SOCFortress Integrations — Trend Micro Deep Security

3 min readApr 18, 2024

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Trend Micro Deep Security events using a single pane of glass.

About Trend Micro Deep Security

Trend Micro Deep Security is a comprehensive security platform designed to protect servers, virtual machines, containers, and cloud workloads across hybrid and multi-cloud environments. Developed by Trend Micro, a global leader in cybersecurity, Deep Security provides a wide range of security capabilities to defend against cyber threats and ensure compliance with regulatory requirements.

Features of Trend Micro Deep Security include:

Server Protection: Deep Security protects servers and virtual machines running on-premises, in the cloud, or in hybrid environments from malware, ransomware, and other cyber threats. It offers real-time scanning, integrity monitoring, and intrusion prevention to safeguard server workloads.
Virtualization Security: Deep Security provides security for virtualized environments, including VMware, Microsoft Hyper-V, and Citrix XenServer. It offers agentless protection for virtual machines to minimize performance overhead and streamline management.
Container Security: Deep Security supports containerized workloads running on platforms such as Docker and Kubernetes. It provides runtime protection, vulnerability management, and container image scanning to secure container deployments.
Cloud Workload Protection: Deep Security extends security controls to cloud workloads hosted on platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). It offers cloud-native security features such as instance protection, workload segmentation, and cloud security posture management.
Network Security: Deep Security includes network-based intrusion prevention and firewall capabilities to protect against network-based attacks and unauthorized access attempts. It provides deep packet inspection, application control, and network anomaly detection to enhance network security.
Vulnerability Management: Deep Security helps organizations identify and remediate vulnerabilities in their server and application environments. It offers vulnerability scanning, patch management, and software inventory capabilities to reduce the risk of exploitation by cyber threats.
Compliance and Reporting: Deep Security provides compliance scanning and reporting features to help organizations achieve and maintain compliance with industry regulations and security standards. It offers predefined compliance templates, audit logs, and customizable reporting capabilities.
Centralized Management: Deep Security offers a centralized management console that allows administrators to deploy, configure, and monitor security policies across their entire infrastructure. It provides visibility into security events, alerts, and policy enforcement, enabling efficient management of security posture.

Trend Micro Deep Security is used by organizations of all sizes and across various industries to protect their critical workloads and data from cyber threats. It offers a comprehensive set of security features and capabilities to address the evolving threat landscape and ensure the security and compliance of modern IT environments.

Ingesting Deep Security logs and events

Reference: https://help.deepsecurity.trendmicro.com/10/0/siem-syslog-forwarding.html

You can configure Deep Security to forward events to an external syslog or Security Information and Event Management (SIEM) server. All events are forwarded in clear text and the content and format of the log messages differs slightly depending on if they are sent by the Deep Security Manager or by an agent computer.

Visualizations

Landing page:

Events summary:

Log Inspection:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/