Views:

Zero Trust Secure Access on-premises gateway supports consolidated FQDN for Smart Protection Network services

November 18, 2024—The Zero Trust Secure Access - Internet Access On-premises Gateway now integrates the Smart Protection Network Proxy for SPN-related service connections. This reduces the number of FQDN items required for firewall exceptions. For more details refer to Firewall exception requirements for Trend Vision One .
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access adds PoP site in AWS US West (Oregon)

August 12, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS US West (Oregon) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Protect private general and generative AI service applications using on-premises gateways in reverse proxy mode for Zero Trust Secure Access Internet and AI Service Access

August 1, 2024 — Connected on-premises gateways in Zero Trust Secure Access Internet Access and AI Service Access can now operate in reverse proxy mode. With Internet Access, use reverse proxy mode to protect your general private applications using access control, threat protection, and data loss protection (DLP). With AI Service Access, use reverse proxy mode to protect your private generative AI services using AI Service Access and rate limiting rules, enabling content inspection, preventing prompt injection, and stopping potential denial-of-service attacks. Enable the new service mode in Internet Access and AI Service Access Configuration.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Disable Zero Trust Secure Access pop-up notifications in Mac and Windows

July 15, 2024 — Users can now turn off Private Access system alerts for blocked access attempts from Secure Access Module settings. While pop-ups are disabled, a complete log of blocked events remains accessible within the module.
Zero Trust Secure Access Secure access configuration
For more Information, see Secure Access Module deployment.

Zero Trust Secure Access enhanced support for on-premises AD servers

July 15, 2024 — The Zero Trust Internet Access On-Premises Gateway service now supports multiple on-premises AD server integrations for NTLMv2 or Kerberos authentication.
Zero Trust Secure Access Secure Access Configuration Internet Access Configuration

Introducing AI Service Access from Zero Trust Secure Access

June 17, 2024 — Secure user access to public generative AI services through AI Service Access. Prevent sensitive data leakage, prompt injection, and more while allowing your users to take advantage of AI capabilities. Enable AI Service Access and get centralized management of public AI service usage in your organization, advanced content filtering to ensure you meet compliance requirements, and keep malicious responses from affecting your environment. Go to Zero Trust Secure AccessSecure Access Overview to deploy the feature.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access adds PoP site in AWS Spain region

May 20, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS Europe (Spain) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Configure custom ports for Internet Access On-Premises Gateway services

March 25, 2024 — Users may now change the default ports for services such as data proxy, authentication proxy, and ICAP/ICAPS services configured on the Internet Access On-Premises Gateway. Configure custom ports from Service Gateway Management. For more information, see Service Gateway services.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

New PoP site serving the AWS Middle East and Africa region

March 25, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS Middle East and Africa Region. Users in the region may configure their service FQDNs to reflect the new location.
For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access enables selected private IP addresses to bypass authentication on cloud and on-premises gateways

March 11, 2024 — You may now allow endpoints to bypass user authentication on configured cloud and on-premises gateways. To bypass user authentication, endpoints must connect using a private IP address specified by the administrator. When connecting to the internet through an Internet Access gateway, endpoints using the specified private IP addresses are included as a user in the Internet Access user count for credit calculation. This feature is not available on the default cloud gateway when connecting outside of defined locations.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access now supports Wintun as a service mode for traffic forwarding on Windows Secure Access Modules

March 11, 2024 — Zero Trust Secure Access has added support for the Wintun TUN adapter in the available service modes for traffic forwarding on Windows Secure Access Modules. Select the TUN (Wintun) service mode in the Secure Access Module global settings if your users' devices require greater traffic throughput.
Zero Trust Secure AccessSecure Access Module

Zero Trust Secure Access enables additional authentication to Private Access

February 26, 2024 — Users may now require additional authentication to Private Access after authenticating on endpoints with the Secure Access Module. Enabling the new feature overrides the default behavior of authenticating users to Internet Access and Private access at the same time, allowing for the use of Private Access only on demand. For more Information, see Secure Access Module.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Zero Trust Secure Access Private Access and Internet Access now supports custom service status on individual endpoints

January 29, 2024 — Zero Trust Secure Access now allows users to set the service status for Internet Access and Private Access on single endpoints. Users may choose to align the service status for the endpoint with the current global configuration or choose to never enable either service on selected endpoints. Configure endpoints from the endpoint list on the Secure Access Module screen.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Zero Trust Secure Access now supports devices managed by custom MDM solutions or no MDM solution

January 29, 2024 — In addition to Microsoft Intune-managed devices the Zero Trust Secure Access mobile module can now be deployed to all managed or unmanaged mobile devices, allowing you to secure more mobile endpoints. If you do not currently have an MDM solution, the mobile module supports deployment through Mobile Device Director. For more information, see Deploying the Secure Access Module to Mobile Devices.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Zero Trust Secure Access now supports local user groups

January 29, 2024 — Zero Trust Secure Access now supports local user account management both individually and by assigned groups. You may assign local users to one or more local user groups, allowing you to apply access rules by group. For more information, see Local user account management.
Zero Trust Secure AccessSecure Access ConfigurationIdentity and Access Management
December 18, 2023 — In addition to integration with third-party identity and access management providers, Zero Trust Secure access now supports the addition and maintenance of local user accounts. Administrators may import lists of local user emails to serve as the basis for local user accounts, or the accounts may be added manually.
Zero Trust Secure AccessSecure Access ConfigurationIdentity and Access Management

AWS Italy region has new PoP site for Internet Access Cloud Gateway in Zero Trust Secure Access

October 24, 2023 — Zero Trust Secure Access has launched a new PoP site for Internet Access Cloud Gateway in the AWS Italy region. For details on available PoP sites for Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access Internet Access supports Kerberos authentication with on-premises Active Directory servers

October 9, 2023 — In addition to NTLM v2 authentication, Zero Trust Secure Access Internet access now supports Kerberos as an authentication service for single sign-on with on-premises Active Directory servers. Find and configure the new method in the Global Settings of Internet Access Configuration.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Microsoft Purview Information Protection integration with Zero Trust Secure Access Internet Access

September 11, 2023 — Zero Trust Secure Access Internet Access has extended its Data Loss Prevention capability by integrating with Microsoft Purview Information Protection. You can now synchronize your published sensitivity labels and add them into Data Loss Prevention rules to let Internet Access block protected files with sensitivity labels from being sent outside your organization.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access now supports Deep Discovery Analyzer integration

September 11, 2023 — Internet Access on-premises gateways in Zero Trust Secure Access now offer integration with your existing Deep Discovery Analyzer appliances. In addition to cloud sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer appliances for analysis after integration. See the settings of your Internet Access on-premises gateways to start using the feature.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access adds update module feature to endpoint list

September 11, 2023 — Zero Trust Secure Access users can now update the Secure Access Modules deployed to endpoints directly from the endpoint list. Selecting Update module from the Manage module menu allows you to update modules on specified endpoints to the versions configured in Module Version Management. See the Endpoints tab in Secure Access Module to use the feature.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available

August 28, 2023 — Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Israel in the AWS Middle East region.
For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access Internet Access supports bandwidth control for On-premises Gateways

July 31, 2023 — The Zero Trust Secure Access - Internet Access On-premises Gateway now supports bandwidth control for specified URLs on both downstream and upstream traffic.
For more information, see Configuring bandwidth control
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access Internet Access supports ICAP integration for On-premises Gateways

July 17, 2023 — The Zero Trust Secure Access - Internet Access On-Premises Gateway now supports enabling ICAP integration in addition to the default proxy mode. ICAP integration can be configured from the Internet Access ConfigurationGateway page.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

System log enhancements and unusual status alerts for Zero Trust Secure Access Internet Access

July 3, 2023 — Zero Trust Secure Access Internet Access now maintains system logs to provide summaries about Internet Access On-Premises Gateway events that occurred, including gateway connection status change, service version update, and SSO authentication proxy status change.
You can also configure alerts to send notifications when the status of an on-premises gateway changes to "Unhealthy", or when the on-premises gateway that serves as the authentication proxy for SSO is disconnected from your on-premises Active Directory server. For more information, see Internet Access gateways and corporate network locations.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access Internet Access supports Artificial Intelligence category for cloud app filtering

July 3, 2023 — Zero Trust Secure Access Internet Access now supports a new cloud app category "Artificial Intelligence" evaluated by Cloud Reputation Services. This allows you to easily filter out generative AI-based cloud apps when adding custom cloud app categories and create Risk rules and Internet Access rules to control users' access to these cloud apps.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Secure Access Module can be deployed on the endpoints managed by Trend Vision One Endpoint Security

July 3, 2023 — Customers that have updated to Trend Vision One Endpoint Security can now install the Secure Access Module on the following endpoints with supported operating systems: Standard Endpoint Protection endpoints, Server & Workload Protection endpoints, and Sensor only endpoints.
Other features available for the Secure Access Module can also be applied to the endpoints, such as removing the module or replacing the PAC file.
Zero Trust Secure AccessSecure Access ConfigurationSecure Access Module

Zero Trust Secure Access adds customized DLP templates for Internet Access

June 19, 2023 — To strengthen the data loss prevention capability of Internet Access, Zero Trust Secure Access supports customized Data Loss Prevention (DLP) templates and customized DLP data identifiers including expressions, file attributes, and keywords. Administrators can add customized DLP templates using either predefined or customized DLP data identifiers, create DLP rules to include customized DLP templates, and then apply them to Internet Access rules to scan outbound web traffic against accidental data disclosure and intentional theft.
For more information, see Data loss prevention rules.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access supports SMB protocol for Private Access

June 19, 2023 — Administrators can add the organization's private applications that use the Server Message Block (SMB) protocol to the internal apps list. This allows Private Access to control users' access to these applications through the Secure Access Module.
Zero Trust Secure AccessSecure Access ConfigurationPrivate Access Configuration

Zero Trust Secure Access adds service mode configuration for internet access

The Secure Access Module can now configure the service mode for the internet access service of Trend Vision One, facilitating the selection of the proper configuration for your endpoints. Adaptive mode is selected by default to assist you in automatically configuring the proper mode for endpoint internet access.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Log collection available in Zero Trust Secure Access agent console

The Zero Trust Secure Access agent can now collect debug logs to make troubleshooting more convenient for users. The agent console features a new button for users to initiate log collection. When debug logging is enabled, the log will include diagnostic information to assist with troubleshooting end users' issues.
Zero Trust Secure AccessSecure Access Overview

Zero Trust Secure Access Internet Access On-Premises Gateway supports syslog forwarding

Zero Trust Secure Access Internet Access On-Premises Gateway now supports forwarding activity logs in the Common Event Format (CEF) to a designated syslog server.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access Internet Access supports sandboxing integration

Zero Trust Secure Access Internet Access now supports sandbox integration as part of a public preview, allowing you to automatically submit suspicious files to the Sandbox Analysis app.
Note
Note
You must set a daily reserve of more than zero to enable the automatic submission of suspicious files to the Sandbox Analysis app.
For instructions on setting a daily reserve, see Submission Settings Configuration.
For more information, see Adding a threat protection rule.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Zero Trust Secure Access Internet Access supports NTLM v2 authentication

Zero Trust Secure Access Internet Access now supports transparently authenticating end users on your on-premises Active Directory server using the NTLM v2 protocol, with an Internet Access On-Premises Gateway acting as the authentication proxy server.
For more information, see Global settings.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Application discovery is available for Zero Trust Secure Access Private Access

Application discovery identifies domains and IP addresses accessed over the past 14 days, helping you determine which internal applications are being used in your organization's network. To facilitate the configuration of access rules, this feature also identifies users who have accessed the internal applications and recommends the most likely user groups.
Zero Trust Secure AccessSecure Access ConfigurationPrivate Access Configuration

New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available

Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Bahrain in the AWS Middle East region.
For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration

Enhancement to Internet Access On-Premises Gateway

If your organization uses a third-party proxy server to access the internet, you can now configure the proxy server as the upstream proxy to connect your deployed Internet Access On-Premises Gateway to the internet.
For details on configuring upstream proxy for an Internet Access On-Premises Gateway, see Deploying an Internet Access On-Premises Gateway.
Zero Trust Secure AccessSecure Access ConfigurationInternet Access and AI Service Access Configuration