July 2024

July 29, 2024 — Attack Surface Risk Management can now check for security misconfigurations and compliance violations in SaaS applications. Salesforce is currently supported, with more applications to come.

For more information, see Configuring data sources and Salesforce integration.

July 29, 2024 — You can now add user accounts with a high risk exposure to the Zscaler-defined restricted user group from the context menu in Attack Surface Discovery. This response action can also be taken automatically by the Automated High-Risk Account Response playbook. Adding user accounts to the Zscaler restricted user group allows Zscaler policies to be assigned to the accounts. Additionally, you can remove the accounts from the restricted user group when they maintain a lower risk score.

For more information, see Add to Zscaler Restricted User Group task and Remove from Zscaler Restricted User Group task.

July 22, 2024 — The API Keys app now enables you to define and manage a list of authorized IP addresses for accessing Trend Vision One APIs. This enhancement adds an extra layer of security, ensuring that only traffic from trusted sources can access the APIs.

For more information, see API Keys (available to both customers that have updated to the Foundation Services release and those that have not).

July 19, 2024 – Besides the Trend Micro predefined correlation rules, administrators can add custom correlation rules based on predefined detection signals to accommodate anomaly detection requirements in their environment. Administrators can apply custom correlation rules into the Correlated Intelligence security filter of ATP policies for Exchange Online and view details about detected anomalies in the Operations screen.

July 19, 2024 – For OneDrive, SharePoint Online, and Microsoft Teams, Cloud Email and Collaboration Protection enhances the access grant process to remove dependency on Azure Communication Services, which is scheduled to retire in the future. When granting access to the above-mentioned services, administrators do not need to manually grant Cloud Email and Collaboration Protection permissions to receive notifications from Microsoft upon any change to the files on these services.

This enhancement is not available for the US and EU sites in this release.

July 19, 2024 – Administrators can now initiate security awareness campaigns from the following Dashboard widgets to provide training focused specifically on at-risk users: Top 5 Users with Account Takeover Risks, Top 5 High-Risk Email Recipients, and Top 5 Spam and Graymail Recipients. When viewing these users on the widgets, the available operations now include the Create Training Campaign option.

July 19, 2024 – Cloud Email and Collaboration Protection offers the Add to Block List response action to the Operations → User-Reported Emails screen. It allows administrators to add senders in the end user-reported emails to the Suspicious Object List of Trend Vision One.

Cloud Email and Collaboration Protection also supports the following account-based response actions on the Top 5 Users with Account Takeover Risks Dashboard widget: Disable User Account, Force Sign Out, Force Password Reset, Add to Block List

July 19, 2024 – Cloud Email and Collaboration Protection adds a new search criterion (Action: Restricted) in URL click tracking logs. Using this criterion, administrators are able to filter out URLs with actions "Blocked", "Warned and accessed", and "Warned and stopped”.

July 17, 2024 – Announcing Trend Micro Artifact Scanner (TMAS) v2.0+ with enhanced support for custom scanner combinations including the newly released secrets scanner. Users can run scanners independently or together, ensuring comprehensive security coverage tailored to their specific needs. This version also provides a more intuitive and standardized result output. For all changes, read WHATS-NEW.md included with the binary.

July 17, 2024—File Security Storage now allows users to automatically upload clean files into a promote bucket after scanning. You set this parameter in the CloudFormation template when creating or updating your account.

July 17, 2024—You can now create regional quarantine and promote buckets for your AWS cloud accounts. This provides a greater visibility of issues in files uploaded to your account.

For more information, see Adding by-region quarantine and promote buckets

July 17, 2024 — To coincide with the release of Runtime Proxy Policies, the Proxy Settings formerly located in the Endpoint Inventory Global Settings has now been replaced with the Agent Installer Proxy settings screen. Use the Agent Installer Proxy settings to configure proxies for endpoint agents to perform initial deployment, installation, and registration to Trend Vision One.

July 17, 2024 — Standard Endpoint Protection offers AI App Guard, which helps identify suspicious or untrusted programs attempting to modify AI apps and associated files.

For more information, see Event Monitoring.

Endpoint Security → Standard Endpoint Protection → Policies → Policy Management

July 16, 2024 — The recommendations for creating policies and rulesets for Container Security have been updated, including instructions for testing rules that are set to terminate or isolate, and an updated list of rulesets. For more information, see the Business Success portal.

July 16, 2024—Endpoint Security now supports deploying the Server & Workload Protection Agent to your endpoints using a deployment script. You can download the script from Endpoint Inventory. For more information, see Using the Deployment Script.

July 15, 2024 — Users can now turn off Private Access system alerts for blocked access attempts from Secure Access Module settings. While pop-ups are disabled, a complete log of blocked events remains accessible within the module.

For more Information, see Secure Access Module deployment.

July 15, 2024 — The Zero Trust Internet Access On-Premises Gateway service now supports multiple on-premises AD server integrations for NTLMv2 or Kerberos authentication.

July 15, 2024 — Vulnerability Assessment has been enhanced to support Oracle Linux Server 6, Oracle Linux Server 7, Oracle Linux Server 8, and Oracle Linux Server 9. The newly supported distributions enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks.

For more information, see Vulnerability Assessment supported operating systems.

July 15, 2024 — Create and use custom tags for your organization’s assets in Attack Surface Discovery for better asset management.

July 15, 2024 — IPv6 addresses are now supported for Public IPs in the Internet-Facing Assets section of Attack Surface Discovery. View discovered IPv6 addresses and add IPv6 addresses belonging to your organization. IPv6 addresses must be added individually — IPv6 ranges are not supported.

July 15, 2024—Agentless Vulnerability and Threat Detection supports vulnerability scanning on AWS Lambda functions.

For more information, see Agentless Vulnerability & Threat Detection.

July 15, 2024 — Security Awareness is now in public preview as part of the Trend Vision One platform. Designed to help you create a more resilient and security-conscious workforce while proactively strengthening your organization’s security posture, the app offers two powerful features:

• Training Campaigns: Educate your employees on how to best protect their privacy and your valuable assets. Engaging training modules cover essential topics such as password management, suspicious activity identification, and safe internet usage.
• Phishing Simulations: Test and enhance your employees' ability to recognize phishing attempts by simulating real-world phishing emails. Evaluate and improve awareness and response to potential threats.

Security Awareness training and simulation results impact the Attack Surface Risk Management risk score of your assessed users to help you get a better picture of your security posture. Gain insights into the security awareness levels of your employees, and use the data to identify areas for improvement, tailor your training programs, and define effective plans to enhance security practices within your organization. Empower your workforce with the knowledge necessary to stand as the first line of defense against security breaches.

July 15, 2024 — Trend Micro Virtual Network Sensor now extends its platform support to include Nutanix AHV.

For more information, see Virtual Network Sensor deployment guides.

July 15, 2024 — The Virtual Network Sensor can now be deployed to your Google Cloud environment.

For more information, see Virtual Network Sensor deployment guides.

July 12, 2024 – You can now add Trend Vision One Phishing Simulations as a data source in the Operations Dashboard, which allows access to breach events from phishing simulations. For more information, see Configurating data sources.

July 11, 2024 – You can now customize the table in Endpoint Inventory by adjusting column width and the number of items displayed per page. Your settings are saved automatically for the next time you access Endpoint Inventory.

July 8, 2024–Threat detection for AWS VPC Flow Logs is now available as a feature of XDR for Cloud. Once VPC flow log monitoring is enabled, Trend Vision One automatically analyzes the logs for any traffic activity related to suspicious or malicious IP addresses, and also monitors for malicious activity such as brute force attacks, access to sensitive database ports, data exfiltration, and more. Additionally, you can also use VPC flow logs to seep for indicators of compromise (IOCs) via the Threat Intelligence app, leveraging Trend Micro's threat intelligence feed or imported 3rd-party IOC sources.

July 4, 2024 – Container Security now supports asset configuration and management with Terraform. For details, see the Vision One provider in the Terraform registry.

July 4, 2024 — The Container Inventory app now features filter and search functions to streamline the process to locate container services within the table view. Additionally, Container Inventory has implemented a page view, making it easier to navigate the list. These features encompass K8S elements such as Clusters, Nodes, Pods, and Containers, as well as ECS components including Clusters, Services, Tasks, and Containers.

For more information, see Container Inventory.

July 1, 2024 — Google Cloud Identity integration with Trend Vision One is now officially available. Seamlessly integrate with Google Cloud Identity to enhance your security visibility and response with streamlined access, management, and risk. Go to Workflow and Automation → Third-Party Integration to set up the integration.

For more information, see Google Cloud Identity integration.

July 1, 2024—Custom detection filters now support AWS VPC flow log activity under the CLOUD_ACTIVITY event type and the VPC_ACTIVITY_LOG event ID.

For more information, see Network Activity Data and Cloud Activity Data.

July 1, 2024 — As part of the Identity Security app group, Identity Inventory offers comprehensive identity tracking and management features for both human and non-human identities as well as assigned entitlements and privileges. View summaries of groups, roles, and devices registered with your identity provider, and see the current status of passwords and conditional access certificates to ensure your security practices are up to date. To get started, grant read and write permissions to your Microsoft Entra ID tenant in Third-Party Integration.

July 1, 2024 – To improve the ECS cluster management in your AWS environment, Trend Vision One Container Inventory now allows you to enable or disable runtime security and runtime scanning on multiple Amazon ECS clusters.

For more information, see Container Inventory.