The Trend Micro Vision One platform and data lake resides within Microsoft Azure and AWS. The Trend Micro Vision One platform utilizes service to service connections to facilitate the operations of an advanced detection and response system.
Trend Micro Vision One is currently verified as compliance with ISO 27001 & ISO 27017. Certificates can be found on Trend Micro's Product Security & Certifications page.
Trend Micro Vision One is currently undergoing SOC2/3 audit for the Trend Micro Vision One platform to demonstrate its strong security policies and internal controls environment. This is scheduled to be completed in 2021.
Data Transmission and Storage
Information processed by Trend Micro Vision One is encrypted both in transit and at rest and sent to Trend Micro Vision One node in the region the customer selects during initial setup.
Data at rest is protected by native cloud technologies to the cloud on which it resides. Customer data is tagged with a “Customer ID” during ingestion as part of the data schema. Trend Micro’s application’s internal data access layer requires this “Customer ID” parameter to access the data. This measure protects the customer data from being accessed by any other party as queries may only access one “Customer ID” at a time. Customers do not provide the “Customer ID” directly when interacting with the service, it is handled by the application itself. This ensures there is no way for a malicious actor to pass the wrong customer ID to access another data set.
Trend Micro Vision One uses TLS 1.2 wherever possible for data transmission. (Supported Cyphers: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256)
The Trend Micro Vision One platform undergoes regular security assessments, both automated and manual, including external 3rd-party assessments.
Trend Micro Vision One applies retention policies that purge data once it is no longer needed for the purpose for which it was collected. Trend Micro Vision One retains the collected raw information for 30 days by default, unless the customer purchases extended storage option (max of 365 days offered). It also generates and retains alert workbenches for 180 days to give customers the information for investigation/reporting. All data is deleted upon license expiration + 30 day grace period.
Customer Configurable Options
Customers can choose a Trend Micro Vision One region, among those available, for the storage and processing of their data. The Trend Micro Vision One platform and Data Lake service data is stored in the chosen region. Customers can assign roles to limit the functions each user accessing Trend Micro Vision One is allowed to do, including but not limited to, granting support access, initiating response actions, colleting files, and also limiting access to read-only as well.
Trend Micro Access
Access to information in Trend Micro Vision One is restricted to Trend Micro’s Site Reliability Engineers (SREs), threat research and analytics teams, and—when enabled in the console—customer support teams. Access is allowed for the purposes of troubleshooting, solving issues, and improving the effectiveness of security protections. All access is recorded and audited. Access privileges are managed and approved by product leadership team. Information in Trend Micro Vision One may be accessed/viewed by the above Trend Micro teams from physical locations outside of the customers deployed region.
Audit Logs are generated and stored for all access and actions taken by users to Trend Micro Vision One systems. Trend Micro Vision One retains the audit logs for 180 days. Customer’s can view customer access logs in their console, and can export them if needed.