Original article: Trend Micro
Customers first: building out our Splunk partnership for a more secure 2021
The past 12 months has been an eye-opener for many IT and business leaders. Experts claim that digital transformation witnessed unprecedented growth, as organizations scrambled to support mass working and re-engineer business processes and customer-facing services. According to McKinsey: “Businesses that once mapped digital strategy in one- to three-year phases must now scale their initiatives in a matter of days or weeks.” Yet these forces also created challenges; especially for Security Operations Center (SOC) staff overwhelmed with alerts as threats rapidly escalated.
At Trend Micro we’ve been taking major strides in recent weeks and months to help support these customers, by expanding our industry partnerships—especially with SIEM and SOAR providers. Our latest offerings for Splunk customers are a great example.
The direction of travel for corporate cybersecurity is towards greater integration. By 2024, at least 65% of organizations will justify expenditure on such capabilities as a strategic investment, up from less than 40% in 2019, according to Gartner. It is particularly important in cybersecurity, where many CISOs are struggling to extract value from a large number of siloed point solutions. These can end up adding extra cost, complexity and inefficiencies, and compound those underlying siloes as staff in different functions access different versions of the truth.
According to Gartner: “Security and risk management leaders looking to improve operational efficiency should seek security solution providers that have well-documented APIs, integration partners and other resources to enable automation.”
We couldn’t agree more at Trend Micro, which is why we’ve been on a mission over recent months to build out the already extensive industry partnerships we’ve nurtured over the years.
Trend Micro and Splunk
Our latest announcement is an XDR Add-on for Splunk. Trend Micro XDR is an increasingly important platform for customers that want to take their threat detection and response capabilities beyond the endpoint. It applies powerful analytics to correlate data across email, endpoints, servers, cloud workloads and networks. The end result is fewer, higher-confidence alerts, leading to more effective detection.
We know that it provides a level of detection impossible to achieve with SIEM alone. But we also know that organizations don’t run these tools in isolation. Splunk is a hugely popular provider of its Data-to-Everything® Platform, which provides data-driven solutions for IT, security and DevOps professions. Its SIEM offering, Splunk Enterprise Security, promises to reduce time-to-detection and accelerate time-to-value for security analysts. By offering tight integration with XDR and other Trend Micro products, we’re enabling our joint customers to optimize these capabilities with our industry leading threat data and intelligence.
Super-charging threat detection
Integrating XDR data with the Splunk SIEM platform super-charges threat detection and response for customers. The Trend Micro XDR Splunk Add-On allows customers to receive Trend Micro XDR Workbench Alerts inside Splunk, including impacted host, users and applicable indicators. From here, security analysts can easily drill down for deeper analysis and response. At a time when SOC staff are stretched to the limit by pandemic-fuelled threat activity and skills shortages, integrating two essential security products will help to maximize value.
It’s not the only move we’ve made to expand our Splunk partnership. Announced at the same time is a new Splunk app for our Apex Central endpoint protection solution, designed to accelerate time-to-protection and reduce the IT burden on joint customers. This builds on previous offerings including Trend Micro Splunk applications for Deep Security, Deep Discovery and TippingPoint products. We’re also working to consolidate these titles on the Splunk marketplace (SplunkBase) under a single Trend Micro listing.
The announcement is one of several we’ve made over recent weeks to build out our integrations with SIEM and SOAR providers. We believe this customer-first approach is what hard-working CISOs and their teams need as they head into another year of high pressure.
To learn more about our XDR partnership building, read our previous blog in this series.