-
Cloud Sentry takes a snapshot of your EBS.
-
It then scans the snapshot. One snapshot is kept for differential comparison.
-
Your data remains in the your account. The data is analyzed locally, and only metadata is processed by Trend Micro backend systems.
-
The results are sent to Cloud One Central where you can view them and their suggested remediation options.
Cloud Sentry provides the following types of threat detection:
- Anti-Malware. It inspects your EC2 instances, ECR images, and Lambda functions for malware, including viruses, trojans, spyware, and more. The engine is also able to search for obfuscated or polymorphic variants of malware, based on fragments of previously seen malware and detection algorithms. There is no file type or size limitation for the Cloud Sentry scanner.
- Integrity Monitoring. It monitors for suspicious changes in the host operating system of your EC2 instances, including the addition of suspicious artifacts and indicators of attack (IoA).
After deployment, Cloud Sentry begins scanning your EBS volumes, ECR container images,
and
Lambda functions. When findings are detected they are sent to Cloud One Central where you can view them and their suggested remediation options.
Cloud Sentry runs scans on a fixed daily schedule. Scan times may vary depending on
the number
of resources. However, you should expect findings to start appearing within minutes
of the
deployment.