedule to avoid performance issue.
    * As default settings, the Scheduled Task "Daily Check for Security Updates" is created when DSM is installed.
    Please refer to the following documents for details.

    1-2. Weekly Scan Computers for Malware

    Trend Micro recommends that all DSA be configured to perform scheduled scan once a week.
    You can set scheduled scan for malware by using the Scheduled task.
    Please refer to the following documents for details.

    Tip 2 Alert settings

    In Deep Security , alerts are issued under various conditions by default, such as system errors, warnings, and security events, in order to alert the administrator. In addition, the administrator can receive an email notification when an alert is issued.
    Please refer to the following documents for details.

    Tip 3 Log and Event Storage

    Deep Security Agents record security event when a protection module rule or condition is triggered.
    In addition, Agent and Deep Security Manager also record "system events " in the event of administrative or system-related events such as administrator logins or Agent software upgrades or agent software being upgraded.
    However, storing too much data can affect database performance and size requirements, so you need to adjust data pruning period appropriately.
    Please refer to the following documents for details.

    Tip 4 Create Users / Roles

    Deep Security allows you to manage login and permissions by creating users and roles.
    Please refer to the following documents for details.

    Tip 5 System health check

    By monitoring that status of Deep Security, you can operate Deep Security stably. Please refer to the following documents for details.

    Tip 6 Each security features settings

    Here are some settings that you should check for each protection function that is often used in Deep Security.

    6-1. Anti-Malware

    Smart Scan settings
    Smart scan leverages "Trend Micro Smart Protection Network" to allow local pattern files to be small and reduces the size and number of updates required by agents and Appliances..
    When you enable smart scanning, verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs.
    If agents are running in offline network and smart scanning is not required, it will cause performance degradation, so disable Smart Scan.
    Please refer to the following documents for details.


    Performance-related settings
    To improve usage of system resources by anti-malware features, please refer to the following tips.

     

    6-2. Web Reputation

    Settings of blocking URLs
    In the Web reputation settings, you can set the security level of the blocked page and set the URL list to be blocked or allowed independently, so check the setting as appropriate.
    Note that HTTPS traffic is not blocked.
    Please refer to the following documents for details.

    Connecting to Smart Protection
    The above document "Smart Protection in Deep Security" also applies to the Web reputation, so check it as well.

    6-3. Intrusion Prevention

    Check if there is an intrusion prevention rule for a specific vulnerability
    With the latest rule update , select [ Policies ] - [ Common Objects ] - [ Rules ]-[ Intrusion Prevention Rules ], and in the search window at the top right of the screen. By entering the CVE number and performing a search, you can check the intrusion prevention rules that correspond to the CVE number vulnerability.
    Please refer to the following documents for details of Intrusion Prevention settings.


    Applying required Intrusion Prevention Rules
    To minimize the number of required rules, ensure all available patches are applied to the computer operation system and any third-party software that is installed.
    When the allowed size is exceeded, the status of the agent changes to "Agent configuration package too large" and the event message "Configuration package too large" appears. This does not indicate an anomaly, but for performance reasons, you should have less than 350 intrusion prevention rules assigned to a computer.
    Also, use recommendation scans to detect intrusion prevention rules that should be applied.
    At that time, if you enable recommendation scans in policies, use separate policies for scanning Windows and Linux computers, to avoid assigning Windows rules to Linux computers
    Please refer to the following documents for details.

    Various tips for using the intrusion prevention feature
    please refer to following document that checking detection rules, override rule and excluding settings.

     

    Other useful links

    How to contact Trend Micro Support

    Business Support Portal
    Release information on product installation, version upgrade, operation, trouble, and threat
    Business Support Portal (Deep Security Page)

    I would like to consult about installation <Before inquiries>
    We would appreciate it if you could check the Deep Security Welcome Page again.

    There is also information on the Help Center page , so please check it as well.

    <Inquiry method>
    Please contact us from the inquiry form.
    * You need to create a business support portal account and log in.

    Premium
    Internal
    Partner
    Rating:
    Category:
    SPEC
    Solution Id:
    000270316
    Feedback
    Did this article help you?

    Thank you for your feedback!


    *This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

    If you need additional help, you may try to contact the support team. Contact Support

    To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
    We will not send you spam or share your email address.

    *This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.