The Trend Micro XDR platform and data lake resides within Microsoft Azure and AWS. The Trend Micro XDR platform utilizes service to service connections to facilitate the operations of an advanced detection and response system.
Trend Micro XDR is currently undergoing a ISO 27001 and ISO 27017 audit for the Trend Micro XDR platform to demonstrate its strong security policies and internal controls environment. This is scheduled to be completed in 2020.
For information about security protections in the data centers where Trend Micro XDR data resides, please visit the Microsoft Azure, and AWS Security resource centers. For additional information about our product security, go to Trend Micro's Product Security & Certifications page.
Data Transmission and Storage
Information processed by Trend Micro XDR is encrypted both in transit and at rest and sent to Trend Micro XDR node in the region the customer selects during initial setup.
Data at rest is protected by native cloud technologies to the cloud on which it resides. Customer data is tagged with a “Customer ID” during ingestion as part of the data schema. Trend Micro’s application’s internal data access layer requires this “Customer ID” parameter to access the data. This measure protects the customer data from being accessed by any other party as queries may only access one “Customer ID” at a time. Customers do not provide the “Customer ID” directly when interacting with the service, it is handled by the application itself. This ensures there is no way for a malicious actor to pass the wrong customer ID to access another data set.
Trend Micro XDR uses TLS 1.2 wherever possible for data transmission. (Supported Cyphers: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256)
The Trend Micro XDR platform undergoes regular security assessments, both automated and manual, including external 3rd-party assessments.
Trend Micro XDR applies retention policies that purge data once it is no longer needed for the purpose for which it was collected. Trend Micro XDR retains the collected raw information for 30 days by default, unless the customer purchases extended storage option (max of 365 days offered). It also generates alerts that include summary events stores these for 365 days to give customers the information for investigation/reporting. All data is deleted upon license expiration + 30 day grace period.
Customer Configurable Options
Customers can choose a Trend Micro XDR region, among those available, for the storage and processing of their data. The Trend Micro XDR platform and Data Lake service data is stored in the chosen region. Customers can assign roles to limit the functions each user accessing Trend Micro XDR is allowed to do, including but not limited to, granting support access, initiating response actions, colleting files, and also limiting access to read-only as well.
Trend Micro Access
Access to information in Trend Micro XDR is restricted to Trend Micro’s Site Reliability Engineers (SREs), threat research and analytics teams, and—when enabled in the console—customer support teams. Access is allowed for the purposes of troubleshooting, solving issues, and improving the effectiveness of security protections. All access is recorded and audited. Access privileges are managed and approved by product leadership team. Information in Trend Micro XDR may be accessed/viewed by the above Trend Micro teams from physical locations outside of the customers deployed region.
Audit Logs are generated and stored for all access and actions taken by users to Trend Micro XDR systems. Customer’s can view customer access logs in their console, and can export them if needed.