Trend Micro Endpoint Sensor (EDR)
Get more out of endpoint detection and response (EDR)
*Price per User, quantities 2-25
Our Price: $74.75
*Price per User, quantities 26-50
Our Price: $61.26
*Price per User, quantities 51-250
Our Price: $57.54
*Price per User, quantities 251+
Our Price: $56.32
Leverage a full portfolio of advanced detection techniques against an ever-growing variety of threats and targeted attacks. By integrating endpoint protection and EDR in a single agent, Trend Micro offers a comprehensive detection and response solution with automation and remediation capabilities.
XDR capabilities with Trend Micro
Take advantage of the options to extend endpoint detection and response capabilities to other security vectors, including email, servers, cloud workloads, and network and benefit from correlated detections and more insightful investigations.
Single view with integrated workflows
View detections, perform investigations, and initiate response from a single place for endpoints alone or across other Trend Micro security layers.
Root cause analysis and impact assessment
Get complete visibility into the attack vector, see the spread and extent of the impact of advanced threats. Incident response staff can quickly perform impact assessments, determine the root cause of the detection, and take proactive measures to remediate and update security.
Layering in global threat intelligence provides threat investigators with clarity, assistance, and a comprehensive database of threat information.
With Trend Micro EDR, endpoint analysis can be done in context of other security layers, empowering SOC and security analysts with a single source to run a root cause analysis, look at the execution profile of an attack (including associated MITRE ATT&CK TTPs), and identify the scope of impact across assets.
Sweeping and hunting
Perform multiple indicators of compromise (IoC) searches (or sweeping) with multiple parameters, like specific communications and malware, registry and account activity, and running processes.
Investigators can also search using industry standard OpenIoC or YARA rules and perform threat hunting based on indicators of attack (IoAs). This allows investigators to develop attack discovery rules or work with the IoAs provided by Trend Micro to hunt for threats.
By leveraging XDR across other Trend Micro solutions, analysts can sweep for IoCs or IoAs across the whole environment (messaging, endpoint, server, network) as a single action for a holistic view of which threats may reside within the enterprise.
Automated and integrated response
Isolate, quarantine, block executions, roll back settings (and files, in the case of ransomware), with the option for investigators to also manually respond while performing an investigation. Endpoints can be isolated, processes can be terminated, and security intelligence can be automatically updated on a per-user or enterprise-wide basis.
Managed XDR service
We offer 24/7 alert monitoring, alert prioritization, investigation, and threat hunting as a managed service. Trend Micro™ Managed XDR includes standard or advanced service packages across email, endpoints, servers, cloud workloads, and network.
Threat hunting and detection investigation is performed within the workflow and console of Apex One and shows investigations across connected emails and servers. No more moving from one console to another.
Efficient endpoint recording
Endpoint Sensor records and stores information on system behaviors, communications and user behaviors. Metadata on this information is sent to the Apex One server to allow investigators to “sweep” for indicators of compromise (IoCs)
Server side IoC sweeping
The Apex One server only stores essential metadata of end user recorded data (or telemetry). This allows investigators to perform multiple searches or sweeps of this data without having to query each endpoint individually. In addition, detailed root cause investigations can be made on each endpoint directly.
Investigators can search (or sweep) with multiple parameters. Searches can be made on parameters such as, specific communications, specific malware, registry activity, account activity, and running processes. Or investigators can search using industry standard OpenIOC or YARA rules.
Root cause analysis
Investigators can drill down on an interactive process tree that illustrates the full chain of attack to analyze how the detection arrived, changed, and spread by viewing activities, objects, and processes. Immediate response can be taken to terminate processes, isolate users, update security, and to sweep further.
Vendor intelligence and assistance
Layering in proactive global threat intelligence, the Trend Micro™ Smart Protection Network™ provides clarity and assistance to threat investigators. Endpoint Sensor recognizes known good objects and processes as well as known bad. Investigators can view a colour-coded root cause analysis to identify risky or unknown processes and guide in the remediation. Investigators can also access Trend Micro™ Threat Connect™ service to research our database of threat information.
Immediate response options
Apex One already provides advanced automation to remediate detections. It can automatically isolate, quarantine, block executions, roll back settings (and files, in the case of ransomware), with the option to manually respond while performing an investigation. Endpoints can be isolated, processes can be terminated, and security intelligence can be automatically updated on a per-user or enterprise-wide basis.
Advanced threat hunting
Threat hunting, based on indicators of attack (IoAs), allows investigators to develop attack discovery rules or work with the IoAs provided by Trend Micro to hunt for threats.
Many customers want to be able to leverage their security operations tools. Apex One has multiple built-in documented application programming interfaces (APIs) that allow the product to work with these tools.
Security investigators can select objects and manually submit them to Trend Micro sandboxes. Suspicious objects can be sent to our Trend Micro™ Deep Discovery™ network security sandboxes on-premises, or to Trend Micro Apex One™ Sandbox as a Service subscription option.
How It Works
- Endpoints with Trend Micro™ Apex One Endpoint Sensor enabled, and emails with Trend Micro™ Cloud App Security, will record system behaviors, user behaviors, and communications.
- Activity and detection data from these servers, endpoints, and emails is sent to the Trend Micro™ XDR data lake.
- When a detection is made, investigators can search through the data to understand the impact analysis of the detection to understand how far has it spread and who else has been compromised.
- A full root cause analysis allows investigators to understand the cause of the detection and immediately implement a response that includes remediating affected systems and updating Apex One and Cloud App Security to block similar attacks in the future.
- Alternately, before a detection, investigators can search for IoAs by using various search parameters or with IoCs and YARA rules.
Minimum Agent Requirements
Apex One Endpoint Sensor is available as an optional add-on to Apex One endpoint protection. It is available on-premises along with Apex One or in SaaS along with Trend Micro Apex One™ as a Service.
Apex One Endpoint Sensor is supported on the following endpoints with Apex One:
- Windows 7 SP1 (6.1)
- Windows 8.1 (6.3)
- Windows 10 (10.0)
Hardware: 2 GB minimum RAM, 2 GB available disk space (3 GB recommended)
- macOS™ Mojave 10.14
- macOS™ High Sierra 10.13
- macOS™ Sierra 10.12
- OS X™ El Capitan 10.11
- OS X™ Yosemite 10.10 or later
- OS X™ Mavericks 10.9.5 or later
Hardware: Intel Core™ processor, 512 MB RAM minimum, 300 MB minimum disk space