Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro IoT Security Data Collection Notice

    • Updated:
    • 27 Apr 2018
    • Product/Version:
    • Trend Micro IoT Security 1.3
    • Platform:
    • N/A N/A
Summary

Trend Micro IoT Security (TMIS) provides IoT risk detection and system protection. In order to provide those features, Trend Micro IoT Security automatically analyzes the system libraries, network metadata, and process behaviors in your IoT devices to create baselines that are used to protect IoT devices against network threats.

 
If you do not want to allow Trend Micro to collect any personal data, do not install Trend Micro IoT Security. If you decide to uninstall TrendMicro IoT Security, notify Trend Micro to remove all collected data.
Details
Public

By installing Trend Micro IoT Security, Trend Micro will analyze, receive, and collect the following information:

General

Collected DataDescription
Email addressThe email address used to log onto the management console.
Password hashHash for the password used to log onto the management console
Kernel header file (optional)The header file used to integrate the Approved Applications List (AAL) into a device
ToolchainA set of programming tools used to integrate the Trend Micro IoT Security agent into a device
Google Analytics dataCollected data that Google Analytics uses to track management console usage
TMIS configurationTMIS configuration for devices that can be downloaded from the management console after baseline release
Device status and TMIS agent versionStatus for each device and the Trend Micro IoT Security agent version information for display on the management console

Remote Attestation

Remote Attestation detects device file integrity using a challenge-response method. When you first use Trend Micro IoT Security, the device must upload a baseline of its file system to the Trend Micro IoT Security server, the baseline includes file hash, file path and directory path.

Collected DataDescription
File/Directory path and attributesSpecified files or directories for data collection
File hash

Specified hash algorithm to use. Only one type of file hash is collected by the Trend Micro IoT Security server.

To stop sending file hash information to the Trend Micro IoT Security server, comment out all settings in the configuration file (located in /etc/opt/atom/baseline_rule ) for Trend Micro IoT Security agents.

The following figure shows an example.

File hash

Approved Application List

The Approved Application List (AAL) intercepts system calls with Linux kernel module and provides a locked security feature in the Trend Micro IoT Security agent. This feature automatically generates a policy to match the target Linux device environment. The policy information (including file path, file hash and audit log) is sent to the Trend Micro IoT Security server.

Collected DataDescription
Executable/library pathData displayed in detection logs on the management console
Executable/library hash
Audit log

System Vulnerability Scan

The System Vulnerability Scan feature checks for vulnerabilities related to system libraries. The Trend Micro IoT Security agent scans the system libraries in IoT devices on a daily basis.

Collected DataDescription
Library path, name, and versionData collected by the Trend Micro IoT Security agent to enable library vulnerability scans

Hosted IPS

Hosted IPS (HIPS) provides network-based intrusion protection in the TMIS agent. This feature protects devices by detecting and blocking intrusions from network traffic (with or without encryption). The Trend Micro IoT Security agent sends the blocked attack information to the Trend Micro IoT Security server for display on the management console.

Collected DataDescription
Blocked attack informationData sent to the Trend Micro IoT Security server for display on the management console

Network Anomaly Detection

The Network Anomaly Detection feature detects abnormal network occurrences and behaviors. A continuous learning process first defines ‘normal’ behaviors, which Trend Micro IoT Security uses to detect any unusual network occurrences, such as communication with an external server or connections to suspicious websites. Trend Micro IoT Security collects Netflow metadata to enable the Network Anomaly Detection feature.

Collected DataDescription
Network interface nameData used for analyzing network traffic and detecting abnormal network behaviors
MAC address
Network packet metadata (in flow format)
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1119712
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.