DATASHEET

Trend Micro

CLOUD ONE™ - APPLICATION SECURITY

Detection and protection for modern applications and APIs built on your container, serverless,
and other computing platforms

Businesses are aligning to cloud-native application architectures faster than ever before. Application Security’s Key Benefits
Brought on by streamlined operations processes and the flexibility in build pipeline
development tools and services, businesses are using application development as a • Detects and protects against the OWASP
Top 10 runtime threats, including SQLi.
strategic investment in the hopes that they’ll achieve improved application delivery and
Remote command execution (RCE)
customer satisfaction. threats are also provided in detection
A recent study conducted by research firm ESG indicated that 35 percent of businesses mode.
were using a combination of containers and serverless platforms for their application • Blocks injection and other automated
builds, with serverless adoption was quickly on the rise. attacks

It continues to become easier to make applications for the web, and businesses are using • Complete coverage and reporting of
them at ever-increasing rates. Unfortunately, not everyone—including developers and every attack instance
those who must defend their systems—knows how to secure them properly. With the • Provides full diagnostic details about code
interconnection of most web applications and IT systems, this lack of knowledge exposes vulnerabilities
enterprises to security risks from hackers who know how to exploit vulnerabilities in order • Avoids time-wasting false positives and
to gain access to systems, software, and sensitive data. theoretical issues

Trend Micro Cloud One™ – Application Security is built for speedy deployment, with minimal • Offers insight into an attacker’s identity
and attack methodology
impact on development streams and performance. It only takes a minute to add the library
to your application, and there is no need to change your development code. Application • Installs in two minutes—no source code
Security bootstraps itself into your application at runtime, as opposed to an SDK that has to changes required
be integrated into the application. You just need to include the Application Security library
with your application and activate it with the application keys. This approach simplifies
how security is delivered and is a significant shift for application developers who need
immediate, real-time protection for their apps and customers.
Application Security minimizes design and deployment risks by protecting against
sophisticated hacks from inside the application. Optimized for modern application
architectures, Application Security immediately blocks unwanted activity in real time to
protect data and business logic. The result is unprecedented protection, keeping web
application owners and their users safe from hacks with the highest degree of accuracy.

Page 1 of 4 • DATASHEET • TREND MICRO CLOUD ONE™ - APPLICATION SECURITY

 VULNERABILITY DETECTION Knowledge is Power
Bots, hackers, and other bad actors will find and exploit vulnerabilities in web applications, which
are caused by coding errors and weaknesses in dependencies.
How does Application Security differ
NO CODE CHANGES REQUIRED from other RASP technologies?
The self-contained Application Security agent runs inside the process of your application without
There are three primary differences:
requiring any code changes in the application itself.
• Code-level visibility into attacks
SECURE YOUR CUSTOMERS’ DATA
Application Security is designed specifically to secure web assets in the cloud and within local • Broader coverage of different
vulnerabilities
networks, protecting your customers’ data and your business.
• Breadth of platform support
AUTOMATIC PROTECTION
When your app is exposed to a malicious attack, the agent identifies the attacker, type of attack, and
In addition to securing your customers
blocks it. User data is protected, and you have the insight you need to fix the coding vulnerabilities.
and applications, Application Security
enables development teams to quickly
One of the key differentiators with Application Security is the ability to have malware identify and prioritize vulnerability
detection where your web application might accept file uploads, such as attachments, remediation efforts by providing vital
pictures/avatars, or PDFs. information about the identity and
severity of attackers.
Hackers can take advantage of the this by uploading malicious files, such as excel
spreadsheets with malicious macros, images with ImageTragick payloads, or PDFs with
malicious scripts. You need to be able to quickly and easily block this threat prior to any
destination point without forcing developers to write or modify code.

HOW APPLICATION SECURITY WORKS

Application Security is based on runtime self-protection technology. The Application Security

library is self-contained and independently protects its application, even if it becomes
disconnected from the Application Security service. User data is never exposed outside the
application, ensuring your apps remain compliant with data protection mandates.

Protects Blocks Secures

Protects applications with known Blocks sensitive data Secures hard-to-monitor
vulnerabilities until remediation from being exposed by applications, for example, when
resources are available injection attacks hundreds of web apps are
running simultaneously on an
internal network.

Page 2 of 4 • DATASHEET • TREND MICRO CLOUD ONE™ - APPLICATION SECURITY

 Application Security lets you monitor and review exploitation attempts across an unlimited number of applications. Attack details are
propagated across your infrastructure, meaning, if an attack is detected on one application, it is immediately flagged on every app
server and for every monitored app in your account.
While the performance experienced by an end user may vary depending on the application type and its overhead, Application Security
strives to make sure requests can be handled in under 1 ms.
Application Security delivers information, such as the time, origin, and type, on every attack that occurs on your apps to a central
reporting point. Over time, this information builds into a broad profile of the attacks impacting your networks, enabling your web
security team to map trends and deploy appropriate resources.
Application Security also gives your developers full visibility into how the vulnerability in your code would have been exploited,
including a stack trace down to the line of code (where relevant), reporting of request parameters, and how your app’s behavior would
have been modified.
.

Page 3 of 4 • DATASHEET • TREND MICRO CLOUD ONE™ - APPLICATION SECURITY

 THREAT TYPE DETECTION PROTECTION
Open Redirect √ √
SYSTEM REQUIREMENTS
Remote Command Execution (RCE) √ √ • Java (8 and newer)
• Python (2.7, 3.4 and newer)
Illegal File Access √ √
• NodeJS (10 and newer)
SQL Injection √ √ • PHP (7.0 and newer)
Antivirus/Anti-Malware Scanning of File • .NET coming soon (.NET Framework 4.5.2
√ √
Uploads and newer, .NET Core 2.0 and newer)
Malicious Payload √ √ • Ruby coming soon (2.0.0 and newer)

Application Security automatically protects your apps against common web-based attacks
and many classes of zero-day vulnerabilities. Additionally, with Application Security’s deep
instrumentation, API’s are protected similar to a web application across a JSON/GraphQL
interface. With Application Security working inside the application, you only need one
solution to secure both your web application and API’s.

Application Security is part of Trend Micro Cloud One™, a cloud security

services platform, which also includes:

• Trend Micro Cloud One™ – Workload Security:

Runtime protection for workloads (virtual, physical, cloud, and containers)

• Trend Micro Cloud One™ – Container Image Security:

Image scanning in your build pipeline

• Trend Micro Cloud One™ – File Storage Security:

Security for cloud file and object storage services

• Trend Micro Cloud One™ – Network Security:

Cloud network layer IPS security

• Trend Micro Cloud One™ – Conformity:

Cloud security and compliance posture management

©2019 by Trend Micro Incorporated. All rights reserved. Trend Micro, and
the Trend Micro t-ball logo, OfficeScan and Trend Micro Control Manager are
trademarks or registered trademarks of Trend Micro Incorporated. All other
company and/or product names may be trademarks or registered trademarks
of their owners. Information contained in this document is subject to change
without notice.

For details about what personal information we collect and why, please see
our Privacy Notice on our website at: https://www.trendmicro.com/privacy
[DS02_Cloud_One_Application_Security_191108US]

Page 4 of 4 • DATASHEET • TREND MICRO CLOUD ONE™ - APPLICATION SECURITY