Security Risk Scan Widgets

Security Risk Scan widgets help you monitor activity about threats known to Trend Micro that affect your network. Threats may include known malware, spam email messages, file attributes, and URLs known as suspicious. Security Risk Scan discovers threats through traditional signature-based methods.

Threat Detection Count Widget

This widget shows the total detections for each service over the selected time period.

Cloud App Security scans all incoming email messages and uploaded files. Malware Scanning uses Trend Micro's virus scan engine to detect emerging threats.

The graph is based on the selected time period. The Y-axis represents the number of detections for each protected service. The X-axis represents the time period moving backwards in time from right to left. Mouse-over an area on the graph to learn more about a metric.

Use the drop-down menu to select the time period to view.

Click a service in the widget legend to show or hide data related to that service.

Advanced Threat Protection policies affect Cloud App Security scanning behavior for Malware Scanning. To configure Malware Scanning policies, see Configuring Malware Scanning.

Malware Detection Widget

This widget categorizes malware detection activity over the current and previous time periods.

Besides the traditional threat detection methods relying on pattern files, Cloud App Security also integrates the Trend Micro Predictive Machine Learning engine to help monitor potential malware behavior across your organization and protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis. For details about the engine, see About Predictive Machine Learning.

In addition, Cloud App Security can choose to implement the suspicious file list synchronized from its integrated Trend Micro Control Manager during scanning. For details, see Configuring Suspicious Object List.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for malware detection. To configure Malware Scanning policies, see Configuring Malware Scanning.

Credential Phishing Detection Widget

This widget categorizes credential phishing detection activity over the current and previous time periods.

Attackers may use phishing websites that disguise as legitimate websites to steal user credentials that provide access to your network. Cloud App Security provides multiple mechanisms to detect these credential phishing scams across your organization and prevent your users from the fraudulent websites that trick users into providing credential information. Web Reputation Services, together with dynamic URL scanning and artificial intelligence (AI)-based computer vision, set up more than one safeguard to screen out credential phishing URLs in email messages and files in protected services. For more information on these mechanisms, see Web Reputation Services.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

File Blocking by Type Widget

This widget categorizes file blocking activity over the current and previous time periods.

Many malware closely associate with certain file type extensions (examples: .doc, .exe, .dll). The file's extension identifies the file type. Similarly, specific attacks often associate with a specific file name. Cloud App Security can block files according to the file type, file name, file extension, or file contents that contain suspicious URLs.

  • For email services, file blocking prevents email messages containing suspicious attachments from delivering to recipients. Policy actions include replacing the file with a benign text file, quarantining or deleting all email messages with attachments that violate specified policies.

  • For other cloud applications, file blocking prevents suspicious files from entering cloud applications. Policy actions include quarantining or deleting files that violate specified policies.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for file blocking. To configure File Blocking policies, see Configuring File Blocking.

Web Reputation Summary Widget

This widget summarizes web reputation scanning activity over the current and previous time periods.

With one of the largest domain-reputation databases in the world, Trend Micro web reputation technology tracks the credibility of web domains by assigning a reputation score based on factors including website's age, historical location changes and indications of suspicious activities discovered through malware behavior analysis, such as phishing scams that are designed to trick users into providing personal information. To increase accuracy and reduce false positives, Trend Micro Web Reputation Services assigns reputation scores to specific pages or links within sites instead of classifying or blocking entire sites, since often, only portions of legitimate sites are hacked and reputations can change dynamically over time.

Trend Micro delivers Web Reputation Services to Cloud App Security through Trend Micro Smart Protection Network.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for web reputation. To configure Web Reputation policies, see Configuring Web Reputation.

Top 5 Suspicious URLs Widget

This widget shows the most frequent suspicious URLs in email messages, attachments, and files. Cloud App Security uses Trend Micro Web Reputation Services to detect a URL's risk level.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Users with Suspicious URLs Widget

This widget shows the users most frequently affected by suspicious URLs in email messages, attachments, and files. Cloud App Security uses Trend Micro Web Reputation Services to detect a URL's risk level.

Use the drop-down menu to select the time period to view.

Click the number under the current period to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Spam Detection by Category Widget

This widget categorizes spam detection activity over the current and previous time periods.

Many spam email messages are commercial in nature, but may also contain disguised links that appear to be for familiar websites but in fact lead to phishing websites or sites that are hosting malware.

Spam email messages may also be sent by someone impersonating high-level executives from a business for financial fraud, which is known as Business Email Compromise (BEC), an emerging global threat.

Cloud App Security uses Trend Micro Antispam Engine to provide advanced spam protection, as a complement to the email protection service on your email gateway side, to further protect Exchange Online users from BEC, ransomware, advanced phishing, and other high-profile attacks.

The Antispam engine uses spam signatures and heuristic rules to filter email messages. It scans email messages and assigns a spam score to each one based on how closely it matches the rules and patterns from the pattern file. It then compares the score to the user-defined spam detection level, and sends the result to Cloud App Security. When the spam score exceeds the detection level, Cloud App Security takes action against the email message based on the spam category that the message falls into.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Advanced Threat Protection policies affect Cloud App Security scanning behavior for spam detection. To configure Advanced Spam Protection policies, see Configuring Advanced Spam Protection.

Top 5 Spam Email Senders Widget

This widget shows the senders that most frequently distributed spam email messages in Exchange Online over the current and previous time periods.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).

Top 5 Recipients with Spam Email Messages Widget

This widget shows the Exchange Online users most frequently targeted by spam email messages.

Use the drop-down menu to select the time period to view.

Click the number under Detections to view logs related to the corresponding time period (last 24 hours, 7 days, or 30 days).