Trend Micro launches agentic SIEM to boost proactive cybersecurity

Trend Micro has launched a new agentic Security Information and Event Management (SIEM) solution that aims to drive proactive cybersecurity through the use of agentic artificial intelligence (AI), addressing the cost and complexity issues common in traditional SIEM systems.

The SIEM market has seen minimal structural evolution since its inception, leaving many enterprises reliant on models unable to adapt to the varied and voluminous flow of modern security data. Trend Micro's latest solution represents a significant departure from existing practices, introducing an agentic AI approach that integrates support for over 900 data sources and features a rapid onboarding process for new log types, which the company expects to reduce from three days to three hours by the next year.

Trend Micro's agentic SIEM also offers an archival data retention capability stretching back seven years, designed to meet growing demands for security and regulatory compliance.

Industry analyst views

Dave Gruber, Principal Cybersecurity Analyst at ESG, commented on the changing landscape of AI in security environments, stating:

"As the cybersecurity stack increasingly becomes AI driven, the security data layer must evolve to support data-hungry agentic capabilities, including infusing agentic AI into core SIEM functions. Trend Vision One Agentic SIEM enters the SIEM market at a pivotal time, leveraging Agentic AI from the ground up to drive speed, performance, and a new level of risk-driven, contextual insights to rapidly mitigate cyber threat activity."

Gruber's comments reflect a broader industry need for SIEM technology to better align with the advanced capabilities of AI, particularly as security teams face rising threats and growing data environments.

Challenges in current SIEM technology

Traditional SIEM systems often depend on manual configuration and rigid data parsers, making it difficult to keep pace with the scale and diversity of cybersecurity threats today. As a result, security teams grapple with high operational costs, alert fatigue, and inefficiencies arising from static, passive data lakes.

According to Trend Micro, its agentic SIEM uses the next wave of AI to automate learning, mapping, and data optimisation, reducing setup times that previously spanned weeks to a matter of days. The agentic AI operates autonomously, filtering out extraneous alerts and helping overburdened security teams focus on strategic security initiatives.

Product features and benefits

The new offering includes support for more than 900 data sources, improving an organisation's visibility and ability to detect threats across a wide range of network environments. Trend Micro claims that the onboarding of new log types can be achieved within three days, with an aim for this process to drop to just three hours by 2026, minimising the risks associated with unfamiliar data types.

Trend Micro's extended detection and response (XDR) features are integrated into the solution, drawing from six security sensors - endpoint, cloud, email, networks, servers, and identity. The agentic SIEM can also ingest third-party telemetry to help organisations obtain a broad environmental overview. The platform enables up to seven years of data archiving and two years of analytic retention to enhance both detection and compliance support.

Vision and strategic direction

Rachel Jin, Chief Enterprise Platform Officer at Trend Micro, outlined the company's vision for security operations:

"Agentic SIEM is a major stepping stone to our long-term vision for full, AI-driven SecOps. It's a future in which security teams will have more time to work on strategic tasks, safe in the knowledge that our agentic AI has their backs. With this launch, Trend is once again laying down a marker for cybersecurity innovation and global market leadership."

The newly launched SIEM is intended to allow security professionals to devote more time to strategic tasks, shifting the burden of low-level monitoring and data sifting onto automated AI-driven systems.

Use cases and integration

The potential applications for the agentic SIEM include threat detection and response, where it replaces manual log monitoring with autonomous data analysis and anomaly detection to decrease the time required to detect and address cyber threats. For compliance support, the system combines long-term data retention with advanced search capabilities, designed to help organisations efficiently meet audit and regulatory requirements.

Incident investigation is another area where the technology is expected to have a significant impact, as it automates data correlation from multiple sources, accelerating investigation timelines and enhancing the accuracy of findings.

Additionally, the company highlights the strategic opportunity in combining the agentic SIEM with its digital twin technology, allowing users to proactively manage and mitigate risks affecting virtual models across highly regulated sectors including healthcare, supply chain management, predictive maintenance, and smart building infrastructure.

Trend Micro aims for the solution to enhance both operational resilience and compliance support for organisations adapting to increasingly complex cyber threats.