Datasheet

Trend Micro™
XDR for Networks
Prioritized actionable threat intelligence to mitigate current and existing threats

We call on security products and services to keep our businesses and organizations Attack Visibility
safe. Most of the time they do exactly what we want them to do; detect, alert, and block
• Correlate six months of events
threats trying to land a successful attack. However, the downside is that they produce
a lot of data, some of it relevant, some of it not. It is up to the security professional(s) • See the full attack life cycle
in the organization to comb through the potential thousands of alerts or events each day • Go beyond the infection point
to determine what is actually a threat and decide whether or not they need to respond.
Compounding this problem is a worldwide shortage of cybersecurity staff or personnel • Watch the attack playback
that needs to be trained to decipher these events. • Learn the methods used in the attack
Trend Micro XDR for Networks (formerly Trend Micro Deep Discovery Network
™ ™ ™
Prioritization of Response
Analytics) automates the correlation of advanced threat events. This provides faster
resolution with fewer people involved, while providing an in-depth picture of the full • Understand the scope of the attack
attack. In some cases, you may believe the attack started today, but in fact the initial • Know the attack severity
breach happened weeks or months ago.
• Gain quick detection and analysis
XDR for Networks of comprehensive attacks

• Continuously analyzes current and historical network metadata and correlates

these related threat events into a single view for full visibility of the attack cycle.
• Uses advanced and sophisticated machine learning techniques to detect network
traffic anomalies.
• Correlates the events and maps out every step of the attack, quickly answering the
questions of “what”, “who”, and “where”. Giving you a better idea of how to respond
and prevent future attacks.
• Combines with other Trend Micro products for correlated detection and integrated
investigation and response across email, endpoints, servers, cloud workloads,
and networks.

Key Capabilities
See the full attack life cycle
An attack isn’t just a point in time. Advanced or targeted attacks take time and use
multiple attack vectors to execute. XDR for Networks gives you the chronological order
of correlated threat events so you can easily visualize the entire life cycle and truly
understand the attack to protect yourself from future attacks.

Full visibility into the “what”, “who”, and “where”

XDR for Networks will correlate and help simplify threat events to show you: What was
the first point of entry of the attack? Who else in the organization has been impacted
by the attack? Where was the threat calling out to? (i.e. command and control [C&C]
communication). With visibility and answers into these three questions, you will have a
better understanding of the threat’s impact on your organization and how to prioritize
your response.

Page 1 of 3 Datasheet • XDR for Networks

 Datasheet

Get greater context for greater understanding Correlate retroactively against historical network data

XDR collects and correlates deep activity data for one or more The average threat can go undetected for over three months
once it slips past your existing security. In most cases, when
vectors—email, endpoints, servers, cloud workloads, and networks—
you finally see it you may never know when it first entered your
enabling a level of hunting and investigation analysis that is difficult
network or how. By storing the events for six months or more you
or impossible to achieve otherwise. can look back at delayed attacks and see not only how it spread,
Prioritize your response but also the infection point to make sure you put the right
safeguards in place so it doesn’t happen again.
By knowing the extent of an attack and its severity you can
determine which threat requires immediate response and which Flexible deployment options
threats may be able to wait.
Prefer to keep everything in-house? Want to offload everything
Play out the attack to the cloud? Choose the deployment option to meet your needs,
offered as an on-premises solution (Deep Discovery Network
With the click of a button you can see the entire attack play
Analytics) or an “as a service” solution (XDR for Networks) hosted
out chronologically from the URL redirects, to the initial infection
in the cloud. If you keep it on-premises you will benefit from
point, to the lateral spread across the network. See every
integration with the endpoint (Trend Micro Apex One™) to add
movement or scale it down to just view what happened this
more context around each attack. For full XDR, the as a service
morning or over a weekend.
solution will provide broader visibility across endpoints, servers,
Dig deeper into each step of the attack quickly cloud workloads, and email.
It is great to have visibility into an attack but sometimes you
need the details. Just by hovering your mouse over an attack
event, you can immediately see pertinent details of the attack
at network and endpoint event levels such as; protocol used,
severity, triggered rule, SHA1, number of transactions and
dates they span, etc.

Trend Micro XDR

See more. Respond faster.

Endpoint Server Cloud Email Network

Security Security Security Security Security

Trend Micro XDR Sensors

Trend Micro™ XDR delivers extended detection and response for email, endpoints, servers, cloud workloads, and networks. It offers
broader visibility and expert security analytics leading to fewer alerts and higher-confidence detections for earlier, faster response.
With XDR, customers can identify and respond more effectively and efficiently to threats, minimizing the severity and scope of an
attack on the organization. XDR for Networks is a valuable part of the Trend Micro XDR solution, providing critical logs and visibility
into unmanaged systems such as; contractor/third-party systems, Internet of Things (IoT) and Industrial Internet of Things (IIoT)
devices, printers, and bring-your-own-device (BYOD) systems.

Page 2 of 3 Datasheet • XDR for Networks

 Datasheet

System Requirements and Specifications

XDR ADD-ON: TREND MICRO DEEP DISCOVERY NETWORK

DEEP DISCOVERY INSPECTOR ANALYTICS ON-PREMISES
Combined Deep Discovery Inspector throughput 1 Gbps – 20 Gbps 1 Gbps – 4 Gbps
Form factor SaaS Requires on-prem storage (~2.3 TB per Gbps)
Event data retention Up to 180 days Up to 180 days
Prerequisite solution Trend Micro Deep Discovery Director Deep Discovery Director 5.8 or later
5.3 or later (virtual appliance) optional (virtual appliance)

Integrated Products
• Trend Micro™ Deep Discovery™ Director 3.0 or later
• Trend Micro™ Deep Discovery™ Inspector 5.1 or later

Virtual Appliance
Virtual machine with the following minimum specifications:

• Hypervisor: VMware vSphere ESXi 6.5, Microsoft Hyper-V in Windows Server 2016
• Deep Discovery Director Network Analytics is an appliance based on CentOS Linux 7 (64-bit)
• Network interface card: One with one Gbps adapter
• SCSI controller: LSI Logic Parallel
• CPU: 1.8 GHz (8-12 cores)
• Memory: 64 GB
• Hard disk: 6 TB (thick provisioned)

With this configuration and a typical enterprise level of network traffic, Deep Discovery Director Network Analytics can service:
DEEP DISCOVERY NETWORK ANALYTICS XDR ADD-ON: DEEP DISCOVERY INSPECTOR
Up to 4 Gbps of combined Deep Discovery Inspector throughput Up to 20 Gbps of combined Deep Discovery Inspector throughput
E.g., 1 DDI 4000 or 4 DDI 1000 E.g., 2 DDI 9000 or 5 DDI 4000

©2023 by Trend Micro Incorporated. All rights reserved. Trend Micro, and
the Trend Micro t-ball logo, OfficeScan and Trend Micro Control Manager are
trademarks or registered trademarks of Trend Micro Incorporated. All other
company and/or product names may be trademarks or registered trademarks
of their owners. Information contained in this document is subject to change
without notice. [DS05_XDR_for_Networks_230328US]

For details about what personal information we collect and why, please see our
Privacy Notice on our website at: trendmicro.com/privacy

Page 3 of 3 Datasheet • XDR for Networks