Views:

Virtual Analyzer

Virtual Analyzer is a secure virtual environment that opens suspicious files submitted by Cloud Edge to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C), and other suspicious behaviors or characteristics.

 
All transmitted data will be retained for 2 days. Disabling Virtual Analyzer prevents the transmission of mentioned data to Trend Micro, but severely impacts the ability of Cloud Edge to detect advanced malware.
 
Data collectedSuspicious files including:
  • Executables
  • Office/PDF documents
  • Flash files
  • Images
  • HTML files
  • Scripts
Console locationPolicies > Gateway Profiles > [Profile Name] > Email Security
Console settings

Enable Virtual Analyzer [On|Off]

Enable Virtual Analyzer

Back to top

Web Reputation

Cloud Edge integrates the Trend Micro Web Reputation Services (WRS), a cloud-based infrastructure that determines the reputation of websites that users attempt to access. Cloud Edge logs URLs that WRS identifies as fraudulent or known sources of threats, and uploads the logs to the Threat Management Services Portal for report generation.

 
All transmitted data will be retained for 180 days. Disabling Web Reputation prevents the transmission of mentioned data to Trend Micro, but severely impacts the ability of Cloud Edge to detect malicious URLs.
 
Data collectedURL
Console locationPolicies > Gateway Profiles > [Profile Name] > Web Reputation
Console settings

Enable [On|Off]

Enable Web Reputation

Back to top

Email Reputation Services

Cloud Edge leverages Trend Micro Email Reputation Services to verify IP addresses of incoming email messages using Trend Micro’s reputation database to identify new spam and phishing sources.

 
All transmitted data will be retained for 3 years. Disabling Email Reputation Services prevents the transmission of mentioned data to Trend Micro, but severely impacts the ability of Cloud Edge to effectively detect and block spam and phishing attacks.
 
Data collectedIP addresses of email messages
Console locationPolicies > Gateway Profiles > [Profile Name] > Email Security > Anti-Spam
Console settings

Enable Email Reputation

Enable Email Reputation

Back to top

Cloud Scan

Cloud Scan redirects certain traffic to Anti-Malware Web Cloud Scan (IWSaaS), a cloud-based advanced malware scanning solution.

 
All transmitted data will not be retained. Disabling Cloud Scan prevents the transmission of mentioned data to Anti-Malware Web Cloud Scan, but severely impacts the ability of Cloud Edge to detect web threats.
 
Data collectedHTTP traffic
Console locationPolicies > Gateway Profiles > [Profile Name] > Anti-Malware
Console settings

Enable Cloud Scan

Enable Cloud Scan

Back to top

Email Security

Email security gateway profiles provide advanced protection against email threats including anti-malware and anti-spam scanning. If Email Security Scanning is enabled, Cloud Edge device will send native mail content with HTTPS protocol to Cloud Mail Scanning services hosted by Cloud Edge team.

 
All transmitted data will not be retained. Disabling Email Security scanning prevents the transmission of mentioned data to Cloud Edge Cloud Messaging Scan (CMS), but severely impacts the ability of Cloud Edge to detect email threats.
 
Data collectedMail content from SMTP(s), POP3(s), and IMAP(s) traffic including:
  • Email senders and recipients
  • Email subjects
  • Attachments
  • Message content
Console locationPolicies > Gateway Profiles > [Profile Name] > Email Security
Console settings

Enable [On|Off]

Enable Email Security

Back to top

Predictive Machine Learning

Predictive Machine Learning feedback enables you to participate, share, and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your network environment.

 
All transmitted data will be retained for 3 days. Disabling Predictive Machine Learning feedback prevents the transmission of mentioned data to Trend Micro, but disabling this enhancement impacts the ability of Cloud Edge to rapidly identify and address new threats in mail traffic.
 
Data collectedSuspicious file names/paths in attachments
Console locationPolicies > Gateway Profiles > [Profile Name] > Email Security
Console settings

Enable Predictive Machine Learning [On|Off]

Enable Predictive Machine Learning

Back to top

Log Analysis

Cloud Edge collects log data for log analysis that you can use to better understand threat scenarios, prioritize responses, and plan containment.

 
Logs statistics cannot be disabled unless you choose to NOT use Cloud Edge. Cloud Edge store logs statistics for 90 days. After data is purged, administrators cannot retrieve historical data of user events and policy violations from the Cloud Edge Cloud Console.
 
Data collectedTraffic statistics including:
  • Source IP addresses
  • Host names
  • Destination IP addresses
  • Source ports
  • Destination ports
  • Domain names
  • URLs
  • Mail senders and recipients
  • Mail subjects
  • File names
Console locationAnalysis & Report > Log Analysis
Console settings

Log Analysis

Back to top

Log Favorites

After analyzing logs, you can save the log query filters as a log favorite to quickly access the data later.

 
You can disable Log Favorites by deleting all saved log favorites.
Disabling Log Favorites prevents the transmission of mentioned data to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.
 
Data collectedLog Favorites settings
Console locationAnalysis & Report > Log Favorites
Console settings

Log Favorites

Back to top

Report

Cloud Edge Cloud Console can generate reports about detected malware and malicious code, blocked files, and accessed URLs, which you can use to optimize program settings and fine tune security policies.

 
You can disable reports by deleting all reports.
Disabling Reports prevents the transmission of mentioned data to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.
 
Data collectedReport settings and existing historical reports
Console locationAnalysis & Report > Reports
Console settings

Report

Back to top

Firewall Policy

You can configure policy rules to scan and secure traffic that passes through gateways and take action based on the configured policies.

 
Disabling all firewall policy rules prevents the transmission of mentioned data to Trend Micro, but administrators cannot use firewall policy to monitor or control incoming and outgoing network traffic.
To prevent the transmission of data about policy objects to Trend Micro, delete all IP Addresses/FQDNS objects, MAC Address objects, custom Services objects, Application Groups and URL Category Groups objects, and delete all schedule objects.
 
Data collectedFirewall policies including:
  • Policy rules
  • Policy Objects
    • IP addresses
    • FQDNs
    • MAC addresses
    • Application Groups
    • URL Category Groups
    • Schedules
Console locationPolicies > Policy Rules
Policies > Objects > IP Address/FQDNs
Policies > Objects > MAC Address
Policies > Objects > Services
Policies > Objects > Application Groups
Policies > Objects > URL Category Groups
Policies > Objects > Schedules
Console settings

Firewall Policy

Back to top

Approved/Blocked List

The Approved List is a list of URLs, FQDNs, and IP addresses that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. The Blocked List is a list of URLs, FQDNs, and IP addresses that you do not want users to visit and are always blocked.

 
Disabling the Approved/Blocked lists prevents the transmission of mentioned data to Trend Micro, but administrators will not be able to configure settings that always allow or block some URLs, FQDNs, and IP addresses.
 
Data collectedApproved/Blocked List settings
Console locationPolicies > Approved/Blocked List
Console settings

Approved/Blocked List

Back to top

Account Management

Cloud Edge Cloud Console local accounts are used to log on to Cloud Edge Cloud Console, either as an administrator or a read-only user.

 
Disabling Cloud Edge Cloud Console account management by deleting all local accounts prevents the transmission of mentioned data to Trend Micro, but administrators cannot log on to Cloud Edge Cloud Console directly and will need to use SSO from LMP or TMRM) to log on to Cloud Edge Cloud Console.
 
Data collectedCloud Edge Cloud Console local account settings
Console locationAdministration > User & Accounts
Console settings

Account Management

Back to top

Hosted Users and Groups

Cloud Edge uses hosted users and groups for authentication when users log on using VPN or Captive Portal.

 
Disabling Hosted Users & Groups prevents the transmission of mentioned data to Trend Micro, but User VPN and Captive Portal cannot be used for user authentication.
 
Data collectedHosted Users and Groups settings
Console locationAdministration > User Authentication > Hosted Users & Groups
Console settings

Hosted Users & Groups

Back to top

Audit Log

Cloud Edge Cloud Console records administrator operation logs for further auditing.

 
The audit log cannot be disabled.
Important:
If you do not want to allow Trend Micro Cloud Edge Cloud Console to collect any audit log data, do not deploy and register Cloud Edge appliances .
 
Data collectedAudit logs
Console locationAdministration > Audit Log
Console settings

Audit Log

Back to top

Keywords: data collection disclosure,cloud edge disclosure, cloud edge DCN