August 2023 | Trend Micro Service Central

New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available

August 28, 2023 — Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Israel in the AWS Middle East region.

For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Service Access Configuration

Virtual Network Sensor

August 28, 2023 — Virtual Network Sensor (formerly called Network Inspector virtual appliance) is now officially launched. Users can download the Virtual Network Sensor image from Network Inventory to deploy the sensor in their environment. Currently, Virtual Network Sensor supports VMware ESXi version 6.5 and above, VMware vCenter, and Red Hat Enterprise Linux 9.2 with KVM.

Network Security → Network Inventory

User-defined security playbooks for CVEs with Global Exploit Activity are available

August 21, 2023 — The Security Playbooks app made updates to the two CVEs with Global Exploit Activity playbook templates. It allows you to create the playbooks from scratch with a flexible workflow, while still allowing you to create the playbooks from a fully customizable template.

The updated playbook templates provide the following new filtering options to help mitigate risks posed by highly-exploitable CVEs on your managed assets for more fine-grained control:

Filter targets by more operating systems, vulnerability process status, and Trend solutions for prevention rules
Retrieve the number of assets targeted for the playbook right after the target configuration
Notify recipients of playbook results by individual CVE or all CVEs

For more information, see Creating CVEs with Global Exploit Activity playbooks.

Workflow and Automation → Security Playbooks

Windows agent features improved OS update detection

August 18, 2023 — The Trend Vision One Windows agent now checks for update build revision changes every 10 minutes. If an operating system update is detected, the agent triggers an automatic scan of the endpoint. The new process ensures that your endpoints always remain up to date and secure, minimizing potential risk from vulnerabilities and enhancing overall security.

Endpoint Security → Endpoint Inventory

Cloud Accounts app now available for pre-release preview

August 15, 2023 — Cloud Accounts consolidates the management and deployment of cloud security features in your environment across Trend Vision One apps. Cloud Accounts currently provides the following features for AWS accounts:

Core Features: Allows Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, assets in the account are visible in the Attack Surface Discovery app.
Container Protection for Amazon ECS: Deploys Trend Vision One - Container Security in your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments. Container Security uncovers threats and vulnerabilities, protects your runtime environment, and enforces deployment policies. Once connected, managed clusters are visible in the Container Inventory page.

Additional features and expanded support for additional public cloud providers are planned for Cloud Accounts in the future. For more information, see Cloud Accounts.

Service Management → Cloud Accounts

Observed Attack Techniques offers visibility into container attack information

August 15, 2023 — To facilitate the visibility of container attacks, the Observed Attack Techniques app has been updated to show all detected events with filter hits originating from container security point products. The app now lists the container name or ID under Associated Entity, providing customers with immediate insight into which entity was targeted. Customers are able to search events by container name, in addition to the existing search criteria.

XDR Threat Investigation → Observed Attack Techniques

Trend Vision One Container Security

August 15, 2023 — Container Security helps safeguard your containers throughout their entire life cycle. Container Security is accessible directly in the Trend Vision One console, offering an intuitive and seamless experience for our customers.

Feature

Description

End-to-End Container Protection

Container Security ensures the security of your containers from build to termination and provides you peace of mind as your containers remain shielded against evolving threats at every step.

Multi-Platform Support

With the ability to deploy and protect both Kubernetes clusters (multi-cloud and on-premises) and Amazon ECS, Container Security ensures consistent security across diverse environments.

Amazon EKS Integration

Link your Amazon EKS Kubernetes clusters with your AWS cloud account to enhance risk discovery, assessment, and mitigation with Attack Surface Risk Management (ASRM).

Vulnerability Scanning extended to support Amazon ECS

Vulnerability scans have been extended to support Amazon ECS in addition to Kubernetes, allowing you to take proactive measures to secure your environment.

Cluster Inventory View

Gain a clear and organized overview of your clusters' inventory, making it easier to manage and track resources effectively, including clusters, nodes, and pods.

Policy Management and Event Viewing

Effortlessly manage policies and rules, and monitor events all from the Trend Vision One console, streamlining security operations and workflows.

XDR Detections and Investigation

Detect, track, and investigate cross-layer threats and activities with Container Security's Extended Detection and Response (XDR) capabilities.

Note

XDR Detection and Investigation is available at no added cost during the pre-release preview but will become a separately licensed feature in the future.

Prioritized Vulnerability View

Prioritize the remediation of the most important risks with Attack Surface Risk Management, strengthening security posture by focusing on what matters most.

Cloud Security → Container Security

Risk Insights apps gain Tanium Comply as data source

August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.

Attack Surface Risk Management → Operations Dashboard

Security Dashboard adds five new widgets

August 14 — Five new widgets have been added to the Security Dashboard widget catalog:

Activity Data Statistics
Detection Statistics
Endpoint Statistics
Email Threat Detection Overview
Email Spam Detection Overview

The new widgets provide an overview of all activity data and detections, allowing users to spot issues involving endpoints and email security and then go deeper to pinpoint product connector or configuration errors. Find the new widgets in the XDR Threat Investigation and Email categories of the Security Dashboard widget catalog.

Dashboards and Reports → Security Dashboard

Connected endpoint protection

August 7, 2023 — Trend Vision One Endpoint Security provides better visibility by displaying all your connected endpoint protection products (both on-premises and SaaS) directly to the Endpoint Inventory screen and allows you direct linking to the related product consoles. You can also evaluate the new Endpoint Security protection by moving a subset of your agents from Trend Micro Apex One as a Service or Trend Cloud One Endpoint & Workload Security. After experiencing the single console benefits, you can update your SaaS offerings to Trend Vision One Endpoint Security.

You can also view endpoint policies for the following on-premises versions of Apex One and Deep Security.

Apex Central Patch 6 (B6511 or later)
Apex One SP1 Patch 1 (12380 or later)
Apex One (Mac) Patch 10 (3.5.7163 or later)

Deep Security (20.0.804 or later)

Note

The current version of Deep Security policies on Trend Vision One Endpoint Security does not display the enabled/disabled status for Device Control.

Tip

Trend Micro highly recommends you update your applications to the latest versions to ensure a seamless transition to Trend Vision One Endpoint Security.

Notifications implemented for disabled custom filters

August 1, 2023 — Notifications are now displayed for disabled custom filters. The notifications include the notification message that pops up in the Notification Center and the tooltip message displayed next to the filter name on the Custom Filter tab and the associated model name on the Custom Model tab.

XDR Threat Investigation → Detection Model Management