August 2024

August 30, 2024—Detection Model Management now supports creating detection exceptions for your Amazon S3 buckets using the bucket name. Set the Match Criteria field type to cloud_identifier, select requestParameters.bucketName for the field, and provide the bucket name.

August 28 2024 — In addition to the video-based courses offered in Security Awareness Training Campaigns, you can now also select Sharable Content Object Reference Model, or SCORM courses. SCORM allows for more interactivity and the potential to track progress. Choose between the two types of training content for your recipients to gain more flexibility in how you deliver training, helping to better engage and educate your users. Whether you prefer the structured format of SCORM or the visual appeal of videos, you can now tailor the training experience to best suit your needs. Start exploring the SCORM courses in your phishing training campaigns and enhance your organization's cybersecurity awareness.

August 26, 2024 — Applying host-based attack prevention/detection rules now impacts asset risk scores in Attack Surface Risk Management. When host, or endpoint-based, attack prevention/detection rules are successfully applied to vulnerable assets, the risk score of the assets will be reduced. CVEs that have available attack prevention/detection rules will display an indicator in the corresponding entry on an asset's profile screen, allowing you to more easily see which vulnerabilities can be mitigated. To learn more, seeAttack prevention/detection rules.

August 26, 2024 — Security Playbooks has introduced a new playbook template: Automated High-Risk Account Response. This playbook enables users to manage accounts with high risk scores by taking specified response actions. In addition to the standard user account actions, the playbook has expanded its functionality to add these accounts to a dedicate restricted user group within Zscaler. This integration allows for specific Zscaler policies to be applied directly to the group.

To utilize this feature, users must configure one or both Zscaler integrations within the Third-Party Integration app.

For more information, see Creating Automated High-Risk Account Response playbooks.

August 26, 2024 — Cloud Accounts now features a detailed graph displaying your current and historical data ingestion for XDR for Cloud, enabling you to track the volume of data analyzed. To view the usage graph, go to Cloud Security → Cloud Accounts and click Credit Usage.

August 26, 2024—Attack Surface Risk Management vulnerability assessment coverage now extends to Rocky Linux. Use the new capability to strengthen your endpoint security and more effectively prioritize risk. For more information, see Vulnerability Assessment supported operating systems.

August 21, 2024 — Cloud Email Gateway Protection launches the Correlated Intelligence policy rules for Inbound Protection that can correlate the suspicious signals found across different scanning criteria (such as Virus Scan and Spam Filtering) to enrich threat detection for email services. With Correlated Intelligence capabilities, Cloud Email Gateway Protection also provides the reasons why an email is detected as a threat.

August 21, 2024 — XDR for Cloud now provides monitoring capabilities for detecting possible attacks on Gen-AI applications in Amazon Bedrock. XDR for Cloud monitors for attempted and unauthorized deletion of guardrails and knowledge bases, and tampering with logging. These detections require the XDR for Cloud - AWS CloudTrail feature to be enabled on your connected AWS accounts. If you have already enabled the feature, the new detection capabilities are enabled by default.

To enable XDR for Cloud - AWS CloudTrail, go to Cloud Security → Cloud Accounts → AWS and update the deployment stack.

To view the new detection models, go to XDR Threat Investigation → Detection Model Management.

August 19, 2024 — The "XDR for Cloud - AWS VPC Flow Logs" and "Cloud Response for AWS" features can now be enabled and deployed to AWS Organization accounts in the Cloud Accounts app.

August 19, 2024 — Endpoint Inventory introduces further enhancements to improve user experience. In addition to previous enhancements including adjustable column width, you can now click-and-drag columns to rearrange the table, and more columns support sorting. Your settings are automatically saved for the next time you access Endpoint Inventory.

August 18, 2024 – When administrators enable Correlated Intelligence while creating a new ATP policy, Cloud Email and Collaboration Protection automatically applies all pre-defined correlation rules for anomaly detection. These rules are categorized into three levels of aggressiveness, allowing administrators to tailor the enforcement of these rules according to their organization's security needs and email service requirements.

For existing ATP policies, administrators need to manually configure whether to apply all or partial pre-defined rules.

August 18, 2024 – Cloud Email and Collaboration Protection enhances its protection capabilities for Exchange Online by integrating user behavior analysis. Organizations that permit access to their Exchange Online data can further enable Cloud Email and Collaboration Protection to read activity data through the Microsoft Graph API and Office 365 Management API.

August 18, 2024 – Cloud Email and Collaboration Protection provides administrators with the flexibility to select custom time frames, ranging from days to months, for generating data in one-time reports, in addition to the fixed data periods.

August 15, 2024 — Server & Workload Protection and Endpoint Sensor now support deploying to Debian 12 endpoints. You can select the Debian 12 distribution when deploying a new agent in the Endpoint Inventory app. For details on supported Linux platforms, see Endpoint Agent System Requirements.

August 15, 2024 — Trend Vision One Network Security introduces a new page called Network Overview. This dashboard provides an at-a-glance perspective into your organization's network security posture, including an overview of the vulnerabilities reported by the different network products that Trend Vision One offers.

For more information, see Network Security.

August 12, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS US West (Oregon) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

August 12, 2024 — You can now access the new Cloud Overview dashboard, which provides a comprehensive summary of cloud assets. Additionally, the page previously known as "Cloud Posture Overview" has been renamed to "Compliance and Misconfiguration."

The Cloud Overview dashboard offers detailed insights into related risk findings, including misconfiguration, compliance, vulnerability, threats, identity risk, and data posture.

These updates ensure a more streamlined and informative experience, enabling you to quickly identify and address potential risks in your cloud environment.

For more information, see Cloud Posture.

Attack Surface Risk Management > Cloud Posture > Cloud Posture

August 12, 2024 — Cloud Email Gateway Protection adds Bypass Checks for approved senders in Sender Filter Settings. This allows you to determine which scanning criteria in Connection Filtering and Spam Filtering policies you want to apply on emails from approved senders.

August 12, 2024 — When end users click an inline action link in the quarantine digest notification, they're prompted to confirm on a dedicated page. This extra step ensures that actions are only taken with end users’ explicit consent, preventing unexpected access during notification transmission.

August 7, 2024 — Container Inventory allows users to organize their Kubernetes clusters into groups for enhanced control and streamlined management. Asset Visibility Scope supports this feature by allowing specific permissions to be assigned by groups, facilitating more efficient management of clusters.

For more information, see Container Inventory.

August 5, 2024—When using the Observed Attack Techniques search method in the Search app, you can learn more about the events detected in your environment with the help of Trend Companion.

For more information, see Trend Companion.

August 2, 2024 — You can now use the context menu to add IP addresses and domains to the Trusted Domain List, Trusted Service Source List, or Network Group List, enhancing future detections from connected Deep Discovery Inspector appliances and Virtual Network Sensors.

August 1, 2024 — Connected on-premises gateways in Zero Trust Secure Access Internet Access and AI Service Access can now operate in reverse proxy mode. With Internet Access, use reverse proxy mode to protect your general private applications using access control, threat protection, and data loss protection (DLP). With AI Service Access, use reverse proxy mode to protect your private generative AI services using AI Service Access and rate limiting rules, enabling content inspection, preventing prompt injection, and stopping potential denial-of-service attacks. Enable the new service mode in Internet Access and AI Service Access Configuration.

August 2, 2024 — Cloud Posture functionality has been expanded to support the following: