Trend Micro has added risk assessment technology to the extended detection and response (XDR) component of its Vision One platform.
The new functionality, which is currently available to XDR users via a preview release, automatically assigns a risk score to users, devices, and applications based on the vendor’s deep pool of continuously updated threat intelligence data. Trend Micro products will use those scores to prioritize threat detection alerts and remediation measures. The company expects security analysts to draw on risk insights to diagnose attacks more quickly too.
“It becomes useful for a SOC team who are digging into an incident and are trying to figure out what’s going on,” says Eric Skinner, Trend Micro’s vice president of market strategy.
Drawing on a built-in API, third-party security vendors can utilize Trend Micro’s risk scores as well to prioritize threats more accurately in their own products. “A lot of those solutions today are making a very lightweight assessment of risks because they don’t have access to a lot of information,” Skinner says.
Future Vision One updates will draw on the platform’s risk scores to provide secure connections on an automated basis through secure access service edge (SASE) technology.
Pricing on the new risk insights functionality has yet to be determined. Participating in the preview is free, and XDR users will have access to the functionality at no charge as well during a limited-time promotional period after the product becomes generally available.
Assistance with triaging alerts is badly needed at present, based on a Trend Micro survey of security and SOC decision-makers published last month. Some 51% of participants in that study reported feeling overwhelmed by threat alerts, and 55% said they lack confidence in their ability to prioritize and respond to alerts. Worse yet, 70% of survey respondents said the mounting strain of keeping up with alerts is emotionally impacting their private lives.
“We can’t just keep throwing people at solutions and bombarding them with alerts,” says Greg Young, Trend Micro’s vice president of cybersecurity.
Vision One is a “threat defense platform” designed to help IT organizations identify and act on security dangers more effectively by delivering a wide-ranging set of capabilities through a unified console. “Our typical customer is a mid-sized organization, and they don’t have a huge security team, so having one integrated platform that does most of the things they need is of value,” Skinner says.
Vision One’s XDR component, which Trend Micro significantly expanded four months ago, correlates telemetry from endpoints, servers, email software, and cloud workloads to provide a more complete picture of real-time threat activity than an earlier generation of detection and response solutions that focus on endpoints alone.
XDR and risk scoring are elements in a larger effort by Trend Micro to help end users embrace zero-trust security, a defensive strategy in which every request for access from inside or outside the network must prove that it comes from a legitimate user with appropriate privileges. Though no panacea for security dangers, Skinner emphasizes, a zero-trust mindset can mitigate risk.