Trend Micro announced its Apex One endpoint security offering on Oct. 15, providing organizations with a new set of capabilities.
Apex One is the rebranded name for Trend Micro’s endpoint security technology, which integrates malware prevention technology with endpoint detection and response (EDR) capabilities. The endpoint security is enabled via a single end-user agent and can be integrated with Trend Micro’s managed detection and response (MDR) service.
“Our enterprise endpoint security offering has evolved a lot with this release, including re-engineering to deliver a single agent, advances in run-time threat detection and providing SaaS/on-premises parity,” Eric Skinner, vice president of Solution Marketing for Trend Micro, told eWEEK.
Trend Micro announced its XGen foundation for security back in October 2016, and it’s an effort that still serves as a core element for Apex One. Skinner explained that Trend Micro uses the “XGen” term to describe the detection technologies in all Trend Micro products and it isn’t specific to endpoints.
“XGen isn’t going away; it is a term we use to refer to our cross-generational blend of threat detection techniques,” he said. “Instead of over-reliance on a single new trendy technique, we use the XGen blend to detect more effectively and reduce false-positives.”
Virtual Patching
Apex One provides a virtual patching feature that looks to protect endpoints against unpatched operating system vulnerabilities. Skinner said that virtual patching does packet analysis inbound and outbound to detect OS vulnerability exploits and lateral movement.
A key part of virtual patching in Apex One is integration with research from Trend Micro’s Zero Day Initiative (ZDI) unit. ZDI is in the business of acquiring zero-day and previously unknown vulnerabilities from security researchers. Among ZDI’s activities is the Pwn2Own event, which awarded a total of $267,000 in prize money to researchers in March for demonstrating new vulnerabilities.
“For Apex One, the ZDI research, and other Trend Micro vulnerability research, means our customers get incredibly timely virtual patches, in many cases earlier than they would from other vendors,” Skinner said.
ZDI pays researchers for vulnerabilities and privately discloses the issue to impacted vendors, giving them up to 120 days to patch the flaw before the issue is made public. Skinner explained that with the TippingPoint hardware product, Trend Micro provides protection in advance of disclosure, as the vulnerability rules are shielded in hardware.
“With our endpoint products, we get the virtual patching rules ready in advance and push them at time of disclosure in order to maintain pre-disclosure confidentiality of the vulnerabilities,” he said.
EDR
Endpoint security products were once typically very distinct from EDR products, but according to Skinner, that has changed in recent years. He said Trend Micro’s view as driven by dialogue with customers is that the EDR market is converging with the endpoint security market, with products in both categories overlapping with each other.
“Our customers asked us to address automated detection, response and investigation in a single integrated product, and that’s Apex One,” Skinner said. “We previously had a core set of EDR functionality, which has now been expanded with server-side meta-data sweeping, enhanced UX, IOA [Indicators of Attack] hunting rule sets powered by Trend Micro’s threat intelligence, Mac capabilities and more.”
Apex One is also being integrated with Trend Micro’s Managed Detection and Response (MDR) server that was announced on June 19. Skinner explained that the Trend Micro MDR service operates the Apex One EDR functionality on behalf of customers and delivers response recommendations, as well as automated response through Trend Micro’s Smart Protection Network cloud.
“So, Apex One provides EDR data to the MDR service, and the MDR service can query Apex One during investigations,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.