XDR has an ability to do detection and response across email, endpoints, servers, cloud workloads and network via a single XDR platform.
XDR sits on top of relevant Trend Micro products in a customers’ environment, and offers expert security analytics for alert correlation, and consolidated visibility and investigation of events across security layers, leading to earlier detection and faster response.
Recommendation
XDR offers a lot of capabilities such as early detection and response, getting greater context for greater understanding, etc. across multiple products. So if you use XDR, Trend Micro recommends to connect DDI to XDR to fully utilize XDR functionality.
Configuration
There are 2 ways to connect DDI to XDR:
-
Scenario 1: XDR integration using Deep Discovery Director (DDD) On-Premises
- Prepare DDI and DDD On-Premises to integrate with XDR.
- DDD On-Premises can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) which is located in Trend Micro Cloud side.
-
Scenario 2: XDR integration using Deep Discovery Director (DDD) Cloud
- Prepare DDI and connect it to DDD Cloud version which is located in Trend Micro Cloud side to integrate with XDR.
- DDD Cloud can connect to Deed Discovery Director-Network Analytics SaaS (DDDNASaaS) in the backend.
DDDNASaaS is also referred as “XDR Addon”, it provides advanced threat analysis for data correlations made between detections selected in DDD and other related events as they occur over time.
For information about how to configure DDI for Scenario 1, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director (DDD) On-Premises.
For information about how to configure DDI for Scenario 2, refer to the KB article: Configuring Deep Discovery Inspector (DDI) 5.7 to integrate with XDR using Deep Discovery Director (DDD) Cloud.