Trend Micro puts zero trust theory into practice with latest launch
Trend Micro has announced the full release of its risk insights capability following a beta test with 3,500 enterprises.
The company’s zero trust risk assessment solution, Zero Trust Risk Insights, now forms a key component of the company's unified cybersecurity platform.
Trend Micro states the company is focused on giving customers a complete understanding of their risk so security teams can make informed decisions and implement effective solutions, rather than exchanging one piece of cybersecurity infrastructure for another.
Built on Trend Micro’s complete cybersecurity platform, the service is designed to continually assess the risk of identities, devices and cloud applications using telemetry across endpoint, email, cloud, networks and SaaS applications.
This risk insight is used to automatically detect, block, or remediate issues before a connection is completed. Customers also benefit from continuous security posture assessment and complete insights without requiring additional apps or agents.
Trend Micro technical director A/NZ Mick McCluney says, “This new solution adds further telemetry and visibility of connections across the entire IT environment to truly inform SOC teams.
"The risk and security of users, devices, and apps can be easily seen, issues prioritised in a way unique to Trend Micros platform capabilities. This is true zero trust theory put into product form.”
According to the company, Trend Micro's zero trust solution focuses on:
Identity risks: Identifying compromised user accounts and suspicious user activity, such as accessing risky cloud applications or unusual login activity. These might indicate a user account is being abused by an attacker. For example, phishing emails being sent from an internal user is a notable indicator of malicious account abuse.
Device risks: Identifying suspicious processes, unpatched vulnerabilities, attack techniques and tactics, and misconfigured applications or operating systems. For example, the use of many legitimate tools can be an indicator of an ongoing ransomware attack.
Overall, Zero Trust Risk Insights provides overlapping services to ensure a comprehensive understanding of organisational security. The vulnerability prioritisation takes advantage of Trend Micro's vulnerability research, including insights from the Zero Day Initiative.
It uses global and local threat intelligence on exploit attempts plus vulnerability severity to prioritise which vulnerabilities are critical to apply a prevention rule or patch.
Visibility into email usage is particularly important for security teams, as phishing activity could indicate that user identities have been compromised, the company states.
Cloud applications visited by users may be unsanctioned or have data sovereignty and privacy concerns. Using a SaaS-based app reputation database, Trend Micro tracks access to risky applications.
According to Trend Micro, as the evolving threat landscape continues to garner attention amidst high profile security incidents, decision makers at enterprises worldwide are beginning to realise the benefits of a broad zero trust solution.
IDC research director European security & privacy Joel Stradling says, “Some of the downsides of digital transformation projects are legacy security systems causing issues and an almost unmanageable expansion of complexity.
"To compound this, the threat landscape is increasingly sophisticated making defence strategies similarly complex.
"Information is king, and Trend Micro's Zero Trust Risk Insights gives CISOs better visibility into an organisation's security risk, which in turn helps organisations shed several layers of management complexity and achieve a stronger security posture.