DATASHEET

Trend Micro™

XDR FOR USERS

Protection and combined detection and response capabilities across email and endpoints

Organizations today face an onslaught of new and stealthy threats that are constantly Protection Points
evolving to bypass existing security measures. Having advanced detection and response • Microsoft® Windows®
capabilities, in addition to advanced protection, is essential to eliminate or minimize the • Mac
impact of threats that do make it through defenses. Endpoint detection and response
• Microsoft 365® (email, Microsoft®
(EDR) is a great tool to detect threats that have landed on an endpoint, investigate the OneDrive® for Business, Microsoft®
root cause, and mitigate the impact—but with its targeted focus on endpoints, EDR can’t SharePoint® Online, Microsoft®
see or influence important parts of the attack path. For example, while EDR can identify Teams®)
that a threat came into the organization via email, it can’t offer key details on the scope • Google G Suite™ (email, Google Drive™)
of compromised accounts and hence can’t remove or stop the spread of the threat.
Given that 96% of social engineering attacks start with email , combining email with
endpoint detection and response is a powerful capability.

TREND MICRO™ XDR FOR USERS

WAVE
Trend Micro™ XDR for Users is a complete software-as-a-service (SaaS) offering that LEADER 2020
includes protection, detection, and response across email and endpoints and through Enterprise Detection
And Response
Trend Micro Apex One™ and Trend Micro™ Cloud App Security solutions. It also includes
XDR capabilities via Trend Micro Vision One™ for correlated email and endpoint
detection using security analytics, automatic sweeping for indicators of compromise
(IoC) using Trend Micro threat intelligence, central investigation and response, and
proactive threat hunting. With XDR for Users, customers can respond more effectively
to threats, minimizing the severity and scope of a potential breach.

Trend Micro Vision OneTM

Risk Visibility Agent and

Policy Management
XDR SIEM
APIs
Security Analytics + Threat Intelligence SOAR

XDR Data Lake (sensor activity data: telemetry, metadata, logs, netflow)

Endpoint Server Cloud Email Network

Security Security Security Security Security

1
2020 Data Breach Investigations Report, Verizon

Page 1 of 3 • DATASHEET • XDR FOR USERS

 ADVANCED THREAT PROTECTION Key Protection Capabilities
• High-fidelity machine learning
• Trend Micro Apex One leverages a blend of modern threat techniques to provide (pre-execution and runtime)
the broadest protection against all types of threats. It offers highly-tuned endpoint • Behavioral analysis
security that maximizes performance and effectiveness. (against scripts, injection, ransomware,
memory, and browser attacks)
• Cloud App Security catches millions of threats not found by upstream protection from
• Web reputation
Microsoft® Office 365®, Google Workspace™ or third-party email gateway services.
Using APIs, it integrates in minutes with cloud email and file sharing platforms to add • Exploit prevention
(host firewall, exploit protection)
advance malware and phishing detection—including specialized protection against
• Command and control (C&C) blocking
credential phishing and business email compromise (BEC) impersonation attacks.
• Vulnerability protection
• Strong endpoint and email threat protection reduces the number of threats that get
• Application control
through in the first place, resulting in less events in which to investigate and respond.
• Data loss prevention (DLP)
CONSOLIDATED DETECTION, INVESTIGATION, AND RESPONSE • Device control
• Sandbox and breach
• XDR for Users connects the dots across security layers to provide more insightful detection integration
investigations and quicker response to endpoint and phishing incidents. • Inbound and internal
phishing protection
• Endpoint and email activity data (i.e. endpoint telemetry, email metadata, etc.) and
detection logs are sent to the XDR data lake for attack discovery and analysis. • Credential phishing detection with
computer vision
• BEC impersonation detection with
CORRELATED DETECTION writing-style analysis

Built-in security analytics combined with global threat intelligence to detect more:

• X
 DR analytics can automatically tie together a series of lower-confidence activities
into a higher-confidence event, surfacing fewer, prioritized alerts for action (i.e. a
suspected phishing email is followed by an endpoint accessing a rare web domain).
• Correlate threat and detection data from your environment with Trend Micro’s global
threat intelligence in the Trend Micro™ Smart Protection Network™ for richer, more
meaningful alerts.
• M
 ore context with mapping to the MITRE ATT&CK framework means faster detection
and higher fidelity alerts. In the MITRE AP29 evaluation, Trend Micro had the highest
initial detection rate2.

INTEGRATED INVESTIGATION AND RESPONSE

One platform to respond faster with less resources:

• One place for investigations to quickly visualize the entire chain of events across
security layers or to drill down into an execution profile.
• In seconds, determine the impact of a phishing attack as Trend Micro Vision One
automatically sweeps mailboxes to find other affected users.
• One location to respond using containment actions for both email and endpoint.

Trend Micro Vision One: One place for attack discovery, investigation, and response

2
MITRE ATT&CK Evaluations: Trend Micro #1 in Initial Overall Detection, Trend Micro

Page 2 of 3 • DATASHEET • XDR FOR USERS

 TREND MICRO VISION ONE THREAT DEFENSE PLATFORM Key Detection and
Response Features
XDR for Users include powerful detection and response and threat intelligence
• IoC sweeping
capabilities through the Trend Micro Vision One threat defense platform. Trend Micro
Vision One collects and automatically correlates data across multiple security layers; • IoA hunting
email, endpoints, servers, cloud workloads, and networks. Using advanced security • Root cause analysis
analytics, it detects and tracks attackers across these layers so security teams can • Impact analysis
quickly visualize the story of an attack and respond more quickly and confidently. • Automated response
• Open APIs and custom intelligence
TREND MICRO™ MANAGED XDR SERVICE
An optional service that provides threat hunting and investigations
by Trend Micro threat experts

• With Managed XDR, customers can get the advantages of Trend Micro Vision One;
leveraging the resources and knowledge of Trend Micro security experts who are
skilled in hunting and investigating advanced threats.
• Provides 24/7 alert monitoring, alert prioritization, investigation, and threat hunting
services to Trend Micro customers as a managed service.
• Depending on the Trend Micro products in the environment, the Managed XDR
service can collect data—from not only endpoints and email, but also network, server,
and cloud—to correlate and prioritize alerts and system information and determine a
full root cause analysis.
• Threat investigators take the burden of investigations and provide a full incident
report and remediation plan so your internal teams can more easily and quickly know
what has happened, along with the impact and the necessary remediation steps.

For details about what personal information we collect and why, please see our Privacy Notice on our website at:
https://www.trendmicro.com/privacy

©2021 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball
logo, Trend Micro Apex Central, InterScan, Trend Micro Apex One, ServerProtect, ScanMail,
and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All
other company and/or product names may be trademarks or registered trademarks of
their owners. Information contained in this document is subject to change without notice.
[DS03_XDR_for_Users_Datasheet_210113US] trendmicro.com

Page 3 of 3 • DATASHEET • XDR FOR USERS