Trend Micro brings generative AI to Vision One cybersecurity platform

Cybersecurity provider Trend Micro Incorporated has been integrating artificial intelligence (AI) into its technologies for a decade, but it hasn’t had the power of generative AI, until now.

Today Trend Micro announced its new Vision One platform, bringing together a series of different cybersecurity capabilities including extended detection and response (XDR), attack surface risk management (ASRM) and zero trust. In many respects, the platform is an evolution of the Trend Micro one platform announced in 2022, with the big new addition being gen AI.

The Trend vision one companion is a gen AI-powered assistant for security operation center (SOC) analysts. The technology enables security teams to use natural language queries to answer questions, assist with threat hunting and accelerate remediation.

“We’ve really tried to think about how we can bring the power of gen AI to the security operation center,” Trend Micro COO Kevin Simzer told VentureBeat.  “When you’re in an SOC, It tends to be a bit of a stressful job as they’re inundated with lots of telemetry from all different sources.”

Why generative AI is a good fit for the SOC

A lot of data and alerts are continuously flowing into the average SOC.

AI has long had a role in technology platforms from vendors including Trend Micro to help filter through all the noise and find patterns, anomalies and potential risks. What SOC analysts still have to do is understand what the data actually means and know the right commands, scripts and tools to get the desired result.

Simzer explained that the companion is an optional tool that organizations can choose to turn on as part of Trend Vision One. Part of an SOC analyst’s job is to perform threat hunting across the environment, looking for potential risks.

“Our companion capability will allow the SOC analyst to actually do threat hunting in a much more effective way,” Simzer siad. “The SOC analysts can input natural language and it will form the complex XDR queries that need to run.”

SOAR integration

XDR queries are an often complex set of command and scripting needed to search across all the data a cybersecurity platform collects to find matches for a given set of criteria and circumstances that could be indicative of a particular threat.

In recent years, SOCs have been increasingly integrating security orchestration, remediation and response (commonly known by the acronym SOAR) technologies in a bid to automate security. Simzer said that SOAR is also built into the Vision One platform and can potentially benefit from the gen AI companion.

Gen AI is also helping Trend Micro itself as it looks to optimize customer support. Simzer said that Trend Micro is using the technology to build out knowledge-based articles on how technologies work. He explained that Trend Micro’s customer support people are now using gen AI to help provide recommendations and answer user questions.

What’s under the hood? Microsoft Azure OpenAI

While Trend Micro has been developing its own AI capabilities as part of its portfolio for years, the new gen AI capabilities are powered by the Microsoft Azure OpenAI service.

“We’ve been using AI for over a decade; it’s not like we didn’t have data scientists, but there’s no question gen AI really fast forwards a ton of innovation and we jumped on it fairly quickly,” Simzer said. “We have plans down the road to actually have our own gen AI, but the immediate benefits of what we could get with OpenAI were just so real that we couldn’t pass it up.”

A key issue for any organization with gen AI is privacy, which is a high priority concern with cybersecurity information. Simzer said that Trend Micro has been very careful and diligent to ensure that customer data remains private.

“We’ve been training and tuning it and building the guardrails to make sure that none of our customer data is ever introduced into the Azure OpenAI environment,” he said. “We really wanted to be methodical and responsible about it.”

Source