Connected Threat Defense (CTD) is a layered security approach that gives you a better way to quickly protect, detect, and respond to new threats while simultaneously improving visibility and streamlining investigation.
This article lists the detailed CTD product support capabilities of TMCM 7.0 and Apex Central 2019.
Product | Which SO does product use for detection | Take action based on configuration on TMCM or Apex Central 2019 directly | Send WRS request to SPS (for SO URL) |
---|---|---|---|
OSCE 11.0 SP1 | IP, URL(query SPS), File, Domain(XG Sp1) | Yes | Yes (also takes action based on the TMCM/Apex Central SO Settings) |
Apex One 2019 | IP, URL(query SPS), File, UDSO-SHA1 (requires Application Control), Domain | Yes | Yes (also takes action based on the TMCM/Apex Central SO Settings) |
DS 10.0 | URL(query SPS), File | Yes | Yes (also takes action based on the TMCM/Apex Central SO Settings) |
IMSVA 9.1 Patch 1 Hot Fix 1690 | URL(query SPS), File | Yes | Yes (also takes action based on the TMCM/Apex Central SO Settings) |
IWSVA 6.5 SP2 Patch 2 | IP, URL, File, UDSO-SHA1, Domain | No | |
TMEAC 2.0 SP1 | File, UDSO-SHA1 | Yes | |
SPS 3.3 | URL | Yes | |
CAS 5.0 | URL, File, UDSO-SHA1 | Yes | |
SMEX 12.5 SP1 | URL(query SPS), File | No | Yes (Only get the URL SO ratings from SPS; actions are decided on the product side) |
SMiD/SMLD 5.5 | URL(query SPS) | No | Yes (Only get the SO ratings from SPS; actions are decided on the product side) |
DDI 3.8 | IP, URL, File, UDSO-SHA1, Domain | No | |
TMEMS (SaaS) | File, URL, UDSO-SHA1 | No | |
TippingPoint | IP, Domain | No | No |
Where:
- UDSO-SHA1: User should input SHA1 value directly into CM as UDSO.
- Query SPS: The SPS product needs to be integrated in the CTD environment. TMCM/Apex Central 2019 and DDAN are the URL SO sources of SPS.
Product | Auto deploy CM API key | Suspicious Object Sync Now |
---|---|---|
OSCE XG SP1 | Yes | Yes (Send suspicious object lists to managed products.) |
Apex One 2019 | Yes | Yes (Send suspicious object lists to managed products.) |
DS 10.2 | Yes | Yes (Send suspicious object lists to managed products.) |
DDAN 6.0 | No | Yes (Synchronize Virtual Analyzer suspicious object lists) |
DDI 5.0 | No | Yes (Send suspicious object lists to managed products & Synchronize Virtual Analyzer suspicious object lists) |
DDEI 3.0 | No | No |
IMSVA 9.1 | Yes | No |
IWSVA 6.5 SP2 Patch 2 | No | No |
SMEX 12.5 | No | No |
TMEAC 2.0 SP1 Patch1 | Yes | No |
SPS 3.3 | Yes | Yes (Sync Now - Send suspicious object lists to managed products.)* |
TMES 1.6 Update 3 | No | No |
TMEMS (SaaS) | Yes | Yes (Send suspicious object lists to managed products.) |
Sample Submission to DDAN
Product | Sample submission to DDAN | TMCM/Apex Central 2019 Auto deploy DDAN API key to products | Send Virtual Analyzer detection log to TMCM/Apex Central 2019 |
---|---|---|---|
OSCE XG SP1 | Yes | Yes | Yes |
Apex One 2019 | Yes | Yes | Yes |
DS 10.0 | Yes | Yes | No |
DDAN 6.0 | No | No | No |
DDI 5.0 | Yes | No | No |
DDEI 3.0 | Yes | No | No |
IMSVA 9.1 | Yes | No | No |
IWSVA 6.5 SP2 Patch 2 | Yes | No | No |
SMEX 12.5 | Yes | No | Yes |
TMEAC 2.0 SP1 Patch 1 | No | No | No |
SPS 3.3 | No | No | No |
TMES 1.6 update 3 | Yes | No | Yes |
Sample Submission to Sandbox as a Service™
Product | Sample Submission to Sandbox as a Service™ | Apex Central 2019 Auto Deploy Sandbox as a Service™ Information to Products | Send Virtual Analyzer detection log to TMCM/Apex Central 2019 |
---|---|---|---|
DDI 5.1 | Yes | No | No |
Apex One 2019 | Yes | Yes | Yes |
Product | Send WRS request to SPS | Use Scan Action provided from SPS |
---|---|---|
OSCE 11 SP1 | Yes | Yes* |
DS 10.0 | Yes | Yes* |
IMSVA 9.1 | Yes | Yes* |
SMEX 12.5 | Yes | No* |
SMiD/SMLD 5.5 | Yes | No* |
Where
- Yes* : Query SPS and take action based on the SO action SPS syncs from TMCM.
- No* : Get the URL SO rating from SPS and actions are decided on product side.