Cyber Threats
Trend Micro launches new integration with Zscaler to deliver real-time, Risk-Based Zero Trust Access
Discover how Trend Vision One™ integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises.
Save to Folio
Enterprises today face a growing challenge: securing a distributed workforce, protecting SaaS and private applications, and staying ahead of evolving cyber threats—without slowing users down. Traditional, static controls fail to adapt fast enough to modern risks, leaving gaps that attackers exploit. To stay ahead, organisations need intelligent automation, dynamic policy enforcement, and integrated visibility from the endpoint to the network to the cloud.
Today, Trend Micro is addressing this challenge head-on with the availability of a new integration with Zscaler Internet Access™ (ZIA™) and Zscaler Private Access™ (ZPA™), delivering real-time, risk-based enforcement for internet, SaaS, and private applications.
The Integration: Rapid Detection and Enforcement
This integration unifies Trend Vision One™’s risk-based detection and analytics with Zscaler’s conditional access controls via System for Cross-domain Identity Management (SCIM) synchronisation and automated playbooks creating a closed loop from detection to enforcement.
When Trend Vision One detects suspicious behaviour, elevated risk scores, or signs of compromise, it can automatically call Zscaler APIs to enforce conditional access policies - without waiting for manual intervention.
How It Works
The new integration leverages SCIM to sync user risk states between platforms:
- Continuous Monitoring – Trend Vision One continuously analyses user behaviour, endpoint posture, and cloud workloads.
- Risk Assessment – If a user’s risk score exceeds a threshold, automated playbooks trigger.
- Dynamic Enforcement – Through SCIM-based synchronisation, users are dynamically moved into or removed from restricted groups in the identity provider based on real-time risk scores.
- Policy Application – ZIA and ZPA immediately apply appropriate controls—such as URL filtering, Zero Trust browser isolation, file-type restrictions, or blocking access to private apps.
This integration ensures access decisions are dynamically aligned with a user’s real-time risk posture.
Key Use Cases
- Compromised Account Response: Restrict high-risk users’ internet access through ZIA until threats are remediated.
- Lateral Movement Prevention: Block suspicious users from private apps via ZPA, reducing the risk of internal spread.
- Automated Threat Containment: Automatically move high-risk users into restrictive groups, apply quarantine actions and restore access when their risk normalises – no manual intervention required.
- Insider Threat Mitigation: Detect and restrict unusual data access behaviours across both internet and private apps.
Business Value for Customers
- Faster Incident Containment – Reduce response times to near real-time.
- Unified Security Posture – Combine endpoint, identity, and network intelligence for true end-to-end visibility across the enterprise.
- Operational Efficiency – Eliminate manual policy updates and reduce SOC workload.
- Seamless Zero Trust Enforcement – Apply least-privilege access dynamically based on user risk.
- Minimised Business Disruption – Restrict only high-risk users, preserving productivity for everyone else.
- Audit-Backed Enforcement - Every automated response generates logs, reducing investigation complexity and improving compliance reporting
Streamlining Threat Response and Security Operations
Consider a security operations team at a global enterprise. A user in the finance department suddenly attempts to download a large volume of sensitive files while connected from an unmanaged device and unknown location.
With Trend Vision One and Zscaler:
- Trend Vision One flags the activity as suspicious and increases the user's risk score.
- An automated playbook adds the user to a restricted group via SCIM.
- ZIA immediately isolates the browsing session and blocks further downloads.
- If the user later attempts to log into internal finance applications, ZPA denies access until the risk is cleared.
- The SOC receives a unified alert enriched with context from both Trend Micro and Zscaler, helping them investigate more quickly.
- Each enforcement action is logged, providing SOC teams with detailed audit trails for faster investigations and continuous improvement.
Instead of days or hours, the threat is contained almost instantly, limiting potential data loss and keeping the business secure.
Availability
Together, Trend Micro and Zscaler are helping enterprises close the gap between detection and response - while advancing towards an authentic Zero Trust architecture. The integration between Trend Vision One and Zscaler is available today for all joint customers.
For more information on configuration, visit our online help centre:
To see the integration in action and understand the value it delivers, watch the demo video and review our co-developed solution brief.
Looking Ahead
This collaboration represents a significant step towards adaptive security architectures that automatically respond to evolving threats. By unifying continuous detection with dynamic access enforcement, Trend Micro and Zscaler empower organisations to stay ahead of attackers, reduce complexity, and secure the modern digital enterprise.
“Enterprises struggle to contain threats fast enough with static controls, leaving risky users with too much access,” said Justin Lau, Head of Technology Ecosystem at Zscaler. “By unifying Trend Vision One’s real-time detection with Zscaler’s Zero Trust Exchange, we dynamically enforce Zero Trust conditional access —helping customers reduce dwell time and prevent data loss.”
Together, we’re making Zero Trust a practical reality – across the internet, SaaS, and private applications.