General
General questions about File Security:
Architecture
Questions about File Security architecture:
Scanner
Questions about the File Security scanner:
Pricing
Questions about File Security pricing:
What is File Security?
Trend Vision One™ – File Security is an innovative solution engineered to
bolster the security posture of files and cloud storage against the relentless tide
of malware
threats. Based on different needs, there are two features in File Security:
-
File Security SDK is an scanner app that can assess files for malware and display real-time results so you can immediately identify and address likely security issues in your files. File Security SDK can leverage the power of predictive machine learning (PML) to match novel variants against known hazards.
-
File Storage Security is an advanced version of Trend Cloud One™ – File Storage Security. It leverages the account scanner stack features in Trend Cloud One – File Storage Security, but is much easier to deploy using cloud account management (CAM). File Security Storage provides complete visibility of your cloud storage inventory within the Trend Vision One console so you can protect multiple buckets at once.
For more information, see What is File
Security.
How does Trend Vision One – File Security differ from Trend Micro Cloud One – File Storage Security?
Aside from being part of Trend Vision One, the biggest difference is that we have
expanded
functionality.
-
In Trend Cloud One, File Storage Security can only scan files in Amazon S3 buckets. However, Trend Vision One – File Security can scan files in any application, whether the files are in the cloud or on-premises.
-
Though SDK deployment is different, deployment for traditional S3 coverage (storage) remains the same as it always has for Trend Cloud One – File Storage Security.
-
The SDK scanner is equipped with the option to use predictive machine learning (PML), a capability which is unavailable in Trend Cloud One.
How do I deploy File Security?
While Trend Micro broadly considers File Security to be one solution, it deploys differently
depending on the feature:
When would an organization choose File Security SDK as opposed to File Security Storage?
Choose the feature or combination that best suits your organizational needs:
File Security features
File Security Storage | File Security Managed Services | File Security Virtual Appliance |
Limited solely to cloud storage applications.
|
Allows for file-scanning anywhere; not just storage applications.
|
Allows for file scanning anywhere, not just in storage applications. The scanner
component is deployed as a virtual appliance in the user’s environment.
|
Valuable for organizations without a robust development team.
|
Intended for teams with experience programming using an SDK.
|
Valuable for organizations without a robust development team by using the connector
component. It is also intended for teams with experience programming using an SDK.
|
The storage stack is easy to deploy, requiring just a few clicks and no more than
about
ten minutes.
|
Requires more coding to deploy in addition to stronger cloud architect and developer
teams to implement automation.
|
For users who prefer to manage and host the scanner as a virtual appliance in their
private environment.
|
What storage services does File Security work with?
At this time, File Security Storage works with Amazon Web Service (AWS) storage. See
Deploying for AWS storage.
How long do scans take?
Scan time depends on the file size and type, but can range from under a second to
a few
minutes.
How does File Security scale?
Because File Security uses a serverless scanner, it can handle multiple scans concurrently.
This means File Security automatically scales up in response to load increases--or
or down in response to load decreases. For details, see Scaling and performance.
Why am I unable to use File Security?
Your user account may need additional permissions to deploy, view inventory and scan
results,
initiate scans, or allocate credits.
Why am I limited to five scans?
You are using an Essentials Access account. Purchase and allocate credits to File Storage to extend scanning.
How does File Security SDK scan files?
Once
you have deployed the File Security SDK scanner, the scanner stack scans all incoming
files for
known malware. File Security SDK can send notifications and quarantine malware.
How does File Security Storage scan files?
After deploying the File Security Storage scanner stack to the selected region and
turning on EventBridge for selected buckets in that region, the scanner stack scans
all incoming files. The Scanner stack is located in each region, with one server in
each region and bucket. With event notification turned on, scanner Lambda scans any
incoming file in the scanner stack. The scanner Lambda then sends malicious files
to quarantine.
How does File Security Virtual Appliance scan files
After deploying the File Security Virtual Appliance into a corporate data center
or private cloud environment, users can add mount points to NFS servers using the
File Security
UI console and have target files on storage servers scanned automatically. Alternatively,
users
can adopt the File Security SDK to send files to the File Security Virtual Appliance
for
scanning. In both scenarios, no files will leave the users’ corporate boundary.
What scanner does File Security Managed Service use to scan files? Are the patterns updated?
The scanner is located at Trend Micro. Trend Micro scans the file for you--always
with the
latest pattern.
Can File Security detect ransomware?
Yes. The File Security scanner for both SDK and storage can detect all types of malware
including ransomware, trojans, and spyware.
Are file contents sent to the Trend Micro server?
No. File Security only sends the following to the Trend Micro Smart Protection Server:
- File Security SDK sends only the critical part of the file.
- File Security Storage sends only the identification information (hash value).
What anti-malware patterns does File Security Storage use to scan file? Are the patterns updated?
File Storage Security uses the following patterns:
-
Smart Scan Agent Pattern: This pattern (icrc$oth.XXX) can detect known ransomware like RANSOM_HPLOCKY.SM4 and is used for heuristic or generic detection.
-
IntelliTrap Pattern: This pattern Pattern detects compression files packed as executable files.
-
IntelliTrap Exception Pattern: This pattern contains a list of approved compression files.
Does File Security send file contents to the Trend Micro Smart Protection Server?
No. File Security only send identification information to the Smart Protection Server.
We use a presigned URL to upload files to our AWS S3 buckets. Can we see if the uploaded file is malicious in the result of the file upload request?
No. The design of AWS S3 does not allow you to determine whether an uploaded file
is malicious
from the result of an upload request.
What is the pricing for File Security?
Pricing for File Security, which applies to both Storage and SDK features, is 5,000
credits
per 500,000 scans. So, for example, if you need 3,000,000 scans, you would allocate
30,000
credits. For details, see Credits & Billing.
Can I purchase less than 500,000 scans? Or more?
You can purchase scans in increments of 500,000 for 5,000 credits.
So, for example, if you need 1,500,000 scans, then you would purchase 2,000,000 scans
for
20,000 credits. For details about credits, see Credits & Billing.
Can I purchase just Storage or just SDK without the other feature?
No, pricing for File Security applies to both Storage and SDK features.