Zero Trust Secure Access

August 12, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS US West (Oregon) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

August 1, 2024 — Connected on-premises gateways in Zero Trust Secure Access Internet Access and AI Service Access can now operate in reverse proxy mode. With Internet Access, use reverse proxy mode to protect your general private applications using access control, threat protection, and data loss protection (DLP). With AI Service Access, use reverse proxy mode to protect your private generative AI services using AI Service Access and rate limiting rules, enabling content inspection, preventing prompt injection, and stopping potential denial-of-service attacks. Enable the new service mode in Internet Access and AI Service Access Configuration.

July 15, 2024 — Users can now turn off Private Access system alerts for blocked access attempts from Secure Access Module settings. While pop-ups are disabled, a complete log of blocked events remains accessible within the module.

For more Information, see Secure Access Module deployment.

July 15, 2024 — The Zero Trust Internet Access On-Premises Gateway service now supports multiple on-premises AD server integrations for NTLMv2 or Kerberos authentication.

June 17, 2024 — Secure user access to public generative AI services through AI Service Access. Prevent sensitive data leakage, prompt injection, and more while allowing your users to take advantage of AI capabilities. Enable AI Service Access and get centralized management of public AI service usage in your organization, advanced content filtering to ensure you meet compliance requirements, and keep malicious responses from affecting your environment. Go to Zero Trust Secure Access → Secure Access Overview to deploy the feature.

May 20, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS Europe (Spain) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

March 25, 2024 — Users may now change the default ports for services such as data proxy, authentication proxy, and ICAP/ICAPS services configured on the Internet Access On-Premises Gateway. Configure custom ports from Service Gateway Management. For more information, see Service Gateway services.

March 25, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS Middle East and Africa Region. Users in the region may configure their service FQDNs to reflect the new location.

For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

March 11, 2024 — You may now allow endpoints to bypass user authentication on configured cloud and on-premises gateways. To bypass user authentication, endpoints must connect using a private IP address specified by the administrator. When connecting to the internet through an Internet Access gateway, endpoints using the specified private IP addresses are included as a user in the Internet Access user count for credit calculation. This feature is not available on the default cloud gateway when connecting outside of defined locations.

March 11, 2024 — Zero Trust Secure Access has added support for the Wintun TUN adapter in the available service modes for traffic forwarding on Windows Secure Access Modules. Select the TUN (Wintun) service mode in the Secure Access Module global settings if your users' devices require greater traffic throughput.

February 26, 2024 — Users may now require additional authentication to Private Access after authenticating on endpoints with the Secure Access Module. Enabling the new feature overrides the default behavior of authenticating users to Internet Access and Private access at the same time, allowing for the use of Private Access only on demand. For more Information, see Secure Access Module.

January 29, 2024 — Zero Trust Secure Access now allows users to set the service status for Internet Access and Private Access on single endpoints. Users may choose to align the service status for the endpoint with the current global configuration or choose to never enable either service on selected endpoints. Configure endpoints from the endpoint list on the Secure Access Module screen.

January 29, 2024 — In addition to Microsoft Intune-managed devices the Zero Trust Secure Access mobile module can now be deployed to all managed or unmanaged mobile devices, allowing you to secure more mobile endpoints. If you do not currently have an MDM solution, the mobile module supports deployment through Mobile Device Director. For more information, see Deploying the Secure Access Module to Mobile Devices.

January 29, 2024 — Zero Trust Secure Access now supports local user account management both individually and by assigned groups. You may assign local users to one or more local user groups, allowing you to apply access rules by group. For more information, see Local user account management.

December 18, 2023 — In addition to integration with third-party identity and access management providers, Zero Trust Secure access now supports the addition and maintenance of local user accounts. Administrators may import lists of local user emails to serve as the basis for local user accounts, or the accounts may be added manually.

October 24, 2023 — Zero Trust Secure Access has launched a new PoP site for Internet Access Cloud Gateway in the AWS Italy region. For details on available PoP sites for Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

October 9, 2023 — In addition to NTLM v2 authentication, Zero Trust Secure Access Internet access now supports Kerberos as an authentication service for single sign-on with on-premises Active Directory servers. Find and configure the new method in the Global Settings of Internet Access Configuration.

For more information, see Configuring NTLM or Kerberos single sign-on with Active Directory (on-premises)

September 11, 2023 — Zero Trust Secure Access Internet Access has extended its Data Loss Prevention capability by integrating with Microsoft Purview Information Protection. You can now synchronize your published sensitivity labels and add them into Data Loss Prevention rules to let Internet Access block protected files with sensitivity labels from being sent outside your organization.

For details, see Adding a data loss prevention rule.

September 11, 2023 — Internet Access on-premises gateways in Zero Trust Secure Access now offer integration with your existing Deep Discovery Analyzer appliances. In addition to cloud sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer appliances for analysis after integration. See the settings of your Internet Access on-premises gateways to start using the feature.

September 11, 2023 — Zero Trust Secure Access users can now update the Secure Access Modules deployed to endpoints directly from the endpoint list. Selecting Update module from the Manage module menu allows you to update modules on specified endpoints to the versions configured in Module Version Management. See the Endpoints tab in Secure Access Module to use the feature.

August 28, 2023 — Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Israel in the AWS Middle East region.

For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

July 31, 2023 — The Zero Trust Secure Access - Internet Access On-premises Gateway now supports bandwidth control for specified URLs on both downstream and upstream traffic.

For more information, see Configuring bandwidth control

July 17, 2023 — The Zero Trust Secure Access - Internet Access On-Premises Gateway now supports enabling ICAP integration in addition to the default proxy mode. ICAP integration can be configured from the Internet Access Configuration → Gateway page.

For more information, see Deploying an Internet Access On-Premises Gateway.

July 3, 2023 — Zero Trust Secure Access Internet Access now maintains system logs to provide summaries about Internet Access On-Premises Gateway events that occurred, including gateway connection status change, service version update, and SSO authentication proxy status change.

You can also configure alerts to send notifications when the status of an on-premises gateway changes to "Unhealthy", or when the on-premises gateway that serves as the authentication proxy for SSO is disconnected from your on-premises Active Directory server. For more information, see Internet Access gateways and corporate network locations.

July 3, 2023 — Zero Trust Secure Access Internet Access now supports a new cloud app category "Artificial Intelligence" evaluated by Cloud Reputation Services. This allows you to easily filter out generative AI-based cloud apps when adding custom cloud app categories and create Risk rules and Internet Access rules to control users' access to these cloud apps.

July 3, 2023 — Customers that have updated to Trend Vision One Endpoint Security can now install the Secure Access Module on the following endpoints with supported operating systems: Standard Endpoint Protection endpoints, Server & Workload Protection endpoints, and Sensor only endpoints.

Other features available for the Secure Access Module can also be applied to the endpoints, such as removing the module or replacing the PAC file.

June 19, 2023 — To strengthen the data loss prevention capability of Internet Access, Zero Trust Secure Access supports customized Data Loss Prevention (DLP) templates and customized DLP data identifiers including expressions, file attributes, and keywords. Administrators can add customized DLP templates using either predefined or customized DLP data identifiers, create DLP rules to include customized DLP templates, and then apply them to Internet Access rules to scan outbound web traffic against accidental data disclosure and intentional theft.

For more information, see Data loss prevention rules.

June 19, 2023 — Administrators can add the organization's private applications that use the Server Message Block (SMB) protocol to the internal apps list. This allows Private Access to control users' access to these applications through the Secure Access Module.

For more information, see Adding an internal application to Private Access.

The Secure Access Module can now configure the service mode for the internet access service of Trend Vision One, facilitating the selection of the proper configuration for your endpoints. Adaptive mode is selected by default to assist you in automatically configuring the proper mode for endpoint internet access.

The Zero Trust Secure Access agent can now collect debug logs to make troubleshooting more convenient for users. The agent console features a new button for users to initiate log collection. When debug logging is enabled, the log will include diagnostic information to assist with troubleshooting end users' issues.

Zero Trust Secure Access Internet Access On-Premises Gateway now supports forwarding activity logs in the Common Event Format (CEF) to a designated syslog server.

For more information, see Deploying an Internet Access On-Premises Gateway.

Zero Trust Secure Access Internet Access now supports sandbox integration as part of a public preview, allowing you to automatically submit suspicious files to the Sandbox Analysis app.

For more information, see Adding a threat protection rule.

Zero Trust Secure Access Internet Access now supports transparently authenticating end users on your on-premises Active Directory server using the NTLM v2 protocol, with an Internet Access On-Premises Gateway acting as the authentication proxy server.

For more information, see Global settings.

Application discovery identifies domains and IP addresses accessed over the past 14 days, helping you determine which internal applications are being used in your organization's network. To facilitate the configuration of access rules, this feature also identifies users who have accessed the internal applications and recommends the most likely user groups.

Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Bahrain in the AWS Middle East region.

For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

If your organization uses a third-party proxy server to access the internet, you can now configure the proxy server as the upstream proxy to connect your deployed Internet Access On-Premises Gateway to the internet.

For details on configuring upstream proxy for an Internet Access On-Premises Gateway, see Deploying an Internet Access On-Premises Gateway.