Can Your Managed Detection and Response Service Do This?
Submitted by Steve Duncan
Trend Micro has recently introduced its Managed Detection and Response Service to North America. This spring at the RSA show in San Francisco I had that chance to catch up with Jon Oltsik of ESG again to discuss our new offering and why we think the time is right.
As attackers become more sophisticated, enterprises must turn to more advanced detection and response capabilities to respond to them. Sometimes an effective detection strategy is to correlate threats from the network, server and endpoints to understand a complete picture of a targeted attack.
Unfortunately due to a cybersecurity skills shortage and a lack of staffing, enterprises struggle to correlate the many alerts and data themselves.
Trend Micro’s Managed Detection and Response provides managed advanced threat hunting on behalf of Trend customers. Customers deploy a unified Trend Micro endpoint solution that includes the ability to record system level activities. The metadata of this recording is continuously sent to the Trend Micro service. Customers also deploy (or have deployed) a Deep Discovery Inspector appliance. This appliance records network-level activities and alerts and sends the metadata to the Trend Micro Managed Detection and Response service. MDR analysts from Trend use this data to build a clear picture of how an advanced threat came in, morphed, and spread. By correlating this information, the service may also identify Industrial IoT devices that may be affected by the attack.
The service provides onboarding support, 24/7 alert monitoring, alert prioritization and investigation, and threat hunting services. Trend Micro will monitor customers’ Deep Discovery and OfficeScan environments, review security events to help determine the root cause/entry point, enrich event alerts where possible using threat hunting and investigation. Additionally, the Trend analysts will coordinate needed corrective action with the customer along with recommend changes to align with best practices in prevention. When necessary, customers will work directly with Trend Micro Security Analysts online and via phone from the Trend Micro Security Operation Center.
While the service is being delivered from Trend it will be available from selected Trend partners in 2019. More information on the service can be found here.
Read More HERE