Trend Micro’s old XDR platform is one of three components of the new Vision One, a broader security microservices platform that the company says will be expanded with additional functionality going forward.

Cybersecurity vendor Trend Micro has announced its new Trend Micro Vision One platform. The new platform is actually an expansion of their previous XDR platform, with the XDR functionality updated and expanded, and new capabilities added around risk visibility and agent and policy management.

“Trend Micro Vision one is a remake of our XDR platform into a broader Threat Defense Platform,” said Antoine Saikaley, Technical Director, Trend Micro Canada. “The new threat defense platform is a broader security microservices platform. Previously, it just had the XDR, but now has been expanded to cover the broader Zero Trust paradigm. Identity and risk insight is now part of the platform, as is agent and policy management.”

The objectives behind the Vision One platform are to both solve a broader range of more complex challenges, and to speak to a wider variety of users.

“The XDR platform was basically a platform for the Security Operations Centre team before,” Saikaley said. “Now it has been expanded beyond the SOC with the new components, and now speaks to three sets of users. In addition to continuing to address the SOC team, it now addresses the high level CISO and CIO users with the broader functionality, and also addresses the security and operations team with the new capabilities around policy management and enforcement.”

The XDR capability from the old platform has been enhanced, with the major news coming with a host of new out-of-the-box third party integrations that extend beyond the integrations with the Trend Micro Stack that have always been part of the solution.

“These new integrations with third-party SIEM and SOAR providers as well as endpoint protection platforms, are the major enhancement to the XDR capabilities,” Saikaley stated. “This includes new integrations with Splunk, Palo Alto Networks, Fortinet and Microsoft Sentinel.” The plan is to continue to

integrate beyond SIEM and SOAR, with solutions like firewalls, ticketing solutions, identity and access management.

The new capabilities involve simplified policy management to drive response actions across multiple security layers from a single console, providing greater visibility than single solutions.

“It lets you do unified policy management and enforcement,” Seikaley said.

The other new capability to this platform, Identity and risk insight, has been moved to this platform in the cloud for the first time, to benefit from the synergies.

“We have had analysis of risky users and risky devices on-prem, where it assesses the degree of risk and gives a score, with separate response management and enforcement tools providing remediation,” Seikaley stated. “This is the first time this has been available as a cloud application.”

Seikaley said to expect more solution functionality to be added to the microservices platform going forward.

“There will be more coming down the pipe,” he noted. “More services will be added, in the same way that a platform like AWS adds new services over time.”