May 2023

Zero Trust Secure Access Adds Service Mode Configuration for Internet Access

The Secure Access Module can now configure the service mode for the internet access service of Trend Vision One, facilitating the selection of the proper configuration for your endpoints. Adaptive mode is selected by default to assist you in automatically configuring the proper mode for endpoint internet access.

Operations Dashboard Monitors New Risk Factors

The Operations Dashboard now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.

Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.

Risk Insights monitors your Trend Micro security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.

Executive Dashboard Widgets Reorganized

In the Exposure Overview tab of the Executive Dashboard, clicking View Details in widgets now redirects you to the Operations Dashboard for more detailed information.

In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into the Operations Dashboard.

In the Attack Overview tab of the Executive Dashboard, the General Detection Summary widgets have moved to the Security Dashboard for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:

  • Detections by Attack Type

  • Mitigated Events by Attack Type

  • Detections by Protection Layer

  • Workbench Alert Tracking

Note: You must enable Risk Insights capabilities to access the Operations Dashboard and the Security Dashboard. For more information, see Trend Micro Offerings Supporting Credits.

Attack Surface Discovery Presents Data Sources for Discovered Devices

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. Trend Micro leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.

Log Collection Available in Zero Trust Secure Access Agent Console

The Zero Trust Secure Access agent can now collect debug logs to make troubleshooting more convenient for users. The agent console features a new button for users to initiate log collection. When debug logging is enabled, the log will include diagnostic information to assist with troubleshooting end users' issues.

Zero Trust Secure Access Internet Access On-Premises Gateway Supports syslog Forwarding

Zero Trust Secure Access Internet Access On-Premises Gateway now supports forwarding activity logs in the Common Event Format (CEF) to a designated syslog server.

For more information, see Deploying an Internet Access On-Premises Gateway.

Zero Trust Secure Access Internet Access Supports Sandboxing Integration

Zero Trust Secure Access Internet Access now supports sandbox integration as part of a public preview, allowing you to automatically submit suspicious files to the Sandbox Analysis app.

You must set a daily reserve of more than zero to enable the automatic submission of suspicious files to the Sandbox Analysis app.

For instructions on setting a daily reserve, see Submission Settings Configuration.

For more information, see Adding a Threat Protection Rule.

Zero Trust Secure Access Internet Access Supports NTLM v2 Authentication

Zero Trust Secure Access Internet Access now supports transparently authenticating end users on your on-premises Active Directory server using the NTLM v2 protocol, with an Internet Access On-Premises Gateway acting as the authentication proxy server.

For more information, see Global Settings.

Deep Discovery Inspector Appliance Plans Available for Network Inventory

Manage connected Deep Discovery Inspector appliances in Network Inventory with appliance plans. Plans allow you to deploy important upgrades such as firmware, patches, or hotfixes; as well as replicate settings from one appliance to another. You can also deploy prepared images to appliances configured to use Virtual Analyzer.