Compliance

Trend Micro Vision One is currently verified as compliance with ISO 27001 & ISO 27017. Certificates can be found on Trend Micro's Product Security & Certifications page.

Trend Micro Vision One is currently undergoing SOC2/3 audit for the Trend Micro Vision One platform to demonstrate its strong security policies and internal controls environment. This is scheduled to be completed in 2021.

Data Transmission and Storage

Information processed by Trend Micro Vision One is encrypted both in transit and at rest and sent to Trend Micro Vision One node in the region the customer selects during initial setup.

Data at rest is protected by native cloud technologies to the cloud on which it resides. Customer data is tagged with a “Customer ID” during ingestion as part of the data schema. Trend Micro’s application’s internal data access layer requires this “Customer ID” parameter to access the data. This measure protects the customer data from being accessed by any other party as queries may only access one “Customer ID” at a time. Customers do not provide the “Customer ID” directly when interacting with the service, it is handled by the application itself. This ensures there is no way for a malicious actor to pass the wrong customer ID to access another data set.

Trend Micro Vision One uses TLS 1.2 wherever possible for data transmission. (Supported Cyphers: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256)

Security Assessments

The Trend Micro Vision One platform undergoes regular security assessments, both automated and manual, including external 3rd-party assessments.

Data Retention

Trend Micro Vision One applies retention policies that purge data once it is no longer needed for the purpose for which it was collected. Trend Micro Vision One retains the collected raw information for 30 days by default, unless the customer purchases extended storage option (max of 365 days offered). It also generates and retains alert workbenches for 180 days to give customers the information for investigation/reporting. All data is deleted upon license expiration + 30 day grace period.

Customer Configurable Options

Customers can choose a Trend Micro Vision One region, among those available, for the storage and processing of their data. The Trend Micro Vision One platform and Data Lake service data is stored in the chosen region. Customers can assign roles to limit the functions each user accessing Trend Micro Vision One is allowed to do, including but not limited to, granting support access, initiating response actions, colleting files, and also limiting access to read-only as well.

Trend Micro Access

Access to information in Trend Micro Vision One is restricted to Trend Micro’s Site Reliability Engineers (SREs), threat research and analytics teams, and—when enabled in the console—customer support teams. Access is allowed for the purposes of troubleshooting, solving issues, and improving the effectiveness of security protections. All access is recorded and audited. Access privileges are managed and approved by product leadership team. Information in Trend Micro Vision One may be accessed/viewed by the above Trend Micro teams from physical locations outside of the customers deployed region.

Audit Logs

Audit Logs are generated and stored for all access and actions taken by users to Trend Micro Vision One systems. Trend Micro Vision One retains the audit logs for 180 days. Customer’s can view customer access logs in their console, and can export them if needed.

Data Flow Diagrams

• Stand Alone Vision One Endpoint Sensor

  

• Apex One SaaS + integrated Endpoint Sensor

  

Additional Information

• For information processed by Trend Micro Vision One, refer to the Trend Micro Vision One Data Collection Notice KB article.
• Trend Micro Vision One subprocessors can be found here.