Topics on this page
Endpoint Security and Workload Security protection modules
Trend Cloud One - Endpoint & Workload Security have tightly integrated modules that expand your security capabilities. Their single management console enables unified visibility over all your endpoints and workloads, and automated protection across a multi-cloud environment with consistent, context-aware policies and role-based access control.
The modules that are available to you depend on your license type:
-
If you are a Workload Security customer, you can use any module.
-
If you are an Endpoint Security customer, you can use any Endpoint module. You can also use a trial version of the Workload modules. To use the Workload modules long term, contact Trend Micro Support to purchase the Workload Security license.
Note that modules that require a Workload Security license have
after the module name in the UI.
| Module | License type | Comment |
| Anti-malware | Either Endpoint Security or Workload Security | |
| Web Reputation | Either Endpoint Security or Workload Security | |
| Firewall | Either Endpoint Security or Workload Security | |
| Device Control | Either Endpoint Security or Workload Security | |
| Activity Monitoring | XDR Add-On: Trend Cloud One - Workload Security | |
| Application Control | Either Endpoint Security or Workload Security | |
| Intrusion Prevention (Desktop OS) | Either Endpoint Security or Workload Security | |
| Intrusion Prevention (Server applications) | Workload Security only | |
| Integrity Monitoring | Workload Security only | |
| Log Inspection | Workload Security only | |
| Container Protection | Workload Security only | Technically, Container Protection is not a module. You can use it to apply protection modules to your containers. For more information, see Manage Container Protection. |
| Recommendation Scan | Workload Security only | Technically, Recommendation Scan is not a module. Running it on computers can help identify intrusion prevention, integrity monitoring, and log inspection rules that should be applied or removed. For more information, see Manage and run recommendation scans. |
Anti-Malware
The Anti-Malware module protects your Windows and Linux workloads against malicious software, such as malware, spyware, and trojans. Powered by the Trend Micro Smart Protection Network, the Anti-Malware module helps you instantly identify and remove malware and block domains known to be command and control servers.
For more information, see Protect servers from malware in four steps.
Firewall
The Firewall module is for controlling incoming and outgoing traffic and it also maintains firewall event logs for audits.
For more information, see Set up the Workload Security firewall.
Web Reputation
The majority of today’s attacks start with a visit to a URL carrying a malicious payload. The Web Reputation module provides content filtering by blocking access to malicious domains and known communication and control (C&C) servers used by criminals. The Web Reputation module taps into the Trend Micro Smart Protection Network, which identifies new threats.
For more information, see Set up Web Reputation.
Device Control
The Device Control module regulates access to external storage devices connected to computers. Device Control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks.
For more information, see Set up device control.
Activity Monitoring
Activity Monitoring is a security policy that enhances detection and response support, providing complete visibility of your workloads. When Activity Monitoring is enabled, the following activity information is forwarded to Trend Vision One XDR:
- Process activity
- File activity
- Network activity
- Connection activity
- Domain query activity
- Registry activity (Windows only)
- User account activity (Windows and macOS only)
For more information, see Enable Activity Monitoring.
Application Control
The Application Control module monitors changes (drift or delta) compared to the computer’s original software. Once application control is enabled, all software changes are logged and events are created when it detects new or changed software on the file system. When the agent detects changes, you can allow or block the software, and optionally lock down the computer.
For more information, see Enable application control.
Intrusion Prevention
The Intrusion Prevention module inspects incoming and outgoing traffic to detect and block suspicious activity. This prevents exploitation of known and zero-day vulnerabilities. Workload Security supports virtual patching: you can use Intrusion Prevention rules to shield from known vulnerabilities until they can be patched, which is required by many compliance regulations. You can configure Workload Security to automatically receive new rules that shield newly discovered vulnerabilities within hours of their discovery.
The Intrusion Prevention module also protects your web applications and the data that they process from SQL injection attacks, cross-site scripting attacks, and other web application vulnerabilities until code fixes can be completed.
As the Intrusion Protection module can be licensed for either Endpoint Security or Workload Security, it contains both Endpoint and Workload rules. When setting up the module, make sure that you are applying only those rules for which you are licensed. For example, if you have an Endpoint Security license, do not use Workload rules.
For more information, see Set up intrusion prevention.
Integrity Monitoring
The Integrity Monitoring module provides the ability to track both authorized and unauthorized changes made to a system and enables you to receive alerts about unplanned or malicious changes. The ability to detect unauthorized changes is a critical component in your cloud security strategy because it provides visibility into changes that could indicate the compromise of the system.
For more information, see Set up Integrity Monitoring.
Log Inspection
The Log Inspection module captures and analyzes system logs to provide audit evidence for PCI DSS or internal requirements that your organization may have. It helps you to identify important security events that may be buried in multiple log entries. You can configure Log Inspection to forward suspicious events to an SIEM system or centralized logging server for correlation, reporting, and archiving.
For more information, see Set up log inspection.