Trend Micro

Vision One TM

Lori Smith
Global Product Marketing
 See more. Respond Faster

Detect more Visualize the Respond

with correlation attack story confidently

2
 See more. Respond Faster
• Vision One provides deep, and
purpose-built XDR capabilities.
• Differentiates from other “XDR”
vendors by offering more value.
• Technology foundation to
expand a fully integrated threat
Trend Micro Vision One defense platform for the SOC.

Risk Agent and

Visibility XDR Policy Management

3
 Everyone Wants to Understand the Threats
Customer 1 Customer 2 Customer 3

• Established SOC • Invested in SIEM • Limited budget

• Security minded • Security team but not • Piecing security together
and funded a formal SOC • Starting with EDR

4
 …limited visibility to
…and little visibility threats affecting cloud
into email traffic and workloads
mailboxes

Today, the SOC gets

siloed insight into Security
…a separate siloed
endpoints (EDR)… Analyst
view into network
events,

Branch Office

5 © 2020 Trend Micro Inc.

 Generating incomplete,
noisy SIEM alerts without Security
any context Analyst

Branch Office

6 © 2020 Trend Micro Inc.

 Attacks don’t stay in
silos! Security teams
need to piece together
what happened

Security
Analyst

Branch Office

7 © 2020 Trend Micro Inc.

 XDR breaks down the
silos and instead of
noise, tells a story

XDR

Branch Office

8 © 2020 Trend Micro Inc.

 Organizations with XDR…

Are better protected Detect quicker Respond completely

Suffered half as many 2.2X more likely to 60% less likely to

successful attacks over detect a data breach report that attack re-
the last 12 months /successful attack in a propagation has
few days or less been an issue.

Source: The XDR Payoff: Better Security Posture, ESG Research, Sep 2020
9
10
 Each XDR Piece Adds Value, with One or Many
Endpoint – most attacks involve
users devices
• Find threats hidden amongst
endpoint telemetry
• What happened within the
endpoint? How did it
propagate?
Network - sees EDR blind spots
(unmanaged; legacy, IoT, IIoT)
• How is the attacker moving
across the organization?
• How is a threat communicating?
11
Email - 94% of malware
• Who else received this email or
a similar threat?
• API integration for inside view
• Are there compromised
accounts sending internal
phishing emails?
Cloud/Workloads/Containers
-critical to business operations
• Correlates data from more
security controls than typical
EDR to solutions tell a more
complete story.
• What happened within the
workload?
 How is it different than other approaches?
Trend Micro Vendor-to-Vendor SOAR / SIEM
Vision One partnership
Sharing of IOCs between layers Yes Yes Yes
for sweeping
Corelated detection of low Yes No partial
confidence events across layers
Deep understanding of all data Yes No No
generated by layers
Integrated investigations in one Yes No partial
console
Integrated response actions Yes No Yes
across layers
Added Risk Visibility across the Yes No No
environment

12
 Trend Micro Managed XDR
Expert Threat Identification & 24x7 Monitoring &
Hunting Detection
Uncovering complex targeted Continuous alert monitoring,
threats using cutting-edge correlation and prioritization using
techniques with enrichment by automation and analytics. Proactive
threats experts leveraging deep sweeping of endpoint, server,
threat intelligence network, and email.

Rapid Investigation & Mitigation

Comprehensive analysis and detailed
response plan with remote response
actions through Trend Micro products
13 © 2020 Trend Micro Inc.
 Security Expertise Serving Multiple Customer Objectives

✅ Looking for detection and response managed on their behalf



✅
 Wants to supplement in-house activities (augment detection, added
threat expertise/intelligence, proactive threat hunting)

✅
 Have or concerned with having an incident; want 24/7 alert monitoring

 Uses multiple Trend products and wants the benefits of cross-layered

✅
detection and response – the XDR advantage

14
 What it Means for the Customer
Events generated by Trend Micro products (which are not
actionable but needed for compliance / visibility when
investigating)
one

Standard managed service: distills and prioritizes 50 high

severity events which require further investigation by the
customer’s Level II/III security analyst

Advanced managed service: Trend Micro security experts

investigate each of the 50 events. Through manual and
automated means, they were able to run 242 investigations
and declared one incident. For that security incident, the
service provides threat response and a detailed remediation
plan and incident report.

15 © 2020 Trend Micro Inc.

 Why Trend Micro Vision One?
1 Purpose-built XDR Security analytics powered by Trend
3
Platform with deep integration Micro Threat Research
into native sensors and Trend Micro
expanding value discovered over half
the disclosed
vulnerabilities in
2019

2 Distinctive data sources

Cloud - breadth and Email - External + internal #1 In initial detection
timeliness of Linux support email visibility by integrating (APT29, prior to new XDR platform)

at the application layer for

debian CloudLinux SUSE Amazon quick response to the 94% of
attacks starting with phishing
ubuntu CentOS Oracle Red Hat
16
 Going above and beyond XDR….

…with constant and fast innovation

17