Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security as a Service Data Collection Notice

    • Updated:
    • 17 May 2018
    • Product/Version:
    • Deep Security as a Service All.All
    • Platform:
    • N/A N/A
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Details
Public

Account Enrollment

You supply this information when registering for a Deep Security as a Service account. Trend Micro uses this data for analytics and insight into Deep Security as a Service registration.

Deep Security as a Service uses Marketo for trial engagement and marketing-related activities. This form is designed to allow a minimum set of information so that customers can choose to limit information provided at registration time.

Data collected
  • Name
  • Email address
  • Phone number(s)
  • Country
Console locationRegistration information is provided by the customer during the registration process. A minimum amount of information is required to ensure we can contact the account owner for support and maintenance of the service.
Console settings

Back to top

User Access

This section is about the user access of Deep Security as a Service, which also covers optional email notification and reports. You can add users to your Deep Security as a Service account. The information for those additional users is transmitted to Trend Micro.

You can choose to enter a minimum amount of information about the users. You can also remove users, but those users will no longer be able to access the Deep Security Manager console or receive email notifications.

Data collected
  • User's name
  • Email address
  • Phone number(s)
Console locationAdministration > User Management
Console settings

Users

Users

Contacts

Contacts

Back to top

User Authentication

When you enroll for a Deep Security as a Service account or add a new user to your account, you must supply a password. Passwords are transmitted to Trend Micro over HTTPS and stored as an unrecoverable salted hash.

Every user must have a password. You can remove users, but those users will no longer be able to access the Deep Security Manager console.

User Authentication (Set Password)
Data collectedPasswords
Console locationAdministration > User Management > Users > Properties
Console settings

Set Password

Change password

User Authentication (Contact Properties)
Data collectedPasswords
Console locationAdministration > User Management > Contacts
Console settings

Properties

Properties

Back to top

General Product Operation

When a security event occurs, information about the event is transferred to Trend Micro.

Deep Security, by design, does not collect personal information.

Depending on the nature of the protected environment and the object that is the target of the security event (for example, files, memory, network traffic) there is a risk that personal information may be collected within a security event. Security policy configuration and module selection are provided to meet the requirements of your target environment and minimize this risk.

The default event retention period for Deep Security as a Service is four (4) weeks.

General Product Operation (Modules)
Data collected

Security event information:

  • Intrusion prevention packet
  • URL reputation
  • Firewall packet
  • Log entry
  • Malware file
  • IP addresses
Console locationComputer or Policy editor > Select module (e.g. Anti-Malware, Web Reputation, etc)
Console settings

State: Off or Inherited (Off)

Module state

General Product Operation (Event Forwarding)
Data collected

Security event information:

  • Intrusion prevention packet
  • URL reputation
  • Firewall packet
  • Log entry
  • Malware file
  • IP addresses
Console locationAdministration > System Settings > Event Forwarding
Console settings
  • Forward System Events to a remote computer (via Syslog) using configuration
  • Publish Events to AWS Simple Notification Service

Forwarding events to SIEM

General Product Operation (Logging and Monitoring)
Data collected

Data from AWS ELB and other logs, including:

  • Names
  • Email addresses
  • Session IDs
  • IP addresses
  • CloudWatch logs
  • Server0 entries
  • HTTP traffic
Console locationThis information is stored in the Deep Security as a Service SIEM and is used for troubleshooting, monitoring, and overall protection of the system. It cannot be configured or disabled by customer.
Console settings

Back to top

Email

Deep Security Manager transmits reports, alerts, and registration confirmation to its email server when sending this information to customers.

Email Configuration (Users)
Data collected
  • Reports
  • Alerts
  • Registration confirmation
Console locationAdministration > User Management > Users > Properties > Contact Information
Console settings

Receive Alert Emails

Receive Alert Emails

Email Configuration (Contacts)
Data collected
  • Reports
  • Alerts
  • Registration confirmation
Console locationAdministration > User Management > Contacts
Console settings

Email Address

Email address

This contact information will show up when configuring Recurring Reports under Generate Reports.

Contact information under Recurring Reports

Back to top

Support Requests

When you submit a support request, this information is sent to Salesforce.

Data collected
  • Account ID
  • Tenant ID
  • Name
  • Account Name
  • Company
  • Country
  • Email address
  • Phone number
  • Description of support request
Console locationSupport > Contact Support
Console settings

Create Case

Create support case

Back to top

Intrusion Prevention and Firewall

You can optionally configure Deep Security to use a Whois service to look up which domain name is associated with an IP address when you review logged intrusion prevention and firewall events. The IP address is sent directly to the Whois service and not to Trend Micro.

Data collectedIP addresses
Console locationAdministration > System Settings > Advanced
Console settings

Whois URL

Whois URL

Back to top

Anti-Malware: Smart Protection

Smart Protection Server for File Reputation Service is used by the anti-malware module. It supplies file reputation information required by Smart Scan. Alternatively, you can use a locally installed Smart Protection Server.

Data collected
  • Product information
  • Client device OS
  • Malicious or suspicious file information
  • Suspicious file signatures
  • Malicious or suspicious process information
Console locationComputer or Policy editor > Anti-Malware > Smart Protection
Console settings

Connect directly to Global Smart Protection Service

Connect directly to Global Smart Protection Service

Back to top

Anti-Malware: Process Memory Scan

Process Memory Scan connects to the Good File Reputation Service. This information enables Deep Security to identify good file hashes.

Data collectedFile hashes (SHA1) and additional information
Console locationPolicies > Common Object > Other > Malware Scan Configurations > Real-Time Scan configuration > General
Console settings

Scan process memory for malware

Scan process memory for malware

Back to top

Anti-Malware: Predictive Machine Learning

Predictive Machine Learning enables identification of potential malicious files.

Data collected
  • File name
  • Path
  • Signer
  • Hashes (SHA1)
Console locationPolicies > Common Objects > Other > Malware Scan Configurations > Real-Time Scan configuration > General
Console settings

Enable Predictive Machine Learning

Enable Predictive Machine Learning

Back to top

Anti-Malware: Smart Scan

This information is sent when a file scan occurs and enables Deep Security to identify malicious file hashes.

Data collectedFile hashes (CRC) and additional information
Console locationComputer or policy editor > Anti-Malware > Smart Protection > Smart Scan
Console settings

Untick Inherited check box (if it's selected) and select Off.

Smart Scan configuration

Back to top

Anti-Malware: Behavior Monitoring

The behavior monitoring feature communicates with the Global Census Server and Good File Reputation Service. This enables Deep Security to identify good file hashes and to retrieve statistical data.

Data collectedFile hashes (SHA1) and additional information
Console locationPolicies > Common Objects > Other > Malware Scan Configuration > Real-Time Scan configuration > General
Console settings
  • Detect suspicious activity and unauthorized changes (incl. ransomware)
  • Back up and restore ransomware-encrypted files

Behavior Monitoring configuration

Back to top

Integrity Monitoring

You can configure Deep Security Manager to automatically tag integrity monitoring events. If you select the Certified Safe Software Service option, information is sent to the Trend Micro Certified Safe Software service. Alternatively, you can select one of the other options when configuring auto tagging, or don’t enable auto-tagging.

Data collectedFile hashes (SHA1) and additional information
Console locationEvents and Reports > Integrity Monitoring Events > Auto-Tagging > New Trusted Source
Console settings

Certified Safe Software Service

Certified Safe Software Service

Back to top

Web Reputation

The web reputation module uses the Trend Micro Smart Protection Network to determine whether URLs are malicious. When Connect directly to Global Smart Protection Service is selected, URLs are sent to Trend Micro. Alternatively, you can opt to use a locally installed Smart Protection Server. You must select one of these options to use the web reputation module. If you don’t want to use either of those options, go to the General tab and change the Web Reputation State to Off to disable the web reputation module.

Data collectedURL
Console locationComputer or Policy editor > Web Reputation > Smart Protection
Console settings

Connect directly to Global Smart Protection Service

Connect directly to Global Smart Protection Service

Back to top

Smart Feedback

Smart Feedback enables you to participate, share, and leverage Trend Micro’s global database of threat-related intelligence to rapidly identify and defend against potential threats within your unique network environment.

Data collected
  • Hostname
  • IP address
  • Endpoint IP
  • URL
  • Filename/Path
  • Suspicious executables and partial file content
  • Industry
  • Country
Console locationAdministration > System Settings > Smart Feedback
Console settings

Enable Trend Micro Smart Feedback

Enable Trend Micro Smart Feedback

Back to top

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1119904
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.