In–the–Cloud Capabilities

The following table explains the Cloud Edge capabilities available in the cloud.

Table 1. Cloud Edge In–the–Cloud Capabilities



Gateway management

Centrally manage multiple Cloud Edge on-premises gateways through one cloud console.

Use Cloud Edge Cloud Console to configure two registered gateways as an HA Group to provide high availability access. Manage existing HA groups, including modifying the configuration, enable or disable the HA group, force takeover, or remove the HA group.

Web Reputation

Control the level of protection against malicious websites with Trend Micro Web Reputation technology.

Malware and virus scanning

Leverage multiple security components and antivirus protection based on application content scanning for better protection with lower latency and improved user experience.

Use cloud-based Virtual Analyzer and Predictive Machine Learning for advanced protection from email-based malware.

Spam scanning

Use cloud-based spam scanning to detect and block or tag spam email messages based on the email content.


Generate reports about detected malware and malicious code, blocked files, and accessed URLs to optimize program settings and fine tune security policies.

Log analysis

View and analyze aggregated log and event data about traffic bandwidth consumption, threat detections, Web 2.0 application usage, web browsing activity, and policy enforcement.

If the customer is running all Cloud Edge 6.0 or later gateways, view usage data for policy rules.

Save log query filters as log favorites to reference later or generate custom reports for further investigation.

Enhancing in-the-cloud capabilities, security profiles provide a mechanism to control specific security threats that may affect the gateway. Configure advanced policy controls for Intrusion Prevention System (IPS), anti-malware security, email security, web reputation, denial of service attacks, and endpoint identification. The following table describes the available security profiles.

For more information about support for IPv6 with security profiles, see Support for IPv6.

Table 2. Cloud Edge Security Profiles



IPS profiles

Each security profile can specify an intrusion protection profile that determines the level of protection against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default profile protects clients and servers from known threats.

Anti-malware profiles

Take default intelligent actions on web-based anti-malware or customize the actions setting for the organization or specify which file extensions specified in URLs to allow or block.

Enable Smart Scan for enhanced malware scanning. Smart Scan is a next-generation, cloud-based protection solution. At the core of this solution is an advanced scanning architecture that leverages the Smart Scan server to perform threat scanning using signatures that are stored in the cloud.

Email security profiles

Take default intelligent actions on email security or customize the actions setting for the organization. Email security profiles scan and take action on IPv4 email traffic.


Enable anti-malware scanning and define the tag used in the subject line and body of an email with malware attachments.

You can configure advanced cloud-based scanning and protection from email-based malware by enabling Virtual Analyzer and Predictive Machine Learning.

If enabled, Cloud Edge sends suspicious file attachments to Virtual Analyzer and Predictive Machine Learning when a file exhibits suspicious characteristics and signature-based scanning technologies cannot find an unknown threat.

Tag emails that contain encrypted attachments and define the tag used in the body of the email.


Enable anti-spam scanning and optionally enable Cloud Edge to use Trend Micro ERS (Email Reputation Services) to determine spam based on the reputation of the source address. Set the spam "sensitivity" level or catch rate.

Enable BEC (Business Email Compromise) scanning. BEC scams target companies to compromise legitimate business email accounts through social engineering for the purpose of conducting unauthorized transfers of funds.

Define the action to take when an email is determined to be spam and BEC and, if the action is tag, define the tag used in the subject line and body of a spam or BEC email message.

Content Filtering and Exception Lists

Configure content filters or create exception lists to block or approve emails based on the sender or on attachment file types (true file types for cloud scan and file extensions for local scan).

Advanced Settings

You can configure which email protocols are enabled, custom SSL ports, and SMTP server settings.

Web reputation profiles

Each security policy can select the web reputation sensitivity level to block sites.

Web Reputation technology assigns reputation scores to URLs. For each accessed URL, Cloud Edge queries Web Reputation for a reputation score and then takes the necessary action, based on whether this score is below or above the user-specified sensitivity level.

HTTPS profiles

Each security policy can select URL category and source IPv4 address exceptions to exclude from HTTPS inspections.

Secure Socket Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols widely adopted and deployed in network communication today. The traffic over SSL/TLS is encrypted and signed to ensure security, hence HTTPS. Because encrypted HTTPS connections can carry the same risks as unencrypted HTTP connections, Cloud Edge scans all IPv4 traffic for potential risks and threats.

Customize the HTTPS profile by specifying up to five HTTPS ports to scan.

Anti-DoS profiles

Each security policy can specify flood protection and address exceptions for Denial of Service attacks.

A denial-of-service (DoS) or a distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to users, and is intended to temporarily or indefinitely interrupt or suspend services to a host connected to the Internet.

Typical attacks involve saturating the target machine with external communication requests, such that the machine can no longer respond to legitimate traffic, or responds so slowly it is rendered unavailable. Such attacks usually lead to server overload.

Endpoint identification profiles

Each security policy can specify IPv4 address objects for Captive Portal to use to identify which IPv4 address belongs to which user. Endpoint identification provides a method of user identification using an IPv4 address-to-user mapping cache for policy matching.

By default, endpoint identification cannot automatically identify IP addresses. You must define which IPv4 address objects can be used for endpoint identification. If a source IPv4 address is not in the defined ranges within the selected IPv4 address objects, the IPv4 address will not work for endpoint identification.

You cannot use IPv6 addresses for endpoint identification.