Enhanced reports with anomaly detection information in Cloud Email and Collaboration Protection
November 15, 2024 — Administrators can now choose to include anomaly detections in
both one-time and scheduled reports. The report will show the total number of anomalies
detected by Correlated Intelligence, provide a summary of these anomalies for each
supported service, and highlight the top 5 senders and recipients of emails containing
anomalies.
Access token re-creation with a different admin for collaboration services in Cloud Email and Collaboration Protection
November 15, 2024 — Cloud Email and Collaboration Protection enhances the access token re-creation process for Box, Dropbox, and Google Drive.
Previously, access tokens can only be re-created using the same administrator of the
current service account. Customers now are able to re-create access tokens with a
different administrator, which is particularly useful when there are changes in team
members.
To ensure that quarantined files can be managed by the new administrator, Cloud Email and Collaboration Protection also provides a guide to help customers transfer all existing quarantined files from
the original administrator’s quarantine folder to the new administrator’s folder.
Automatic recovery of false positive emails in Exchange Online (inline mode) and Gmail (inline mode) in Cloud Email and Collaboration Protection
November 15, 2024 — Cloud Email and Collaboration Protection enhances its automatic recovery capabilities to identify false positive emails in
Exchange Online (inline mode) and Gmail (inline mode). It then automatically reverses
the Quarantine action, delivering these emails directly to end users’ inboxes.
Extended Audit Log Query Period in Cloud Email Gateway Protection
November 6, 2024 — Cloud Email Gateway Protection now allows administrators to query audit logs retained for up to 180 days, instead
of the previous 30 days.
Four more predefined conditions available in Correlated Intelligence in Cloud Email and Collaboration Protection
October 25, 2024 — Cloud Email and Collaboration Protection supports four more predefined conditions for defining custom detection signals in
Correlated Intelligence. The conditions check the Reply-To domain activity, the Reply-To
address activity, the URL domain registration age in email, and the sender address
for anomaly detection in the customer’s environment.
Enhanced Correlated Intelligence monitoring for existing ATP policies in Cloud Email and Collaboration Protection
October 25, 2024 — Cloud Email and Collaboration Protection enhances the monitoring of Correlated Intelligence detections without disrupting
your email flow. This update automatically enables the Correlated Intelligence filter
for policies where this filter is currently disabled, allowing you to keep track of
Correlated Intelligence detections seamlessly while maintaining smooth email operations.
Specifically,
-
For existing policies without Correlated Intelligence enabled, the action for Security Risks is set to Pass, and “All pre-defined rules” is selected for anomalies with the action set to Pass.
-
For existing policies with Correlated Intelligence enabled, no changes are made to the action for Security Risks. However, if “Specified pre-defined rules” was selected for anomalies with no rules specified, it is changed to “All pre-defined rules” with the action set to Pass.
Automatic recovery of false positive emails marked for deletion in Exchange Online and Gmail in Cloud Email and Collaboration Protection
October 25, 2024 — Cloud Email and Collaboration Protection extends its capabilities to identify false positive emails detected by Advanced Spam
Protection, Web Reputation, and Correlated Intelligence, and then automatically restore
false positive emails marked for deletion in end users’ “Recoverable Items > Deletions”
folder in Exchange Online and the “Trash” folder in Gmail.
Access token re-creation for Dropbox and Google Drive service accounts in Cloud Email and Collaboration Protection
October 25, 2024 — Cloud Email and Collaboration Protection provides an option for administrators to re-create access tokens for the Dropbox
and Google Drive service accounts when the current tokens become invalid or you want
to refresh the existing token.
Quarantined email preview enhancement in Cloud Email Gateway Protection
October 21, 2024 — Cloud Email Gateway
Protection now supports enabling quarantined email preview in quarantine digest templates. This
feature allows administrators to decide whether end users can preview quarantined
emails in quarantine digests. The quarantine digest preview supports inline actions
for improved user interaction, including options to deliver emails or approve senders.
Additionally, enhancements are also made to allow end users and administrators to
view HTML-rendered email content in the End User Console or the Quarantine Query Details
screen.
Detection signal customization for Correlated Intelligence in Cloud Email and Collaboration Protection
September 20, 2024 – In addition to predefined detection signals for Correlated Intelligence,
Cloud Email and Collaboration Protection allows administrators to define custom signals by using predefined conditions to
meet specific security needs. These custom signals can then be incorporated into correlation
rules, enhancing the detection capabilities of Cloud Email and Collaboration Protection within their unique environment.
Dashboard configuration checks for Correlated Intelligence in Cloud Email and Collaboration Protection
September 20, 2024 – The Configuration Health tab on the Cloud Email and Collaboration Protection Dashboard is updated to include checks related to Correlated Intelligence, providing
administrators with a streamlined overview of their security configurations.
Automatic recovery of false positive emails for Exchange Online and Gmail in Cloud Email and Collaboration Protection
September 20, 2024 – Cloud Email and Collaboration Protection utilizes detection and quarantine logs to identify false positive emails detected
by Advanced Spam Protection, Web Reputation, and Correlated Intelligence. It then
automatically reverses the Quarantine, Move to Junk Email folder, Move to Spam actions,
delivering the emails directly to end users' inboxes. This feature functions without
user intervention and is independent of whether Retro Scan & Auto Remediate is activated
by administrators in Advanced Spam Protection and Web Reputation settings.
Anomaly detection with predefined correlation rules in Correlated Intelligence in Cloud Email Gateway Protection
September 18, 2024 — In addition to detecting security risks, Correlated Intelligence
in Cloud Email Gateway
Protection now supports detecting anomalies that deviate from normal behaviors and may require
your attention. Based on the organization’s security needs, administrators can enable
all or partial predefined correlation rules at three levels of aggressiveness and
apply the rules to detect anomalies in Correlated Intelligence policy.
Email recovery for deleted emails in Cloud Email Gateway Protection
September 18, 2024 — Cloud Email Gateway
Protection provides Email Recovery to retain emails marked for deletion for 14 days. This allows
for restoration of emails that were mistakenly deleted before they are permanently
purged, which helps ensure your business continuity and reduce the risk of data loss.
Correlated Intelligence for inbound email threat detection in Cloud Email Gateway Protection
August 21, 2024 — Cloud Email Gateway Protection launches the Correlated Intelligence policy rules for Inbound Protection that can
correlate the suspicious signals found across different scanning criteria (such as
Virus Scan and Spam Filtering) to enrich threat detection for email services. With
Correlated Intelligence capabilities, Cloud Email Gateway Protection also provides the reasons why an email is detected as a threat.
Automated anomaly detection with pre-defined correlation rules in Correlated Intelligence in Cloud Email and Collaboration Protection
August 18, 2024 – When administrators enable Correlated Intelligence while creating
a new ATP
policy, Cloud Email and Collaboration Protection automatically applies all pre-defined
correlation rules for anomaly detection. These rules are categorized into three levels
of
aggressiveness, allowing administrators to tailor the enforcement of these rules according
to
their organization's security needs and email service requirements.
For existing ATP policies, administrators need to manually configure whether to apply
all or
partial pre-defined rules.
Exchange Online protection enhancement with Microsoft 365 activity data in Cloud Email and Collaboration Protection
August 18, 2024 – Cloud Email and Collaboration Protection enhances its protection
capabilities for Exchange Online by integrating user behavior analysis. Organizations
that permit
access to their Exchange Online data can further enable Cloud Email and Collaboration Protection to read activity data through the Microsoft Graph API and Office 365 Management API.
Custom data period for one-time reports in Cloud Email and Collaboration Protection
August 18, 2024 – Cloud Email and Collaboration Protection provides administrators with the
flexibility to select custom time frames, ranging from days to months, for generating
data in
one-time reports, in addition to the fixed data periods.
More granular security checks for approved senders in Cloud Email Gateway Protection
August 12, 2024 — Cloud Email Gateway Protection adds Bypass Checks for approved
senders in Sender Filter Settings. This allows you to determine which scanning criteria
in
Connection Filtering and Spam Filtering policies you want to apply on emails from
approved
senders.
Improved inline action process in quarantine digest notifications in Cloud Email Gateway Protection
August 12, 2024 — When end users click an inline action link in the quarantine digest
notification, they're prompted to confirm on a dedicated page. This extra step ensures
that
actions are only taken with end users’ explicit consent, preventing unexpected access
during
notification transmission.
Custom correlation rules for anomaly detection available in Correlated Intelligence in Cloud Email and Collaboration Protection
July 19, 2024 – Besides the Trend Micro predefined correlation rules, administrators
can add
custom correlation rules based on predefined detection signals to accommodate anomaly
detection
requirements in their environment. Administrators can apply custom correlation rules
into the
Correlated Intelligence security filter of ATP policies for Exchange Online and view
details
about detected anomalies in the Operations screen.
Access grant enhancement to OneDrive, SharePoint Online, and Microsoft Teams in Cloud Email and Collaboration Protection
July 19, 2024 – For OneDrive, SharePoint Online, and Microsoft Teams, Cloud Email and Collaboration Protection enhances the access grant process to remove dependency on
Azure Communication Services, which is scheduled to retire in the future. When granting
access to
the above-mentioned services, administrators do not need to manually grant Cloud Email and Collaboration Protection permissions to receive notifications from Microsoft upon
any change to the files on these services.
This enhancement is not available for the US and EU sites in this release.
Create security awareness training campaigns targeting at-risk users in Cloud Email and Collaboration Protection
July 19, 2024 – Administrators can now initiate security awareness campaigns from
the following
Dashboard widgets to provide training focused specifically on at-risk users: Top 5
Users with Account Takeover Risks, Top 5 High-Risk Email
Recipients, and Top 5 Spam and Graymail Recipients. When viewing
these users on the widgets, the available operations now include the Create Training
Campaign option.
Add to Block List response action available in Cloud Email and Collaboration Protection
July 19, 2024 – Cloud Email and Collaboration Protection offers the Add to Block
List response action to the screen. It allows administrators to add senders in the end user-reported emails to
the Suspicious Object List of Trend Vision One.
Cloud Email and Collaboration Protection also supports the following account-based response
actions on the Top 5 Users with Account Takeover Risks Dashboard widget:
Disable User Account, Force Sign Out, Force Password Reset, Add to Block List
Search by action available for URL click tracking logs in Cloud Email and Collaboration Protection
July 19, 2024 – Cloud Email and Collaboration Protection adds a new search criterion
(Action: Restricted) in URL click tracking logs. Using this criterion,
administrators are able to filter out URLs with actions "Blocked", "Warned and accessed",
and
"Warned and stopped”.
Anomaly detection by Correlated Intelligence in Cloud Email and Collaboration Protection
June 21, 2024 — In addition to detecting security risks, Correlated Intelligence in
Cloud Email and Collaboration Protection now supports detecting anomalies that deviate from
normal behaviors and may require your attention. Cloud Email and Collaboration Protection
also provides visibility of anomaly detections, which allows you to have a more comprehensive
view of your security landscape.
Official release of Gmail (Inline Mode) in Cloud Email and Collaboration Protection
June 21, 2024 — Cloud Email and Collaboration Protection officially launches Inline
Protection for Gmail to scan inbound and outbound emails before they are delivered
to their
destinations, with no MX record change required. This protection mode blocks threats
before they
can reach your users' mailboxes and prevents data leakage before it actually takes
place.
Classic scheduled reports accessible in Cloud Email and Collaboration Protection
June 21, 2024 — For customers who have updated to Cloud Email and Collaboration Protection,
instead of going to the classic console to view your scheduled reports created there,
Cloud Email and Collaboration Protection now enables you to access these reports directly from the
Trend Vision One console.
Approved URL list for Time-of-Click Protection in Cloud Email and Collaboration Protection
June 21, 2024 — To prevent URLs from being rewritten by Time-of-Click Protection in
Web
Reputation, Cloud Email and Collaboration Protection now supports defining a list of URLs that
can bypass Time-of-Click Protection.
Support for moving user-reported emails to Junk Email folder in Cloud Email and Collaboration Protection
June 21, 2024 — To help automatically removing emails from end users' inboxes that
they have
reported as spam or phishing through the Cloud Email and Collaboration Protection add-in for
Outlook, Cloud Email and Collaboration Protection now provides the option to move these emails
to the end users' Junk Email folder.
More granular analysis results for DMARC reports available in Cloud Email Gateway Protection
June 19, 2024 — Cloud Email Gateway Protection allows you to view your DMARC report
data by sending source, including email service, hostname, and IP address. Besides,
the solution
now presents more details from raw DMARC reports in a readable format, enabling you
to quickly
drill down and identify the threats.
Notification enhancement in Cloud Email Gateway Protection
June 19, 2024 — Cloud Email Gateway Protection now supports HTML format for system
notifications. You can select either predefined or custom style for HTML notifications.
Cloud Email and Collaboration Protection launches Correlated Intelligence for email threat detection
April 19, 2024 — Cloud Email and Collaboration Protection launches the Correlated
Intelligence feature that can correlate the suspicious signals found across different
engines (such as Advanced Spam Protection, Web Reputation) to enrich threat detection
for email services. With Correlated Intelligence capabilities, Cloud Email and Collaboration Protection also provide the reasons why an email is
detected as a threat.
Cloud Email and Collaboration Protection supports quishing detection for PDF attachments
April 19, 2024 — Cloud Email and Collaboration Protection supports scanning QR codes in
PDF files attached to emails to detect suspicious URLs. QR code scanning already
supports attachments in the format of WEBP, JPG, PNG, BMP, TIFF, or GIF.
Cloud Email Gateway Protection supports quishing detection for PDF attachments
April 19, 2024 — In addition to detect quishing by scanning the QR code images
attached or in the email body, Cloud Email Gateway Protection now supports quishing
detection for PDF attachments after you have enabled submission of suspicious files
with QR codes
to Virtual Analyzer.
Quishing detection widgets available in Cloud Email and Collaboration Protection
April 19, 2024 — Cloud Email and Collaboration Protection displays quishing detection
data in the Threat Detection dashboard for you to understand the QR code-based phishing
email detections in your environment, including the quishing detections by email
service, top 5 quishing email senders, top 5 quishing email recipients, and quishing
detections by content type.
Cloud Email Gateway Protection provides granular log search for IP block list matching
April 19, 2024 — When searching the mail tracking logs for mail traffic blocked due
to IP
block list matching, Cloud Email Gateway Protection allows you to conduct
more granular search by separately filtering for sender IPs found in the Blocked IP
Address list and the Blocked Country/Region list.
Cloud Email Gateway Protection supports X-Header insertion for messages matching scan exceptions
April 19, 2024 — Cloud Email Gateway Protection allows you to leverage the
action "Insert X-Header" for messages matching scan exceptions in virus scan to meet
your specific needs, for example, identify the specific scan exception for subsequent
processing.
Cloud Email and Collaboration Protection supports taking action based on email header fields
March 22, 2024 — In addition to specifying blocked email senders, Cloud Email and Collaboration Protection allows you to define a list of blocked email header
fields and specify the action to take on matching emails in Advanced Spam Protection.
Cloud Email and Collaboration Protection supports Dynamic URL scanning for Teams Chat
March 22, 2024 — Cloud Email and Collaboration Protection supports dynamic URL scanning for
Teams Chat to further analyzes URLs posted in chats in real-time to detect phishing
URLs.
Cloud Email and Collaboration Protection supports Predictive Machine Learning Exception List
March 22, 2024 — Cloud Email and Collaboration Protection allows you to define a list of
SHA-1 hash values of files to exclude from scanning by Trend Micro Predictive Machine
Learning.
Cloud Email and Collaboration Protection supports reporting emails to administrator-specified mailboxes
March 22, 2024 — Cloud Email and Collaboration Protection provides you the option to allow
your end users to report emails through its add-in to mailboxes you have specified.
Administrators can easily access the reported emails to analyze, investigate, and
take necessary
actions.
DMARC Report Analysis available in Cloud Email Gateway Protection
March 20, 2024 — Cloud Email Gateway Protection supports analyzing the DMARC
reports for your managed domains. With the report analysis results, you can easily
monitor trends and identify anomalies in emails sent on behalf of your managed
domains.
Cloud Email and Collaboration Protection supports turning off computer vision
February 23, 2024 — In the Web Reputation filter, Cloud Email and Collaboration Protection
allows you to control whether to use the computer vision techniques for phishing detection.
Computer vision clicks suspicious URLs in emails to access web pages and apply AI-based
image
analysis to detect threats. Previously, computer vision was enabled as long as you
turned on Web
Reputation.
Trend Vision One Email and Collaboration Security official launch
January 15, 2024 — Trend Vision One provides a centralized and
comprehensive solution for your email and collaboration security, offering a streamlined,
single-console experience.
-
Email Asset Inventory provides centralized visibility combining your protection managers with dedicated inventory views.
-
Email account inventory, managed by Cloud Email and Collaboration Protection and Email Sensor, highlights noteworthy accounts which require further investigation. You can also quickly review your Exchange Online and Gmail protection status.
-
Email domain inventory, managed by Cloud Email Gateway Protection, provides domain information and your email gateway protection status.
-
Email server inventory provides information about your email servers managed by on-premises protection solutions including ScanMail for Microsoft Exchange and InterScan Messaging Security Virtual Appliance.
-
-
Email Sensor provides centralized management for your email accounts allowing you to enable or disable XDR detection and response. Enabling email sensor detection and response provides XDR capabilities for email accounts as well as providing cross-layered capabilities covering identity, endpoint, network, and more.
-
Cloud Email and Collaboration Protection provides real-time protection to enhance security with powerful enterprise-class threat and data protection control, including protection against ransomware, phishing, Business Email Compromise (BEC), zero-day and hidden malware, unauthorized transmission of sensitive data, targeted attack user, and account takeover. Cloud Email and Collaboration Protection integrates cloud-to-cloud with the protected applications and services, and leverage both inline and API integration to maintain high availability and administrative functionality, as well as auto-remediation based on the latest pattern updates on incoming, outgoing and internal messages. Cloud Email and Collaboration Protection provides protection for the following cloud email and collaboration applications:
-
Microsoft Office 365 services (Exchange Online, SharePoint Online, OneDrive, Microsoft Teams)
-
Google Workspace (Google Drive, Gmail)
-
Box
-
Dropbox
For customers with an existing Cloud App Security solution, update to Cloud Email and Collaboration Protection through the Product Instance app to seamlessly integrate with Trend Vision One to manage email and collaboration security within one console, one platform. To learn more, see Update from Cloud App Security. -
-
Cloud Email Gateway Protection provides email security at the gateway level through MX record rerouting of inbound messages to block dangerous and unwanted emails before they reach your email servers. In addition to malware scanning, spam detection, and content filtering, Cloud Email Gateway Protection also supports domain-based authentication such as SPF/DKIM/DMARC, directory-based recipient verification, outbound DLP, and email encryption - all configurable through robust policy settings.For customers with an existing Trend Email Security solution, update to Cloud Email Gateway Protection to seamlessly integrate with Trend Vision One to manage email gateway security within one console, one platform. To learn more, see Update from Trend Micro Email Security.
Email Account Inventory provides central visibility and management of email accounts
October 9, 2023 — Email Account Inventory now provides an overview of how well your
organization’s email accounts are protected by Email Sensor and Cloud App Security
and allows you
to manage protection over the accounts.
Email Account Inventory provides the following central features:
- Email Account Inventory provides an overview of your organization’s email account inventory and available actions to protect email accounts in your organization. If you have not yet enabled any email solutions, you can set up Email Sensor and Cloud App Security from the inventory.
- You can enable key features of Cloud App Security and configure policies for unprotected accounts.
- You can conduct necessary investigations into suspicious account activity.
In addition, the sensor management functionality has moved from Email Account Inventory
into a
separate menu item.