What's New

The following new features are available in Cloud App Security.

Table 1. New Features in This Release (Available on August 29, 2021)

Feature

Description

Dedicated actions for Salesforce files

Cloud App Security allows Salesforce admins to set actions separately for files in the Web Reputation and Data Loss Prevention security filters. In addition, Cloud App Security adds a new action "Tag file name" for file detections in all the supported security filters, which allows users to be aware of any risky file uploaded.

Blocked SHA-256 values list

Cloud App Security adds this list for Exchange Online to specify blocked SHA-256 hash values through the Threat Remediation API. Email messages with attachments that match any item in the list will be automatically quarantined by Cloud App Security.

Support for approved header fields with the same name but different values

Cloud App Security allows Exchange Online admins to add multiple approved header fields with the same name but different values in the Advanced Spam Protection and Web Reputation security filters and Global Settings.

SHA-256 values supported for suspicious objects

Cloud App Security can take actions on suspicious objects based on the specified SHA-256 hash value.

Table 2. New Features Available on August 1, 2021

Feature

Description

Official release of protection for Microsoft Teams Chat

Cloud App Security officially supports protection for Microsoft Teams Chat by providing real-time Advanced Threat Protection and Data Loss Prevention for files and sensitive data sent in Chat messages.

Manual scan is not applicable for Teams Chat.

Table 3. New Features Available on June 27, 2021

Feature

Description

One Trend Micro Account to manage multiple service provider tenants

Cloud App Security allows the admin to use one single Trend Micro Account (a CLP or LMP account) to secure your cloud services if you maintain multiple tenants assigned by a service provider, for example, Microsoft Azure AD tenants or Salesforce orgs.

On the management console, a default organization will be automatically created for new and existing customers. You can use the default organization or create new organizations to provision services. This enables you to manage and visualize the security posture across all your tenants' services.

This feature is applicable to all the services that Cloud App Security currently supports, that is, Exchange Online, SharePoint Online, OneDrive, Microsoft Teams (Teams and Chat), Box, Dropbox, Google Workspace (Gmail and Google Drive), Salesforce, and Exchange Server.

Malware Scanning feedback collection enhancement

If the admin permits, Cloud App Security collects more suspicious file information in the Malware Scanning security filter to improve the detection capabilities of not only the Predictive Machine Learning engine (currently supported), but also the virus scan engine.

Table 4. New Features Available on May 23, 2021

Feature

Description

Protection for Microsoft Teams Chat (Preview)

Besides Teams in Microsoft Teams, Cloud App Security further supports Chat in Microsoft Teams and provides real-time Advanced Threat Protection and Data Loss Prevention for files and sensitive data sent in Chat messages.

Manual scan is not applicable for Teams Chat.

Cloud App Security Splunk Add-On for detection log collection

Cloud App Security posts an add-on in Splunkbase for the customer to install in their Splunk Enterprise. Besides using the existing Log Retrieval API, the customer can leverage the add-on to automatically retrieve security event logs from Cloud App Security and show them on the Splunk dashboard.

Email attachment sanitizing For Exchange Online

Cloud App Security enhances its Malware Scanning function by letting the admin choose whether to set actions specifically for emails that contain active content such as macros in the attachments. Cloud App Security can take actions on the entire email or sanitize the attachment by removing active content upon detection.

Table 5. New Features Available on April 11, 2021

Feature

Description

Global approved email header fields for Exchange Online

Besides the current approved header field list that applies only to a specific policy where the list is configured, Cloud App Security provides a global setting to let the administrator add approved email header fields for email messages to bypass scanning by all enabled ATP and DLP policies for Exchange Online.

Writing Style Analysis optimization for one more language

In addition to the already supported eight languages, Cloud App Security leverages the further optimized Writing Style DNA technology to protect email messages written in or containing the following language: Finnish.

Log report enhancements to the Top 10 by Scan Source section

Cloud App Security enriches the Top 10 by Scan Source section in log reports to add one column that displays the number of scanned items for each scan source, and add one row that shows the total number of detections and scanned items for all scan sources.

Table 6. New Features Available on March 7, 2021

Feature

Description

Manual scan support for Microsoft Teams

Cloud App Security extends its protection of Microsoft Teams by allowing the administrator to run manual scans, besides real-time scans, in Advanced Threat Protection and Data Loss Prevention.

Display name spoofing detection

Cloud App Security enhances its Advanced Spam Protection filter to let the administrator choose whether to inspect the email messages from external senders with a look-alike display name as used in your organization, to protect employees against email impersonation attacks. Cloud App Security also provides a global exception list to let the administrator add trusted email senders and exclude them from display name spoofing analysis.

URL Retro Scan & Auto Remediate in Web Reputation for Exchange Online and Gmail

Cloud App Security provides an option to rescan historical URLs in users' email metadata and perform continued remediation (automatically taking configured actions or restoring quarantined messages) using newer patterns updated by Web Reputation Services.

Users' email metadata may include undetected suspicious or dangerous URLs that have only recently been discovered. Examination of such metadata is an important part of forensic investigations to determine if your email service is affected by attacks.

One local admin account to manage multiple Cloud App Security tenants

Cloud App Security enables the administrator to associate a local admin account with multiple Cloud App Security tenants of your organization in the same serving site, so they can switch among and manage different tenants with one single account on the management console, instead of repeated logoff and logon using different admin accounts.

Table 7. New Features Available on January 17, 2021

Feature

Description

Official release of protection for Salesforce

Cloud App Security officially provides advanced protection for Salesforce Sandbox and Salesforce Production. The customer can purchase a separate license to configure real-time ATP and DLP scanning to safeguard confidential data in all objects and protect against malicious URLs and files posted to Chatter, Community, Cases, and Attachments in their Salesforce environment.

Quarantine and Delete actions added to ATP and DLP policies for Salesforce

Cloud App Security adds Quarantine and Delete as two more actions, besides Pass which is currently supported, in ATP and DLP policies for Salesforce.

Support for Cases and Attachments in ATP policies for Salesforce

Cloud App Security improves its Advanced Threat Protection capability to protect two more Apps Cases and Attachments against malicious files and URLs in your Salesforce environment, in addition to the already supported Chatter and Community.

Integration with Trend Micro Phish Insight for free phishing simulation

Cloud App Security integrates with Trend Micro Phish Insight to test and enhance the security awareness of your employees against social engineering, including phishing. The integration allows the administrator to open the Phish Insight home page from the Cloud App Security management console.

Phish Insight gives you the ability to launch a real-life phishing campaign with customizable phishing email templates that ask recipients to click links, enter data or download an attachment, so as to let you test what could happen to your organization before the hackers try.

Threat Investigation API to support file SHA-256 hash value

Besides the SHA-1 hash value, Cloud App Security extends its Threat Investigation API to sweep email messages in protected mailboxes for those containing attachment files with a specified SHA-256 hash value.

Serving site selection enhancement

Cloud App Security recommends a serving site on the Initial Configuration screen for new customers based on the site you are using for Trend Micro Apex One as a Service or Trend Micro XDR.

Quarantine management enhancement for Exchange Online

Cloud App Security adds a function for Exchange Online to redirect the administrator to the Quarantine screen for operations of an individual email message right from the Logs screen.

Password-protected compressed file analysis for Exchange Online and Gmail

Cloud App Security enhances its Malware Scanning security filter to protect Exchange Online and Gmail mailboxes from potential threats embedded in password-protected compressed files attached in email. It tries to do password guessing for the files by leveraging the email content and scans them to determine whether any action is required if the extraction succeeds.

Table 8. New Features Available on November 22, 2020

Feature

Description

India serving site launch

Besides the seven existing serving sites in the US, EU, UK, Japan, Australia and New Zealand, Canada, and Singapore, Cloud App Security opens a new one in India.

Multiple approved header fields in ATP policies for Exchange Online

Cloud App Security allows the administrator to add more than one approved header field in the Advanced Spam Protection and Web Reputation security filters. When an email message hits any of the configured fields, it will not be scanned for spam and suspicious URL detection.

Move to Junk Email Folder / Spam action added to Writing Style Analysis detection for email services

Cloud App Security adds Move to Junk Email Folder and Move to Spam as one more action in Writing Style Analysis for BEC in ATP policies for Exchange Online and for Gmail respectively.

Extra option to enable/disable dynamic URL scanning in Web Reputation

Cloud App Security provides an option in the Web Reputation security filter to let the administrator decide whether to use dynamic URL scanning (which now defaults to enabled in the back end). As a supplement to Web Reputation Services, dynamic URL scanning further analyzes URLs in real-time to detect phishing URLs in email messages and files in protected applications and services.

Log and email metadata retention extended to 180 days

Cloud App Security extends its log and email metadata retention from the current 90 days to 180 days. After this deployment, the administrator will be able to search security and audit logs of 30 more days every next month, and finally query logs of the previous 180 days in three months.

Table 9. New Features Available on October 18, 2020

Feature

Description

Clickable Overall Threat Detections statistics on Dashboard

Cloud App Security enhances the Overall Threat Detections widget, which lets the administrator hover over and click on each threat detection type to drill down to detailed logs related to the type within the selected time period.

High profile users and file extensions to support import/export

Cloud App Security supports the import and export functions in the High Profile Users in Global Settings and in the file extensions setting in File Blocking of ATP policies.

Downloaded Log reports to support table of contents

Cloud App Security improves the log reports by creating a Table of Contents in the downloaded .pdf file for the administrator to easily locate the required information.

In this version, Table of Contents applies to reports from Save > Report only.

Spam related header information added in Security Risk Scan logs

Cloud App Security displays headers of spam email messages detected by the Advanced Spam Protection security filter as a new column (named Spam Related Headers) of Security Risk Scan logs. The information can be used for further threat investigation.

More policy change events added in Audit Logs

Cloud App Security adds operations performed on ATP and DLP policies in Audit Logs, including enabling or disabling a policy or a security filter in a policy, and changing a configuration in a security filter.

Language support for Spanish

In addition to English, Japanese, Italian, German, and European Portuguese, the Cloud App Security management console adds language support for Spanish.

Table 10. New Features Available on August 23, 2020

Feature

Description

Token-based Authorized Account provision for SharePoint Online and OneDrive (official release)

Cloud App Security officially supports using OAuth 2.0 to provision a service account (Authorized Account) for SharePoint Online and OneDrive protection.

Singapore serving site launch

Besides the six existing serving sites in the U.S., EU, UK, Japan, Australia and New Zealand, and Canada, Cloud App Security opens a new one in Singapore.

Serving site selection

For the customers who log on to the Cloud App Security management console for the first time, Cloud App Security allows them to choose a serving site, instead of assigning one based on the location dictated by the customer’s CLP account.

Vendor fraud prevention by cousin domain detection

Cloud App Security provides a global setting to let the administrator add high-profile domains, for example, your partners’ domains or domains of famous brands, to leverage the improved Trend Micro Antispam Engine to detect cousin domains. A cousin domain looks deceptively similar to a legitimate target domain and is often used in phishing attacks to steal sensitive or confidential information from users.

Approved file list in Virtual Analyzer settings

Cloud App Security adds an approved file list in the Virtual Analyzer settings of ATP policies. This will enable the administrator to configure the files in your organization that can skip from being sent to Virtual Analyzer for further analysis.

In this release, this feature is available only for supported Office 365 services.

Threat Mitigation API enhancement to support Gmail

Cloud App Security extends the usage of its Threat Mitigation API to Gmail, which allows you to delete Gmail messages containing security risks through the API or the XDR console.

Language support for European Portuguese

In addition to English, Japanese, Italian, and German, the Cloud App Security management console adds language support for European Portuguese.

Password-protected PDF file detection in Malware Scanning

Cloud App Security enhances its Malware Scanning function to not only detect password-protected files in the PDF format (this format was not supported before) for all protected cloud services, but also add one more action Tag subject to take on Exchange Online email messages upon detection of not-compressed password-protected files.

This enhancement is not available for Gmail.

Table 11. New Features Available on July 12, 2020

Feature

Description

Protection for Salesforce (Preview)

Cloud App Security adds Salesforce into its protected application family, and provides real-time ATP and DLP scanning to safeguard confidential data in all objects and protect against malicious URLs and files posted to Chatter and Community in the customer' Salesforce Sandbox environment.

New pre-defined DLP policy for Box shared links control

Cloud App Security provides a pre-defined DLP policy for Box that lets the administrator to manage the creation of open shared links to files and folders in the customer's Box user accounts.

One more action in Virtual Analyzer for unrated samples in Exchange Online

Cloud App Security adds the Move to Junk Email folder action to the Virtual Analyzer security filter in ATP policies for Exchange Online. This provides the administrator with one more option to take on email messages if they contain samples unable to be analyzed by Virtual Analyzer.

Extension of Office 365 service accounts (with partial targets selected) to protect all targets

Cloud App Security provides an option for the service account for Exchange Online, SharePoint Online, and OneDrive to extend its protection from selected targets to all targets under the corresponding service. As such, the administrator does not need to deprovision the current service account and provision a new one.

Log Retrieval API to support the Microsoft Exchange service

Besides logs from its own service, Cloud App Security extends the Log Retrieval API to allow you to also get security event logs from ScanMail for Microsoft Exchange (if registered to Cloud App Security).

Table 12. New Features Available on May 31, 2020

Feature

Description

Office 365 service account deprovision on the management console

Cloud App Security allows the administrator to deprovision the service accounts created for Exchange Online, SharePoint Online, and OneDrive by manually removing them on the Service Account page of the management console, so that they can provision new service accounts as needed with another Office 365 tenant or using another CLP account.

Graymail and scam detection for Exchange Online

Cloud App Security leverages the enhanced Trend Micro Antispam Engine to detect graymail and email messages containing advance-fee scams (for example, 419 schemes, lottery scams) received in Exchange Online, and allows the administrator to take separate actions on these two categories.

Access token revalidation for the Box service account

Cloud App Security provides an option for the administrator to recreate a new access token when the access token for the Box service account becomes invalid, to ensure the availability of the service account.

Language support for German

In addition to English, Japanese, and Italian, the Cloud App Security management console adds language support for German.

Table 13. New Features Available on April 19, 2020

Feature

Description

Multiple authentication tokens for Automation and Integration APIs

Cloud App Security supports creation of more than one authentication token for external and Trend Micro platforms, products, and services to use the available Automation and Integration APIs based on customer needs.

If you have already created a token before this feature is deployed, you can still use it for all the supported external applications and Trend Micro product/service.

Log Retrieval API to support the Microsoft Teams service

Cloud App Security extends its Log Retrieval API to allow the administrator to get Microsoft Teams related security event logs to your SIEM or syslog platform for further threat detection and security analytics.

Launch of the Canada serving site

In addition to the EU, U.S., Japan, Australia and New Zealand, and UK sites, Cloud App Security opens a new serving site on April 28 to provide its advanced protection for new customers in Canada.

Language support for Italian

In addition to English and Japanese, the Cloud App Security management console adds language support for Italian.

Get Started wizard on Dashboard

Cloud App Security provides a Get Started wizard on Dashboard to get first-time administrators set up quickly to use the service.

Table 14. New Features Available on March 15, 2020

Feature

Description

Migration to use Modern Authentication for Exchange Online protection

Cloud App Security supports migrating the customers currently with a Delegate Account away from basic authentication and to use modern authentication. This enables Cloud App Security to continue its protection for Exchange Online after Microsoft fully decommissions the basic authentication for EWS to access Exchange Online in 2020.

Central management of email messages quarantined on integrated ScanMail servers

Cloud App Security allows the Trend Micro ScanMail for Microsoft Exchange ("ScanMail") server administrator to manage quarantined email messages on the Cloud App Security management console after the ScanMail server (installed with 14.0 Patch 3) deployed within your organization is successfully integrated with Cloud App Security.

New provisioning approach for SharePoint Online and OneDrive (preview)

Cloud App Security uses OAuth authentication to provide one more approach to SharePoint Online and OneDrive provisioning (initial provision only), which does not require creation of an SharePoint Online Delegate Account.

Launch of the UK serving site

In addition to the EU, U.S., Japan, and Australia and New Zealand sites, Cloud App Security opens a new serving site to provide its advanced protection for new customers in the United Kingdom and Ireland.

Improvements to Approved Header Field

Cloud App Security improves the Approved Header Field feature, and adds it into both Advanced Spam Protection and Web Reputation of Advanced Threat Protection policies for Exchange Online.

Table 15. New Features Available on January 19, 2020

Feature

Description

Branding support for Licensing Management Platform (LMP) customers

Cloud App Security accepts the customized banner image set by service providers and other partners via the Licensing Management Platform console to display on the Cloud App Security management console.