Attack Surface Risk Management

June 24, 2024 — Cloud Posture Terraform Template Scanner (TS) is now Generally Available with parity of coverage of the following resource types with Cloud Formation Template Scanner:

June 10, 2024 — Agentless Vulnerability & Threat Detection now includes the following enhancements:

• The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
• The deployed stack now has two version values, which are tracked separately.
• To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
• Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.

When you upgrade to the new release, the contents of the agentless S3 buckets, including intermediate results, and s3 access logs, will be deleted. This has no impact on any scan results already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection deployment costs.

June 13, 2024 — Users of cloud services may now enable Agentless Vulnerability and Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR images, and get greater visibility into your cloud asset-related security posture.

June 17, 2024 — Device asset profiles in Attack Surface Discovery are now able to display discovered basic hardware specifications such as manufacturer, model, CPU, RAM, and disk size. Find discovered details under the basic category within the device asset profile.

June 17, 2024 — As with risk events in other risk factors, you may now mark events in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new workflow helps streamline the process of managing risk events and CVEs.

June 17, 2024 — Detailed data on daily Risk Index fluctuations, including contributing risk factors, risk events, and assets, is now available in Operations Dashboard. Hover over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points each risk factor contributed to the change. Drill down to see individual risk events and a detailed daily timeline showing expired, new, remediated, and dismissed event instances.

June 17, 2024 — Vulnerability assessment has been enhanced to support SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

June 3, 2024 — You can now connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management. Use the new source to gain better visibility into user and group data, user activity data, and potential account misconfigurations. For more information, see Configuring data sources.

May 27, 2024 — To facilitate a higher-level overview, the Exposure, Attack, and Security Configuration Overview tabs in Executive Dashboard have been simplified to display current risk levels and risk scores for each category. In Risk Overview, view each category's contribution to the Risk Index at a glance, and get additional information about contributing risk factors and events from Risk Event Overview. Go to the tab for each risk category to quickly view the category's current risk level, and see contributing risk factors to more quickly prioritize risk reduction actions.

May 6, 2024 — View daily point increases and decreases of the Risk Index along with contributing risk factors now by hovering on the Risk Index graph in Executive Dashboard. Coming in June, clicking through to Operations Dashboard will take you to in-depth details on daily contributing risk events. Details now available for the Risk Index in Executive Dashboard include a breakdown of the points each risk factor has added or subtracted from the Risk Index since the previous day. In June, you may view all daily contributing risk events, including those that were resolved or mitigated, organized by risk factor. Use the detailed information provided to better understand your security posture and help prioritize risks in your environment.

May 6, 2024 — Vulnerability Assessment enhancements now allow the service to collect information on Red Hat Enterprise Linux 8 modules and Red Hat Enterprise Linux 9 containers. The expanded capabilities enable more comprehensive visibility and granular analysis, strengthening your container security and allowing you to more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

May 8, 2024 — Cloud Posture now supports Real-Time Posture Monitoring previously titled Real-Time Threat Monitoring (RTM) for AWS accounts connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while connecting a new AWS account and organization or turn the feature on for existing AWS accounts or organizations.

April 15, 2022 — Thanks to several backend improvements, data for your internet-facing assets are now updated more often. The increased update frequency allows you to better assess your attack surface in Attack Surface Discovery, particularly after removing domains and IP addresses and renewing certificates, and improves the accuracy of risk events created in Operations Dashboard. For more information, see Internet-Facing Assets.

April 22, 2024 — the Vulnerability Assessment service available in Attack Surface Risk Management now supports scanning language packages used in your ECR container images. For information on supported languages, see Vulnerability Assessment supported language packages.

April 22, 2024 — The Operations Dashboard Weekly Digest has been terminated for subscribers, and the subscription entry for the weekly digest has been removed from Notifications. Former subscribers can now receive n automatically generated weekly report based on the Risk Factors template, providing a detailed picture of current organization risks. Settings for the weekly report can be managed in the Reports app.

April 8, 2024 — The Security Configuration index now supports Virtual Network Sensor visibility in the Network Security tab. You can view sensor deployment status and key feature adoption rate. For sensors not configured as expected, click the displayed number of sensors to drill down to the Reports app and generate reports with detailed information.

April 8, 2024 — You may now integrate Medigate as a data source in Attack Surface Risk Management to gain access to device information and vulnerabilities detected by Medigate. Connect your Medigate account in Data Sources.

April 8, 2024 — In addition to the Dismissed and Remediated statuses, an Accepted status is now available for reported risk events in Operations Dashboard. Marking a risk event as Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate it at this time. Risk events marked as Accepted still contribute to your Risk Index. Create accepted risk event rules when marking a risk event as Accepted to mark all current and future instances of the risk event as Accepted within a specified time period.

March 28, 2024 — Accounts and Template Scanner Public APIs for Cloud Posture now available on Trend Vision One Automation Center. See the Automation Center for more information.

March 25, 2024 — You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.

March 25, 2024 — The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.

March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in Trend Vision One — Container Security and enable to scan for vulnerabilities in related Kubernetes container images.

March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.

March 5, 2024 — The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. Trend Micro recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.

February 26, 2024 — In line with enhancements to the visualization of asset relationships in Attack Surface Discovery, the asset graph feature in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings, helping you assess your organization's security posture.

February 19, 2024 — You can now change the status of risk events when viewing them by risk factor in Operations Dashboard. This applies to all risk factor types except XDR Detections and Vulnerabilities. Development is ongoing to support these two risk factor types.

February 19, 2024 — The cloud app profile screen in Attack Surface Discovery now displays the following additional information:

• The encryption ciphers used by the cloud app
• The latest version of the communications protocol used by the app
• Whether the cloud app uses a trusted certificate
• Whether the cloud app allows for IP address access control

February 14, 2024 — Cloud Posture no longer supports the following compliance standards:

These five standards are no longer accessible in filters, which prevents the creation of new reports and report configurations. You can no longer generate new PDF or CSV reports using existing report configurations that include any of the five standards. However, any PDF or CSV reports generated before support was ended remain available.

Please update your report configurations to use the latest versions of CIS Benchmarks.

February 7, 2024 — You can now track the costs of Agentless Vulnerability & Threat Detection by enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable this capability. For more information, see Agentless Vulnerability & Threat Detection deployment costs.

January 15, 2024 — Executive Dashboard now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Trend Micro Email Security and shows the protection status and key feature adoption rates for your email domains.

When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.

January 15, 2024 — Executive Dashboard now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.

When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.

January 15, 2024 — In addition to manually creating training campaigns for your users in the Security Awareness app, you can now also initiate campaigns from the Attack Surface Discovery, Operations Dashboard, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide security awareness training focused specifically on at-risk users.

When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.

In Operations Dashboard, the remediation steps for some types of risk events — such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness training.

The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Campaign button.

December 18, 2023 — Operations Dashboard now features Event Rule Management: a centralized location for you to manage risk event rules.

When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.

Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

December 18, 2023 — The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.

December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.

December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.

December 4, 2023 — Trend Vision One now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.

The ability to add seed IP addresses is only available for customers using a Trend Micro solution as the data source for internet-facing assets and that do not have an active trial for Attack Surface Risk Management.

November 20, 2023 — Trend Vision One now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by Trend Vision One is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.

If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Operations Dashboard, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Operations Dashboard, and Cloud Posture.

A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.

For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Executive Dashboard, Attack Surface Discovery, Operations Dashboard, and Cloud Posture apps.

November 20, 2023 — Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.

November 20, 2023 — API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.

November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.

For more information, see Agentless Vulnerability & Threat Detection.

November 20, 2023 — Trend Vision One has traditionally discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One now supports a new data source for internet-facing assets — Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing assets.

November 6, 2023 — To better align Trend Vision One with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Operations Dashboard. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.

Risk events for six of the eight risk factors can now be marked as one of the four following statuses:

Remediated and dismissed risk events no longer contribute to your Risk Index.

When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.

XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures.

October 23, 2023 — New risk events demonstrate potential attack paths that originate from the internet or potentially compromised cloud assets. These potential attack paths are visualized to help you identify and prioritize risks.

October 23, 2023 — Cloud asset profiles now feature an asset graph illustrating the relationships of cloud assets. The visualization showcases how identities access cloud resources, as well as traffic routing and other relationships, helping you to prioritize risks associated with your cloud assets.

October 23, 2023 — Customers that have enabled XDR sensors can now access a free version of asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights capabilities. When viewing the profile of an endpoint, account or cloud asset in a Workbench alert, click View asset risk assessment in Attack Surface Discovery to see the asset's risk assessment and asset profile in Attack Surface Discovery.

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.

The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.

The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.

In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.

August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.

July 24, 2023 — Vulnerability Assessment is now available for the following Linux operating systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.

For details, see Vulnerability Assessment supported operating systems.

July 4, 2023 — Risk Insights capabilities are now a paid feature. You must purchase a license or allocate sufficient credits for Risk Insights to access Operations Dashboard and Attack Surface Discovery.

If you have not purchased a license or allocated credits to Risk Insights, you can start a 30-day free trial when you attempt to access Operations Dashboard or Attack Surface Discovery. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery after your trial ends, contact your sales representative in advance to prepare a license or credits for Risk Insights. You can configure Trend Vision One to automatically allocate credits to Risk Insights capabilities at the end of your free trial period.

July 3, 2023 — The Cloud Apps tab of the Attack Surface Discovery app now features a new Artificial Intelligence category for cloud apps based on artificial intelligence technology. The Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned state, breach warnings, and last detected. In addition, you can now assign Internet Access rules by selecting cloud apps and clicking Assign Secure Access Rule.

June 21, 2023 — Attack Surface Discovery now provides asset graph support for service accounts. The asset graph provides detailed information about the service account and its relationships and interactions with other assets in your organization. The service account might also appear in the asset graph of other assets.

June 21, 2023 — As Risk Insights capabilities become a paid feature on July 4, 2023, credit usage data is now displayed in Risk Insights apps. You can view your current credit balance and estimate future credit usage. To ensure uninterrupted access to Operations Dashboard and Attack Surface Discovery, activate the "auto-allocate credits" toggle to enable Trend Vision One to automatically allocate credits to Risk Insights capabilities when the complimentary period ends.

June 5, 2023 — Risk Insights has applied a significant update to the Risk Index algorithm for all customers. The algorithm now places a greater importance on Attack Detection. Periodic algorithm updates are part of our continuous effort to optimize the risk algorithm to provide you with an accurate, timely, and actionable Risk Index.

For more details, see Risk Index algorithm updates.

The Operations Dashboard now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.

Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.

Risk Insights monitors your Trend Micro security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.

In the Exposure Overview tab of the Executive Dashboard, clicking View Details in widgets now redirects you to the Operations Dashboard for more detailed information.

In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into the Operations Dashboard.

In the Attack Overview tab of the Executive Dashboard, the General Detection Summary widgets have moved to the Security Dashboard for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. Trend Micro leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.

Customers with multiple Azure AD tenants can now have full visibility of accounts on all tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights apps.

All Risk Insights capabilities are now officially released and can be purchased alongside XDR as part of the Trend Vision One platform. Contact your sales representative to discuss your license transition period options.

For more details on the licensing and product experience for Risk Insights, see Credit requirements for Trend Vision One apps and services.