Trend Vision One™ -

Forensics
 Challenges
Complexity
More sophisticated threats,
more tools to manage
Out of the box IR tool adds
complexity and lacks threat
intelligence
2 | ©2023 Trend Micro Inc.
Talent Shortages
DFIR specialist/incident
responder shortages
Manual evidence collection
takes huge manpower
Out of the box IR tool needs
additional manual efforts
 Vision One - Forensics
An app natively built within the Vision One platform for
1
incident investigation

Designed for Digital Forensics and Incident Response (DFIR)

2
specialist/incident responder/SOC analyst

3 Managed from the single Vision One console

4 Allows you to gather evidence, organize data, and triage

endpoints using integrated query/scan

Requires zero deployment & provides automatic threat

5
intelligence analytics, enabling quickest incident response

3 | ©2023 Trend Micro Inc.

 Trend Vision One – Forensics as Part of the Platform

Endpoint Forensics and

Email Incident Response
Advanced
Identity Fewer, high- investigation of
Cloud fidelity alerts critical events

Network

OT

Data Access Playbooks

Generative-AI Assistant
3 -Party
rd

4 | ©2023 Trend Micro Inc.

 Prerequisite
Vision One customers with
endpoint sensors (EDR/XDR:
endpoint, server and cloud
workloads) are eligible to buy.

Endpoint sensor would act as the

sensors for Vision One – Forensics
to query, scan and collect
evidence.

5 | ©2023 Trend Micro Inc.

 Frictionless Capabilities
Native Threat Intelligence
Evidence and Artifact Collection • Run threat intelligence queries when
• Snapshot full artifacts/evidence on specific conditions are met
endpoints at any time • Leverage AI technology for faster
• Request batch evidence collection evidence tagging
through centralized console • Pull EDR telemetry and detections
• Collect artifacts based on automatic into view automatically
trigger conditions

Respond in Super Timeline

Incident Management War Live Investigation from Anywhere View
Room • Run YARA queries for typical memory • Generate a Super Timeline with
• Create workspaces during incidents and artifact exploration expert Trend Micro pre-
• Scope the affected endpoints • Review running processes and sub- generated and built-in threat
• Manage incidents through a processes live knowledge
centralized console • Run native commands such as whoami • Take advantage of holistic
and netsat with osquery for live forensic data and heuristic
investigation analyses

6 | ©2023 Trend Micro Inc.

 Why Trend Vision One - Forensics
Part of an integrated, single platform - Minimized complexity. No
separate tools. Use existing console.

Quick to get started – this built-in capability needs no deployment and

quick time to interrogate, saving you precious time.
Easier and faster Digital Forensics and Incident
Response (DFIR) process
• Investigate downloaded artifacts directly in console or
other tools
• Automatic and native threat intelligence analytics & EDR
data pulling help you “find a needle in a haystack” faster
with less efforts.
7 | ©2023 Trend Micro Inc.
• Automatic IR report generation process and live forensics
 Automatic Threat Intelligence, Faster Response Time

One piece of evidence was potentially at high

risk and was highlighted

Trend Vision One – Forensics “Evidence

Report” is integrated with Trend’s
advanced threat intelligence analytics,
showing risk level for evidence collected.

8 | ©2023 Trend Micro Inc.

©2023 Trend Micro Inc.