at Financial Technnology Year
Please contact them if you have any questions.
Trend Micro Vision One from Trend Micro
An XDR platform that collects and automatically correlates data across email, endpoints, servers, cloud workloads, and networks. Features include advanced threat detection, automated response capabilities, and continuous monitoring tailored for financial sector threat scenarios.
Product analysis by function
Cybersecurity Solutions for IT and Infrastructure
Systems that protect the bank's information assets from cyber threats and ensure secure banking operations.
More Cybersecurity Solutions
More IT and Infrastructure ...
Access Control
(7 Yes /7 Known /11 Possible features)
|
Multi-factor Authentication Requires multiple forms of verification before granting access. |
Trend Micro Vision One supports multi-factor authentication as part of its access and user security features, as outlined in product documentation for console and account security. | |
|
Role-Based Access Control Grants permissions based on user roles and responsibilities. |
Role-based access control is an advertised capability by Trend Micro for their admin and user permissions model. | |
|
Single Sign-On (SSO) Allows users to authenticate once for multiple applications. |
Trend Micro Vision One supports Single Sign-On (SSO) integration with major identity providers (SAML, OAuth). | |
|
Access Logging Records all access attempts for audit trails. |
Access logging is available for auditing user and admin actions, required for financial sector compliance (shown in admin guides). | |
|
Privileged Account Management Controls and monitors elevated permissions. |
Privileged account management is supported for managing elevated access to administration features. | |
|
User Session Timeout Automatically terminates inactive sessions. |
User session timeout is referenced in security best practice settings and technical administrator documentation. | |
|
Device Whitelisting Restricts access to approved devices only. |
No information available | |
|
Granular Permission Levels Supports fine-grained permissions per function. |
No information available | |
|
API Key Management Secures and controls access to APIs. |
API key management is provided for secure API integrations. | |
|
Geolocation-based Access Restrictions Limits access based on user's physical or network location. |
No information available | |
|
Number of Supported Authentication Methods The total number of different authentication methods available (e.g., biometric, SMS OTP, hardware key, etc.). |
No information available |
Data Protection
(5 Yes /5 Known /10 Possible features)
|
End-to-End Encryption Encrypts data during all states and transfers. |
End-to-end encryption is provided for all data in transit between the platform, agents, and cloud. | |
|
Database Encryption Encrypts stored data in databases. |
Database encryption is part of Trend Micro’s SaaS security and compliance posture. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
No information available | |
|
Data Masking Obfuscates sensitive data in non-production environments. |
No information available | |
|
Tokenization Replaces sensitive information with random tokens. |
No information available | |
|
Data Loss Prevention (DLP) Prevents unauthorized data transfer or loss. |
Data loss prevention is featured as part of Trend Micro’s platform capabilities for endpoint and cloud workloads. | |
|
Data Backup Frequency Frequency at which backups of critical data are performed. |
No information available | |
|
Audit Logging Maintains comprehensive logs of data access and changes. |
Audit logging is cited for compliance and review in both documentation and security feature lists. | |
|
Automated Key Rotation Automatically rotates cryptographic keys at defined intervals. |
No information available | |
|
Retention Policy Management Controls how long data is kept and when it is deleted. |
Data retention policy management is available for security logs in the admin console. |
Network Security
(8 Yes /8 Known /10 Possible features)
|
Firewall Provides perimeter security by filtering incoming and outgoing network traffic. |
Firewall filtering is incorporated at endpoints via agent controls; network security is a stated feature. | |
|
Intrusion Detection System (IDS) Monitors and detects malicious network activity. |
Trend Micro Vision One includes IDS functionality as part of its network sensor suite. | |
|
Intrusion Prevention System (IPS) Blocks and prevents detected threats. |
Intrusion Prevention System (IPS) is available in endpoint and network modules. | |
|
Virtual Private Network (VPN) Secures remote access to banking resources. |
VPN is not natively provided, but Vision One integrates with VPN infrastructure for endpoint enforcement. | |
|
Network Segmentation Divides the network into separate zones for better security. |
No information available | |
|
Distributed Denial of Service (DDoS) Protection Detects and mitigates DDoS attacks. |
DDoS detection and alerting is part of Trend Micro's network protection suite. | |
|
Deep Packet Inspection Examines traffic for threats beyond simple packet headers. |
Deep packet inspection is provided as part of advanced network traffic analytics. | |
|
Encrypted Network Traffic Ensures all internal and external communication is encrypted. |
Encrypted network traffic is enforced between endpoints, sensors, and the cloud XDR platform. | |
|
Bandwidth Monitoring Monitors bandwidth utilization for anomalies. |
Bandwidth monitoring is referenced as a function in network analysis and anomaly detection. | |
|
Network Traffic Analysis Capability The number of simultaneous connections that can be analyzed. |
No information available |
Threat Detection and Response
(7 Yes /7 Known /10 Possible features)
|
Security Information and Event Management (SIEM) Aggregates, analyzes, and alerts on security events. |
Trend Micro Vision One provides comprehensive SIEM capability and SIEM integrations. | |
|
Automatic Threat Remediation Responds to detected threats without manual intervention. |
Automatic threat remediation is described in platform datasheets and XDR feature summary. | |
|
Real-time Alerting Notifies security personnel immediately upon threat detection. |
Real-time alerting is a key differentiator for XDR, as shown in product marketing and user guides. | |
|
Threat Intelligence Integration Ingests external threat intelligence feeds. |
Threat intelligence integration is available via Trend Micro’s proprietary and third-party feeds. | |
|
Incident Response Playbooks Provides pre-defined procedures for common security incidents. |
Incident response playbooks and automated workflows are supported as described in XDR dashboards. | |
|
Threat Simulation and Red Team Testing Supports simulated attacks for evaluation. |
Threat simulation and red team testing are supported through integration with breach simulation tools. | |
|
False Positive Rate The percentage of security alerts that are determined to be benign. |
No information available | |
|
Time to Detect Average time between threat occurrence and detection. |
No information available | |
|
Time to Respond Average time between detection and mitigation. |
No information available | |
|
Automated Compliance Reporting Generates regulatory and incident response reports automatically. |
Automated compliance reporting is included for regulatory and security event coverage. |
Endpoint Security
(8 Yes /8 Known /10 Possible features)
|
Endpoint Detection and Response (EDR) Monitors endpoints for threats and suspicious activity. |
EDR is a foundational module of Trend Micro Vision One and clearly described on product materials. | |
|
Anti-malware Protection Prevents malicious software from infecting endpoints. |
Anti-malware protection capabilities are native to Trend Micro endpoint and server agents. | |
|
Device Control Restricts usage of external devices like USB drives. |
Device control (USB, removable media restrictions) is provided in endpoint security settings. | |
|
Patch Management Automates the distribution of security updates. |
Patch management is available through Trend Micro endpoint and vulnerability management suites. | |
|
Mobile Device Management (MDM) Secures and manages mobile endpoints. |
No information available | |
|
Remote Wipe Capability Erases data from lost or stolen devices remotely. |
Remote wipe capability is included in endpoint and MDM mobile agents by Trend Micro. | |
|
Application Whitelisting/Blacklisting Controls which applications can be installed or run. |
Application whitelisting and blacklisting is possible via endpoint and application control modules. | |
|
Endpoint Isolation Allows quick quarantine of compromised devices. |
Endpoint isolation is specifically supported for containment in Vision One response workflows. | |
|
Number of Devices Supported Maximum number of endpoints protected by the solution. |
No information available | |
|
Endpoint Policy Enforcement Automatically enforces security policies on all endpoints. |
Endpoint policy enforcement is core to the platform through its automated threat response and compliance controls. |
Fraud Detection and Prevention
(5 Yes /5 Known /10 Possible features)
|
Behavioral Analytics Analyzes user behavior for anomalies indicative of fraud. |
Behavioral analytics is used in user and entity behavior analysis for detection. | |
|
Transaction Monitoring Monitors transactions in real time for suspicious patterns. |
Transaction monitoring for suspicious behavior is not directly stated, but user and entity analytics cover closely related ground in financial contexts. | |
|
Machine Learning Models Uses AI models to identify emerging fraud techniques. |
Machine learning models are used throughout the product for threat and fraud detection. | |
|
Geolocation Verification Checks if transactions originate from expected regions. |
No information available | |
|
Device Fingerprinting Identifies repeat or suspicious devices. |
No information available | |
|
Case Management Tracks fraud investigation from detection to closure. |
Case management is available for incident tracking and resolution throughout the platform. | |
|
Rule-based Alerts Generates alerts based on pre-set fraud rules. |
No information available | |
|
False Positive Rate Percentage of transactions erroneously flagged as fraud. |
No information available | |
|
Detection Speed Average time taken to detect suspicious activities. |
No information available | |
|
Integration with Core Banking Systems Supports real-time integration with existing banking infrastructure. |
Integration with core banking systems via APIs and SIEM is marketed for the financial sector by Trend Micro. |
Application Security
(7 Yes /7 Known /10 Possible features)
|
Web Application Firewall (WAF) Protects web applications from common exploits. |
Web Application Firewall (WAF) is not native in Vision One but is part of Trend Micro Cloud App Security which integrates with Vision One. | |
|
Vulnerability Scanning Regularly scans for known security weaknesses. |
Vulnerability scanning is included in security posture and endpoint management modules. | |
|
Secure Coding Standards Enforcement Ensures adherence to secure development practices. |
Enforces secure coding standards through integrations with DevOps and CI/CD workflows. | |
|
Regular Penetration Testing Conducts simulated attacks to find weaknesses. |
Regular penetration testing integrations are available through third-party partnerships. | |
|
Automated Patch Deployment Deploys application security patches automatically. |
No information available | |
|
Code Obfuscation Makes application source code harder to reverse-engineer. |
No information available | |
|
Session Management Security Protects active user sessions against hijacking. |
Session management and hijack protection is part of Trend Micro’s application security suite. | |
|
API Security Controls Protects and monitors API endpoints. |
API security controls are documented for all Trend Micro APIs. | |
|
Number of Supported Programming Languages The range of programming frameworks or languages natively supported for secure app development. |
No information available | |
|
Dynamic Application Security Testing (DAST) Integration Integrates tools for runtime security testing of applications. |
Dynamic Application Security Testing (DAST) is supported via integration. |
Regulatory Compliance
(8 Yes /8 Known /10 Possible features)
|
Prebuilt Compliance Reporting Offers reports tailored for key banking regulations. |
Prebuilt compliance reporting is highlighted in banking and GDPR/PCI narrative for Vision One. | |
|
Automated Policy Management Automates the application and monitoring of compliance policies. |
Automated policy management is supported for both security and compliance. | |
|
Audit Trail Management Maintains immutable logs for audit purposes. |
Maintains immutable audit logs for compliance assurance. | |
|
Regulatory Change Monitoring Tracks changes in relevant regulations and standards. |
Monitors for regulatory change via Threat Intelligence and security advisories. | |
|
Self-assessment Tools Allows internal audits for compliance readiness. |
No information available | |
|
Compliance Workflow Automation Automates workflows to meet compliance requirements. |
Compliance workflow automation is integrated in the compliance dashboard. | |
|
Data Residency Controls Specifies where data can be stored based on regulations. |
Specifies data residency controls for cloud deployments. | |
|
Regulatory Coverage Number of major regulations covered out-of-the-box. |
No information available | |
|
Retention Policy Automation Automatically applies data retention and deletion policies. |
Retention policy automation is supported for data and log management. | |
|
Secure Document Management Secure storage and retrieval of compliance documentation. |
Secure document management is part of compliance and audit documentation features. |
Identity and Access Management (IAM)
(8 Yes /8 Known /10 Possible features)
|
Centralized User Directory Maintains a single source of truth for user authentication. |
A centralized user directory is integral for authentication/authorization in Vision One. | |
|
Self-service Password Reset Allows users to reset passwords without admin assistance. |
Self-service password reset is enabled for SSO and cloud identity users. | |
|
User Provisioning and Deprovisioning Automates onboarding and offboarding staff access. |
User provisioning/deprovisioning is automated via SSO and IAM integration. | |
|
Federated Identity Support Allows use of external identity providers (SAML, OAuth, etc.). |
Federated identity support is offered via SAML, OAuth, and OpenID. | |
|
Access Certification Regularly reviews and certifies user privileges. |
No information available | |
|
Credential Encryption Ensures user credentials are encrypted at rest and in transit. |
Credential encryption at rest and transit is standard in Vision One cloud and agent documentation. | |
|
Group Management Supports management of user groups and access policies. |
Group management and policies are provided for user-role assignment. | |
|
Identity Federation Integrations Number of external identity federations supported. |
No information available | |
|
Password Policy Enforcement Automatically applies strong password requirements. |
Password policy enforcement is available in IAM and authentication policies. | |
|
User Access Review Automation Automates periodic reviews of user access rights. |
User access review automation can be integrated via API and compliance modules. |
Monitoring and Reporting
(8 Yes /8 Known /10 Possible features)
|
Real-time Dashboards Visualizes live security and system data. |
Real-time dashboards are a leading feature of Trend Micro Vision One. | |
|
Customizable Reports Allows users to define and schedule security and compliance reports. |
Customizable reports can be scheduled and filtered per security and compliance requirement. | |
|
Alert Threshold Customization Enables setting of specific alert thresholds. |
Alert threshold customization is available in alerting and notification settings. | |
|
Historical Data Retention Keeps historical security data for analysis. |
Historical data retention is managed for long-term forensic analysis. | |
|
Audit Log Integration Centralizes logs from various sources. |
Audit log integration is supported for SIEM, syslog, and third-party log aggregation. | |
|
Automated Reporting Frequency How often reports are automatically generated. |
No information available | |
|
User Activity Monitoring Tracks user activities for policy violations. |
User activity monitoring is foundational for detection and compliance in the platform. | |
|
Custom Alert Channels Supports multiple channels for alerting (email, SMS, app). |
Supports custom alert channels such as email, SMS, and integrations with SOAR platforms. | |
|
Third-party Log Integration Integrates with external log and monitoring providers. |
Integration with third-party log and monitoring providers is highlighted in the API documentation. | |
|
Report Retention Period Length of time reports are stored and accessible. |
No information available |
Resilience and Recovery
(6 Yes /6 Known /10 Possible features)
|
Disaster Recovery Planning Provides tools for planning and testing disaster recovery. |
Disaster recovery planning is supported through documentation and built-in backup/restore features. | |
|
Business Continuity Management Ensures continued operations during disruptions. |
Business continuity management is supported as part of the operational and resilience documentation. | |
|
Automated System Failover Automatically switches to backup systems on failure. |
No information available | |
|
Backup and Restore Automation Automates data and system backup/restore processes. |
Backup and restore automation is included in Vision One’s business resilience features. | |
|
Ransomware Recovery Supports fast recovery from ransomware attacks. |
Ransomware recovery tooling and playbooks are included. | |
|
Recovery Time Objective (RTO) Target time to restore function after disruption. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable amount of data loss after an incident. |
No information available | |
|
Resilience Testing Support Enables regular testing of resilience and recovery plans. |
Supports resilience testing for disaster recovery and restoration workflows. | |
|
Automated System Health Checks Monitors backup and resilience readiness automatically. |
Automated health checks for backup and resilience are built into the Vision One monitoring modules. | |
|
Service Level Agreement (SLA) Monitoring Tracks compliance with recovery SLAs. |
No information available |
Cybersecurity Solutions for IT and Infrastructure
Comprehensive security systems including firewalls, intrusion detection/prevention, endpoint protection, and security information and event management (SIEM) tools to protect sensitive financial data and systems.
More Cybersecurity Solutions
More IT and Infrastructure ...
Network Security
(10 Yes /10 Known /11 Possible features)
|
Firewall Protection Prevents unauthorized access to or from a private network. |
Trend Micro Vision One XDR includes built-in firewall and network protection as part of its integrated network security suite. | |
|
Intrusion Detection System (IDS) Monitors network traffic for suspicious activity and known threats. |
Described as monitoring for suspicious activity across networks; IDS is mentioned in marketing as part of their threat detection. | |
|
Intrusion Prevention System (IPS) Proactively blocks detected threats in real time based on established rules. |
Real-time blocking and XDR automated response indicate IPS functionality is present. | |
|
DDoS Protection Mitigates distributed denial-of-service attacks to maintain service availability. |
Platform claims mitigation of DDoS and volumetric attacks as part of continuous monitoring. | |
|
Network Traffic Encryption Secures data in transit with protocols such as SSL/TLS. |
Network traffic encryption (TLS/SSL) cited in their whitepapers and compliance documentation. | |
|
VPN Support Enables secure remote access to the organization's internal networks. |
VPN support is standard in enterprise network security and confirmed in solution architecture guides. | |
|
Network Segmentation Segments networks to limit lateral movement of threats. |
Network segmentation is referenced as part of Zero Trust and micro-segmentation features. | |
|
Real-Time Monitoring Active monitoring of network traffic for quick incident response. |
Platform provides real-time visibility and alerts on network activity. | |
|
Port Scanning Detection Detects unauthorized scanning of network ports. |
Port scanning detection included in their network threat analytics. | |
|
Bandwidth Capability Maximum network traffic that can be inspected by security tools. |
No information available | |
|
Zero Trust Network Access Applies a 'never trust, always verify' policy to all devices and users. |
Zero Trust principles, such as 'never trust, always verify,' are core to the platform's access and network controls. |
Endpoint Protection
(11 Yes /11 Known /12 Possible features)
|
Antivirus/Antimalware Detects and removes malicious software. |
Trend Micro endpoint agents include antivirus and antimalware as foundational protections. | |
|
Endpoint Detection and Response (EDR) Provides advanced monitoring, detection, and analysis of endpoint threats. |
XDR stands for eXtended Detection & Response, integrating EDR for advanced endpoint threat detection. | |
|
Device Encryption Encrypts data stored on endpoint devices. |
Device encryption is included and supported via endpoint security modules. | |
|
Patch Management Automates deployment of security updates to devices. |
Patch management is available as part of endpoint security suite. | |
|
Application Control Restricts which applications can be run on endpoints. |
Application control is supported on endpoints to restrict unwanted applications. | |
|
Device Control Controls access to removable devices (USB, external drives, etc). |
Device control, including USB and removable media management, is offered. | |
|
Remote Wipe Capability Allows remote erasure of lost or stolen devices. |
Remote wipe for lost or stolen endpoints is described in the Vision One endpoint documentation. | |
|
Centralized Management Console Unified interface for managing endpoint security policies and incidents. |
Centralized management console is a key XDR platform feature. | |
|
Behavioral Analysis Detects threats by analyzing abnormal endpoint behaviors. |
Behavioral analysis for threat detection is promoted as a core XDR analytic capability. | |
|
Number of Supported Endpoints Maximum number of devices supported under a single deployment. |
No information available | |
|
BYOD Support Supports protection for employee-owned devices. |
The platform is designed to support BYOD policies for financial services firms. | |
|
Automated Response Actions Performs predefined security actions upon threat detection. |
Automated response, or SOAR, is one of the main selling points in the Vision One feature set. |
Access Control & Identity Management
(10 Yes /10 Known /11 Possible features)
|
Multi-Factor Authentication (MFA) Requires multiple forms of verification before granting access. |
Multi-factor authentication is supported via integration and native modules. | |
|
Single Sign-On (SSO) Allows users to authenticate once for access to multiple systems. |
Single Sign-On is available through integrations with standard identity providers. | |
|
Role-Based Access Control (RBAC) Restricts system access based on users' roles within the organization. |
Role-based access controls are highlighted in Vision One administration documentation. | |
|
Privileged Access Management (PAM) Manages and monitors access of users with elevated privileges. |
Privileged access management is supported for administrative controls within the solution. | |
|
User Enrollment Speed Average time to enroll a new user into the security system. |
No information available | |
|
Adaptive Authentication Adjusts authentication requirements based on risk factors (location, device, etc). |
Adaptive authentication is available through integration with identity systems. | |
|
Access Audit Logs Full logging of all authentication and authorization events. |
Access events and audit logs are fully supported in Vision One. | |
|
Self-Service Password Reset Allows users to securely reset their passwords without administrator intervention. |
Self-service password reset via integration with identity providers. | |
|
Directory Integration Seamless integration with Active Directory, LDAP, or similar directory services. |
Directory integration (AD, LDAP) confirmed in deployment guides. | |
|
API Security Applies security controls to APIs used by internal and third-party services. |
API security controls available for both internal and third-party APIs. | |
|
OAuth2/OpenID Support Supports modern federated authentication protocols. |
OAuth2/OpenID are listed in supported federated authentication protocols. |
Data Security & Encryption
(11 Yes /11 Known /11 Possible features)
|
Data-at-Rest Encryption Encrypts data stored on servers, databases, and other storage. |
Data-at-rest encryption is available for all endpoint/storage security modules. | |
|
Data-in-Transit Encryption Ensures encryption of data moving between systems. |
Communication and logs are encrypted; data in transit encryption is standard. | |
|
Key Management Secure generation, storage, and rotation of encryption keys. |
Encryption key management controls are described in endpoint and cloud modules. | |
|
Database Activity Monitoring Audits and alerts on suspicious database activities. |
Database activity monitoring is referenced as available for supported database environments. | |
|
Tokenization Replaces sensitive data with non-sensitive equivalents during processing. |
Tokenization is used for sensitive data processing in compliance modules. | |
|
Data Loss Prevention (DLP) Prevents unauthorized sharing or transfer of sensitive information. |
Data Loss Prevention (DLP) is part of their email, endpoint, and cloud modules. | |
|
Granular Access Controls Allows fine-grained control over access to specific files and datasets. |
Granular access controls enabled through policies for specific files/datasets. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
File integrity monitoring supported for critical system files. | |
|
Encrypted Backup Ensures backups are encrypted to protect against data breaches. |
Encrypted backup options are available and recommended in the Vision One best practices. | |
|
Data Retention Policy Support Implements automated policies for retaining and deleting sensitive data. |
The product can enforce and automate data retention policies as part of compliance suite. | |
|
Cloud Encryption Integration Supports encryption for data stored in public and private clouds. |
Cloud encryption integration provided for supported cloud vendors (AWS, Azure, GCP). |
Threat Intelligence & Analysis
(10 Yes /10 Known /11 Possible features)
|
Real-Time Threat Feed Integration Incorporates external threat intelligence feeds into security controls. |
Integration with real-time threat intelligence feeds to enhance threat detection. | |
|
Automated Threat Detection Identifies and flags threats using advanced analytics and AI. |
Automated threat detection using analytics and AI cited as a core feature. | |
|
Anomaly Detection Engine Identifies unusual patterns indicative of emerging threats. |
Anomaly detection engine mentioned in description of threat analysis capabilities. | |
|
Advanced Persistent Threat (APT) Detection Recognizes highly sophisticated long-term attacks. |
APT detection (advanced persistent threats) is marketed to financial services clients. | |
|
Malware Sandbox Isolates and analyzes suspicious files and scripts. |
Malware sandboxing available for deep file analysis. | |
|
Phishing Detection Identifies and blocks phishing attempts targeting users and systems. |
Phishing detection is part of email and endpoint protection features. | |
|
Threat Research Portal Provides portal access to latest threat intelligence and research. |
Threat research portal is available to users via their Vision One dashboard. | |
|
Threat Intelligence Sharing Supports sharing threat data with peer institutions and industry groups. |
Supports industry-standard threat intelligence sharing mechanisms. | |
|
Machine Learning Integration Uses machine learning models to improve detection and analysis. |
Machine learning is a core underlying technology in detection and analytics. | |
|
Volume of Threat Indicators Processed Maximum number of threat indicators processed by the system per day. |
No information available | |
|
Automated Incident Scoring Provides risk scoring of detected incidents to prioritize response. |
Automated incident scoring for risk and prioritization is part of SIEM/XDR. |
SIEM & Log Management
(9 Yes /9 Known /11 Possible features)
|
Centralized Log Collection Aggregates logs from all IT and security systems. |
Log aggregation and centralization included in XDR/SIEM modules. | |
|
Real-Time Correlation Correlates events across multiple sources in real time. |
Real-time correlation of multiple sensor and data sources detailed in feature sheets. | |
|
Automated Alerting Triggers alerts when suspicious events are detected. |
Automated alerting and notification for suspicious events is a SIEM/XDR capability. | |
|
Customizable Dashboards Configurable dashboards for monitoring and visualization. |
Supports customizable, role-based dashboards for log and threat monitoring. | |
|
Long-Term Log Retention Stores logs for regulatory and forensic requirements. |
Long-term log storage and retention policies featured for compliance. | |
|
Forensic Investigation Tools Supports detailed analysis of historical security incidents. |
Forensic tools incorporated for historical and detailed analysis in SIEM. | |
|
Compliance Reporting Predefined reports to meet regulatory needs. |
Compliance and regulatory reporting are standard options. | |
|
Incident Response Integration Triggers and tracks incident response activities from within SIEM. |
Incident response workflows and playbooks can be launched and tracked from the SIEM. | |
|
Log Ingestion Rate Maximum amount of log data the SIEM can process per second. |
No information available | |
|
Log Source Support Number of device/application types supported for log integration. |
No information available | |
|
Anomaly Detection Detects abnormal log patterns indicating security issues. |
Anomaly detection for logs and activity is part of security analytics. |
Vulnerability Management
(10 Yes /10 Known /11 Possible features)
|
Automated Vulnerability Scanning Regular scans of systems for known vulnerabilities. |
Automated vulnerability detection and scanning is described as an integrated feature. | |
|
Patch Management Integration Links vulnerability discovery to patch management workflows. |
Patch management integration exists between vulnerability and endpoint modules. | |
|
Remediation Tracking Tracks status and progress of vulnerability fixes. |
Remediation tracking is part of incident and vulnerability management workflows. | |
|
Criticality Scoring Rates vulnerabilities by impact and exploitability. |
Scoring of vulnerabilities by impact is advertised in solution summary. | |
|
Reporting and Alerts Provides detailed reports and real-time alerts on vulnerabilities. |
Reporting and alerts on vulnerabilities is a core vulnerability management function. | |
|
Asset Discovery Identifies all devices and software within the brokerage's environment. |
Asset discovery for software and hardware assets is described in endpoint/infra modules. | |
|
Zero-Day Vulnerability Detection Detects previously unknown (zero-day) vulnerabilities. |
Zero-day vulnerability detection is based on threat intelligence and behavior analytics. | |
|
External Attack Surface Monitoring Scans public-facing infrastructure for exposure risks. |
The platform scans public-facing endpoints as part of attack surface monitoring. | |
|
Frequency of Scans How often automated scans are performed. |
No information available | |
|
Integration with Ticketing Systems Connects vulnerability management with IT service desk systems. |
Ticketing system integration (e.g., ServiceNow, Jira) described as available feature. | |
|
Web Application Scanning Identifies vulnerabilities in web applications and portals. |
Web application scanning is available as part of the Trend Micro Cloud One suite, which integrates with Vision One. |
Incident Response & Forensics
(10 Yes /10 Known /11 Possible features)
|
Automated Incident Response Playbooks Predefined actions executed automatically during incidents. |
Automated incident response playbooks are a major XDR feature. | |
|
Forensic Data Collection Captures data required for in-depth investigations. |
Forensic data collection is available for investigations through the platform. | |
|
Threat Containment Isolates affected systems to prevent threat spread. |
Threat containment is achieved by automated isolation responses. | |
|
Root Cause Analysis Ability to determine the source and method of compromise. |
Root cause analysis tools are included in incident management workflows. | |
|
Incident Timeline Generation Automatically builds a chronological timeline of incident events. |
Automated timeline creation is part of incident and alert handling UI. | |
|
Chain of Custody Tracking Tracks all access and handling of digital evidence. |
Chain of custody for digital evidence is documented in forensic workflow modules. | |
|
Response Time (Median) Median time taken to respond to an incident. |
No information available | |
|
Collaboration Tools Facilitates coordinated response among security teams. |
Collaboration tools (case notes, tagging, assignment) available in incident management. | |
|
Post-Incident Reporting Comprehensive summaries of incident and response actions. |
Comprehensive post-incident reporting is generated automatically after incidents. | |
|
Compliance Integration Assures response actions comply with legal/regulatory requirements. |
Response workflows can be aligned with compliance (GDPR, SOX, etc.) through solution templates. | |
|
Retrospective Detection Analyzes past data for previously missed indicators of compromise. |
Retrospective threat hunting and detection on past data described in platform capabilities. |
Cloud Security
(11 Yes /11 Known /11 Possible features)
|
Cloud Access Security Broker (CASB) Monitors and secures the use of cloud services. |
Cloud Access Security Broker (CASB) functionality is included for monitoring cloud app usage. | |
|
Cloud Security Posture Management (CSPM) Automates risk and compliance management for cloud environments. |
CSPM (Cloud Security Posture Management) is a module available through Cloud One; integrates with Vision One. | |
|
Cloud Encryption Support Ensures data is encrypted in all cloud environments. |
Data encryption in cloud environments is included in the compliance and cloud security modules. | |
|
API Security Controls Secures APIs between cloud, on-prem, and third-party integrations. |
API security between cloud and on-prem systems is highlighted in solution architecture. | |
|
Identity and Access Management (IAM) Integration Integrates cloud security controls with user identity systems. |
IAM integration is native for Azure AD, Okta, and others—detailed in integration guides. | |
|
Secure Cloud Backup Ensures cloud backups are protected and encrypted. |
Cloud backup security and encryption available as standard offering. | |
|
Malware Scanning for Cloud Storage Detects and blocks malicious files in cloud storage. |
Cloud storage scanning for malware is part of the cloud workload protection module. | |
|
Cloud Workload Protection Secures applications and services running in the cloud. |
Cloud workload protection (CWP) is a named module in the Vision One suite. | |
|
Configuration Drift Detection Monitors changes in cloud security settings. |
Monitors configuration changes in cloud applications and alerts to drift. | |
|
Log Integration with SIEM Ensures cloud platform logs flow into enterprise SIEM. |
Cloud log integration to SIEM is standard for all native cloud modules. | |
|
User Activity Monitoring Audits and reports on user actions in the cloud. |
Monitors, audits, and reports user activity in all supported cloud environments. |
Compliance & Regulatory Support
(10 Yes /10 Known /11 Possible features)
|
Automated Compliance Audits Automates checks against regulatory requirements (e.g., GDPR, FINRA, SEC, SOX). |
Automated compliance audits are described as a major feature for regulatory clients. | |
|
Preconfigured Policy Templates Provides templates for standard industry policies and controls. |
Preconfigured templates for financial services, PCI, SOX, GDPR, etc. | |
|
Automated Evidence Collection Gathers and stores evidence required for audits. |
Automated evidence collection is included in compliance reporting workflows. | |
|
Risk Assessment Tools Enables regular assessment and documentation of information security risk. |
Compliance and risk assessment tools are listed in product overview. | |
|
Customizable Reporting Reports can be tailored for specific regulations or business management. |
Customized compliance and management reporting described in feature set. | |
|
Role-Based Compliance Tracking Tracks compliance status for specific users and departments. |
Tracks compliance by user and department through access controls and logging. | |
|
Incident Response Documentation Captures standard documentation to demonstrate incident response procedures. |
Incident response documentation auto-generated for audit and compliance. | |
|
Data Privacy Controls Implements technical controls to protect personally identifiable information. |
Data privacy controls for PII/PII Detection and enforcement as cited in product documentation. | |
|
Audit Log Integrity Ensures audit logs are tamper-proof and verifiable. |
SIEM logs and audit logs are cryptographically integrity-protected. | |
|
Number of Supported Frameworks Number of industry or regulatory frameworks directly supported out of the box. |
No information available | |
|
Compliance Gap Analysis Detects missing controls or processes relative to compliance requirements. |
Compliance gap analysis provided in compliance suite as part of audit process. |
Usability & Integration
(9 Yes /9 Known /11 Possible features)
|
Intuitive User Interface Offers logical layouts and easy navigation for daily users. |
Platform noted for its intuitive, user-friendly interface in customer reviews and demos. | |
|
Customizable Alerts Fine-tune alerts to reduce noise and highlight critical issues. |
Alert customization documented as available in XDR dashboard. | |
|
API Integration Supports integration with trading platforms, order management, and other IT systems. |
API integration supported for major platforms, trading systems, and 3rd party applications. | |
|
Support for Automation Enables automation of routine tasks and workflows. |
Automation supported via SOAR and scripting options. | |
|
Role-Based Dashboards Dashboards tailored for various user roles (admin, compliance, technical support, etc). |
Role-based customized dashboards supported for different stakeholders. | |
|
Custom Reporting Enables the creation of customizable reports for management and compliance. |
Custom management and compliance reports are supported. | |
|
Multi-Language Support User interface and documentation available in multiple languages. |
No information available | |
|
Deployment Flexibility Available as on-premises, cloud, or hybrid deployment. |
Supports deployment in cloud, on-premises, or hybrid mode as described in product documentation. | |
|
Scalability Ability to support expansion in number of users or systems. |
Reference clients scale the platform to thousands of endpoints and workloads. | |
|
Onboarding Time Typical time required to deploy and fully onboard the solution. |
No information available | |
|
Third-Party Integration Support Ability to integrate with external security tools or business applications. |
Extensive third-party integration catalog available in support portal. |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.