Trend Micro, a leading cybersecurity vendor, has announced the integration of generative AI into its flagship Vision One platform with the introduction of a new AI tool called Companion. The purpose of Companion is to enhance the extended detection and response (XDR) capabilities of the platform by utilizing advanced AI/machine learning analytics and correlated detection models. This integration is part of Trend Micro’s plan to rollout AI and large language model (LLM) capabilities within Vision One.
Companion has been specifically designed to amplify security operations, improve accessibility and efficiency, and accelerate threat hunting speeds for analysts of varying skill levels. It works in harmony with the Vision One platform to enhance XDR alerts, providing quicker understanding and more effective threat filtering. Shannon Murphy, a risk and threat specialist at Trend Micro, explained in a blog post that Companion uses a plain-language interface to empower users with generative AI’s analytical capabilities. It enables users to explain and contextualize alerts, triage and recommend actions, decode complex scripts, and develop and test search queries. The assistance of Companion can be controlled by users, allowing more experienced team members to seamlessly continue their workflow with or without support.
One of the key features of Companion is its ability to provide security analysts with plain-language summaries of complex multi-step, multi-layer attacks. Previously, analysts may have been overwhelmed by the volume of information, but now they can easily prompt Companion for a summary and receive a comprehensive breakdown of the attack. Companion also automates email, help-desk ticketing, and incident reporting, reducing the need for paperwork and reporting.
In addition, Companion can analyze and break down PowerShell scripts, providing a human-readable and user-friendly explanation. This allows the analyst to become aware of the potential threat implications and necessary context to prioritize and respond effectively. Furthermore, the plain-language interface of Companion simplifies the creation of hunting queries and search languages, allowing analysts at any skill level to build sophisticated queries with greater accuracy and fewer errors.
Trend Micro has prioritized security and compliance in the development of its generative AI and LLM capabilities. The company ensures stringent measures are in place to protect corporate data and prevent the mixing of its models with instances and training data from other vendors. This is particularly important as there are growing concerns about the potential risks associated with sharing sensitive and confidential business information with self-learning AI platforms.
While the introduction of Companion brings advanced protection capabilities to organizations, there is a potential pitfall to be aware of. Analysts may become too reliant on generative AI to provide answers, without critically evaluating the accuracy of those answers. Philip Harris, a research director at IDC, warns that analysts still need critical thinking skills to determine whether an AI-generated answer is correct or not. The ability to detect when something doesn’t seem right is still a valuable skillset for analysts to develop and deepen.
Overall, Trend Micro’s integration of generative AI into its Vision One platform with Companion is a significant step forward in improving security operations and accelerating threat response. By leveraging AI and LLM capabilities, analysts can enhance their workflow and address issues more effectively. However, it is important for analysts to maintain their critical thinking skills and not rely solely on AI-generated answers.