Trend Micro has introduced new AI-powered threat detection capabilities aimed at enterprises scaling up their AI operations.

The new solution has been developed to protect AI-driven workloads and enterprise business processes, managing risks associated with the transition from generative AI to agentic AI, such as data theft, sabotage, and operational disruption.

Trend Micro’s latest offering brings together its security expertise with NVIDIA’s accelerated computing and AI enterprise software, while deploying on AWS’s secure, cloud-native infrastructure. The integration is intended to enable real-time, scalable threat detection and protection for organisations with expanding AI footprints.

The AI Detection Model at the core of this development leverages the NVIDIA Morpheus AI framework, which is part of NVIDIA AI Enterprise. The detection model operates on the high-performance cloud environment provided by AWS, allowing rapid and precise analysis of vast enterprise data streams.

According to Trend Micro, AWS was selected for its global reach, integrated security, and compliance-oriented architecture, while NVIDIA’s technology contributes the computational capacity necessary for running advanced detection models with high efficiency.

Chris Grusz, Managing Director, Technology Partnerships for AWS, said, “Built on AWS’s cloud-native infrastructure, Trend’s platform takes full advantage of NVIDIA AI software and accelerated computing capabilities to power scalable, low-latency threat detection. With AWS’s global footprint and integrated services, Trend can securely process telemetry at scale, adapt detection models to evolving threats, and support customers worldwide—all while accelerating time to value.”

The wider Trend Vision One platform also integrates AWS AI services, including Amazon Bedrock, which supports Workbench Insights. These components are designed to improve investigation workflows and deliver additional context to security operations centre (SOC) teams during incident response situations.

Mick McCluney, ANZ Field CTO at Trend, commented, “AI is reshaping the enterprise, and security has to evolve just as fast. We’re bringing together best-in-class partners in both cloud and AI to deliver something truly differentiated. AWS’s secure and resilient infrastructure gives us the scale, performance, and global availability needed to meet the always-on demands of today’s enterprises. So our customers can detect and respond to threats faster, with confidence.”

The anomaly detection capability within the solution employs AI models based on NVIDIA Morpheus. This allows the system to identify novel patterns in large streams of telemetry data and logs. The implementation on AWS enables the platform to scale effectively, managing extensive datasets and rapidly building custom detection models for individual customers. This approach seeks to prioritise the most critical events and prompt faster security responses.

Key features of the technology include NVIDIA Morpheus Digital Fingerprinting, which identifies subtle, previously unknown anomalies. There is also the use of NVIDIA RAPIDS to expedite large-scale data classification, enhancing real-time detection and prevention of sensitive information leaks. The platform’s native operation on AWS allows it to leverage the elasticity, global reach, and inherent security of AWS services, supporting ongoing advancements in AI-enabled detection while meeting enterprise compliance and performance benchmarks.

Robert Miller, VP of Corporate Security at Sierra-Cedar, highlighted the practical benefits of the solution: “We’re dealing with an increasingly complex environment with more data. Trend stands out as it doesn’t just provide threat intelligence, it helps make sense of it. Our team can access Trend’s AI-powered platform directly via AWS Marketplace, streamlining procurement and deployment across global cloud environments. This powerful combination allows us to strengthen our security posture and identify threats much faster than we could manually.”

The introduction of these new AI-powered threat detection capabilities is positioned to address the rapidly evolving landscape of enterprise cybersecurity as organisations integrate artificial intelligence deeper into their operations.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source: https://securitybrief.com.au/story/trend-micro-launches-ai-threat-detection-for-enterprise-security

The Windows security landscape has dramatically evolved in early 2025, marked by increasingly sophisticated attack vectors and Microsoft’s accelerated defensive innovations.

February 2025 witnessed a sharp 87% increase in ransomware incidents globally, with 956 reported victims compared to January. As threat actors adapt their techniques, Microsoft has responded with significant security enhancements while organizations navigate a complex threat environment dominated by privilege escalation attacks and driver vulnerabilities.

Emerging Threat Landscape

The “Bring Your Own Vulnerable Driver” (BYOVD) attack has emerged as one of the most concerning Windows security threats in 2025. This technique involves attackers exploiting legitimate but flawed driver software to disable security controls and compromise systems.

These attacks are particularly effective because drivers operate at the most privileged level of the operating system (ring 0), giving them direct access to critical system resources.

According to recent reports, cyberattacks related to vulnerabilities in Windows drivers have increased by 23% based on 2024 vulnerability analysis.

In March 2025, a zero-day vulnerability in a Microsoft-signed driver from Paragon Software (CVE-2025-0289) was actively exploited in ransomware attacks.

The CERT Coordination Center warned that this insecure kernel resource access vulnerability could be used to escalate privileges or execute DoS attacks, even on systems where Paragon Partition Manager was not installed. Microsoft observed threat actors using this vulnerability “to achieve privilege escalation to SYSTEM level, then execute further malicious code.”

Elevation of privilege vulnerabilities continue to dominate the Windows security landscape, accounting for 40% of total vulnerabilities in 2023. This persistence indicates that hackers’ objectives remain unchanged – they need to gain privileges to execute their attacks.

InfoStealer malware campaigns have also seen a sharp increase since the start of 2025, with attackers leveraging social engineering via fake CAPTCHA prompts. These attacks direct users to paste malicious commands into the Windows “Run” dialog, establishing code execution that enumerates credentials and stored sessions before exfiltrating them.

Microsoft’s Defensive Strategy

In response to these evolving threats, Microsoft has announced several significant security enhancements. The most notable is Administrator Protection, a new feature that gives users standard permissions by default and requires Windows Hello authentication for actions needing administrator rights.

This creates a temporary token that is destroyed once the task is completed, making it “disruptive to attackers as they no longer have automatic, direct access to the kernel or other critical system security without specific Windows Hello authorization.”
Microsoft Defender XDR (formerly Microsoft 365 Defender) has received major updates to provide incident-level visibility across the cyberattack chain.

The solution now features automatic disruption of advanced attacks with AI to limit cyberattackers’ progress early on. At Microsoft’s Secure 2025 event, the company announced further enhancements to alleviate the burden of repetitive tasks for SOC analysts as phishing threats grow increasingly sophisticated.

A new “Quick Machine Recovery” feature will help administrators remotely fix systems rendered unbootable via Windows Update “targeted fixes,” eliminating the need for physical access to affected machines.

This development appears to address concerns raised by the CrowdStrike meltdown that caused billions of dollars in damage by crashing millions of PCs and servers worldwide.

Windows Protected Print mode, introduced with Windows 11 24H2 in October 2024, eliminates the need for third-party print drivers that have become effective entry points for attackers.

This represents the first major change to Windows printing in 25 years and prevents the installation of V3 or V4 printer drivers, requiring Mopria-certified printers using the Microsoft IPP class driver instead.

Recent Security Incidents

April’s Patch Tuesday addressed 121 vulnerabilities, including a Windows zero-day (CVE-2025-29824) actively exploited by the Storm-2460 ransomware group.

This Windows Common Log File System Driver elevation-of-privilege flaw affected most Windows Server and desktop systems, allowing attackers with local access and a regular user account to gain full system privileges.

Storm-2460 targeted organizations across the U.S., Venezuela, Spain, and Saudi Arabia, infiltrating vulnerable systems to deploy malware.

February 2025’s ransomware landscape showed unprecedented growth, with Clop ransomware seeing a staggering 453% increase compared to January, while Play experienced a 360% spike. The Manufacturing sector was hardest hit, with attacks increasing 112% from January to February.

Looking Forward

As Microsoft continues to reduce critical vulnerabilities and remove excessive privileges on endpoints, attackers are increasingly forced to exploit elevation of privilege vulnerabilities.

The company’s roadmap includes plans to allow security products to operate in user mode instead of kernel mode, with a private preview scheduled for July 2025.

These developments represent a significant shift in Windows security architecture, addressing fundamental flaws exposed by recent incidents while countering the sophisticated techniques employed by modern threat actors.

For organizations, staying ahead of these evolving threats requires vigilant patching, implementing advanced threat detection, and adopting Microsoft’s latest security features.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source: https://cybersecuritynews.com/windows-security-in-2025/

In 2025, as the digital world grows increasingly interconnected and the line between corporate and personal tech fades, Endpoint Security for CISOs becomes more critical than ever.

Chief Information Security Officers (CISOs) are faced with the daunting task of protecting a growing array of endpoints, from traditional laptops and smartphones to IoT devices and remote workstations.

The attack surface has expanded dramatically, and cybercriminals are exploiting these changes with increasingly sophisticated tactics. Ransomware, fileless malware, and AI-driven attacks are now common threats that can bypass outdated defenses.

As organizations rely more on digital infrastructure, the risks associated with endpoint vulnerabilities have become business-critical.

To stay ahead, CISOs must fundamentally rethink their approach to endpoint security, ensuring it is dynamic, adaptive, and resilient enough to meet the challenges of the modern threat landscape.

Gone are the days when a simple antivirus program was sufficient to protect organizational endpoints. The modern endpoint is a gateway to sensitive data and critical business operations, making it a prime target for attackers.

With remote work now standard practice and employees connecting from various locations and devices, the network perimeter is effectively gone.

Attackers exploit this complexity, using advanced techniques that evade traditional detection. Endpoints are now the frontline in the battle for cybersecurity, requiring protection that is proactive rather than reactive.

CISOs must recognize that relying on legacy tools and fragmented solutions is no longer viable. Instead, they need to adopt holistic security strategies that provide real-time visibility, rapid response, and continuous adaptation to new threats.

The endpoint has become the new perimeter, and its security is central to the organization’s overall resilience.

Key Strategies for Modern Endpoint Protection

To address the evolving threat landscape, CISOs must implement a comprehensive endpoint security framework that goes beyond basic prevention. This involves multiple layers of defense, intelligent automation, and a strong focus on risk management.

A robust endpoint security strategy includes several essential elements:

• Zero Trust Implementation – Zero Trust principles require that every device and user be continuously verified, regardless of their location or network. This approach limits access to only what is necessary, reducing the risk of lateral movement if an endpoint is compromised.
• AI-Driven Threat Detection – Modern endpoint solutions leverage artificial intelligence to identify unusual behaviors and patterns that may indicate a threat. This enables faster detection of sophisticated attacks that traditional systems might miss.
• Cloud-Native Security Platforms – Cloud-based security tools provide scalability and real-time updates, ensuring consistent protection across all endpoints. They also simplify management and enable organizations to respond quickly to emerging threats.
• Automated Patch Management – Keeping endpoints updated is critical, as unpatched vulnerabilities are a common entry point for attackers. Automated systems can prioritize and deploy patches efficiently, reducing the window of exposure.
• Endpoint Detection and Response (EDR) – EDR solutions offer continuous monitoring and rapid incident response. They provide detailed visibility into endpoint activity, enabling security teams to investigate and contain threats before they cause significant damage.

Each of these strategies plays a vital role in building a resilient endpoint security posture. By integrating these elements, CISOs can create a layered defense that adapts to new threats and reduces the risk of successful attacks.

Aligning Security with Business Objectives

For CISOs, the challenge is not only technical but also organizational. Gaining executive buy-in and aligning security initiatives with business goals are crucial steps toward building a successful endpoint security program.

This requires clear communication of how endpoint security supports the organization’s strategic objectives and protects its most valuable assets.

CISOs must adopt a risk-based approach, focusing resources on the endpoints that present the greatest risk to the business. This means understanding the business impact of potential threats and prioritizing security investments accordingly.

By demonstrating how improved endpoint security reduces operational disruption, regulatory risk, and financial loss, CISOs can make a compelling case for necessary resources and support.

Two key practices can help CISOs bridge the gap between security and business leadership:

• Articulating the value of security initiatives in terms of business outcomes, such as reduced downtime, improved customer trust, and compliance with industry regulations.
• Developing metrics and dashboards that track the effectiveness of endpoint security measures, making it easier to report progress and justify further investment.

Ultimately, the success of any endpoint security strategy depends on its alignment with the organization’s overall mission.

By positioning security as a business enabler rather than just a technical requirement, CISOs can foster a culture of shared responsibility and continuous improvement.

In 2025, this holistic, business-driven approach will be essential for protecting endpoints and ensuring long-term organizational resilience.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source: https://cybersecuritynews.com/endpoint-security-for-cisos/