I work for a distribution partner company. We use the on-prem, physical model of this solution.
Pre-Sales Engineer at Elcore Distribution AG
Intuitive, user-friendly, and easy to use solution that helps to detect advanced threats and attacks
Pros and Cons
- "The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks."
- "I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible."
What is our primary use case?
What is most valuable?
It's intuitive and has a user-friendly interface. It's also flexible. We can put files, web links in this solution through other Windows.
The most valuable feature is that the user can customize images of virtual machines in the sandbox functionality. The other vendors only use images that were created by the vendor but not the customer, end-user or partner. This helps to detect advanced threats and attacks. It helps to clone the internal structure, IT structure of some companies. So you could clone the computer of the director or the financial department and place it to the sandbox. The bad guys who are looking for a way to get into your organization when they get to a computer, they think that it's a real computer. They see software or something connected with finance and they think that this is a real computer and not a laboratory or a sandbox so they run the bad script and think that they're stealing some important information or encrypting some important information. Antivirus solutions can stop attacks when they know how these attacks play out. If we don't know how the attack is going to go, we can't identify it. It customizes the images and Trend Micro helps to identify these unknown attacks.
Different parts of the organization can quickly receive information about the bad scripts. It helps to protect the organization's infrastructure from these attacks.
What needs improvement?
We'd like to see more video guides. I'd also like for them to increase the numbers of different virtual images. Now the solution can use only three different images. For example, it's Windows 7, Windows 10, and the Windows servers are 2016. Only three of them at the same time. It would be more useful if the solution can operate with around five or six different images like Windows 7 2019, Windows 8.1. I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible.
For how long have I used the solution?
I have been using this solution for a year and a half.
Buyer's Guide
Trend Micro Deep Discovery
October 2024
Learn what your peers think about Trend Micro Deep Discovery. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
It's very stable.
What do I think about the scalability of the solution?
It's a solution for enterprise antivirus protection. It's not for small companies. The price of this solution corresponds to its class.
In my company only I use this solution. It's a stand-alone laboratory. It's a stand-alone server that analyzes files, URLs, and messages from all IT infrastructure in an organization. It's not a solution for one person or 10 people. It's a solution for all employees inside an organization.
How are customer service and support?
We haven't had the need to contact technical support. It's very easy to use.
Which solution did I use previously and why did I switch?
The main difference from other solutions is that it uses customized images inside sandboxes. They're similar in functionality. All of them run, scan, and notice every change that some files, some scripts, some links do inside the system. The environment is imported inside the sandbox and in this way, Trend Micro is the leader in the world's markets of sandbox solutions.
How was the initial setup?
The initial setup was straightforward and very easy. You don't need special knowledge or courses to complete an installation of this solution. It's very easy.
What about the implementation team?
We implemented it ourselves.
What other advice do I have?
I would rate it a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network security engineer at Safe Decision Co. LLC
Integration with other products is easy and simple
Pros and Cons
- "The tool's most valuable feature is its collaboration with other products. Integrating with other security products was simple and easy."
- "The tool's configuration can be made easier."
What is most valuable?
The tool's most valuable feature is its collaboration with other products. Integrating with other security products was simple and easy.
What needs improvement?
The tool's configuration can be made easier.
For how long have I used the solution?
I have been using the product for a year.
What do I think about the stability of the solution?
I rate the tool's stability a ten out of ten.
What do I think about the scalability of the solution?
Trend Micro Deep Discovery is scalable. My company has more than 1000 users.
How are customer service and support?
I haven't contacted technical support yet. I use the tool's documentation.
Which solution did I use previously and why did I switch?
I've also had experience using Cisco products. However, I found that Cisco's solutions can be quite expensive. Additionally, the integration between their various products tends to be more complex than Trend Micro Deep Discovery. One significant advantage of Trend Micro Deep Discovery is its centralized console, which allows us to manage almost all their products from a single location.
How was the initial setup?
My company has ten technical staff for Trend Micro Deep Discovery.
What other advice do I have?
Trend Micro Deep Discovery can cover all security requirements. I rate it a seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 7, 2024
Flag as inappropriateBuyer's Guide
Trend Micro Deep Discovery
October 2024
Learn what your peers think about Trend Micro Deep Discovery. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Security Engineer at Intertech Information Technology and Marketing Inc.
Useful for threat protection and to block phishing emails
Pros and Cons
- "Initial setup is easy. It can be done by yourself."
- "The solution could be more secure."
What is our primary use case?
This solution can be used as threat protection and to block phishing emails.
We are using version 6.0.
There are 15 people using this solution in my organization.
What needs improvement?
The solution could be more secure.
What do I think about the stability of the solution?
It's stable.
What do I think about the scalability of the solution?
It's scalable.
How are customer service and support?
We are using local technical support. We haven't had any problems with it.
How was the initial setup?
Initial setup is easy. It can be done by yourself.
What other advice do I have?
I would rate this solution 9 out of 10.
I would recommend this solution to anyone who wants to start using it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at Chorus
Advanced features, sandbox environments, and priced well
Pros and Cons
- "The most valuable features are monitoring for advanced persistent threats, the system runs in a sandbox allowing for effective zero-day exploits management, and the Inspector has a built-in sandbox."
- "The solution needs to be able to integrate better with third-party infrastructure."
What is our primary use case?
We are using this solution for network security.
What is most valuable?
The most valuable features are monitoring for advanced persistent threats, the system runs in a sandbox allowing for effective zero-day exploits management, and the Inspector has a built-in sandbox.
What needs improvement?
The solution needs to be able to integrate better with third-party infrastructure.
For how long have I used the solution?
I have been using this solution for approximately five years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
We have customers that are small and enterprise-sized companies using this solution.
How was the initial setup?
The initial setup is at a moderate level of difficulty. However, we are qualified and for somebody quite new to the solution it could be more difficult. It is not usual for the end-user to start the process themselves. Usually, they are assisted with a partner or with Trend Micro themself. It is not a matter of how complex the solution is, but how much experience they have with the setup.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is lower compared to the competition.
Which other solutions did I evaluate?
I have recently evaluated Darktrace.
What other advice do I have?
I would recommend this solution.
I rate Trend Micro Deep Discovery a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Information Security Manager at a legal firm with 1,001-5,000 employees
The built-in auto tuning system does a great job of detecting legitimate services and devices on the network.
What is most valuable?
Ease of use, just connect to a span port on your core switch and you're ready to go. Of course, you will see a bunch of white noise, but the built-in auto tuning system does a great job of detecting legitimate services and devices on the network, and from there you white-list the ones which you've confirmed to be known goods. Built in sandboxing provides an additional layer of defense to shake out suspicious objects and processes. This works especially well if you're running Trend Micro's Office Scan Endpoint Protection, where DDi is able to generate a new virus definition via the sandbox, and push it out to the Office Scan AV engine to provide protection across your network.
How has it helped my organization?
DDi rapidly discovers C2 traffic and pinpoints the offenders, source and recipient. It also provides a set of eyes to keep track of suspicious lateral movements between nodes. The out of the box rule set does a great job of hunting down previously unflagged threats, but can easily be customized for those that like to tweak and refine.
What needs improvement?
Not too much to complain about, really. There were a few instances where legitimate traffic (WPAD) was flagged as C2 communication. There were some challenges in white-listing it, which resulted in a bunch of alerts/noise.
For how long have I used the solution?
2 years
What was my experience with deployment of the solution?
No
What do I think about the stability of the solution?
Never
What do I think about the scalability of the solution?
It can get expensive if you wish to monitor all core switches across many satellite offices. My suggestion is to put one or more DDi appliances at core switches nearest to where your critical data is housed.
How are customer service and technical support?
Customer Service:
Customer service is very good.
Technical Support:Very good.
Which solution did I use previously and why did I switch?
FireEye. Fire Eye is incredibly expensive, and requires multiple appliances which together, scan far less protocols than DDi. It also hasn't fared so well in terms of detection rates, in independent tests against competing products.
How was the initial setup?
Straightforward setup.
What about the implementation team?
Implemented in-house along with Trend's team.
What other advice do I have?
Be sure to implement Trend's Control Manager module (free) for more flexible reporting, along with integration with other Trend products (strongly suggest using this along with Office Scan and Deep Discovery Endpoint Sensor, which is an EDR solution).
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant and Cybersecurity Support at a tech services company with 51-200 employees
Good HTML file sandboxing and great technical support, but stability isn't 100%
Pros and Cons
- "The HTML file sandboxing is very good."
- "The stability of the solution could be improved. It should be 100% stable, but it's not there right now."
What is our primary use case?
Normally we use the solution to send the traffic. We get traffic on it and once I get the traffic, I get the SPN diagnosis and all the network services diagnostics and whatever else that I run in the office file server. It scans through that. For example, when we download some files, in our portal we are uploading some of the activity documents, as well as Excel and Word documents, etc. They get scanned through and we have DDI Rules that are enabled for the file management.
Basically, any uploading, downloading, etc. of items from our website server get scanned and analyzed.
What is most valuable?
The HTML file sandboxing is very good.
Their technical support is very good and extremely responsive.
The solution, overall, offers very good features.
What needs improvement?
The licensing costs could be improved and simplified.
If they could integrate the solution with the endpoint agent, that would be ideal. I understand that's not possible currently.
Since this is a technical device, it would be great if they could just allow us to integrate it with some of the existing VMs or our existing devices. These are all central devices. If they can offer the solution on VM boxes, like virtual systems, that would be great. That way, our hardware costs, electricity costs, and database space costs and all can be lowered.
Currently, a solution called Apex One is on the market and it has features that allow for more integrated security. They should try to emulate this a bit more. It has better bundles.
The stability of the solution could be improved. It should be 100% stable, but it's not there right now.
For how long have I used the solution?
I've been using the solution for more than one and a half years.
What do I think about the stability of the solution?
Sometimes there needs to be a stability test done. We did tests and checked up to around 20 or 25 samples. Out of those tests, two missed. There were two things that the solution didn't detect but were later detected on the endpoint. It's therefore not completely stable. It misses things.
What do I think about the scalability of the solution?
The scalability of the solution is okay. It's fast.
All of our users are currently on the solution.
How are customer service and technical support?
The technical support is good. They're immediately in contact with us the moment we reach out to them. That's never been a problem. We've been quite satisfied with the level of service they've provided.
Which solution did I use previously and why did I switch?
We previously used McAfee.
How was the initial setup?
The solution doesn't have a very common setup. The initial implementation is a bit different. However, anyone can handle it as long as they review the necessary documentation. They just need to read the manual, and then they can handle the implementation. I would suggest it has a medium level of difficulty.
For us, deployment took about three days. That includes configuring the solution as well.
What about the implementation team?
I handled the implementation and the configuration myself with the assistance of the solution's manuals.
What's my experience with pricing, setup cost, and licensing?
I don't handle the licensing. I don't know what the costs are for the solution.
Which other solutions did I evaluate?
I haven't evaluated the solution, but something called Apex One is now on the market, and it offers better bundles and better integrations in comparison to Trend Micro.
What other advice do I have?
The solution is very nice, but I would suggest to others that they test as many use cases as they can at the beginning.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Consultant at a consultancy with 10,001+ employees
Protection that limits the threat quickly and is easy to set up
Pros and Cons
- "The most valuable features are the protection and that it is fast."
- "I would like to see them create a rule where It could integrate with the network and start mitigating with auto-detection."
What is our primary use case?
The primary use case of this solution is to protect the equity, command, and control and botnet infections.
What is most valuable?
The most valuable features are the protection and that it is fast.
What needs improvement?
I would like to see them create a rule where It could integrate with the network and start mitigating with auto-detection.
For how long have I used the solution?
I have been working with this solution for six months.
What do I think about the stability of the solution?
This solution is stable we have not had any issues.
What do I think about the scalability of the solution?
We have plans to scale it to FortiGate. We have checked it to 10GB and it was fine.
I am the only user.
How are customer service and technical support?
I have not contacted technical support.
Which solution did I use previously and why did I switch?
Previously, we have tried an open-source SIEM solution. SIEM is a traffic analyzer, and conflicts can be fixed. With Trend Micro, you can only categorize it.
How was the initial setup?
The initial setup was easy.
This solution can be deployed in two days.
What about the implementation team?
I did not use a vendor to implement this solution. I did it myself.
What other advice do I have?
We are trying this solution as a POC.
It's a nice product and it has really helped limit the attacks.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Support Specialist at a financial services firm with 5,001-10,000 employees
Helped us to improve our security levels and protects our internal network from any external threats
Pros and Cons
- "Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside."
- "There are certain aspects of flexibility in the policies that should be added to Deep Discovery."
What is our primary use case?
We use the onsite version, not cloud. Our primary use case is for intrusion detection, including threats, malware, and basically anything that might be a threat. Traffic that is intercepted from emails going outbound or inbound is also analyzed.
What is most valuable?
Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside.
What needs improvement?
We haven't dealt with any issues in either the product itself or the graphical interface so far. I haven't seen anything that requires improvement as of now. I believe maybe with time we will see something because we have only been using this product for six months. With time, we might be able to identify certain aspects that we face in the future that could give us a better understanding of what requires improvement. As of now, however, I don't see that there is an improvement needed for the product as it is.
We have multiple other products that really have a non-friendly user interface. Deep Discovery compared to them is much easier. Trend Micro has also given us a quick course on how to use it. I might say I love them now. I think the interface itself is quite friendly to deal with adding, changing, or troubleshooting itself.
There are certain aspects of flexibility in the policies that should be added to Deep Discovery. At times, we are limited to a certain policy or certain changes that can be added or configured. I believe that certain infrastructures or networks require a little bit more flexibility to make changes throughout the full software, enabling users or admins to cover all the requirements needed.
For how long have I used the solution?
I've been using this solution for about six months.
What do I think about the stability of the solution?
Deep Discovery is very stable to use.
What do I think about the scalability of the solution?
I have no idea of its scaling potential because we have only used it for six months. I believe that we could grow with this solution as much as needed because we are not a small bank. We are not a small institute. We're growing day by day. As of now, we haven't had that kind of issue so I don't believe there will be a problem of scale.
I'm not a hundred percent sure how many users we have. I would say maybe over 50. The main users are for network and security, but we have also the infrastructure engineers and specialists that use it as well.
How are customer service and technical support?
We deal with the support here in Egypt. There is a team from Trend Micro that covers Egypt. They supported us from day one, from implementation to troubleshooting of any issues or problems that we faced throughout our time dealing with Trend Micro. We have been using them not just for Deep Discovery, but for a couple of years on different products that we introduced into our network. They have been more than helpful in regards to support and helping us understand their products better.
How was the initial setup?
I believe it was straightforward to set up because we haven't had something similar to it. There was no interference, but everything just went more smoothly than expected from day one of implementation by IT. We faced some issues in between in regards to certain aspects of sandboxing for the exchange. That was because of certain ways that software was interrupting emails from somewhere inside. They helped customize some hotfixes and inserted methods into the program just for us to be able to support it. There were issues that we faced in between, but the support team from Trend Micro did their best to customize, make changes, and support us to help us fix these issues.
What other advice do I have?
I would definitely recommend it based on how I have seen our network improve and the better insights we got on our traffic.
The only thing is that everything requires a little bit of studying to check the infrastructure and requirements. All in all, the variety of products provided by Trend Micro will give you a huge step up into checking and defending yourself from any threats. That includes threat prevention, as well as analyzing emails and endpoints in general. You have a full package of products to support every single aspect of the network.
I would give it an eight of ten, just because there's a little bit of improvement that can be done for the software. We also had some issues that required customization. I'll just give it an eight for the time being.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Trend Micro Deep Discovery Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Intrusion Detection and Prevention Software (IDPS) Advanced Threat Protection (ATP) Network Detection and Response (NDR)Popular Comparisons
KerioControl
Palo Alto Networks Advanced Threat Prevention
Splunk User Behavior Analytics
Check Point IPS
Trend Micro TippingPoint Threat Protection System
Fortinet FortiGate IPS
Palo Alto Networks URL Filtering with PAN-DB
Cisco Sourcefire SNORT
Trellix Intrusion Prevention System
Fortra's Tripwire Enterprise
Gatewatcher
IBM Security Network IPS
Buyer's Guide
Download our free Trend Micro Deep Discovery Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- When evaluating Intrusion Detection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- What product do you recommend for a Campus IPS appliance implementation?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- Which is the best intrusion detection and prevention solution?
- What is the best IDPS security tool and why?
- What is Cognitive Cybersecurity and what is it used for?