Apply attack prevention/detection rules from TrendAI™ products to vulnerable assets in Cyber Risk Exposure Management in order to mitigate specific vulnerabilities and reduce risk.
When remediation options such as patches and updates are not available or otherwise
possible to apply to assets containing known CVEs, you may apply attack prevention/detection
rules from TrendAI™ products and solutions to the vulnerable assets to mitigate the vulnerability. Applying
endpoint-based attack prevention/detection rules also lowers the asset risk score.
Asset risk score reduction due to application of endpoint-based attack prevention/detection
rules is visible on the radar chart on the asset profile screen, with the hashed area
of the vulnerabilities section representing the amount the risk score has been reduced.
 |
NoteOnly endpoint-based attack prevention/detection rules currently affect the asset risk
score.
|
Specific attack prevention/detection rules are available based on your connected TrendAI™ endpoint and network protection products or TrendAI Vision One™ solutions, including:
-
Trend Cloud One™ - Endpoint & Workload Security
-
TrendAI™ Apex One™
-
TrendAI™™ Deep Security™
-
TrendAI Vision One™™ - Standard Endpoint Protection
-
TrendAI Vision One™ ™- Server & Workload Protection
-
TrendAI™™ TippingPoint™ Security Management System (SMS)
-
TrendAI™™ Worry-Free Services™
When viewing detected vulnerabilities in the Risk Assessment tab on an asset profile screen, the indicator next to the detection data source informs
you of the CVE mitigation status based on available and applied attack prevention/detection
rules:
-
No indicator: No attack prevention/detection rules are currently available for this CVE
-
Not mitigated (
): Attack prevention/detection rules are available for this CVE, but the rules have
not been applied to the asset -
Partially mitigated (
): Only some available attack prevention/detection rules have been applied to the
asset, or only network-based attack prevention/detection rules have been applied -
Mitigated (
): All available attack prevention/detection rules have been applied to the asset
 |
ImportantNetwork-based attack prevention-detection rules can only protect assets when they
are connected to the protected network segment. If an asset disconnects from or otherwise
leaves the network segment, network-based solutions can no longer protect the asset.
If you cannot patch the asset, TrendAI™ recommends applying endpoint-based attack prevention/detection rules in addition
to network-based rules in order to ensure the asset is protected at all times. Assets
with only network-based rules applied cannot be considered fully mitigated and will
not experience a risk score reduction.
|
To see whether attack prevention/detection rules are available for a vulnerable asset,
go to the asset profile screen and filter the displayed risk events by new vulnerabilities.
CVEs with available attack prevention/detection rules display a mitigation status
indicator. Expand the risk event details to view available mitigation options, and
click View vulnerability mitigation details or click the mitigation status indicator to view a list of available attack prevention/detection
rules by product or solution.
The following table details the information available in the Vulnerability mitigation details drawer for an asset.
|
Information
|
Details
|
|
Overall protection status
|
Whether the asset is protected by available attack prevention/detection rules and
when the rules were applied
|
|
Available protection solutions
|
Available TrendAI™ products and solutions with applicable attack prevention/detection rules, divided
into endpoint and network-based solutions
|
|
Available attack prevention/detection rules
|
Available rules from each product or solution, listed by filter rule ID
|
) indicates the rule has been applied
) indicates the rule has not been appliedOnce attack prevention/detection rules are applied to the asset, the status of associated
vulnerability risk events will automatically change to mitigated (
).
).