Cyber Risk Exposure Management

April 1, 2025—Compliance Management is now officially released and includes the following exciting features:

March 25, 2025—Starting April 1, 2025, new pricing packages will be introduced for Cyber Risk Exposure Management capabilities. Users who have not preselected a pricing package will automatically switch to the Cyber Risk Exposure Management - Core package (20 credits per assessed desktop or server), which allows you to use the following capabilities without limitations:

• Cyber Risk Overview (formerly Cyber Risk Overview)
• Attack Surface Discovery
• Threat and Exposure Management (formerly Threat and Exposure Management)
• Identity Security Posture (formerly Identity Posture)

Upgrade to the Cyber Risk Exposure Management - Essentials package (50 credits per assessed desktop or server) to use the following capabilities without limitations:

• Cyber Risk Overview (formerly Cyber Risk Overview)
• Attack Surface Discovery
• Threat and Exposure Management (formerly Threat and Exposure Management)
• Identity Security Posture (formerly Identity Posture)
• Attack Path Prediction
• Security Awareness Training Training
• Compliance Management

Enable cloud account assessment (1,000 credits per 500 cloud resources up top a maximum of 8,000 credits) to include your cloud assets in your available Cyber Risk Exposure Management capabilities.

March 25, 2025—The current feature allowing users to override the number of assessed desktops, servers, and cloud accounts will be disabled on April 1. If you are are currently using the override feature, your credits will continue to be calculated according to the asset override total until May 1. During that time, add the desktops or servers you don't wish to assess to the Exception List in Attack Surface Discovery. For cloud accounts you don't wish to assess, disable Cyber Risk Exposure Management for the account in Cloud Accounts. After May 1, your credit requirements will be based on the actual number of discovered assets that have not been added to the Exception List or for which Cyber Risk Exposure Management is enabled. Contact your sales representative if you have any questions.

March 24, 2025—The Cyber Risk Exposure Management navigation menu will be updated beginning March 30, 2025, with new categories and capability names. The new names better highlight the current features available and give you a preview of more features coming soon to Trend Vision One. Here's what you can expect on April 1:

For information on how you can purchase a Cyber Risk Exposure Management entitlement and take advantage of these expanded capabilities, contact your sales representative.

March 5, 2025—Introducing AI Security Posture Management (AI-SPM) in preview. You can now proactively protect your AI system from threats, minimize your data exposure, and reduce the overall risks of your AI infrastructure with comprehensive monitoring using AI SPM.

February 12, 2025—Compliance Management is now in public preview as part of the Trend Vision One™ platform. With Compliance Management, you can monitor and track your organization's pass rate for selected frameworks and standards, as well as view the recommended remediation actions to reduce security risks from misconfigurations.

The app offers the following effective features:

• Enhanced user experience: The left navigation panel allows you to quickly switch between compliance frameworks and standards
• Compliance Summary and Analysis widget: A detailed analysis of your organization's compliance posture, along with a quick and effective overview of your pass and fail rates to facilitate audits and remediation
• Compliance monitoring by asset group: Filters allow you to drill down on each asset group and view pass rates across different security layers and over time
• Compliance Management Overview Report: A quick summary of all monitored frameworks and standards with AI-generated recommendations for remediation actions

February 10, 2025—To better prioritize risk reduction in Threat and Exposure Management, the Cloud Activity tab will be removed on March 31, 2025. After the tab is removed, you can still access Cloud Activity widget information in Security Dashboard and Attack Surface Discovery. For more information, see Cloud activity.

February 7, 2025— Trend Vision One™ is expanding capabilities to deliver more value. Attack Surface Risk Management is now Cyber Risk Exposure Management (CREM), emphasizing proactive risk identification, assessment, and mitigation. With current cutting-edge capabilities, CREM allows you to continuously monitor entry points, prioritize mitigation actions based on impact, and predict future threats to neutralize risks before they materialize.

January 13, 2025—The Applications tab in Attack Surface Discovery now displays apps organized into three separate categories: public cloud apps, connected SaaS apps, and local apps. The new categories apply across all ASRM apps. Public cloud apps include all apps your users visit, ranked by reputation. Local apps detected on endpoints and analyzed according to sanctioned status and risk level. Connecting the SaaS apps managed by your organization allows for further risk assessment and analysis to enhance your SaaS security posture management.

Cyber Risk Exposure Management → Attack Surface Discovery

December 9, 2024—Resolving risk events is an important task for security operations team members and IT operations. In large organizations, many individuals are involved in risk mitigation tasks, Requiting team members to leverage Case Management for more efficient collaboration. Now in Threat and Exposure Management, users can create new cases or assign risk events to existing cases. Cases can be closed after marking risk event statuses as risk mitigated, dismissed or accepted. All tasks related to the case can be viewed and managed from Case Management.

November 29—To streamline your risk reduction workflows, in Case Management you can now assign priority and ownership to cases containing risk events from Threat and Exposure Management. When you open a case in Threat and Exposure Management, you can choose which third-party ticketing system, webhook channel, or email address to notify.

November 25, 2024 — Alibaba Cloud is now a supported service provider for cloud assets in Cyber Risk Exposure Management and Cloud Security, enhancing your Cloud Risk Management monitoring capabilities. To monitor Alibaba Cloud accounts, add your Alibaba Cloud account in Cloud Accounts.

November 14, 2024—You can now access the resolution information for failing misconfiguration rules within the Trend Vision One Cloud Risk Management console. For more information, see: Automation Center.

October 31, 2024—You can now access the new Cloud Risk Management public APIs for Events and Groups through the Trend Vision One Automation Center.

October 28, 2024—On December 2nd, 2024, Cloud Risk Management will be fully relocated to the new Cloud Security app group, where you can get a unified view of your cloud resources and security. Until that date, you may access Cloud Risk Management from within the Cyber Risk Exposure Management app group or in the new Cloud Security app group.

October 21, 2024—Get central visibility of your cloud entitlements and related risks in Cloud Risk Management. With over 200 different types of cloud resources currently available, cloud operations and security teams are increasingly challenges by the complexity of cloud infrastructure entitlement management.

A dedicated entitlements tab in Cloud Security Posture now gives users centralized visibility into cloud identities and related risks. Take action and focus remediation efforts based on prioritized risks, including risky identity types, identity misconfigurations, and potential attack paths. To learn more, see Entitlements.

October 21, 2024—The Detected Vulnerabilities widget in Exposure Overview now displays CVEs by impact level, including detected low-impact CVEs. New widgets in Threat and Exposure Management allow you to filter CVEs by high, medium, and low impact. To learn more about how CVE impact scores are calculated, see CVE impact score.

October 21, 2024—Cyber Risk Exposure Management prioritizes the most critical vulnerabilities across your entire attack surface, allowing you to focus your remediation efforts. However, visibility into lower impact CVEs is now available for containers, cloud VMs, and serverless functions, providing you the vulnerability information you needs for compliance or internal audits. View lower impact CVEs in the Vulnerabilities section of Threat and Exposure Management or Exposure Overview in Cyber Risk Overview.

October 8, 2024—Cyber Risk Overview now supports the ability to view and compare the Risk Index for specific subsets of assets. For example, you can monitor risk per business unit, region, information system, and more to determine which subset requires attention. To see the Risk Subindex, you must first build an asset grouping structure in Asset Group Management and allocate tag values to assets groups of either "Attack Surface Discovery" or "Tag Inventory App". For more information, see Risk Overview.

September 23, 2024—Agentless Vulnerability & Threat Detection now supports malware scanning of AWS EBS, ECR, and Lambda resources. After enabling the feature for your connected AWS accounts in Cloud Accounts, Agentless Vulnerability & Threat Detection begins scanning daily for threats like viruses, Trojans, spyware, and more. Get remediation options and metadata for performing threat hunting queries by examining associated risk events in Threat and Exposure Management.

Anti-malware scanning is disabled by default. Enabling anti-malware scanning increases your AWS operational costs. To learn more, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

September 23, 2024—Time-critical vulnerability alerts now support Linux to give you more visibility into your organization’s security posture. Check alerts In Cyber Risk Overview to see which operating systems are affected by the vulnerability. View mitigation options for all supported operating systems, and if supported, mitigation actions are automatically detected after you apply them.

September 9, 2024—You may now set specific parameters for the risk event rules for certain risk event types in Threat and Exposure Management. Add IP addresses, apps, rules, or days of the week as conditions that must be met for the risk event rule to apply. Setting parameters allows for more granular control over when a risk event rule is triggered.

August 28 2024 — In addition to the video-based courses offered in Security Awareness Training Training Campaigns, you can now also select Sharable Content Object Reference Model, or SCORM courses. SCORM allows for more interactivity and the potential to track progress. Choose between the two types of training content for your recipients to gain more flexibility in how you deliver training, helping to better engage and educate your users. Whether you prefer the structured format of SCORM or the visual appeal of videos, you can now tailor the training experience to best suit your needs. Start exploring the SCORM courses in your phishing training campaigns and enhance your organization's cyberSecurity Awareness Training.

August 26, 2024 — Applying host-based attack prevention/detection rules now impacts asset risk scores in Cyber Risk Exposure Management. When host, or endpoint-based, attack prevention/detection rules are successfully applied to vulnerable assets, the risk score of the assets will be reduced. CVEs that have available attack prevention/detection rules will display an indicator in the corresponding entry on an asset's profile screen, allowing you to more easily see which vulnerabilities can be mitigated. To learn more, seeAttack prevention/detection rules.

August 26, 2024—Attack Surface Risk Management vulnerability assessment coverage now extends to Rocky Linux. Use the new capability to strengthen your endpoint security and more effectively prioritize risk. For more information, see Vulnerability Assessment supported operating systems.

August 12, 2024 — You can now access the new Cloud Security Posture dashboard, which provides a comprehensive summary of cloud assets. Additionally, the page previously known as "Cloud Posture Overview" has been renamed to "Compliance and Misconfiguration."

The Cloud Security Posture dashboard offers detailed insights into related risk findings, including misconfiguration, compliance, vulnerability, threats, identity risk, and data posture.

These updates ensure a more streamlined and informative experience, enabling you to quickly identify and address potential risks in your cloud environment.

For more information, see Cloud Risk Management.

Cyber Risk Exposure Management > Cloud Risk Management > Cloud Risk Management

July 12, 2024 – You can now add Trend Vision One Phishing Simulations as a data source in the Threat and Exposure Management, which allows access to breach events from phishing simulations. For more information, see Configurating data sources.

July 15, 2024 — Create and use custom tags for your organization’s assets in Attack Surface Discovery for better asset management.

July 15, 2024 — IPv6 addresses are now supported for Public IPs in the Internet-Facing Assets section of Attack Surface Discovery. View discovered IPv6 addresses and add IPv6 addresses belonging to your organization. IPv6 addresses must be added individually — IPv6 ranges are not supported.

July 15, 2024—Agentless Vulnerability and Threat Detection supports vulnerability scanning on AWS Lambda functions.

For more information, see Agentless Vulnerability & Threat Detection.

July 15, 2024 — Vulnerability Assessment has been enhanced to support Oracle Linux Server 6, Oracle Linux Server 7, Oracle Linux Server 8, and Oracle Linux Server 9. The newly supported distributions enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks.

For more information, see Vulnerability Assessment supported operating systems.

July 15, 2024 — Security Awareness Training is now in public preview as part of the Trend Vision One platform. Designed to help you create a more resilient and security-conscious workforce while proactively strengthening your organization’s security posture, the app offers two powerful features:

• Training Campaigns: Educate your employees on how to best protect their privacy and your valuable assets. Engaging training modules cover essential topics such as password management, suspicious activity identification, and safe internet usage.
• Phishing Simulations: Test and enhance your employees' ability to recognize phishing attempts by simulating real-world phishing emails. Evaluate and improve awareness and response to potential threats.

Security Awareness Training training and simulation results impact the Cyber Risk Exposure Management risk score of your assessed users to help you get a better picture of your security posture. Gain insights into the Security Awareness Training levels of your employees, and use the data to identify areas for improvement, tailor your training programs, and define effective plans to enhance security practices within your organization. Empower your workforce with the knowledge necessary to stand as the first line of defense against security breaches.

June 24, 2024 — Cloud Risk Management Terraform Template Scanner (TS) is now Generally Available with parity of coverage of the following resource types with Cloud Formation Template Scanner:

June 10, 2024 — Agentless Vulnerability & Threat Detection now includes the following enhancements:

• The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
• The deployed stack now has two version values, which are tracked separately.
• To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
• Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.

When you upgrade to the new release, the contents of the agentless S3 buckets, including intermediate results, and s3 access logs, will be deleted. This has no impact on any scan results already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

June 13, 2024 — Users of cloud services may now enable Agentless Vulnerability and Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR images, and get greater visibility into your cloud asset-related security posture.

June 17, 2024 — Device asset profiles in Attack Surface Discovery are now able to display discovered basic hardware specifications such as manufacturer, model, CPU, RAM, and disk size. Find discovered details under the basic category within the device asset profile.

June 17, 2024 — As with risk events in other risk factors, you may now mark events in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new workflow helps streamline the process of managing risk events and CVEs.

June 17, 2024 — Detailed data on daily Risk Index fluctuations, including contributing risk factors, risk events, and assets, is now available in Threat and Exposure Management. Hover over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points each risk factor contributed to the change. Drill down to see individual risk events and a detailed daily timeline showing expired, new, remediated, and dismissed event instances.

June 17, 2024 — Vulnerability assessment has been enhanced to support SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

June 3, 2024 — You can now connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management. Use the new source to gain better visibility into user and group data, user activity data, and potential account misconfigurations. For more information, see Configuring data sources.

May 27, 2024 — To facilitate a higher-level overview, the Exposure, Attack, and Security Configuration Overview tabs in Cyber Risk Overview have been simplified to display current risk levels and risk scores for each category. In Risk Overview, view each category's contribution to the Risk Index at a glance, and get additional information about contributing risk factors and events from Risk Event Overview. Go to the tab for each risk category to quickly view the category's current risk level, and see contributing risk factors to more quickly prioritize risk reduction actions.

May 6, 2024 — View daily point increases and decreases of the Risk Index along with contributing risk factors now by hovering on the Risk Index graph in Cyber Risk Overview. Coming in June, clicking through to Threat and Exposure Management will take you to in-depth details on daily contributing risk events. Details now available for the Risk Index in Cyber Risk Overview include a breakdown of the points each risk factor has added or subtracted from the Risk Index since the previous day. In June, you may view all daily contributing risk events, including those that were resolved or mitigated, organized by risk factor. Use the detailed information provided to better understand your security posture and help prioritize risks in your environment.

May 6, 2024 — Vulnerability Assessment enhancements now allow the service to collect information on Red Hat Enterprise Linux 8 modules and Red Hat Enterprise Linux 9 containers. The expanded capabilities enable more comprehensive visibility and granular analysis, strengthening your container security and allowing you to more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

May 8, 2024 — Cloud Risk Management now supports Real-Time Posture Monitoring previously titled Real-Time Threat Monitoring (RTM) for AWS accounts connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while connecting a new AWS account and organization or turn the feature on for existing AWS accounts or organizations.

April 15, 2022 — Thanks to several backend improvements, data for your internet-facing assets are now updated more often. The increased update frequency allows you to better assess your attack surface in Attack Surface Discovery, particularly after removing domains and IP addresses and renewing certificates, and improves the accuracy of risk events created in Threat and Exposure Management. For more information, see Internet-Facing Assets.

April 22, 2024 — the Vulnerability Assessment service available in Cyber Risk Exposure Management now supports scanning language packages used in your ECR container images. For information on supported languages, see Vulnerability Assessment supported language packages.

April 22, 2024 — Threat and Exposure Management Weekly Digest has been terminated for subscribers, and the subscription entry for the weekly digest has been removed from Notifications. Former subscribers can now receive n automatically generated weekly report based on the Risk Factors template, providing a detailed picture of current organization risks. Settings for the weekly report can be managed in the Reports app.

April 8, 2024 — The Security Configuration index now supports Virtual Network Sensor visibility in the Network Security tab. You can view sensor deployment status and key feature adoption rate. For sensors not configured as expected, click the displayed number of sensors to drill down to the Reports app and generate reports with detailed information.

April 8, 2024 — You may now integrate Claroty xDome as a data source in Cyber Risk Exposure Management to gain access to device information and vulnerabilities detected by Medigate. Connect your Claroty xDome account in Data Sources.

April 8, 2024 — In addition to the Dismissed and Remediated statuses, an Accepted status is now available for reported risk events in Threat and Exposure Management. Marking a risk event as Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate it at this time. Risk events marked as Accepted still contribute to your Risk Index. Create accepted risk event rules when marking a risk event as Accepted to mark all current and future instances of the risk event as Accepted within a specified time period.

March 28, 2024 — Accounts and Template Scanner Public APIs for Cloud Risk Management now available on Trend Vision One Automation Center. See the Automation Center for more information.

March 25, 2024 — You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.

March 25, 2024 — The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.

March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in Trend Vision One — Container Security and enable to scan for vulnerabilities in related Kubernetes container images.

March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.

March 5, 2024 — The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Security Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Security Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. Trend Micro recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.

February 26, 2024 — In line with enhancements to the visualization of asset relationships in Attack Surface Discovery, the asset graph feature in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings, helping you assess your organization's security posture.

February 19, 2024 — You can now change the status of risk events when viewing them by risk factor in Threat and Exposure Management. This applies to all risk factor types except XDR Detections and Vulnerabilities. Development is ongoing to support these two risk factor types.

February 19, 2024 — The cloud app profile screen in Attack Surface Discovery now displays the following additional information:

• The encryption ciphers used by the cloud app
• The latest version of the communications protocol used by the app
• Whether the cloud app uses a trusted certificate
• Whether the cloud app allows for IP address access control

February 14, 2024 — Cloud Risk Management no longer supports the following compliance standards:

These five standards are no longer accessible in filters, which prevents the creation of new reports and report configurations. You can no longer generate new PDF or CSV reports using existing report configurations that include any of the five standards. However, any PDF or CSV reports generated before support was ended remain available.

Please update your report configurations to use the latest versions of CIS Benchmarks.

February 7, 2024 — You can now track the costs of Agentless Vulnerability & Threat Detection by enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable this capability. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

January 15, 2024 — Cyber Risk Overview now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Trend Micro Email Security and shows the protection status and key feature adoption rates for your email domains.

When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.

January 15, 2024 — Cyber Risk Overview now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.

When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.

January 15, 2024 — In addition to manually creating training campaigns for your users in the Security Awareness Training app, you can now also initiate campaigns from the Attack Surface Discovery, Threat and Exposure Management, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide Security Awareness Training training focused specifically on at-risk users.

When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.

In Threat and Exposure Management, the remediation steps for some types of risk events — such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness Training training.

The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Training Campaign button.

December 18, 2023 — Threat and Exposure Management now features Event Rule Management: a centralized location for you to manage risk event rules.

When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.

Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

December 18, 2023 — The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.

December 4, 2023 — Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.

December 8, 2023 — Agentless Vulnerability & Threat Detection resources now have tags.

December 4, 2023 — Trend Vision One now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.

The ability to add seed IP addresses is only available for customers using a Trend Micro solution as the data source for internet-facing assets and that do not have an active trial for Cyber Risk Exposure Management.

November 20, 2023 — Trend Vision One now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by Trend Vision One is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.

If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Threat and Exposure Management, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Threat and Exposure Management, and Cloud Security Posture.

A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.

For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

November 20, 2023 — The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Cyber Risk Overview, Attack Surface Discovery, Threat and Exposure Management, and Cloud Security Posture apps.

November 20, 2023 — Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.

November 20, 2023 — API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.

November 20, 2023 — Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.

For more information, see Agentless Vulnerability & Threat Detection.

November 20, 2023 — Trend Vision One has traditionally discovered and assessed internet-facing assets via internal Trend Micro solutions. Trend Vision One now supports a new data source for internet-facing assets — Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, Trend Vision One resumes using Trend Micro internal solutions for collecting data on internet-facing assets.

November 6, 2023 — To better align Trend Vision One with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Threat and Exposure Management. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.

Risk events for six of the eight risk factors can now be marked as one of the four following statuses:

Remediated and dismissed risk events no longer contribute to your Risk Index.

When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.

XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures.

October 23, 2023 — New risk events demonstrate potential attack paths that originate from the internet or potentially compromised cloud assets. These potential attack paths are visualized to help you identify and prioritize risks.

October 23, 2023 — Cloud asset profiles now feature an asset graph illustrating the relationships of cloud assets. The visualization showcases how identities access cloud resources, as well as traffic routing and other relationships, helping you to prioritize risks associated with your cloud assets.

October 23, 2023 — Customers that have enabled XDR sensors can now access a free version of asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights capabilities. When viewing the profile of an endpoint, account or cloud asset in a Workbench alert, click View asset risk assessment in Attack Surface Discovery to see the asset's risk assessment and asset profile in Attack Surface Discovery.

September 25, 2023 — Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.

September 11, 2023 — Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.

The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.

The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.

In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.

August 14, 2023 — Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.

July 24, 2023 — Vulnerability Assessment is now available for the following Linux operating systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.

For details, see Vulnerability Assessment supported operating systems.

July 4, 2023 — Risk Insights capabilities are now a paid feature. You must purchase a license or allocate sufficient credits for Risk Insights to access Threat and Exposure Management and Attack Surface Discovery.

If you have not purchased a license or allocated credits to Risk Insights, you can start a 30-day free trial when you attempt to access Threat and Exposure Management or Attack Surface Discovery. To ensure uninterrupted access to Threat and Exposure Management and Attack Surface Discovery after your trial ends, contact your sales representative in advance to prepare a license or credits for Risk Insights. You can configure Trend Vision One to automatically allocate credits to Risk Insights capabilities at the end of your free trial period.

July 3, 2023 — The Cloud Apps tab of the Attack Surface Discovery app now features a new Artificial Intelligence category for cloud apps based on artificial intelligence technology. The Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned state, breach warnings, and last detected. In addition, you can now assign Internet Access rules by selecting cloud apps and clicking Assign Secure Access Rule.

June 21, 2023 — Attack Surface Discovery now provides asset graph support for service accounts. The asset graph provides detailed information about the service account and its relationships and interactions with other assets in your organization. The service account might also appear in the asset graph of other assets.

June 21, 2023 — As Risk Insights capabilities become a paid feature on July 4, 2023, credit usage data is now displayed in Risk Insights apps. You can view your current credit balance and estimate future credit usage. To ensure uninterrupted access to Threat and Exposure Management and Attack Surface Discovery, activate the "auto-allocate credits" toggle to enable Trend Vision One to automatically allocate credits to Risk Insights capabilities when the complimentary period ends.

June 5, 2023 — Risk Insights has applied a significant update to the Risk Index algorithm for all customers. The algorithm now places a greater importance on Attack Detection. Periodic algorithm updates are part of our continuous effort to optimize the risk algorithm to provide you with an accurate, timely, and actionable Risk Index.

For more details, see Cyber Risk Index algorithm updates.

Threat and Exposure Management now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.

Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.

Risk Insights monitors your Trend Micro security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that Trend Micro solution settings are following best practices.

In the Exposure Overview tab of Cyber Risk Overview, clicking View Details in widgets now redirects you to Threat and Exposure Management for more detailed information.

In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into Threat and Exposure Management.

In the Attack Overview tab of Cyber Risk Overview, the General Detection Summary widgets have moved to the Dashboards for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. Trend Micro leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.

Customers with multiple Azure AD tenants can now have full visibility of accounts on all tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights apps.

All Risk Insights capabilities are now officially released and can be purchased alongside XDR as part of the Trend Vision One platform. Contact your sales representative to discuss your license transition period options.

For more details on the licensing and product experience for Risk Insights, see Credit requirements for Trend Vision One solutions, capabilities, and services.