Summary
The primary purpose of the Threat Discovery Appliance (TDA) is to detect threats travelling through the monitored networks. Depending on the customer's TMS subscription level, it can also invoke damage prevention and cleanup services, as well as blocking further traffic from a detected threat source.
Details
OSC has the following functions:
- Detects both known and unknown malware that can potentially start an outbreak
- Is able to block/disconnect the activity of the High Profile Malware Alert. Traffic Blocking resets the network connection with a detected source of unknown malware to disrupt the delivery of contaminated packets.
- OCS violation logs can be transferred to TMSP in real-time.
Click image to enlarge.
The image above shows that when a host is infected by a malware, this malware will try to communicate to the other sources/hosts to spread its malicious content. When TDA detects the network traffic, it will request an HTTPS reset through the Management Port to block the malicious connection.
Here is how you can enable OCS from the TDA web console:
- Log in to the TDA web console.
- On the left side of the screen, click Threat Detections.
- Under Outbreak Containment Services, tick the Enable outbreak detectioncheckbox.
Note: The Enable outbreak detection and block traffic checkbox is optional.