Datasheet

Trend Cloud One™ – Conformity

Cloud security and compliance posture management

Organizations are rapidly migrating to cloud computing and adopting innovations to

help with new or existing cloud projects. For some, traversing this path has been a
multi-year endeavor; others are learning about cloud technologies for the first time
and discovering a world of possibility. However, with increased possibilities come new
impacts on the business—the infrastructure, technology, security, and team dynamics Nearly all successful attacks
need to adjust to this evolution. on cloud services are as a
While cloud computing leads to more automation, cloud engineering and operations result of misconfiguration,
teams now require greater visibility of all the moving parts across their infrastructure
and platforms. This increase in complexity can result in the rise of cloud-related
mismanagement, and mistakes.
cybersecurity risk because of misconfigurations across storage, network, and Continuously scanning
identity. Furthermore, it can leave DevOps and cloud teams with a trail of unmanaged workloads with cloud security
risks across multi-cloud environments in addition to performance, compliance, and posture management (CSPM)
operational concerns. This creates the perfect storm to negatively impact the business’
reputation and bottom line. tools, covering identity, network,
and storage configuration,
Introducing Trend Cloud One™ – Conformity
is critical in identifying
Conformity enables you to fulfill your side of the shared responsibility model with
guardrails for your cloud. Providing continuous security, compliance, and governance in these problems.
a cloud-native platform to help you manage misconfigurations of cloud resources and
“Endpoint and Server Security:
strengthen your security posture.
Common Goals, Divergent
With almost 1,000 cloud infrastructure configuration checks out of the box, across Solutions” published 01/2021
Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform™, your cloud ID: G00377795
services are scanned in real time. This provides you with visibility of your entire cloud
environment, your compliance score, contextual insights, and alerts for any risks in your
cloud infrastructure.

How Conformity Works

There is nothing to download or deploy. Simply sign up for a 30-day free trial, connect
your cloud account, and in minutes you will have a comprehensive view of your cloud
security posture. Conformity uses a custom access policy to view your cloud account
metadata configuration settings – there is no read or write access to your data.

Conformity is more than just

a security tool. It provides me
with situational awareness
by giving me a global view of
everything that I have inside my
cloud—helping me manage it
and take action.
Jason Cradit,
Principal Cloud Architect,
1898 & Co.

Page 1 of 4 Datasheet • Trend Cloud One™ – Conformity

 Datasheet

WHAT SETS US APART Fast Facts

World-class technology leaders are putting tremendous effort into building the most • Extensive depth and breadth of
secure, optimized, resilient, and scalable cloud infrastructure for their businesses. coverage on AWS, Azure, and Google
1. Continuously build your cloud infrastructure to industry best practices Cloud services.
Guardrails to innovate in the cloud with confidence. Each configuration recommendation • Nearly 1,000 real-time industry best
in Conformity is founded on the design principles of the Well-Architected Frameworks, practice checks. No need to build
enabling you to create best-of-breed infrastructure and preventing common technical your own.
pitfalls. This ensures your infrastructure is truly benefiting from all of the advantages
your cloud services platform offers. • Real-time monitoring and alerts.
• Extremely actionable and easy to use.
The Well-Architected Framework is made of up six pillars: security, operational
excellence, reliability, performance efficiency, cost optimization, and sustainability. • Includes remediation guides and auto-
Each recommendation and remediation step displays which pillar it supports, giving remediation.
you assurance that your cloud infrastructure is configured and deployed securely while • Seamless integrations with key
your systems and sensitive data are properly protected. Leverage auto-remediation ticketing and communication channels
capabilities for any rules you want to be automatically addressed,Manage compliance at like Slack, ServiceNow, Jira, PagerDuty,
scale in the cloud.
Microsoft Teams, and more.
• CloudFormation and TerraForm
template scanner capability scans
IaC templates

Industry standards and compliance requirements are constantly changing. Benefit

from continuous scans against compliance and industry standards in your cloud
infrastructure and immediately act on high-risk policy violations against SOC2, ISO
27001, NIST, CIS, GDPR, PCI DSS, GDPR, HIPAA, and more.
Leverage standardized or custom reports, auditing your infrastructure for
misconfigurations with an endless combination of filters. Run exportable reports on
your cloud environments for internal and external audits against benchmark standards.
2. Manage compliance at scale in the cloud
Industry standards and compliance requirements are constantly changing. Benefit
from continuous scans against compliance and industry standards in your cloud
infrastructure and immediately act on high-risk policy violations against SOC2, ISO
27001, NIST, CIS, GDPR, PCI DSS, GDPR, HIPAA, and more.
Leverage standardized or custom reports, auditing your infrastructure for
misconfigurations with an endless combination of filters. Run exportable reports on
your cloud environments for internal and external audits against benchmark standards.

3. Democratize cloud operational excellence

Instill confidence in developers by providing guardrails that enable agile development
and a secure, optimized cloud infrastructure. Our Conformity Knowledge Base is a
continually growing library containing almost 1,000 step-by-step remediation guides for
public cloud infrastructure configurations. This empowers developers and engineers to
better understand how to build superior cloud architecture, regardless of their security
or technical expertise.
This readily available remediation information allows organizations to move quickly with
their cloud migration, DevOps processes, or other cloud projects without the fear of
introducing misconfigurations, vulnerabilities, or reliability risks.

Page 2 of 4 Datasheet • Trend Cloud One™ – Conformity

 Datasheet

Key Advantages

Be secure.
Complete visibility of your AWS, Azure,
and Google Cloud infrastructure with
a single, multi-cloud dashboard.
View your risk status and violations
with clear remediation steps and
immediate resolution.

Be compliant.
Industry standards and compliance
requirements are constantly changing.
Benefit from continuous scans against
compliance and industry standards,
including the SOC2, NIST, CIS, PCI DSS,
GDPR, HIPAA, and more.

Be assured.
Fully API-enabled automation removes
the manual, repetitive tasks that are
prone to human error. Embrace DevOps
without the fear of misconfiguration
introducing security gaps to your cloud
infrastructure.
Proactive prevention and automation
In addition to providing real-time threat monitoring and auto-remediation for your cloud
environments, you’ll quickly realize the value of shifting security and compliance to the
earliest phase of your CI/CD pipeline. With our Infrastructure as code (IaC) template
scanning, templates can instantly be run through the Conformity API during the coding
process. This will enable automated, proactive prevention of misconfigurations and give
you peace of mind that the code moving into your cloud infrastructure is fully compliant
and aligned to industry best practices.

Embed the CloudFormation

Template Scanning API into
Your CI/CD Pipeline

1 2
IDE Plugin scans GitHub Actions integration to
Infrastructure as Code (IaC) scan the IaC
as developers code it Developer commits the
IaC code changes

Webhook triggers the CI tool

(Jenkins, CircleCI, GitLab)

The CI tool downloads a local

3 copy of the IaC template

6 4

CI tool

The CI tool returns the The CI tool pushes IaC to the Trend
success/failure results to the Cloud One™ – Conformity
user and release branch owner API, using Bash or Python
via UI or email

Conformity returns
5 the results to the Conformity
CI: Continuous Integration CI tool
IDE Plugin: Integrated Development Environment Plugin

PROACTIVE PREVENTION AND AUTOMATION

In addition to providing real-time threat monitoring and auto-remediation for your cloud environments, you’ll quickly realize the value
of shifting security and compliance to the earliest phase of your CI/CD pipeline. With our AWS CloudFormation Template Scanner,
templates can instantly be run through the Conformity API during the coding process. This will enable automated, proactive prevention
of vulnerabilities and gives you peace of mind that the code moving into your cloud infrastructure is fully compliant.

Whether your cloud exploration is just taking shape, TRY IT IN YOUR ENVIRONMENT TODAY!
you’re midway through a migration, or you’re already
Sign up for a free trial of Conformity
running complex workloads in the cloud, Conformity
can help. This solution offers full visibility of your cloud
infrastructure and provides continuous cloud security Resources to learn more:
and compliance posture management based on the Conformity web page
AWS Well-Architected Framework. Let us do the heavy
Knowledge Base of best practice’s
lifting so you can focus on innovating.

Page 3 of 4 Datasheet • Trend Cloud One™ – Conformity

© 2020 Trend Micro Incorporated and/or its affiliates. All rights reserved. Trend Micro and the t-ball logo
are trademarks or registered trademarks of Trend Micro and/or its affiliates in the U.S. and other countries.
Third-party trademarks mentioned are the property of their respective owners.
 Datasheet

Set up conformity in minutes

Conformity is designed so you can be up and running within minutes. After you have
connected your AWS, Azure, or Google Cloud account, you’ll see the overall risk posture
of your cloud environment. You can replicate rules and communication preferences
across accounts to give development teams proper security guardrails.

Meet workflow and compliance requirements

Conformity currently integrates with the following communication channels, workflow
systems, and compliance standards.

Integration with:

Having Conformity continuously

Continuous compliance monitoring for: monitor our AWS infrastructure
And more compliance standards available...
and notify us in real time of any
critical issues ensures we remain
compliant with best practices,
and any potential threats to
our applications or data are
resolved before they impact
our business.

Team Lead of Information Security,

GrubHub

For more information, please visit

trendmicro.com

©2023 by Trend Micro Incorporated. All rights reserved. Trend Micro, and
the Trend Micro t-ball logo, OfficeScan and Trend Micro Control Manager are
trademarks or registered trademarks of Trend Micro Incorporated. All other
company and/or product names may be trademarks or registered trademarks
of their owners. Information contained in this document is subject to change
without notice. [DS10_Cloud_One_Conformity_221221_US]

For details about what personal information we collect and why, please see our
Privacy Notice on our website at: trendmicro.com/privacy

Page 4 of 4 Datasheet • Trend Cloud One™ – Conformity