Trend Micro adds new AI-driven Managed Detection and Response service, backed by SOC threat hunter expert support

The new service is something that all Trend Micro partners can resell, but Trend’s goal is to expand it to make a white-labelled or broader version available to more sophisticated MSSP partners.

Cybersecurity vendor Trend Micro has made a related pair of announcements. First, they have announced a new offering, the Trend Micro Managed Detection and Response [MDR] service, which provides managed AI-driven advanced threat hunting backed up by Trend Micro SOC resources. Secondly, they have announced that new AI capabilities are being expanded across Trend’s endpoint, network and server solutions to add additional operational automation capabilities.

“This announcement is about two things,” said Steve Neville, Director of Corporate Marketing at Trend Micro. “First the new MDR service prioritizes and correlates alerts using AI, and investigates the alerts while also providing remediation through Trend Micro customers. We are announcing this publicly now, but we have been offering it to selected customers, and we have a couple hundred customers on it now. Secondly, we as an organization are enabling the next generation SOC.  We are evolving the way our products work, sharing more contextual data and expanding the ability to address the need for operational automation. The announcements are inextricably linked because the new MDR capabilities are also powering our next-generation SOCs.”

The new MDR service is a new type of offering for Trend Micro.

“We have historically been focused on software or managed SaaS,” Neville said. “We have used artificial intelligence in our products for many years – since 2005 – but using it inside MDR is new. We have also had these threat hunting capabilities in our products before, but the AI here powers SOC people, and that is a new capacity for us that is aimed at addressing the skills gap that exists broadly today in terms of customers able to do this for themselves. Most organizations do not have the capabilities to hire the people on their own to do this.”

The solution will record system and network-level activities and alerts, sending metadata continuously to the Trend Micro service. The humans in the SOC use the data to assess where the advanced threat came into the network, and how it morphed, and spread. It may also identify Industrial IoT devices that may be affected by the attack.

Steve Neville, Director of Corporate Marketing at Trend Micro

Trend Micro sees the sweet spot for the MDR service as the higher part of the midmarket, and much of the enterprise, except for the largest of organizations

“The larger organizations will have their own SOCs,” Neville said. “This also isn’t something that a small business would want. But we do see an expansive market for this, within the 1000 to 10,000 user range.”

The broader capabilities being built into Trend Micro solutions are designed to enhance the ability to automatically detect and respond to unknown threats, in order to correlate and prioritize contextual threat information from multiple sources and deliver an automated response. This will include three specific enhancements: improved AI capability to identify and correlate high-risk threats; automated prioritization of threat information across user endpoints, networks and servers; and orchestration and response automation.

“The increased automation will provide new capabilities across the portfolio,” Neville said.

All Trend Micro channel partners will be able to resell the MDR services, but there will be broader opportunities for some partners to deliver their own incident response services through them down the line, likely in 2019.

“It’s a fairly complex thing that we are doing, which is why we are providing the expert resources ourselves,” Neville stated. “All our channel partners today can resell it, because it does not require deep expertise to resell the service. However, our goal is to build out the service to enable more advanced MSSPs that have the ability to provide this service on their own to white-label it, or include it within a broader service of their own. The services addresses a strong need in the market for managed detection and response, and gives them a way to address customer demand.”

Trend Micro’s Managed Detection and Response Service is available in North America now.