Trend Micro this week launched a generative artificial intelligence (AI) tool, dubbed Trend Companion, that leverages natural language to reduce toil by bringing context to alerts and reducing the amount of time required to investigate incidents.
At the same time, Trend Micro is extending its Trend Vision One cloud-native application protection platform (CNAPP) to add cloud risk management capabilities, including agentless vulnerability scanning tools along with cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM) capabilities.
Shannon Murphy, global security and risk strategist at Trend Micro, said the overall goal is to provide generative AI tools that reduce the level of toil and stress cybersecurity analysts encounter while at the same time making it simpler and less costly to thwart threats using a platform-based approach to maintaining cybersecurity.
Trend Companion, for example, can be used to summarize and contextualize alerts in addition to explaining via natural language how complex scripts function. It can also be used to iteratively develop threat-hunting queries using natural language. The capabilities can be used to both reduce incident response times by 30% and the time it takes to create a report by up to two hours.
Meanwhile, Trend Vision One has been extended to add attack surface management capabilities that previously would have required cybersecurity teams to acquire a separate set of tools, noted Murphy.
It’s not clear how quickly organizations are embracing CNAPPs to streamline cybersecurity. However, as these platforms aggregate more data, the more accurate the recommendations and summarizations of data become. In the case of Trend Micro, the company has trained its own large language model (LLM) to ensure that data it collects from across the globe is never accidentally shared via a public generative AI service such as ChatGPT, noted Murphy.
The rise of CNAPPs, in combination with generative AI, is transforming how cybersecurity is managed. Many organizations today rely on multiple disparate tools that make it challenging to correlate alerts. As a result, cybersecurity teams often find themselves spending a lot of time trying to determine the severity of an incident. Of course, the longer that takes, the more potential damage might be inflicted.
CNAPPs, in contrast, foster increased collaboration around a set of tools and capabilities that all have access to the same data. That reduces the amount of time cybersecurity professionals spend swiveling between all the dashboards that disparate tools are going to surface, noted Murphy.
The challenge, of course, is that replacing all those tools with a CNAPP requires a significant investment that many organizations are reluctant to make after spending years integrating various tools. The issue is that maintaining and updating those tools over time is also an expensive proposition, so organizations will need to determine what approach makes the most sense based on the total cost of cybersecurity incurred.
In the meantime, the one thing that is certain is that cybercriminal adversaries are already making similar investments in automation and AI with the expectation that they can overwhelm the cybersecurity defenses most organizations have in place today.
Recent Articles By Author