Trend Micro Email Security is a really handy solution. It has several policy protection modules that allow you to set up the spam filter and tune it according to your needs, setting it high, medium, or low according to your organization's requirements. It has a proper phishing detection module that checks the SPF record, DKIM, and DMARC, and you can customize those as well according to the severity that you want.Trend Vision One is one of the best XDRs that has been introduced to the market. It has really good features and is basically inspired by Microsoft Defender. If you have gone through both of the consoles, you can see that Trend Micro is really inspired by Microsoft Defender. It has almost 14 applications integrated into a single console, along with the compliance part. It includes mobile device management, network security, endpoint security, as well as cloud app security. It has a really good GUI as well. It does provide me with centralized visibility and management across protection layers. It can integrate all of the separate EDR, XDR, or SIEM solutions, and if you have cloud security applications, all can be integrated and viewed in a single console. If you have logged into just a single XDR console, you can access all the applications in that. If you're willing to access the EDR or server protection module separately, you can. But as I said, XDR provides a centralized view, and you can just navigate to that single URL, and with just a click, you can view all of the organizational assets within a single console. Vision One sensors are basically endpoint security agents, and we are using them on multiple endpoints and servers as well. Endpoint coverage is crucial because that's where the attacks can begin. For example, if a user receives a phishing email or an attachment, the EDR agent is very much capable of detecting those sorts of malware, which can be predefined IDS signature-based malware or a specially crafted ransomware file. The IDS signatures or traditional antivirus signatures will not be able to detect it, but what the Trend Micro EDR agent does is profile every user of that computer. Whenever there is a baseline violation, it creates a behavioral monitoring alert, and you can get an alert that this file has a behavioral behavior that resembles ransomware and is violating that person's baseline. In that scenario, a specially crafted file is detected by Trend Micro. I have used the cyber risk exposure management capabilities, C-RAM capabilities. Cyber risk exposure management, as referred to C-RAM, was formerly called attack surface risk management, and it has three or four steps. The first is Discover, which usually discovers all of the organizational assets because sometimes identifying the right assets is crucial and is a compliance aspect as well. The discovery part is very important as it discovers all the organizational assets in your network. After that, it assesses the overall security configurations of those discovered assets. For example, if it has identified a public-facing asset, it will briefly look into all the security configurations of Trend Micro Email Security assigned to it, and if any best practices are missing, it will let you know. Additionally, it has a very good comparison chart. For example, if you are in the automobile industry, you can compare your organization's overall risk or exposure with some other brands in the same industry. If there is a company A in automobiles, it can compare its overall organizational risk with company B in the same automobile industry. That's a really good part of it as well. It does help reduce noise from false positives. As I mentioned in the detection module, we can tweak the alert or the rule based on organizational needs. For instance, if there is a company A that wants to escalate alerts only when there are 40 or more login failures, I can easily change that threshold to 40. Alternatively, if another company prefers to escalate on even 20 or more login failures, I can tweak it likewise. We can create new custom rules and adjust already created rules to generally remove false positives. It's a great feature. We have seen a lot of advancements in AI across multiple domains. The advancement of AI in cybersecurity is significantly beneficial. We can leverage the AI module for anything regarding alerts or configurations during investigations. When investigating an alert, I can just ask Trend Companion to provide a summary of that alert, making it very easy for the analyst to work.
