Container Security – ARM64 CPUs now supported

November 30, 2023 — Container Security now protects containers running on ARM CPUs with runtime security and runtime vulnerability scanning.

Container Security – Proxy support for Kubernetes clusters

November 30, 2023 — Container Security now supports proxy for Kubernetes clusters, providing a secure way to connect to the Trend Vision One backend. For more information, see Proxy support for Kubernetes clusters

Playbook execution results retained for 180 days

November 30, 2023 — Starting now, execution results and any pending actions will be available on the Execution Results tab for a period of 180 days. This change allows us to ensure the most relevant and recent data is always at your fingertips.
Workflow and AutomationSecurity Playbooks

Case Management now available

November 30, 2023 — Case Management is now available for public preview in the Trend Vision One platform. Case Management enables you to assign priority and ownership to cases containing both individual and correlated alerts from Workbench, and streamlines the start of your threat investigation and incident response workflows.
You can open cases directly from Workbench alerts or with any XDR playbook in Security Playbooks. In Forensics, you can use an existing case to automatically pull impacted endpoints into the related workspace. In addition, Case Viewer allows you to manage your cases while working in other apps.
For more information, see Case Management.
Workflow and AutomationCase Management

Cloud Accounts - AWS accounts automatically connect after stack deployment

November 20, 2023 — When adding a new AWS cloud account, the account automatically connects and registers to Trend Vision One after stack deployment in AWS completes. Connecting a new AWS account no longer requires copying the role ARN to complete the process. The new process requires using the latest version of the stack template.

Cloud Accounts supports deployment to AWS Organizations

November 20, 2023 — Add your AWS Organization to easily connect all the AWS accounts in your organization or organizational unit (OU) to Cloud Accounts. For more information, see Connecting AWS accounts.

New pricing model for Attack Surface Risk Management now available

November 20, 2023 — Trend Vision One now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by Trend Vision One is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.
If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Operations Dashboard, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Operations Dashboard, and Cloud Posture.
A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.
For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

Risk Insights renamed to Attack Surface Risk Management

November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Executive Dashboard, Attack Surface Discovery, Operations Dashboard, and Cloud Posture apps.

Graph View gives you contextual visibility over AWS-based assets

November 20, 2023 — Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.
Attack Surface Risk ManagementAttack Surface Discovery

Gain new visibility over your AWS APIs

November 20, 2023 — API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.
Attack Surface Risk ManagementAttack Surface Discovery

Enable Agentless Vulnerability & Threat Detection for Amazon EC2 instances

November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.
Attack Surface Risk ManagementExecutive Dashboard

Discover and assess internet-facing assets with Rescana

November 20, 2023 — Trend Vision One has traditionally discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One now supports a new data source for internet-facing assets — Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing assets.
Attack Surface Risk ManagementAttack Surface Discovery

Three security playbook templates merged and enhanced

November 13, 2020 — The “Run Custom Script,” “Samba vulnerability assessment,” and “Microsoft exchange vulnerability assessment” playbook templates have been consolidated into the new Endpoint Response Actions template, and their functionality has also been integrated into user-defined playbooks.
To learn how to create a user-defined playbook, see Creating Endpoint Response Actions playbooks.
Workflow and AutomationSecurity Playbooks

Operations Dashboard supports remediating and dismissing risk events

November 6, 2023 — To better align Trend Vision One with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Operations Dashboard. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.
Risk events for six of the eight risk factors can now be marked as one of the four following statuses:
  • New
  • In progress
  • Remediated
  • Dismissed
Remediated and dismissed risk events no longer contribute to your Risk Index.
When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.
XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures.
Attack Surface Risk ManagementOperations Dashboard

Observed Attack Techniques supports filtering by data source

November 6, 2023 — You can now filter security event information by data source in the Observed Attack Techniques app. Filtering by data source allows you to evaluate the individual data contribution of different Trend Vision One products.
XDR Threat InvestigationObserved Attack Techniques

The Search app supports threat hunting queries from Cyborg Security

November 10, 2023 — The Search app now supports threat hunting queries from Cyborg Security to facilitate identification of elusive IOAs in the environment. Moreover, users may view related intelligence reports to aid the understanding and resolution of cyber attacks.
XDR Threat InvestigationSearch