Views:

Support to exclude specified endpoints from response actions

January 31, 2024 — Users may now prevent critical endpoints from being affected by selected response actions triggered across Trend Vision One. Add up to six exclusions to apply to lists of up to 100 endpoints by enabling the feature in Settings within Response management. To learn more, see Exclude Specified Endpoints from Response Actions.
Workflow and AutomationResponse Management

Operations Dashboard Supports Three More Risk Reduction Goals

January 29, 2024 — Besides the already supported goal of generally lowering your organization's risk level, three other risk reduction goals are now officially available to let you focus on top risks or reduce your Risk Index to the industry average.
In the Risk Reduction Measures section, you can choose a predefined goal or set your own goal, and then take recommended remediation actions on risk events with the highest impact to achieve the desired goal.
Attack Surface Risk ManagementOperations Dashboard

Optimized Risk Index algorithm provides better visibility over your security posture

January 29, 2024 — The Risk Algorithm has been optimized to better reflect your risk remediation efforts. Version 2.0 of the Risk Index algorithm provides a comprehensive overview of your organization's risk landscape by significantly expanding the foundation and extent of risk calculation. While earlier versions of the algorithm relied on the risk scores of sampled assets, the updated version calculates the index using the risk scores and levels of all events. By incorporating the risk scores and levels of every risk event within your organization, the updated algorithm has broader scope and a more direct influence on risk events.
For more information, see January 29, 2024 - Risk Index algorithm version 2.0.
Attack Surface Risk ManagementExecutive Dashboard

The Search app supports new search method: Identity and Access Activity Data

January 29, 2024—You can now query your identity and access telemetry data in the Search app. The new Identity and Access Activity Data search method currently supports Microsoft Entra ID, with more identity providers to be added soon.
XDR Threat InvestigationSearch

Take stock of applications installed on your devices

Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
January 29, 2024 — See a central inventory with risk findings of the applications installed on your organization's devices. In the Applications section of Attack Surface Discovery, click the Local Apps tab. The list details the name, version, operating system, vendor, number of devices on which the application is installed, detected CVEs, and risk scores.
The Local Apps tab is now available as a pre-release feature in public preview.
Attack Surface Risk ManagementAttack Surface Discovery

XDR detection risk factor shows all priority alerts

January 29, 2024 — Operations Dashboard now displays all priority alerts in XDR detection. Previously, XDR detection displayed the top 10 unsolved priority alerts only. The updated list now displays all Workbench alerts that are not closed, have an alert score above 50, and were created in the last 30 days. Each Workbench alert can be expanded to show impacted assets and risk scores.
Attack Surface Risk ManagementOperations Dashboard

Security Configuration extends Endpoint Security key feature reporting

January 29, 2024 — Executive Dashboard now features reporting for additional key features of your connected Trend Micro endpoint security products. In the Endpoint Security section of the Security Configuration tab, the Key Feature Adoption Rates and Key Feature Adoption and Pattern Update Compliance widgets now also report on the adoption of the Application Control and Device Control features of supported products.
If you have updated to the Foundation Services release, clicking on the number of endpoints that do not have the recommended configuration for either feature takes you to Endpoint Inventory for additional details. If you have not updated to the Foundation Services release, clicking the number takes you to Reports to export the relevant data.
Attack Surface Risk ManagementExecutive Dashboard

Risk reduction workflow simplified

January 29, 2024 — Over the last several months, several enhancements to Operations Dashboard have focused on the management of risk events. Thanks to the ability to remediate or dismiss all risk events through Risk Reduction Measures, there is no longer a need for the At-Risk Users/Devices widget.
While the widget is no longer available, the At-Risk Users and At-Risk Devices widgets in Security Dashboard are still available and now direct you to the Accounts and Devices sections of Attack Surface Discovery, respectively. In addition, notifications for new at-risk users or devices with a high-risk status and the Top At-Risk Users, Devices, Cloud App Overview report template also remain at your disposal.
Attack Surface Risk ManagementOperations Dashboard

Zero Trust Secure Access now supports local user groups

January 29, 2024 — Zero Trust Secure Access now supports local user account management both individually and by assigned groups. You may assign local users to one or more local user groups, allowing you to apply access rules by group. For more information, see Local user account management.
Zero Trust Secure AccessSecure Access ConfigurationIdentity and Access Management

Zero Trust Secure Access Private Access and Internet Access now supports custom service status on individual endpoints

January 29, 2024 — Zero Trust Secure Access now allows users to set the service status for Internet Access and Private Access on single endpoints. Users may choose to align the service status for the endpoint with the current global configuration or choose to never enable either service on selected endpoints. Configure endpoints from the endpoint list on the Secure Access Module screen.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Zero Trust Secure Access now supports devices managed by custom MDM solutions or no MDM solution

January 29, 2024 — In addition to Microsoft Intune-managed devices the Zero Trust Secure Access mobile module can now be deployed to all managed or unmanaged mobile devices, allowing you to secure more mobile endpoints. If you do not currently have an MDM solution, the mobile module supports deployment through Mobile Device Director. For more information, see Deploying the Secure Access Module to Mobile Devices.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Forensics highlights now available

January 29, 2024 — The new Highlights section of the evidence report in Forensics displays all the high-risk pieces of evidence found in the collected evidence. Use the Highlights section as a starting point for your investigations.
XDR Threat InvestigationForensics

Forensics workspace enhancements

January 29th, 2024 — Forensics now displays the following information about your endpoints in the Workspace view:
  • Latest risk score
  • Whether the endpoint is connected or not
  • whether the endpoint is managed or not
XDR Threat InvestigationForensics

New AI enhancements now available for Trend Vision One™ - Companion

January 24, 2024 —Companion now includes the following AI enhancements for improved user experience:
  • Role-based access control (RBAC) settings: Now you can tailor permissions and roles to fit the unique needs of your team, ensuring the right people have the right access.
  • Admin-controlled AI usage: Administrators now have the power to enable or disable Companion AI functionalities for individual users, which ensures compliance with the policies of your organization and gives you more control over how AI is used within your team.
  • Multilingual support: Companion now supports multiple languages, making AI tools more accessible and user-friendly for a diverse global audience. Whether you are an English speaker or prefer another language, Companion is ready to assist you.
  • Streamlined activation and deactivation: The option to enable or disable Companion has been moved out of Support Settings for easier access. Click the chat box icon at the top of the screen and experience the power of generative AI today.

Security Playbooks feature enhancements and user experience improvement

January 24, 2024 — The Endpoint Response Actions playbooks and Incident Response Evidence Collection playbooks have been enhanced to support a broader range of IP formats for the playbook target. In addition to using a wildcard, you have the flexibility to use CIDR notation or specify an IP range from a starting IP address to an ending IP address.
Additionally, the email notification content for user-defined Automated Response Playbooks has been improved to enhance the user experience.
Workflow and AutomationSecurity Playbooks

Custom detection model creation officially released

January 29, 2024 — Custom filter and detection model creation in Detection Model Management is no longer a pre-release feature and now enters official release. You can now create up to 50 custom filters using search query syntax, and configure up to 50 custom detection models from those filters in the Detection Model Management app.
For more information, see Custom filters.
XDR Threat InvestigationDetection Model Management

New Scan for Malware endpoint response action available

January 22, 2024 — Users may now perform a one-time on-demand malware scan on one or more endpoints from context menus in Workbench, Endpoint Inventory, Search, and Observed Attack Techniques, allowing for a direct response to attacks while conducting further investigation. For more information, see Scan for Malware task.
Workflow and AutomationResponse Management
January 15, 2024 — Trend Vision One provides a centralized and comprehensive solution for your email and collaboration security, offering a streamlined, single-console experience.
  • Email Asset Inventory provides centralized visibility combining your protection managers with dedicated inventory views.
    • Email account inventory, managed by Cloud Email and Collaboration Protection and Email Sensor, highlights noteworthy accounts which require further investigation. You can also quickly review your Exchange Online and Gmail protection status.
    • Email domain inventory, managed by Cloud Email Gateway Protection, provides domain information and your email gateway protection status.
    • Email server inventory provides information about your email servers managed by on-premises protection solutions including ScanMail for Microsoft Exchange and InterScan Messaging Security Virtual Appliance.
  • Email Sensor provides centralized management for your email accounts allowing you to enable or disable XDR detection and response. Enabling email sensor detection and response provides XDR capabilities for email accounts as well as providing cross-layered capabilities covering identity, endpoint, network, and more.
  • Cloud Email and Collaboration Protection provides real-time protection to enhance security with powerful enterprise-class threat and data protection control, including protection against ransomware, phishing, Business Email Compromise (BEC), zero-day and hidden malware, unauthorized transmission of sensitive data, targeted attack user, and account takeover. Cloud Email and Collaboration Protection integrates cloud-to-cloud with the protected applications and services, and leverage both inline and API integration to maintain high availability and administrative functionality, as well as auto-remediation based on the latest pattern updates on incoming, outgoing and internal messages. Cloud Email and Collaboration Protection provides protection for the following cloud email and collaboration applications:
    • Microsoft Office 365 services (Exchange Online, SharePoint Online, OneDrive, Microsoft Teams)
    • Google Workspace (Google Drive, Gmail)
    • Box
    • Dropbox
    For customers with an existing Cloud App Security solution, update to Cloud Email and Collaboration Protection through the Product Instance app to seamlessly integrate with Trend Vision One to manage email and collaboration security within one console, one platform. To learn more, see Update from Cloud App Security.
  • Cloud Email Gateway Protection provides email security at the gateway level through MX record rerouting of inbound messages to block dangerous and unwanted emails before they reach your email servers. In addition to malware scanning, spam detection, and content filtering, Cloud Email Gateway Protection also supports domain-based authentication such as SPF/DKIM/DMARC, directory-based recipient verification, outbound DLP, and email encryption - all configurable through robust policy settings.
    For customers with an existing Trend Email Security solution, update to Cloud Email Gateway Protection to seamlessly integrate with Trend Vision One to manage email gateway security within one console, one platform. To learn more, see Update from Trend Micro Email Security.

Security Configuration features enhanced email security

January 15, 2024 — Executive Dashboard now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Trend Micro Email Security and shows the protection status and key feature adoption rates for your email domains.
When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.
Attack Surface Risk ManagementExecutive Dashboard

Security Configuration supports network security

January 15, 2024 — Executive Dashboard now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.
When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.
Attack Surface Risk ManagementExecutive Dashboard

Security Dashboard adds five container-related widgets

January 15 — To facilitate SOC analysts in quickly identifying container security risks within their environment, Security Dashboard has added the following five new widgets:
  • Top Clusters with Runtime Vulnerabilities/Events
  • Top Namespaces with Runtime Rule Violations
  • Top Runtime Policy Violations by Action
  • Top Trigger Runtime Rules by Violations
  • Top Unique CVEs by CVSS Rating
Find the new widgets in the Cloud category of the Security Dashboard widget catalog. Be aware that these widgets are only available for customers that have updated to the Foundation Services release.
Dashboards and ReportsSecurity Dashboard

Create Security Awareness training campaigns targeting at-risk users

Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
January 15, 2024 — In addition to manually creating training campaigns for your users in the Security Awareness app, you can now also initiate campaigns from the Attack Surface Discovery, Operations Dashboard, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide security awareness training focused specifically on at-risk users.
When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.
In Operations Dashboard, the remediation steps for some types of risk events — such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness training.
The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Campaign button.
Attack Surface Risk ManagementSecurity Awareness

Forensics supports YARA, osquery, and Collect Evidence tasks on Linux endpoints

January 11, 2023 — The Forensics app now allows you to run YARA, osquery, and Collect Evidence tasks on Linux endpoints, enabling you to better monitor and analyze both Windows and Linux endpoints in your environment.
For more information on these tasks, see Response actions.
XDR Threat InvestigationForensics

Filter query results of YARA and osquery tasks by status

January 9, 2024 — Query results for YARA and osquery tasks can now be filtered by status to provide a brief overview. Quickly find the reason for failed tasks by hovering over the status icon next to endpoint names.
XDR Threat InvestigationForensics

Region deployment selection available for Cloud Accounts

January 8, 2024 — Customers can now select which AWS regions to deploy the Agentless Vulnerability & Threat Detection and Container Protection for Amazon ECS features under Cloud Accounts. By default, these features will deploy to all available regions. This feature requires updating to the latest version of the Cloud Accounts stack.
For more information, see Cloud Accounts.
Cloud SecurityCloud Accounts

Virtual Network Sensor supports new deployment features

January 8, 2024 — Virtual Network Sensor supports deploying to AWS cloud environments. Additionally, you can now specify a default password for KVM deployments within Network Inventory.
Network SecurityNetwork Inventory

Master Administrators can opt in to all pre-release apps/services

January 8, 2024 — Trend Vision One has added an opt-in and opt-out mechanism in Platform Directory for Master Administrators to choose whether they want to view and try Trend Vision One pre-release apps/services available for the organization.
After opting in, you can use all current and future pre-release apps/services at no added cost during the pre-release preview and will be notified at least 30 days before official release or any upcoming charge.
For customers that were already using Trend Vision One prior to January 8, 2024, opting in is automatically enabled to ensure service continuity of previously opted-in apps/services. You must manually opt out if you do not want to use pre-release apps/services.
Platform Directory

Support for terminating Amazon ECS containers

January 8, 2024 — Customers can now terminate potentially compromised Amazon Elastic Container Service tasks while investigating threat incidents in Workbench, Observed Attack Techniques, or the Search app.