Trend Micro today announced Deep Discovery, a threat detection tool designed to monitor network traffic in order to detect signs of stealthy attacks aimed at stealing corporate data.

Deep Discovery is intended to focus on the question, "Is there human attacker activity in the network?" says Kevin Faulkner, senior enterprise product marketing manager at Trend Micro.

He acknowledges Deep Discovery in large part represents a wholesale re-engineering of what Trend Micro previously called its Threat Management System, released last year. "It was rebuilt from the ground up," says Faulkner, noting that more than 500 business customers are now using it.

Some of the ways in which Deep Discovery is different from the past, he says, is it now has three times the processing power and takes what was a cloud-based management console, moving it out of the cloud and putting that console and analysis functions into the physical form that's now installed on the customer premises.

"Our customers didn't want this management running in cloud," says Faulkner. The product also has a security sandboxing feature that can allow malware to be safely detonated and observed.

Available as an appliance or software, the roadmap for further development of Deep Discovery includes giving it a capability to identify and track mobile devices and tell what apps they're accessing when their users have been granted access to the corporate network. Other roadmap goals, which should make it into the next release later this year, include templates for data loss prevention so that sensitive information, such as Payment Card Industry cardholder data, for example, could be flagged if it appears to be traversing the network inappropriately.

With Deep Discovery, Trend Micro roughly aims to compete against the NetWitness threat analysis product, which was acquired by RSA, the security division of EMC. Today, RSA also announced an expansion to the NetWitness Live 2.1 service of automated threat intelligence feeds intended to be correlated in the NetWitness appliance to deliver actionable information.

According to Sam Curry, chief technology officer for identity and protection at RSA, the NetWitness Live service, which operates around the clock, aggregates relevant threat intelligence from more than 100 sources. Some of the new data sources include the RSA CyberCrime Intelligence service and the RSA eFraud Network, which are said to together aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide.

New third party intelligence feeds include VeriSign Threat Indicators and Critical Intelligence. For malware analysis, NetWitness Spectrum Live gains feeds from Bit9 and ThreatGRID.