Here’s some notes on our briefing with Kris Anderson (Director, Product Management) and Matthew Blair (Analyst Relations Manager) of Trend Micro. Matthew organized the briefing. 

Key takeaways:

• Trend Micro is a large vendor with a diverse and extensive range of cybersecurity products and services. It was never the intent to have an exhaustive discussion.
• Kris’s team is responsible for the product management of multiple Trend tools including endpoint security; extended detection and response; attack surface and risk management; and zero trust.
• Blended multi- and cross-channel phishing attacks are a growing problem for organizations, particularly when security tools are implemented in siloes and don’t correlate threat signals. For example, the validity of a communication is greatly increased when an email message is immediately followed by a Zoom call to confirm receipt and request immediate action. When this is a malicious chain of communication events, however, this socially engineered validity can result in great damage to an organization’s reputation and finances. Detection of these blended attacks and the use of deepfake video calls are current areas of investment for Trend Micro.
• Trend’s attack surface risk management offering currently works across endpoints, internet-facing assets, identity, applications and cloud assets, and assigns risk levels based on the likelihood of compromise and the potential business impact. Trend Vision One – Attack Surface Risk Management combines multiple product categories in a single offering, such as external attack surface management, vulnerability prioritization, and cloud security posture management. For more, see Trend Micro 
• With respect to AI and cybersecurity, Trend is interested in both angles: the use of AI for cybersecurity and cybersecurity for the use of AI. For the latter, think malformed requests, model drift, and prompt injection type of attacks. This, also, is an area of ongoing investment – as it was for most of the vendors at RSAC 2024.

For more, see Trend Micro.

Headline findings from our POV:

• Cloud adoption – cloud platforms are increasingly important to NZ organizations, driven by cost reduction and efficiency goals. Self-assessed maturity with cloud adoption has regressed year-on-year.
• Cloud models – private and public clouds are the dominant model today, but this will be supplanted by hybrid cloud and multi-cloud (at least two disparate clouds) in the future. This trend is driven by flexibility and scalability and disaster recovery / failover between clouds.
• Cloud operations – 88% of NZ firms plan to maintain or increase use of managed service providers. Dominant cloud workloads are collaboration and productivity (52% fully in the cloud, 25% partially in the cloud) plus storage and backup (50% fully, 30% partially). The greatest uncertainty on workloads in the cloud is core business e.g., manufacturing or supply-chain (16% combined for don’t know or won’t move to the cloud) and development and testing (also 16% combined).
• Emerging technology – organizations are most likely to have adopted several types of emerging technologies – #1 = data sets or data analytics, #2 = IoT, #3 = AI, and #4 = low code / no code technologies. The adoption maturity profile is different than the adoption pattern, however: #1 = low code / no code, #2 = data sets or data analytics, #3 = virtual reality / augmented reality, and #4 IoT. ML and AI in second-to-last and last places respectively in the list of 8 options.

In the cloud adoption section, the following diagram shows the challenges faced with adopting or managing cloud (see page 11 in the report):

If we look at the non-challenges side of how respondents answered the question, then we’d say this about adopting and managing cloud in NZ by NZ organizations:

• 90% have been able to gain executive or wider business buy-in – and since the key adoption driver is saving money and cost efficiency, that’s not hard to see why.
• 88% don’t have concerns about vendor lock-in.
• 83% don’t find cloud governance to be a concern.
• 83% can manage multi-cloud with the tools they have available.
• 81% are fine with compliance posture, 79% with data sovereignty posture, and 78% with security posture.
• The area that NZ organizations struggle with the most – 69% are okay but 31% are struggling – is with lack of resources and expertise.

And based on those numbers, we’d say:

• Good progress is being / has been made.
• The move to a more complex setup (hybrid multi-cloud) is going to have the biggest effect for amplifying the challenge of resourcing and expertise, particularly where re-platforming, re-developing, and re-factoring are the chosen approaches versus switching to cloud-based solutions (“re-placing”) or lift-and-shift strategies (“re-hosting”) – per comments on page 21 of the report.

For more, request a copy from CCL.