Product overview

About the service

ESET Dynamic Threat Defense is a paid service provided by ESET. Its purpose is to add a layer of protection specifically designed to mitigate threats that are new in the wild. Suspicious files are automatically submitted to ESET cloud. In the cloud they are analyzed by our advanced malware detection engines. The user who provided the sample will receive a behavior report that provides a summary of the observed sample's behavior.

Files can be submitted manually or automatically based on policy configuration. Manual file submission is executed from the ESMC Web Console, or from client machines with an active ESET security product and the ESET Dynamic Threat Defense service.

What are differences between ESET Dynamic Threat Defense, ESET LiveGrid® and ESET Threat Intelligence?

Architecture

ESET security products & ESET Security Management Center

Whenever a sample is uploaded to ESET Dynamic Threat Defense for analysis, that sample's metadata is uploaded to ESMC. This provides the ESMC Administrator with a list of samples uploaded to the ESET cloud.

ESET security products & ESET Dynamic Threat Defense

Whenever an activated and configured ESET security product decides a sample needs to be analyzed, it uploads the sample to ESET Dynamic Threat Defense. After ESET Dynamic Threat Defense analyzes the sample, at first results are sent to the user who submitted the sample. The security product will then take the appropriate action based on the policy in place. Within 2 minutes, results are forwarded to all ESET security products within user's company.

All transferred packages are signed by ESET to mitigate the risk of attack. When using HTTP connection in the internal network, the product always checks if the connection is upgraded to HTTPS behind a proxy. If the proxy is not configured correctly, HTTPS connection is also used in the internal network.

ESET Security management Center & ESET Dynamic Threat Defense

After ESET Dynamic Threat Defense receives a sample from ESET security product, it automatically informs ESMC about the status of analysis. Once the analysis is completed, the result is transferred to ESMC.

Roaming Endpoints & ESET Dynamic Threat Defense

A roaming Endpoint is any client with an ESET security product that is operating outside of your company's perimeter and has no connection to ESMC. Usually, it is a computer at home or on a business trip without a VPN. A roaming client takes full advantage of ESET Dynamic Threat Defense. However, it does not notify ESMC about samples that have been submitted for analysis. When the client returns to your perimeter and connects to ESMC, metadata is synchronized and the list of submitted files is updated. Other clients on your network can receive updates that result from threats discovered while a client is roaming even before it synchronizes with ESMC.

Global Database

The ESET cloud stores metadata about each submitted sample. Each customer's (company's) data is stored separately in one global database. The database stores all relevant information for better and faster results if duplicate files are submitted for analysis.

important

Important information

It is highly recommended to use a Proxy for caching responses form ESET servers. Especially users with a high number of client machines (hundreds or more) can save significant network traffic.

architecture