Views:

Create new cases or assign risk events to existing cases directly in Attack Surface Risk Management apps

December 9, 2024—Resolving risk events is an important task for security operations team members and IT operations. In large organizations, many individuals are involved in risk mitigation tasks, Requiting team members to leverage Case Management for more efficient collaboration. Now in Operations Dashboard, users can create new cases or assign risk events to existing cases. Cases can be closed after marking risk event statuses as risk mitigated, dismissed or accepted. All tasks related to the case can be viewed and managed from Case Management.
Attack Surface Risk ManagementOperations Dashboard

Case Management now supports Attack Surface Risk Management cases

November 29—To streamline your risk reduction workflows, in Case Management you can now assign priority and ownership to cases containing risk events from Operations Dashboard. When you open a case in Operations Dashboard, you can choose which third-party ticketing system, webhook channel, or email address to notify.
Attack Surface Risk ManagementOperations Dashboard
Workflow and AutomationCase Management

Alibaba Cloud is now a supported cloud provider in Attack Surface Risk Management

November 25, 2024 — Alibaba Cloud is now a supported service provider for cloud assets in Attack Surface Risk Management and Cloud Security, enhancing your cloud posture monitoring capabilities. To monitor Alibaba Cloud accounts, add your Alibaba Cloud account in Cloud Accounts.
Attack Surface Risk ManagementAttack Surface Discovery

Cloud Posture Embedded Rules Knowledge Base Now Available

November 14, 2024—You can now access the resolution information for failing misconfiguration rules within the Trend Vision One Cloud Posture console. For more information, see: Automation Center.
Cloud OverviewCloud Posture

Cloud Posture Events and Groups Public APIs now available on Trend Vision One Automation Center

October 31, 2024—You can now access the new Cloud Posture public APIs for Events and Groups through the Trend Vision One Automation Center.
Cloud OverviewCloud Posture

Cloud Posture moving to Cloud Security app group

October 28, 2024—On December 2nd, 2024, Cloud Posture will be fully relocated to the new Cloud Security app group, where you can get a unified view of your cloud resources and security. Until that date, you may access Cloud Posture from within the Attack Surface Risk Management app group or in the new Cloud Security app group.
Cloud SecurityCloud Posture

Cloud Posture includes Cloud Infrastructure Entitlement Management (CIEM)

October 21, 2024—Get central visibility of your cloud entitlements and related risks in Cloud Posture. With over 200 different types of cloud resources currently available, cloud operations and security teams are increasingly challenges by the complexity of cloud infrastructure entitlement management.
A dedicated entitlements tab in Cloud Overview now gives users centralized visibility into cloud identities and related risks. Take action and focus remediation efforts based on prioritized risks, including risky identity types, identity misconfigurations, and potential attack paths. To learn more, see Entitlements.
Attack Surface Risk ManagementCloud PostureCloud Overview

Assess for and view all CVEs in Attack Surface Risk Management

October 21, 2024—The Detected Vulnerabilities widget in Exposure Overview now displays CVEs by impact level, including detected low-impact CVEs. New widgets in Operations Dashboard allow you to filter CVEs by high, medium, and low impact. To learn more about how CVE impact scores are calculated, see CVE impact score.
Attack Surface Risk ManagementOperations Dashboard
Attack Surface Risk ManagementExecutive Dashboard

View All CVEs for Containers, Cloud VMs, and Serverless Functions

October 21, 2024—Attack Surface Risk Management prioritizes the most critical vulnerabilities across your entire attack surface, allowing you to focus your remediation efforts. However, visibility into lower impact CVEs is now available for containers, cloud VMs, and serverless functions, providing you the vulnerability information you needs for compliance or internal audits. View lower impact CVEs in the Vulnerabilities section of Operations Dashboard or Exposure Overview in Executive Dashboard.
Attack Surface Risk ManagementOperations Dashboard
Attack Surface Risk ManagementExecutive Dashboard

View Risk Subindex per asset group in Attack Surface Risk Management

October 8, 2024—Executive Dashboard now supports the ability to view and compare the Risk Index for specific subsets of assets. For example, you can monitor risk per business unit, region, information system, and more to determine which subset requires attention. To see the Risk Subindex, you must first build an asset grouping structure in Asset Group Management and allocate tag values to assets groups of either "Attack Surface Discovery" or "Tag Inventory App". For more information, see Risk Overview.
Attack Surface Risk ManagementExecutive Dashboard

Scan select AWS resources for malware

September 23, 2024—Agentless Vulnerability & Threat Detection now supports malware scanning of AWS EBS, ECR, and Lambda resources. After enabling the feature for your connected AWS accounts in Cloud Accounts, Agentless Vulnerability & Threat Detection begins scanning daily for threats like viruses, Trojans, spyware, and more. Get remediation options and metadata for performing threat hunting queries by examining associated risk events in Operations Dashboard.
Anti-malware scanning is disabled by default. Enabling anti-malware scanning increases your AWS operational costs. To learn more, see Agentless Vulnerability & Threat Detection estimated deployment costs.
Attack Surface Risk ManagementOperations Dashboard

See time-critical alerts for vulnerabilities in Linux

September 23, 2024—Time-critical vulnerability alerts now support Linux to give you more visibility into your organization’s security posture. Check alerts In Executive Dashboard to see which operating systems are affected by the vulnerability. View mitigation options for all supported operating systems, and if supported, mitigation actions are automatically detected after you apply them.
Attack Surface Risk ManagementExecutive Dashboard

Set parameters for risk event rules

September 9, 2024—You may now set specific parameters for the risk event rules for certain risk event types in Operations Dashboard. Add IP addresses, apps, rules, or days of the week as conditions that must be met for the risk event rule to apply. Setting parameters allows for more granular control over when a risk event rule is triggered.
Attack Surface Risk ManagementOperations Dashboard

SCORM courses available for Security Awareness Training Campaigns

August 28 2024 — In addition to the video-based courses offered in Security Awareness Training Campaigns, you can now also select Sharable Content Object Reference Model, or SCORM courses. SCORM allows for more interactivity and the potential to track progress. Choose between the two types of training content for your recipients to gain more flexibility in how you deliver training, helping to better engage and educate your users. Whether you prefer the structured format of SCORM or the visual appeal of videos, you can now tailor the training experience to best suit your needs. Start exploring the SCORM courses in your phishing training campaigns and enhance your organization's cybersecurity awareness.
Attack Surface Risk ManagementSecurity Awareness

Endpoint-based attack prevention/detection rule application impact now displayed

August 26, 2024 — Applying host-based attack prevention/detection rules now impacts asset risk scores in Attack Surface Risk Management. When host, or endpoint-based, attack prevention/detection rules are successfully applied to vulnerable assets, the risk score of the assets will be reduced. CVEs that have available attack prevention/detection rules will display an indicator in the corresponding entry on an asset's profile screen, allowing you to more easily see which vulnerabilities can be mitigated. To learn more, seeAttack prevention/detection rules.
Attack Surface Risk ManagementOperations Dashboard

Vulnerability assessment coverage extended to Rocky Linux

August 26, 2024—Attack Surface Risk Management vulnerability assessment coverage now extends to Rocky Linux. Use the new capability to strengthen your endpoint security and more effectively prioritize risk. For more information, see Vulnerability Assessment supported operating systems.
Attack Surface Risk ManagementOperations Dashboard

Enhanced cloud risk management with new Cloud Overview dashboard

August 12, 2024 — You can now access the new Cloud Overview dashboard, which provides a comprehensive summary of cloud assets. Additionally, the page previously known as "Cloud Posture Overview" has been renamed to "Compliance and Misconfiguration."
The Cloud Overview dashboard offers detailed insights into related risk findings, including misconfiguration, compliance, vulnerability, threats, identity risk, and data posture.
These updates ensure a more streamlined and informative experience, enabling you to quickly identify and address potential risks in your cloud environment.
For more information, see Cloud Posture.
Attack Surface Risk Management > Cloud Posture > Cloud Posture

Add phishing simulations as a data source

July 12, 2024 – You can now add Trend Vision One Phishing Simulations as a data source in the Operations Dashboard, which allows access to breach events from phishing simulations. For more information, see Configurating data sources.
Attack Surface Risk ManagementOperations Dashboard

Custom Tagging in Attack Surface Discovery

July 15, 2024 — Create and use custom tags for your organization’s assets in Attack Surface Discovery for better asset management.
Attack Surface Risk ManagementAttack Surface Discovery

View and manage IPv6 addresses in Internet-Facing Assets

July 15, 2024 — IPv6 addresses are now supported for Public IPs in the Internet-Facing Assets section of Attack Surface Discovery. View discovered IPv6 addresses and add IPv6 addresses belonging to your organization. IPv6 addresses must be added individually — IPv6 ranges are not supported.
Attack Surface Risk ManagementAttack Surface Discovery

Agentless Vulnerability and Threat Detection Lambda support

July 15, 2024—Agentless Vulnerability and Threat Detection supports vulnerability scanning on AWS Lambda functions.
Attack Surface Risk ManagementOperations Dashboard

Attack Surface Risk Management extend Vulnerability Assessment support to Oracle Linux

July 15, 2024 — Vulnerability Assessment has been enhanced to support Oracle Linux Server 6, Oracle Linux Server 7, Oracle Linux Server 8, and Oracle Linux Server 9. The newly supported distributions enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks.

Introducing Security Awareness

July 15, 2024 — Security Awareness is now in public preview as part of the Trend Vision One platform. Designed to help you create a more resilient and security-conscious workforce while proactively strengthening your organization’s security posture, the app offers two powerful features:
  • Training Campaigns: Educate your employees on how to best protect their privacy and your valuable assets. Engaging training modules cover essential topics such as password management, suspicious activity identification, and safe internet usage.
  • Phishing Simulations: Test and enhance your employees' ability to recognize phishing attempts by simulating real-world phishing emails. Evaluate and improve awareness and response to potential threats.
Security Awareness training and simulation results impact the Attack Surface Risk Management risk score of your assessed users to help you get a better picture of your security posture. Gain insights into the security awareness levels of your employees, and use the data to identify areas for improvement, tailor your training programs, and define effective plans to enhance security practices within your organization. Empower your workforce with the knowledge necessary to stand as the first line of defense against security breaches.
Attack Surface Risk ManagementSecurity Awareness

Cloud Posture Terraform Template Scanner Now Supports the Cloud Formation Template Scanner Resources

June 24, 2024 — Cloud Posture Terraform Template Scanner (TS) is now Generally Available with parity of coverage of the following resource types with Cloud Formation Template Scanner:
  1. Autoscaling Group
  2. CF Stack
  3. CloudTrail
  4. Kinesis Stream
  5. Lambda Function
  6. SNS Topic
  7. SQS Queue
  8. API Gateway RestAPI
  9. ELBv2
  10. ES Domain
  11. Workspaces
  12. ELB Classic
  13. Redshift Cluster
  14. EMR Cluster
  15. ElacticCache
  16. EFS File System

Agentless Vulnerability and Threat Detection stack enhancements

June 10, 2024 — Agentless Vulnerability & Threat Detection now includes the following enhancements:
  • The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
  • The deployed stack now has two version values, which are tracked separately.
  • To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
  • Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.
When you upgrade to the new release, the contents of the agentless S3 buckets, including intermediate results, and s3 access logs, will be deleted. This has no impact on any scan results already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs.
Attack Surface Risk ManagementOperations Dashboard

Agentless Vulnerability and Threat Detection available in AWS UAE region

June 13, 2024 — Users of cloud services may now enable Agentless Vulnerability and Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR images, and get greater visibility into your cloud asset-related security posture.
Attack Surface Risk ManagementCloud PostureMisconfiguration and Compliance

View device hardware information in device asset profiles

June 17, 2024 — Device asset profiles in Attack Surface Discovery are now able to display discovered basic hardware specifications such as manufacturer, model, CPU, RAM, and disk size. Find discovered details under the basic category within the device asset profile.
Attack Surface Risk ManagementAttack Surface Discovery

Mark vulnerability risk events as dismissed, accepted, or remediated

June 17, 2024 — As with risk events in other risk factors, you may now mark events in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new workflow helps streamline the process of managing risk events and CVEs.
Attack Surface Risk ManagementOperations Dashboard

More details on daily Risk Index fluctuation now available in Operations Dashboard

June 17, 2024 — Detailed data on daily Risk Index fluctuations, including contributing risk factors, risk events, and assets, is now available in Operations Dashboard. Hover over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points each risk factor contributed to the change. Drill down to see individual risk events and a detailed daily timeline showing expired, new, remediated, and dismissed event instances.
Attack Surface Risk ManagementOperations Dashboard

Support for SUSE Linux added to Vulnerability Assessment

June 17, 2024 — Vulnerability assessment has been enhanced to support SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.
Attack Surface Risk ManagementOperations Dashboard

Connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management

June 3, 2024 — You can now connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management. Use the new source to gain better visibility into user and group data, user activity data, and potential account misconfigurations. For more information, see Configuring data sources.
Attack Surface Risk ManagementOperations Dashboard

Simplified risk overviews in Executive Dashboard

May 27, 2024 — To facilitate a higher-level overview, the Exposure, Attack, and Security Configuration Overview tabs in Executive Dashboard have been simplified to display current risk levels and risk scores for each category. In Risk Overview, view each category's contribution to the Risk Index at a glance, and get additional information about contributing risk factors and events from Risk Event Overview. Go to the tab for each risk category to quickly view the category's current risk level, and see contributing risk factors to more quickly prioritize risk reduction actions.
Attack Surface Risk ManagementExecutive Dashboard

Get increased visibility into Risk Index fluctuations

May 6, 2024 — View daily point increases and decreases of the Risk Index along with contributing risk factors now by hovering on the Risk Index graph in Executive Dashboard. Coming in June, clicking through to Operations Dashboard will take you to in-depth details on daily contributing risk events. Details now available for the Risk Index in Executive Dashboard include a breakdown of the points each risk factor has added or subtracted from the Risk Index since the previous day. In June, you may view all daily contributing risk events, including those that were resolved or mitigated, organized by risk factor. Use the detailed information provided to better understand your security posture and help prioritize risks in your environment.
Attack Surface Risk ManagementExecutive Dashboard

Assess vulnerabilities in Red Hat Enterprise Linux modules and containers

May 6, 2024 — Vulnerability Assessment enhancements now allow the service to collect information on Red Hat Enterprise Linux 8 modules and Red Hat Enterprise Linux 9 containers. The expanded capabilities enable more comprehensive visibility and granular analysis, strengthening your container security and allowing you to more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.
Attack Surface Risk ManagementOperations Dashboard

Cloud Posture to support Real-Time Posture Monitoring for AWS Accounts

May 8, 2024 — Cloud Posture now supports Real-Time Posture Monitoring previously titled Real-Time Threat Monitoring (RTM) for AWS accounts connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while connecting a new AWS account and organization or turn the feature on for existing AWS accounts or organizations.
Attack Surface Risk ManagementCloud PostureMisconfiguration and Compliance

Data for internet-facing assets now updated more frequently

April 15, 2022 — Thanks to several backend improvements, data for your internet-facing assets are now updated more often. The increased update frequency allows you to better assess your attack surface in Attack Surface Discovery, particularly after removing domains and IP addresses and renewing certificates, and improves the accuracy of risk events created in Operations Dashboard. For more information, see Internet-Facing Assets.
Attack Surface Risk ManagementAttack Surface Discovery

Assess language packages in ECR images for vulnerabilities

April 22, 2024 — the Vulnerability Assessment service available in Attack Surface Risk Management now supports scanning language packages used in your ECR container images. For information on supported languages, see Vulnerability Assessment supported language packages.
Attack Surface Risk ManagementOperations Dashboard

Operations Dashboard Weekly Digest terminated

April 22, 2024 — The Operations Dashboard Weekly Digest has been terminated for subscribers, and the subscription entry for the weekly digest has been removed from Notifications. Former subscribers can now receive n automatically generated weekly report based on the Risk Factors template, providing a detailed picture of current organization risks. Settings for the weekly report can be managed in the Reports app.
Attack Surface Risk ManagementOperations Dashboard

Network Security supported in Executive Dashboard Security Configuration

April 8, 2024 — The Security Configuration index now supports Virtual Network Sensor visibility in the Network Security tab. You can view sensor deployment status and key feature adoption rate. For sensors not configured as expected, click the displayed number of sensors to drill down to the Reports app and generate reports with detailed information.
Attack Surface Risk ManagementExecutive Dashboard

Medigate supported as a new data source for Attack Surface Risk Management

April 8, 2024 — You may now integrate Medigate as a data source in Attack Surface Risk Management to gain access to device information and vulnerabilities detected by Medigate. Connect your Medigate account in Data Sources.
Attack Surface Risk ManagementAttack Surface Discovery

Accept reported risk events

April 8, 2024 — In addition to the Dismissed and Remediated statuses, an Accepted status is now available for reported risk events in Operations Dashboard. Marking a risk event as Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate it at this time. Risk events marked as Accepted still contribute to your Risk Index. Create accepted risk event rules when marking a risk event as Accepted to mark all current and future instances of the risk event as Accepted within a specified time period.
Attack Surface Risk ManagementOperations Dashboard

Cloud Posture to Support New Public APIs

March 28, 2024 — Accounts and Template Scanner Public APIs for Cloud Posture now available on Trend Vision One Automation Center. See the Automation Center for more information.
Attack Surface Risk ManagementCloud PostureMisconfiguration and Compliance

Customize columns in Attack Surface Discovery asset lists

March 25, 2024 — You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.
Attack Surface Risk ManagementAttack Surface Discovery

View data sources for discovered accounts in Attack Surface Discovery

March 25, 2024 — The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.
Attack Surface Risk ManagementAttack Surface Discovery

Scan for vulnerabilities in your Amazon ECR and self-managed Kubernetes container images

March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in Trend Vision One — Container Security and enable to scan for vulnerabilities in related Kubernetes container images.
Attack Surface Risk ManagementExecutive Dashboard

View endpoint group names on the device list in Attack Surface Discovery

March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.
Attack Surface Risk ManagementAttack Surface Discovery

Cloud Posture to support latest Azure framework standard

March 5, 2024 — The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. Trend Micro recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.
Attack Surface Risk ManagementCloud PostureMisconfiguration and Compliance

Asset relationship visualizations emphasize risk management

February 26, 2024 — In line with enhancements to the visualization of asset relationships in Attack Surface Discovery, the asset graph feature in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings, helping you assess your organization's security posture.
Attack Surface Risk ManagementAttack Surface Discovery

Manage risk events by risk factor in Operations Dashboard

February 19, 2024 — You can now change the status of risk events when viewing them by risk factor in Operations Dashboard. This applies to all risk factor types except XDR Detections and Vulnerabilities. Development is ongoing to support these two risk factor types.
Attack Surface Risk ManagementOperations Dashboard

Gain better visibility into the security configuration of cloud apps

February 19, 2024 — The cloud app profile screen in Attack Surface Discovery now displays the following additional information:
  • The encryption ciphers used by the cloud app
  • The latest version of the communications protocol used by the app
  • Whether the cloud app uses a trusted certificate
  • Whether the cloud app allows for IP address access control
Attack Surface Risk ManagementAttack Surface Discovery

Cloud Posture removes support for outdated standards

February 14, 2024 — Cloud Posture no longer supports the following compliance standards:
  • CIS Amazon Web Services Foundations Benchmark v1.2.0
  • CIS Amazon Web Services Foundations Benchmark v1.3.0
  • CIS Amazon Web Services Foundations Benchmark v1.4.0
  • CIS Microsoft Azure Foundations Benchmark v1.1.0
  • CIS Google Cloud Platform Foundation Benchmark v1.2.0
These five standards are no longer accessible in filters, which prevents the creation of new reports and report configurations. You can no longer generate new PDF or CSV reports using existing report configurations that include any of the five standards. However, any PDF or CSV reports generated before support was ended remain available.
Please update your report configurations to use the latest versions of CIS Benchmarks.
Attack Surface Risk ManagementCloud PostureMisconfiguration and Compliance

Agentless Vulnerability & Threat Detection supports cost tracking

February 7, 2024 — You can now track the costs of Agentless Vulnerability & Threat Detection by enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable this capability. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs.
Attack Surface Risk ManagementExecutive Dashboard

Security Configuration features enhanced email security

January 15, 2024 — Executive Dashboard now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Trend Micro Email Security and shows the protection status and key feature adoption rates for your email domains.
When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.
Attack Surface Risk ManagementExecutive Dashboard

Security Configuration supports network security

January 15, 2024 — Executive Dashboard now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.
When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.
Attack Surface Risk ManagementExecutive Dashboard

Create Security Awareness training campaigns targeting at-risk users

Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
January 15, 2024 — In addition to manually creating training campaigns for your users in the Security Awareness app, you can now also initiate campaigns from the Attack Surface Discovery, Operations Dashboard, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide security awareness training focused specifically on at-risk users.
When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.
In Operations Dashboard, the remediation steps for some types of risk events — such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness training.
The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Campaign button.
Attack Surface Risk ManagementSecurity Awareness

Manage all event rules in one place

December 18, 2023 — Operations Dashboard now features Event Rule Management: a centralized location for you to manage risk event rules.
When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.
Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

Visualize your Azure asset relationships

December 18, 2023 — The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.
Attack Surface Risk ManagementAttack Surface Discovery

Vulnerability Assessment on Windows Server 2012/Windows Server 2012 R2 endpoints

December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.
Attack Surface Risk ManagementExecutive Dashboard
Attack Surface Risk ManagementOperations Dashboard

Agentless Vulnerability & Threat Detection Resources Gain Tagging

December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.
Attack Surface Risk ManagementOperations Dashboard

Manually add IP addresses to discover internet-facing assets

December 4, 2023 — Trend Vision One now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.
The ability to add seed IP addresses is only available for customers using a Trend Micro solution as the data source for internet-facing assets and that do not have an active trial for Attack Surface Risk Management.
Attack Surface Risk ManagementAttack Surface Discovery

New pricing model for Attack Surface Risk Management now available

November 20, 2023 — Trend Vision One now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by Trend Vision One is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.
If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Operations Dashboard, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Operations Dashboard, and Cloud Posture.
A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.
For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

Risk Insights renamed to Attack Surface Risk Management

November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Executive Dashboard, Attack Surface Discovery, Operations Dashboard, and Cloud Posture apps.

Graph View gives you contextual visibility over AWS-based assets

November 20, 2023 — Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.
Attack Surface Risk ManagementAttack Surface Discovery

Gain new visibility over your AWS APIs

November 20, 2023 — API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.
Attack Surface Risk ManagementAttack Surface Discovery

Enable Agentless Vulnerability & Threat Detection for Amazon EC2 instances

November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.
Attack Surface Risk ManagementExecutive Dashboard

Discover and assess internet-facing assets with Rescana

November 20, 2023 — Trend Vision One has traditionally discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One now supports a new data source for internet-facing assets — Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing assets.
Attack Surface Risk ManagementAttack Surface Discovery

Operations Dashboard supports remediating and dismissing risk events

November 6, 2023 — To better align Trend Vision One with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Operations Dashboard. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.
Risk events for six of the eight risk factors can now be marked as one of the four following statuses:
  • New
  • In progress
  • Remediated
  • Dismissed
Remediated and dismissed risk events no longer contribute to your Risk Index.
When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.
XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures.
Attack Surface Risk ManagementOperations Dashboard

New risk events highlight potential attack paths for cloud assets

October 23, 2023 — New risk events demonstrate potential attack paths that originate from the internet or potentially compromised cloud assets. These potential attack paths are visualized to help you identify and prioritize risks.
Attack Surface Risk ManagementOperations Dashboard

Asset graph visualizes cloud asset relationships

October 23, 2023 — Cloud asset profiles now feature an asset graph illustrating the relationships of cloud assets. The visualization showcases how identities access cloud resources, as well as traffic routing and other relationships, helping you to prioritize risks associated with your cloud assets.
Attack Surface Risk ManagementAttack Surface Discovery

Attack Surface Discovery asset profiles available free for XDR customers

October 23, 2023 — Customers that have enabled XDR sensors can now access a free version of asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights capabilities. When viewing the profile of an endpoint, account or cloud asset in a Workbench alert, click View asset risk assessment in Attack Surface Discovery to see the asset's risk assessment and asset profile in Attack Surface Discovery.
Attack Surface Risk ManagementAttack Surface Discovery

Manually modify asset criticality in Risk Insights

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.
Attack Surface Risk ManagementAttack Surface Discovery

Asset graph improvements enhance effectiveness

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.
The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.
The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.
In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights apps gain Tanium Comply as data source

August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.
Attack Surface Risk ManagementOperations Dashboard

Vulnerability Assessment for Linux users

July 24, 2023 — Vulnerability Assessment is now available for the following Linux operating systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights capabilities require a license or credits

July 4, 2023 — Risk Insights capabilities are now a paid feature. You must purchase a license or allocate sufficient credits for Risk Insights to access Operations Dashboard and Attack Surface Discovery.
If you have not purchased a license or allocated credits to Risk Insights, you can start a 30-day free trial when you attempt to access Operations Dashboard or Attack Surface Discovery. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery after your trial ends, contact your sales representative in advance to prepare a license or credits for Risk Insights. You can configure Trend Vision One to automatically allocate credits to Risk Insights capabilities at the end of your free trial period.
Attack Surface Risk ManagementOperations Dashboard
Attack Surface Risk ManagementAttack Surface Discovery

Advanced filtering and ability to assign secure access rules added to Cloud Apps

July 3, 2023 — The Cloud Apps tab of the Attack Surface Discovery app now features a new Artificial Intelligence category for cloud apps based on artificial intelligence technology. The Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned state, breach warnings, and last detected. In addition, you can now assign Internet Access rules by selecting cloud apps and clicking Assign Secure Access Rule.
Attack Surface Risk ManagementAttack Surface Discovery

Asset graph for service accounts

June 21, 2023 — Attack Surface Discovery now provides asset graph support for service accounts. The asset graph provides detailed information about the service account and its relationships and interactions with other assets in your organization. The service account might also appear in the asset graph of other assets.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights support for Trend Vision One credits

June 21, 2023 — As Risk Insights capabilities become a paid feature on July 4, 2023, credit usage data is now displayed in Risk Insights apps. You can view your current credit balance and estimate future credit usage. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery, activate the "auto-allocate credits" toggle to enable Trend Vision One to automatically allocate credits to Risk Insights capabilities when the complimentary period ends.
Attack Surface Risk Management

Significant update to the Risk Index algorithm

June 5, 2023 — Risk Insights has applied a significant update to the Risk Index algorithm for all customers. The algorithm now places a greater importance on Attack Detection. Periodic algorithm updates are part of our continuous effort to optimize the risk algorithm to provide you with an accurate, timely, and actionable Risk Index.
Important
Important
Algorithm updates can result in a sudden and significant increase to asset risk scores and the Risk Index. A sharp increase in the Risk Index that directly coincides with an algorithm update can be considered the result of the algorithm change.
For more details, see Risk Index algorithm updates.
Attack Surface Risk ManagementOperations Dashboard

Operations Dashboard monitors new risk factors

The Operations Dashboard now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.
Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.
Risk Insights monitors your Trend Micro security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.
Attack Surface Risk ManagementOperations Dashboard

Executive Dashboard widgets reorganized

In the Exposure Overview tab of the Executive Dashboard, clicking View Details in widgets now redirects you to the Operations Dashboard for more detailed information.
In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into the Operations Dashboard.
In the Attack Overview tab of the Executive Dashboard, the General Detection Summary widgets have moved to the Security Dashboard for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:
  • Detections by Attack Type
  • Mitigated Events by Attack Type
  • Detections by Protection Layer
  • Workbench Alert Tracking
Note
Note
You must enable Risk Insights capabilities to access the Operations Dashboard and the Security Dashboard. For more information, see Credit requirements for Trend Vision One apps and services.
Attack Surface Risk ManagementExecutive Dashboard

Attack Surface Discovery presents data sources for discovered devices

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. Trend Micro leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights supports multiple Azure AD tenants

Customers with multiple Azure AD tenants can now have full visibility of accounts on all tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights apps.
Attack Surface Risk Management

Risk Insights official release

All Risk Insights capabilities are now officially released and can be purchased alongside XDR as part of the Trend Vision One platform. Contact your sales representative to discuss your license transition period options.
For more details on the licensing and product experience for Risk Insights, see Credit requirements for Trend Vision One apps and services.
Attack Surface Risk Management