Cloud Posture Embedded Rules Knowledge Base Now Available
November 14, 2024—You can now access the resolution information for failing
misconfiguration rules within the Trend Vision One Cloud Posture console. For more
information, see: Automation Center.
Cloud Posture Events and Groups Public APIs now available on Trend Vision One Automation Center
October 31, 2024—You can now access the new Cloud Posture public APIs for Events and
Groups through the Trend Vision One Automation Center.
Cloud Posture moving to Cloud Security app group
October 28, 2024—On December 2nd, 2024, Cloud Posture will be fully relocated to the
new Cloud Security app group, where you can get a unified view of your cloud resources
and security. Until that date, you may access Cloud Posture from within the Attack
Surface Risk Management app group or in the new Cloud Security app group.
Cloud Posture includes Cloud Infrastructure Entitlement Management (CIEM)
October 21, 2024—Get central visibility of your cloud entitlements and related risks
in Cloud Posture. With over 200 different types of cloud resources currently available,
cloud operations and security teams are increasingly challenges by the complexity
of cloud infrastructure entitlement management.
A dedicated entitlements tab in Cloud Overview now gives users centralized visibility
into cloud identities and related risks. Take action and focus remediation efforts
based on prioritized risks, including risky identity types, identity misconfigurations,
and potential attack paths. To learn more, see Entitlements.
Assess for and view all CVEs in Attack Surface Risk Management
October 21, 2024—The Detected Vulnerabilities widget in Exposure Overview now displays
CVEs by impact level, including detected low-impact CVEs. New widgets in Operations
Dashboard allow you to filter CVEs by high, medium, and low impact. To learn more
about how CVE impact scores are calculated, see CVE impact score.
View All CVEs for Containers, Cloud VMs, and Serverless Functions
October 21, 2024—Attack Surface Risk Management prioritizes the most critical vulnerabilities
across your entire attack surface, allowing you to focus your remediation efforts.
However, visibility into lower impact CVEs is now available for containers, cloud
VMs, and serverless functions, providing you the vulnerability information you needs
for compliance or internal audits. View lower impact CVEs in the Vulnerabilities section
of Operations Dashboard or Exposure Overview in Executive Dashboard.
View Risk Subindex per asset group in Attack Surface Risk Management
October 8, 2024—Executive Dashboard now supports the ability to view and compare the
Risk Index for specific subsets of assets. For example, you can monitor risk per business
unit, region, information system, and more to determine which subset requires attention.
To see the Risk Subindex, you must first build an asset grouping structure in Asset Group Management and allocate tag values to assets groups of either "Attack Surface Discovery" or
"Tag Inventory App". For more information, see Risk Overview.
Scan select AWS resources for malware
September 23, 2024—Agentless Vulnerability & Threat Detection now supports malware
scanning of AWS EBS, ECR, and Lambda resources. After enabling the feature for your
connected AWS accounts in Cloud Accounts, Agentless Vulnerability & Threat Detection
begins scanning daily for threats like viruses, Trojans, spyware, and more. Get remediation
options and metadata for performing threat hunting queries by examining associated
risk events in Operations Dashboard.
Anti-malware scanning is disabled by default. Enabling anti-malware scanning increases
your AWS operational costs. To learn more, see Agentless Vulnerability & Threat Detection estimated deployment costs.
See time-critical alerts for vulnerabilities in Linux
September 23, 2024—Time-critical vulnerability alerts now support Linux to give you
more visibility into your organization’s security posture. Check alerts In Executive
Dashboard to see which operating systems are affected by the vulnerability. View mitigation
options for all supported operating systems, and if supported, mitigation actions
are automatically detected after you apply them.
Set parameters for risk event rules
September 9, 2024—You may now set specific parameters for the risk event rules for
certain risk event types in Operations Dashboard. Add IP addresses, apps, rules, or
days of the week as conditions that must be met for the risk event rule to apply.
Setting parameters allows for more granular control over when a risk event rule is
triggered.
SCORM courses available for Security Awareness Training Campaigns
August 28 2024 — In addition to the video-based courses offered in Security Awareness
Training Campaigns, you can now also select Sharable Content Object Reference Model,
or SCORM courses. SCORM allows for more interactivity and the potential to track progress.
Choose between the two types of training content for your recipients to gain more
flexibility in how you deliver training, helping to better engage and educate your
users. Whether you prefer the structured format of SCORM or the visual appeal of videos,
you can now tailor the training experience to best suit your needs. Start exploring
the SCORM courses in your phishing training campaigns and enhance your organization's
cybersecurity awareness.
Endpoint-based attack prevention/detection rule application impact now displayed
August 26, 2024 — Applying host-based attack prevention/detection rules now impacts
asset risk scores in Attack Surface Risk Management. When host, or endpoint-based,
attack prevention/detection rules are successfully applied to vulnerable assets, the
risk score of the assets will be reduced. CVEs that have available attack prevention/detection
rules will display an indicator in the corresponding entry on an asset's profile screen,
allowing you to more easily see which vulnerabilities can be mitigated. To learn more,
seeAttack prevention/detection rules.
Vulnerability assessment coverage extended to Rocky Linux
August 26, 2024—Attack Surface Risk Management vulnerability assessment coverage now
extends to Rocky Linux. Use the new capability to strengthen your endpoint security
and more effectively prioritize risk. For more information, see Vulnerability Assessment supported operating systems.
Enhanced cloud risk management with new Cloud Overview dashboard
August 12, 2024 — You can now access the new Cloud Overview dashboard, which provides
a
comprehensive summary of cloud assets. Additionally, the page previously known as
"Cloud
Posture Overview" has been renamed to "Compliance and Misconfiguration."
The Cloud Overview dashboard offers detailed insights into related risk findings,
including
misconfiguration, compliance, vulnerability, threats, identity risk, and data posture.
These updates ensure a more streamlined and informative experience, enabling you to
quickly
identify and address potential risks in your cloud environment.
For more information, see Cloud Posture.
Attack Surface Risk Management > Cloud Posture >
Cloud Posture
Add phishing simulations as a data source
July 12, 2024 – You can now add Trend Vision One Phishing Simulations as a data source
in the
Operations Dashboard, which allows access to breach events from phishing simulations.
For more
information, see Configurating data sources.
Custom Tagging in Attack Surface Discovery
July 15, 2024 — Create and use custom tags for your organization’s assets in Attack
Surface
Discovery for better asset management.
View and manage IPv6 addresses in Internet-Facing Assets
July 15, 2024 — IPv6 addresses are now supported for Public IPs in the Internet-Facing
Assets
section of Attack Surface Discovery. View discovered IPv6 addresses and add IPv6 addresses
belonging to your organization. IPv6 addresses must be added individually — IPv6 ranges
are not
supported.
Agentless Vulnerability and Threat Detection Lambda support
July 15, 2024—Agentless Vulnerability and Threat Detection supports vulnerability
scanning on AWS Lambda functions.
For more information, see Agentless Vulnerability & Threat
Detection.
Attack Surface Risk Management extend Vulnerability Assessment support to Oracle Linux
July 15, 2024 — Vulnerability Assessment has been enhanced to support Oracle Linux
Server 6,
Oracle Linux Server 7, Oracle Linux Server 8, and Oracle Linux Server 9. The newly
supported
distributions enable more granular analysis and improved CVE prioritization. Use the
enhancement
to strengthen your endpoint security and more effectively prioritize risks.
For more information, see Vulnerability Assessment supported operating systems.
Introducing Security Awareness
July 15, 2024 — Security Awareness is now in public preview as part of the Trend
Vision One platform. Designed to help you create a more resilient and security-conscious
workforce while proactively strengthening your organization’s security posture, the
app offers two powerful features:
-
Training Campaigns: Educate your employees on how to best protect their privacy and your valuable assets. Engaging training modules cover essential topics such as password management, suspicious activity identification, and safe internet usage.
-
Phishing Simulations: Test and enhance your employees' ability to recognize phishing attempts by simulating real-world phishing emails. Evaluate and improve awareness and response to potential threats.
Cloud Posture Terraform Template Scanner Now Supports the Cloud Formation Template Scanner Resources
June 24, 2024 — Cloud Posture Terraform Template Scanner (TS) is now Generally Available
with parity of coverage of the following resource types with Cloud Formation Template
Scanner:
- Autoscaling Group
- CF Stack
- CloudTrail
- Kinesis Stream
- Lambda Function
- SNS Topic
- SQS Queue
- API Gateway RestAPI
- ELBv2
- ES Domain
- Workspaces
- ELB Classic
- Redshift Cluster
- EMR Cluster
- ElacticCache
- EFS File System
Agentless Vulnerability and Threat Detection stack enhancements
June 10, 2024 — Agentless Vulnerability & Threat Detection now includes the following
enhancements:
-
The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
-
The deployed stack now has two version values, which are tracked separately.
-
To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
-
Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.
When you upgrade to the new release, the contents of the agentless S3 buckets, including
intermediate results, and s3 access logs, will be deleted. This has no impact on any
scan results
already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs.
Agentless Vulnerability and Threat Detection available in AWS UAE region
June 13, 2024 — Users of cloud services may now enable Agentless Vulnerability and
Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to
conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR
images, and get greater visibility into your cloud asset-related security posture.
View device hardware information in device asset profiles
June 17, 2024 — Device asset profiles in Attack Surface Discovery are now able to
display discovered basic hardware specifications such as manufacturer, model, CPU,
RAM, and disk size. Find discovered details under the basic category within the device
asset profile.
Mark vulnerability risk events as dismissed, accepted, or remediated
June 17, 2024 — As with risk events in other risk factors, you may now mark events
in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new
workflow helps streamline the process of managing risk events and CVEs.
More details on daily Risk Index fluctuation now available in Operations Dashboard
June 17, 2024 — Detailed data on daily Risk Index fluctuations, including contributing
risk factors, risk events, and assets, is now available in Operations Dashboard. Hover
over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points
each risk factor contributed to the change. Drill down to see individual risk events
and a detailed daily timeline showing expired, new, remediated, and dismissed event
instances.
Support for SUSE Linux added to Vulnerability Assessment
June 17, 2024 — Vulnerability assessment has been enhanced to support SUSE Linux Enterprise
Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable
more granular analysis and improved CVE prioritization. Use the enhancement to strengthen
your endpoint security and more effectively prioritize risks. For more information,
see Vulnerability Assessment supported operating systems.
Connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management
June 3, 2024 — You can now connect your Google Cloud Identity tenants as data sources
in Attack Surface Risk Management. Use the new source to gain better visibility into
user and group data, user activity data, and potential account misconfigurations.
For more information, see Configuring data sources.
Simplified risk overviews in Executive Dashboard
May 27, 2024 — To facilitate a higher-level overview, the Exposure, Attack, and Security
Configuration Overview tabs in Executive Dashboard have been simplified to display
current risk levels and risk scores for each category. In Risk Overview, view each
category's contribution to the Risk Index at a glance, and get additional information
about contributing risk factors and events from Risk Event Overview. Go to the tab
for each risk category to quickly view the category's current risk level, and see
contributing risk factors to more quickly prioritize risk reduction actions.
Get increased visibility into Risk Index fluctuations
May 6, 2024 — View daily point increases and decreases of the Risk Index along with
contributing risk factors now by hovering on the Risk Index graph in Executive Dashboard.
Coming in June, clicking through to Operations Dashboard will take you to in-depth
details on daily contributing risk events. Details now available for the Risk Index
in Executive Dashboard include a breakdown of the points each risk factor has added
or subtracted from the Risk Index since the previous day. In June, you may view all
daily contributing risk events, including those that were resolved or mitigated, organized
by risk factor. Use the detailed information provided to better understand your security
posture and help prioritize risks in your environment.
Assess vulnerabilities in Red Hat Enterprise Linux modules and containers
May 6, 2024 — Vulnerability Assessment enhancements now allow the service to collect
information on Red Hat Enterprise Linux 8 modules and Red Hat Enterprise Linux 9 containers.
The expanded capabilities enable more comprehensive visibility and granular analysis,
strengthening your container security and allowing you to more effectively prioritize
risks. For more information, see Vulnerability Assessment supported operating systems.
Cloud Posture to support Real-Time Posture Monitoring for AWS Accounts
May 8, 2024 — Cloud Posture now supports Real-Time Posture Monitoring previously titled Real-Time Threat
Monitoring (RTM) for AWS accounts connected through the Cloud Accounts app. You can
enable
Real-Time Posture Monitoring while connecting a new AWS account and organization or
turn the
feature on for existing AWS accounts or organizations.
Data for internet-facing assets now updated more frequently
April 15, 2022 — Thanks to several backend improvements, data for your internet-facing
assets
are now updated more often. The increased update frequency allows you to better assess
your
attack surface in Attack Surface
Discovery, particularly
after removing domains and IP addresses and renewing certificates, and improves the
accuracy of
risk events created in Operations Dashboard. For more information, see Internet-Facing Assets.
Assess language packages in ECR images for vulnerabilities
April 22, 2024 — the Vulnerability Assessment service available in Attack Surface Risk Management now supports scanning language packages used in your ECR container images. For information
on supported languages, see Vulnerability Assessment supported language
packages.
Operations Dashboard Weekly Digest terminated
April 22, 2024 — The Operations Dashboard Weekly Digest has been terminated for subscribers,
and the subscription entry for the weekly digest has been removed from
Notifications. Former subscribers can now receive n automatically
generated weekly report based on the Risk Factors template, providing a
detailed picture of current organization risks. Settings for the weekly report can
be managed
in the Reports app.
Network Security supported in Executive Dashboard Security Configuration
April 8, 2024 — The Security Configuration index now supports Virtual Network Sensor
visibility
in the Network Security tab. You can view sensor deployment status and key feature
adoption rate.
For sensors not configured as expected, click the displayed number of sensors to drill
down to
the Reports app and generate reports with detailed information.
Medigate supported as a new data source for Attack Surface Risk Management
April 8, 2024 — You may now integrate Medigate as a data source in Attack Surface
Risk
Management to gain access to device information and vulnerabilities detected by Medigate.
Connect your Medigate account in Data Sources.
Accept reported risk events
April 8, 2024 — In addition to the Dismissed and Remediated statuses, an Accepted
status is now
available for reported risk events in Operations Dashboard. Marking a risk event as
Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate
it at this time. Risk events marked as Accepted still contribute to your Risk Index.
Create accepted risk event rules when marking a risk event as Accepted to mark all
current and future instances of the risk event as Accepted within a specified time
period.
Cloud Posture to Support New Public APIs
March 28, 2024 — Accounts and Template Scanner Public APIs for Cloud Posture now
available on Trend Vision One Automation Center. See the Automation Center for more information.
Customize columns in Attack Surface Discovery asset lists
March 25, 2024 — You can now customize the columns displayed in asset lists for all
asset types
in Attack Surface
Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.
View data sources for discovered accounts in Attack Surface Discovery
March 25, 2024 — The Attack Surface
Discovery accounts page now has a "Discovered by" column for both domain and service accounts
to show
the data source that has discovered the account. Use the "Discovered by" filter to
search for
accounts from the selected data source.
Scan for vulnerabilities in your Amazon ECR and self-managed Kubernetes container images
March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability
scanning on container images of your Amazon ECR container images when you enable the
feature
for your AWS accounts in Container Inventory. You can also enable Runtime Scanning
for your
Kubernetes clusters in Trend Vision One — Container Security and enable to scan for
vulnerabilities in related Kubernetes container images.
View endpoint group names on the device list in Attack Surface Discovery
March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint
group column
to show the endpoint group name for each managed device. Use the “Endpoint group”
filter to
search for managed devices from specified endpoint groups.
Cloud Posture to support latest Azure framework standard
March 5, 2024 — The Azure Well-Architected Framework compliance standard report and
associated
rule mappings in Cloud Posture have been updated to
conform with the latest version of the Azure Well-Architected Framework released in
October 2023.
In turn, the July 2022 version of the Azure Well-Architected Framework will no longer
be
available in Cloud Posture from June 1, 2024. The
removed version will no longer be accessible in filters, preventing the creation of
new reports
or report configurations with the outdated standard. This means that you will no longer
be able
to generate new PDF or CSV reports using report configurations that include the outdated
compliance standard. However, any PDF or CSV reports already created remain available
for
download. Trend Micro recommends that you update your report
configurations to use the latest version of the framework by June 1, 2024.
Asset relationship visualizations emphasize risk management
February 26, 2024 — In line with enhancements to the visualization of asset relationships
in
Attack Surface
Discovery, the asset graph feature
in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud
assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings,
helping you assess your organization's security posture.
Manage risk events by risk factor in Operations Dashboard
February 19, 2024 — You can now change the status of risk events when viewing them
by risk
factor in Operations Dashboard. This applies to all risk
factor types except XDR Detections and Vulnerabilities. Development is ongoing to
support
these two risk factor types.
Gain better visibility into the security configuration of cloud apps
February 19, 2024 — The cloud app profile screen in Attack Surface
Discovery now displays the following additional
information:
-
The encryption ciphers used by the cloud app
-
The latest version of the communications protocol used by the app
-
Whether the cloud app uses a trusted certificate
-
Whether the cloud app allows for IP address access control
Cloud Posture removes support for outdated standards
February 14, 2024 — Cloud Posture no longer
supports the following compliance standards:
-
CIS Amazon Web Services Foundations Benchmark v1.2.0
-
CIS Amazon Web Services Foundations Benchmark v1.3.0
-
CIS Amazon Web Services Foundations Benchmark v1.4.0
-
CIS Microsoft Azure Foundations Benchmark v1.1.0
-
CIS Google Cloud Platform Foundation Benchmark v1.2.0
These five standards are no longer accessible in filters, which prevents the creation
of new
reports and report configurations. You can no longer generate new PDF or CSV reports
using
existing report configurations that include any of the five standards. However, any
PDF or CSV
reports generated before support was ended remain available.
Please update your report configurations to use the latest versions of CIS Benchmarks.
Agentless Vulnerability & Threat Detection supports cost tracking
February 7, 2024 — You can now track the costs of Agentless Vulnerability & Threat Detection by
enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable
this capability. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs.
Security Configuration features enhanced email security
January 15, 2024 — Executive Dashboard now better reflects the health of your connected
email
security products. The Email Security section of the Security
Configuration tab now supports Trend Micro Email Security and shows the
protection status and key feature adoption rates for your email domains.
When examining email domain configuration status or Key Feature Adoption
Rates, clicking the number of domains that are not configured correctly takes you to
Email Asset Inventory for more detailed information.
Security Configuration supports network security
January 15, 2024 — Executive Dashboard now provides you with an overview of your network
layer
configuration. The Network Security section of the Security
Configuration tab now displays the deployment status and key feature adoption rates
for your connected Deep Discovery Inspector appliances.
When examining Appliance Health, Software Version, or
Key Feature Adoption and Configuration, clicking the number of appliances
that are not configured correctly leads you to the Reports app to generate a detailed report.
Create Security Awareness training campaigns targeting at-risk users
ImportantThis is a pre-release sub-feature and is not part of the existing features of an official
commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
|
January 15, 2024 — In addition to manually creating training campaigns for your users
in the
Security Awareness app, you can now also initiate campaigns from the
Attack Surface Discovery, Operations Dashboard, and
Identity Posture apps. Campaigns initiated from these three apps enable you
to provide security awareness training focused specifically on at-risk users.
When viewing domain accounts in Attack Surface Discovery, the context menu
now includes the Create Training Campaign option.
In Operations Dashboard, the remediation steps for some types of risk
events — such as phishing simulations indicating user accounts might be vulnerable
to attack —
now include links to create Security Awareness training.
The Identity Posture app's Identity Summary screen
for highly privileged identities and the highlighted exposure risk events in the
Exposure tab now also feature a Create Security Awareness
Training Campaign button.
Manage all event rules in one place
December 18, 2023 — Operations Dashboard now features Event Rule
Management: a centralized location for you to manage risk event rules.
When you mark a risk event as Dismissed, an event rule is created to prevent Attack
Surface
Risk Management from reporting future instances of the risk event in Risk Reduction
Measures and All Risk Events. The event rule also prevents
the dismissed risk event from impacting your organization's Risk Index.
Event Rule Management allows you to review and manage all dismissed event
rules. If you remove a dismissed event rule, all new instances of the risk event are
reported and
contribute to your organization's Risk Index.
Visualize your Azure asset relationships
December 18, 2023 — The relationships of your Azure cloud assets can now be graphically
illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface
Discovery.
Vulnerability Assessment on Windows Server 2012/Windows Server 2012 R2 endpoints
December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities
affecting
Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more
highly
exploitable CVEs in your environment.
Agentless Vulnerability & Threat Detection Resources Gain Tagging
December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.
Manually add IP addresses to discover internet-facing assets
December 4, 2023 — Trend Vision One now supports manually
adding seed IP addresses for discovering internet-facing assets in your organization.
In the
Internet-Facing Assets section of Attack Surface
Discovery, click the Public IPs tab and then click Add to
manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses,
click
View Manually Added IP Addresses.
The ability to add seed IP addresses is only available for customers using a Trend
Micro
solution as the data source for internet-facing assets and that do not have an active
trial for
Attack Surface Risk Management.
New pricing model for Attack Surface Risk Management now available
November 20, 2023 — Trend Vision One now supports a new pricing
model for Attack Surface Risk Management (previously Risk Insights) decoupled from
XDR
entitlements. Credit usage for Attack Surface Risk Management apps is calculated based
on the
number of assessable desktops, servers, and connected cloud accounts. Each assessed
desktop or
server requires 20 credits, while each connected cloud account requires 8,000 credits.
If you
feel the number of assets discovered by Trend Vision One is
inaccurate, you can manually override the number of assessed assets and your credit
usage will be
recalculated.
If you previously purchased a Risk Insights license, you will retain your current
pricing model
until the license expires. If you previously allocated credits to use Attack Surface
Discovery and Operations Dashboard, you retain your current pricing model; however, if you disable and re-enable Attack
Surface
Risk Management, you will be migrated to the Attack Surface Risk Management pricing
model.
Regardless of the pricing model, you will retain access to Attack Surface
Discovery, Operations Dashboard, and Cloud Posture.
A 30-day free trial remains available for customers who have not previously started
a trial of
Risk Insights capabilities.
For more details on licensing or credit usage for Attack Surface Risk Management,
contact your
sales representative.
Risk Insights renamed to Attack Surface Risk Management
November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface
Risk
Management to align with the expanding scope of capabilities provided by the included
apps. The
renamed app group currently contains the Executive Dashboard, Attack Surface
Discovery, Operations Dashboard, and Cloud Posture apps.
Graph View gives you contextual visibility over AWS-based assets
November 20, 2023 — Attack Surface
Discovery now provides new contextual visibility into your cloud assets and prioritized security
risks —
continuously and frictionlessly. The new Graph View shows more details about the resources
deployed in your AWS environment, relationships between cloud assets, and risk scores
for each
asset.
Gain new visibility over your AWS APIs
November 20, 2023 — API Security provides new visibility over your attack surface
by
identifying challenges to securing your APIs. API Security displays an inventory of
your REST
and HTTP-based API collections from your AWS API gateways and any misconfigurations
detected
in your AWS environment.
Enable Agentless Vulnerability & Threat Detection for Amazon EC2 instances
November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS
accounts
to discover vulnerabilities in your Amazon EC2 instances with zero impact to your
applications.
For more information, see Agentless Vulnerability & Threat
Detection.
Discover and assess internet-facing assets with Rescana
November 20, 2023 — Trend Vision One has traditionally
discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One
now supports a new data source for internet-facing assets — Rescana. If you are a
Rescana
customer, you can easily enable the data source by specifying the correct URL and
API token for
your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing
assets.
Operations Dashboard supports remediating and dismissing risk events
November 6, 2023 — To better align Trend Vision One with common
risk terminology and enhance your ability to reduce the Risk Index, you can now change
the status
of risk events in Operations Dashboard. In addition, you can now manually
trigger a recalculation of the Risk Index and check for new risk events.
Risk events for six of the eight risk factors can now be marked as one of the four
following
statuses:
-
New
-
In progress
-
Remediated
-
Dismissed
Remediated and dismissed risk events no longer contribute to your Risk Index.
When changing the status of risk events, you can select from three levels of scope:
the
selected risk event, all instances of the risk event for the selected assets, or all
instances of
the risk event for all assets. If you dismiss all instances of a risk event, future
instances of
the risk event will not be generated.
XDR detection-related risk events that have an associated workbench alert must still
be managed
via the Workbench app. Development is ongoing to support the new risk
event management framework for vulnerability-related risk events. In addition, a subsequent
release will allow you to accept risk events, meaning they will still contribute to
your Risk
Index, but will not be displayed in Risk Reduction Measures.
New risk events highlight potential attack paths for cloud assets
October 23, 2023 — New risk events demonstrate potential attack paths that originate
from the
internet or potentially compromised cloud assets. These potential attack paths are
visualized to
help you identify and prioritize risks.
Asset graph visualizes cloud asset relationships
October 23, 2023 — Cloud asset profiles now feature an asset graph illustrating the relationships of
cloud assets. The visualization showcases how identities access cloud resources, as
well as
traffic routing and other relationships, helping you to prioritize risks associated
with your
cloud assets.
Attack Surface Discovery asset profiles available free for XDR customers
October 23, 2023 — Customers that have enabled XDR sensors can now access a free version
of
asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights
capabilities. When viewing the profile of an endpoint, account or cloud asset in a
Workbench
alert, click View asset risk assessment in Attack Surface Discovery to
see the asset's risk assessment and asset profile in Attack Surface Discovery.
Manually modify asset criticality in Risk Insights
September 25, 2023 — Risk Insights apps calculate and display the criticality for
each asset
based on asset tags. If you think that the system-defined criticality is inaccurate
or does not
match the actual situation, you can manually assign a custom criticality to assets.
In Attack
Surface Discovery asset profiles and asset cards, you can now click Modify
Criticality to select a custom criticality. You can also revert to using the
system-defined criticality at any time.
Asset graph improvements enhance effectiveness
September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide
you
with greater context for improving your security posture.
The asset graph now includes a symbol for the internet, helping you easily identify
which
assets are exposed to the internet.
The asset detail screen for domains and IP addresses now also features an asset graph
illustrating the relationships between internet-facing assets and other types of assets.
The
asset graph helps you better understand how domains and IP addresses are associated
with
internet-exposed devices.
In addition, the asset graph now shows relationships associated with privileges, including
user
and group memberships, as well as how roles are assigned, to whom a role is assigned,
and
administrative devices and users. The visualization makes it easier to understand
how an identity
has administrative permissions to other identities or devices.
Risk Insights apps gain Tanium Comply as data source
August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data
source.
Tanium Comply contributes device information and CVE detections. To grant data upload
permissions
for Tanium Comply, enter the Tanium console URL and API token in the data sources
settings
drawer.
Vulnerability Assessment for Linux users
July 24, 2023 — Vulnerability Assessment is now available for the following Linux
operating
systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.
For details, see Vulnerability Assessment supported operating systems.
Risk Insights capabilities require a license or credits
July 4, 2023 — Risk Insights capabilities are now a paid feature. You must purchase
a license
or allocate sufficient credits for Risk Insights to access Operations Dashboard and
Attack
Surface Discovery.
If you have not purchased a license or allocated credits to Risk Insights, you can
start a
30-day free trial when you attempt to access Operations Dashboard or Attack Surface
Discovery. To
ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery after
your trial
ends, contact your sales representative in advance to prepare a license or credits
for Risk
Insights. You can configure Trend Vision One to automatically allocate credits to
Risk Insights
capabilities at the end of your free trial period.
Advanced filtering and ability to assign secure access rules added to Cloud Apps
July 3, 2023 — The Cloud Apps tab of the Attack Surface Discovery app now features
a new
Artificial Intelligence category for cloud apps based on artificial intelligence technology.
The
Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned
state,
breach warnings, and last detected. In addition, you can now assign Internet Access
rules by
selecting cloud apps and clicking Assign Secure Access Rule.
Asset graph for service accounts
June 21, 2023 — Attack Surface Discovery now provides asset graph support for service
accounts.
The asset graph provides detailed information about the service account and its relationships
and
interactions with other assets in your organization. The service account might also
appear in the
asset graph of other assets.
Risk Insights support for Trend Vision One credits
June 21, 2023 — As Risk Insights capabilities become a paid feature on July 4, 2023,
credit
usage data is now displayed in Risk Insights apps. You can view your current credit
balance and
estimate future credit usage. To ensure uninterrupted access to Operations Dashboard
and Attack
Surface Discovery, activate the "auto-allocate credits" toggle to enable Trend Vision One to automatically allocate credits to Risk Insights
capabilities when the complimentary period ends.
Attack Surface Risk Management
Significant update to the Risk Index algorithm
June 5, 2023 — Risk Insights has applied a significant update to the Risk Index algorithm
for all customers.
The algorithm now places a greater importance on Attack Detection. Periodic algorithm
updates
are part of our continuous effort to optimize the risk algorithm to provide you with
an
accurate, timely, and actionable Risk Index.
ImportantAlgorithm updates can result in a sudden and significant increase to asset risk scores
and the
Risk Index. A sharp increase in the Risk Index that directly coincides with an algorithm
update
can be considered the result of the algorithm change.
|
For more details, see Risk Index algorithm updates.
Operations Dashboard monitors new risk factors
The Operations Dashboard now monitors two new risk factors: System Configuration and
Security
Configuration. You can view the related risk metrics and events in the Risk Factors
tab.
Risk Insights identifies potential misconfigurations of your environment, including
exposed
ports, insecure host connections, insecure IAM and cloud infrastructure configurations,
and
unsafe software and endpoint configurations.
Risk Insights monitors your Trend Micro security settings,
including endpoint agent and sensor deployments, update status, and key feature adoption
rates.
The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.
Executive Dashboard widgets reorganized
In the Exposure Overview tab of the Executive Dashboard, clicking View Details in
widgets now
redirects you to the Operations Dashboard for more detailed information.
In the Activity and Behaviors section, the Legacy Authentication Protocol with Log
On Activity
widget has moved to the System Configuration section and the Account Compromise Indicators
widget
has moved into the Operations Dashboard.
In the Attack Overview tab of the Executive Dashboard, the General Detection Summary
widgets
have moved to the Security Dashboard for easier access and to improve the customizability
of
dashboards. The following widgets are now found in the Widget Catalog of the Security
Dashboard:
-
Detections by Attack Type
-
Mitigated Events by Attack Type
-
Detections by Protection Layer
-
Workbench Alert Tracking
NoteYou must enable Risk Insights capabilities to access the Operations Dashboard and
the
Security Dashboard. For more information, see Credit requirements for Trend Vision One apps and services.
|
Attack Surface Discovery presents data sources for discovered devices
Attack Surface Discovery lists all assets discovered in your organization to facilitate
risk
assessments. Trend Micro leverages several data sources for asset
discovery, which are now presented in the Discovered by column of the Device List
for further
investigation. You can also configure Device Overview to show only specific sources
by adding the
Discovered by filter.
Risk Insights supports multiple Azure AD tenants
Customers with multiple Azure AD tenants can now have full visibility of accounts
on all
tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights
apps.
Attack Surface Risk Management
Risk Insights official release
All Risk Insights capabilities are now officially released and can be purchased alongside
XDR as part of the Trend Vision One
platform. Contact your sales representative to discuss your license transition period
options.
For more details on the licensing and product experience for Risk Insights, see Credit requirements for Trend Vision One apps and services.
Attack Surface Risk Management