Views:

Network Security supported in Executive Dashboard Security Configuration

April 8, 2024 — The Security Configuration index now supports Virtual Network Sensor visibility in the Network Security tab. You can view sensor deployment status and key feature adoption rate. For sensors not configured as expected, click the displayed number of sensors to drill down to the Reports app and generate reports with detailed information.
Attack Surface Risk ManagementExecutive Dashboard

Medigate supported as a new data source for Attack Surface Risk Management

April 8, 2024 — You may now integrate Medigate as a data source in Attack Surface Risk Management to gain access to device information and vulnerabilities detected by Medigate. Connect your Medigate account in Data Sources.
Attack Surface Risk ManagementAttack Surface Discovery

Accept reported risk events

April 8, 2024 — In addition to the Dismissed and Remediated statuses, an Accepted status is now available for reported risk events in Operations Dashboard. Marking a risk event as Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate it at this time. Risk events marked as Accepted still contribute to your Risk Index. Create accepted risk event rules when marking a risk event as Accepted to mark all current and future instances of the risk event as Accepted within a specified time period.
Attack Surface Risk ManagementOperations Dashboard

Cloud Posture to Support New Public APIs

March 28, 2024 — Accounts and Template Scanner Public APIs for Cloud Posture now available on Trend Vision One Automation Center. See the Automation Center for more information.
Attack Surface Risk ManagementCloud PostureCloud Posture Overview

Customize columns in Attack Surface Discovery asset lists

March 25, 2024 — You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.
Attack Surface Risk ManagementAttack Surface Discovery

View data sources for discovered accounts in Attack Surface Discovery

March 25, 2024 — The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.
Attack Surface Risk ManagementAttack Surface Discovery

Scan for vulnerabilities in your Amazon ECR and self-managed Kubernetes container images

March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in Trend Vision One — Container Security and enable to scan for vulnerabilities in related Kubernetes container images.
Attack Surface Risk ManagementExecutive Dashboard

View endpoint group names on the device list in Attack Surface Discovery

March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.
Attack Surface Risk ManagementAttack Surface Discovery

Cloud Posture to support latest Azure framework standard

March 5, 2024 — The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. Trend Micro recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.
Attack Surface Risk ManagementCloud PostureCloud Posture Overview

Asset relationship visualizations emphasize risk management

February 26, 2024 — In line with enhancements to the visualization of asset relationships in Attack Surface Discovery, the asset graph feature in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings, helping you assess your organization's security posture.
Attack Surface Risk ManagementAttack Surface Discovery

Manage risk events by risk factor in Operations Dashboard

February 19, 2024 — You can now change the status of risk events when viewing them by risk factor in Operations Dashboard. This applies to all risk factor types except XDR Detections and Vulnerabilities. Development is ongoing to support these two risk factor types.
Attack Surface Risk ManagementOperations Dashboard

Gain better visibility into the security configuration of cloud apps

February 19, 2024 — The cloud app profile screen in Attack Surface Discovery now displays the following additional information:
  • The encryption ciphers used by the cloud app
  • The latest version of the communications protocol used by the app
  • Whether the cloud app uses a trusted certificate
  • Whether the cloud app allows for IP address access control
Attack Surface Risk ManagementAttack Surface Discovery

Cloud Posture removes support for outdated standards

February 14, 2024 — Cloud Posture no longer supports the following compliance standards:
  • CIS Amazon Web Services Foundations Benchmark v1.2.0
  • CIS Amazon Web Services Foundations Benchmark v1.3.0
  • CIS Amazon Web Services Foundations Benchmark v1.4.0
  • CIS Microsoft Azure Foundations Benchmark v1.1.0
  • CIS Google Cloud Platform Foundation Benchmark v1.2.0
These five standards are no longer accessible in filters, which prevents the creation of new reports and report configurations. You can no longer generate new PDF or CSV reports using existing report configurations that include any of the five standards. However, any PDF or CSV reports generated before support was ended remain available.
Please update your report configurations to use the latest versions of CIS Benchmarks.
Attack Surface Risk ManagementCloud PostureCloud Posture Overview

Agentless Vulnerability & Threat Detection supports cost tracking

February 7, 2024 — You can now track the costs of Agentless Vulnerability & Threat Detection by enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable this capability. For more information, see Agentless Vulnerability & Threat Detection deployment costs.
Attack Surface Risk ManagementExecutive Dashboard

Security Configuration features enhanced email security

January 15, 2024 — Executive Dashboard now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Trend Micro Email Security and shows the protection status and key feature adoption rates for your email domains.
When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.
Attack Surface Risk ManagementExecutive Dashboard

Security Configuration supports network security

January 15, 2024 — Executive Dashboard now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.
When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.
Attack Surface Risk ManagementExecutive Dashboard

Create Security Awareness training campaigns targeting at-risk users

Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-features.
January 15, 2024 — In addition to manually creating training campaigns for your users in the Security Awareness app, you can now also initiate campaigns from the Attack Surface Discovery, Operations Dashboard, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide security awareness training focused specifically on at-risk users.
When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.
In Operations Dashboard, the remediation steps for some types of risk events — such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness training.
The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Campaign button.
Attack Surface Risk ManagementSecurity Awareness

Manage all event rules in one place

December 18, 2023 — Operations Dashboard now features Event Rule Management: a centralized location for you to manage risk event rules.
When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.
Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

Visualize your Azure asset relationships

December 18, 2023 — The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.
Attack Surface Risk ManagementAttack Surface Discovery

Vulnerability Assessment on Windows Server 2012/Windows Server 2012 R2 endpoints

December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.
Attack Surface Risk ManagementExecutive Dashboard
Attack Surface Risk ManagementOperations Dashboard

Agentless Vulnerability & Threat Detection Resources Gain Tagging

December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.
Attack Surface Risk ManagementOperations Dashboard

Manually add IP addresses to discover internet-facing assets

December 4, 2023 — Trend Vision One now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.
The ability to add seed IP addresses is only available for customers using a Trend Micro solution as the data source for internet-facing assets and that do not have an active trial for Attack Surface Risk Management.
Attack Surface Risk ManagementAttack Surface Discovery

New pricing model for Attack Surface Risk Management now available

November 20, 2023 — Trend Vision One now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by Trend Vision One is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.
If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Operations Dashboard, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Operations Dashboard, and Cloud Posture.
A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.
For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

Risk Insights renamed to Attack Surface Risk Management

November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Executive Dashboard, Attack Surface Discovery, Operations Dashboard, and Cloud Posture apps.

Graph View gives you contextual visibility over AWS-based assets

November 20, 2023 — Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.
Attack Surface Risk ManagementAttack Surface Discovery

Gain new visibility over your AWS APIs

November 20, 2023 — API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.
Attack Surface Risk ManagementAttack Surface Discovery

Enable Agentless Vulnerability & Threat Detection for Amazon EC2 instances

November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.
Attack Surface Risk ManagementExecutive Dashboard

Discover and assess internet-facing assets with Rescana

November 20, 2023 — Trend Vision One has traditionally discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One now supports a new data source for internet-facing assets — Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing assets.
Attack Surface Risk ManagementAttack Surface Discovery

Operations Dashboard supports remediating and dismissing risk events

November 6, 2023 — To better align Trend Vision One with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Operations Dashboard. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.
Risk events for six of the eight risk factors can now be marked as one of the four following statuses:
  • New
  • In progress
  • Remediated
  • Dismissed
Remediated and dismissed risk events no longer contribute to your Risk Index.
When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.
XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures.
Attack Surface Risk ManagementOperations Dashboard

New risk events highlight potential attack paths for cloud assets

October 23, 2023 — New risk events demonstrate potential attack paths that originate from the internet or potentially compromised cloud assets. These potential attack paths are visualized to help you identify and prioritize risks.
Attack Surface Risk ManagementOperations Dashboard

Asset graph visualizes cloud asset relationships

October 23, 2023 — Cloud asset profiles now feature an asset graph illustrating the relationships of cloud assets. The visualization showcases how identities access cloud resources, as well as traffic routing and other relationships, helping you to prioritize risks associated with your cloud assets.
Attack Surface Risk ManagementAttack Surface Discovery

Attack Surface Discovery asset profiles available free for XDR customers

October 23, 2023 — Customers that have enabled XDR sensors can now access a free version of asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights capabilities. When viewing the profile of an endpoint, account or cloud asset in a Workbench alert, click View asset risk assessment in Attack Surface Discovery to see the asset's risk assessment and asset profile in Attack Surface Discovery.
Attack Surface Risk ManagementAttack Surface Discovery

Manually modify asset criticality in Risk Insights

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.
Attack Surface Risk ManagementAttack Surface Discovery

Asset graph improvements enhance effectiveness

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.
The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.
The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.
In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights apps gain Tanium Comply as data source

August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.
Attack Surface Risk ManagementOperations Dashboard

Vulnerability Assessment for Linux users

July 24, 2023 — Vulnerability Assessment is now available for the following Linux operating systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights capabilities require a license or credits

July 4, 2023 — Risk Insights capabilities are now a paid feature. You must purchase a license or allocate sufficient credits for Risk Insights to access Operations Dashboard and Attack Surface Discovery.
If you have not purchased a license or allocated credits to Risk Insights, you can start a 30-day free trial when you attempt to access Operations Dashboard or Attack Surface Discovery. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery after your trial ends, contact your sales representative in advance to prepare a license or credits for Risk Insights. You can configure Trend Vision One to automatically allocate credits to Risk Insights capabilities at the end of your free trial period.
Attack Surface Risk ManagementOperations Dashboard
Attack Surface Risk ManagementAttack Surface Discovery

Advanced filtering and ability to assign secure access rules added to Cloud Apps

July 3, 2023 — The Cloud Apps tab of the Attack Surface Discovery app now features a new Artificial Intelligence category for cloud apps based on artificial intelligence technology. The Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned state, breach warnings, and last detected. In addition, you can now assign Internet Access rules by selecting cloud apps and clicking Assign Secure Access Rule.
Attack Surface Risk ManagementAttack Surface Discovery

Asset graph for service accounts

June 21, 2023 — Attack Surface Discovery now provides asset graph support for service accounts. The asset graph provides detailed information about the service account and its relationships and interactions with other assets in your organization. The service account might also appear in the asset graph of other assets.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights support for Trend Vision One credits

June 21, 2023 — As Risk Insights capabilities become a paid feature on July 4, 2023, credit usage data is now displayed in Risk Insights apps. You can view your current credit balance and estimate future credit usage. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery, activate the "auto-allocate credits" toggle to enable Trend Vision One to automatically allocate credits to Risk Insights capabilities when the complimentary period ends.
Attack Surface Risk Management

Significant update to the Risk Index algorithm

June 5, 2023 — Risk Insights has applied a significant update to the Risk Index algorithm for all customers. The algorithm now places a greater importance on Attack Detection. Periodic algorithm updates are part of our continuous effort to optimize the risk algorithm to provide you with an accurate, timely, and actionable Risk Index.
Important
Important
Algorithm updates can result in a sudden and significant increase to asset risk scores and the Risk Index. A sharp increase in the Risk Index that directly coincides with an algorithm update can be considered the result of the algorithm change.
For more details, see Risk Index algorithm updates.
Attack Surface Risk ManagementOperations Dashboard

Operations Dashboard monitors new risk factors

The Operations Dashboard now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.
Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.
Risk Insights monitors your Trend Micro security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.
Attack Surface Risk ManagementOperations Dashboard

Executive Dashboard widgets reorganized

In the Exposure Overview tab of the Executive Dashboard, clicking View Details in widgets now redirects you to the Operations Dashboard for more detailed information.
In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into the Operations Dashboard.
In the Attack Overview tab of the Executive Dashboard, the General Detection Summary widgets have moved to the Security Dashboard for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:
  • Detections by Attack Type
  • Mitigated Events by Attack Type
  • Detections by Protection Layer
  • Workbench Alert Tracking
Note
Note
You must enable Risk Insights capabilities to access the Operations Dashboard and the Security Dashboard. For more information, see Credit requirements for Trend Vision One apps and services.
Attack Surface Risk ManagementExecutive Dashboard

Attack Surface Discovery presents data sources for discovered devices

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. Trend Micro leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.
Attack Surface Risk ManagementAttack Surface Discovery

Risk Insights supports multiple Azure AD tenants

Customers with multiple Azure AD tenants can now have full visibility of accounts on all tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights apps.
Attack Surface Risk Management

Risk Insights official release

All Risk Insights capabilities are now officially released and can be purchased alongside XDR as part of the Trend Vision One platform. Contact your sales representative to discuss your license transition period options.
For more details on the licensing and product experience for Risk Insights, see Credit requirements for Trend Vision One apps and services.
Attack Surface Risk Management