Trend Micro has converted its extended detection and response (XDR) solution into a “threat defense platform” called Vision One that supplements core XDR functionality with risk visibility, centralized management, and other features.
“We got feedback from customers on capabilities that are adjacent and complementary to XDR,” explains Leah MacMillan, Trend Micro’s chief marketing officer. “We’ve pulled all of those additional capabilities on top of XDR and delivered that all through a single console.”
Like traditional XDR products, Vision One aggregates and correlates telemetry from endpoint, cloud, email, network, and other security systems to provide a broader view of threats than endpoint detection and response solutions can. The new Trend Micro offering, however, also draws on the data it collects to provide an overview of devices with risky configuration settings, users exhibiting risky behavior, unsanctioned software-as-a-service deployments, and other potential dangers.
Enhanced threat response functionality in the new system includes the presentation of multiple remediation options that users can employ to take and track action across workstations, servers, email systems, and other assets through a single console.
A new connector also lets organizations reduce false positives and accelerate issue resolution times by forwarding Vision One alerts to third-party SIEM platforms. Analysts responding to those alerts can then click through directly to the Vision One XDR investigation workbench to view additional information and execute mitigation measures.
A new, expanded set of APIs allows users to connect Vision One to a wide range of additional external security platforms. “We’ve actually had integration with leading SIEM platforms, for example, for years,” MacMillan notes. “We’re really making a more concerted effort to renew and refresh those integrations, and to provide new ways of integrating.”
Ready-made integrations shipped with the product include links to products from Fortinet, Microsoft, and Splunk. Further integrations will arrive regularly. “It’ll be a continuous process,” MacMillan says.
Vision One integrates out of the box with multiple solutions in Trend Micro’s own portfolio as well. The system is compatible with endpoint, cloud, email, network, and other security solutions from outside vendors, according to MacMillan, but will provide richer, more actionable information when used alongside Trend Micro products. “All of our layers sort of talk together,” she says. “We’ll be able to provide more context if it’s coming from our layers, but we can absolutely work with a third party as well.”
Vision One’s consolidated management interface lets users deploy agents, apply policies, and more in one place, rather than shuttle among multiple administration tools associated with the various software and hardware layers in their security stack.
“That makes it a lot easier for them to manage and see what’s deployed across the organization,” MacMillan says.
Cumulatively, Vision One’s detection, response, visibility, management, and other components are designed to simplify security for IT professionals at a time when mushrooming threats, work-from-home computing, and rapid adoption of cloud applications and infrastructure are complicating an already demanding task.
“They have siloed security tools, too many alerts, compliance pressures that are on the rise, a lack of skilled resources, and the need to detect and respond quickly,” MacMillan says. “They’ve been asking for help in terms of making this this easier to help make them more resilient.”