Highly exploitable CVE density and vulnerable endpoint percentage

Views:

Evaluate your company's exposure to CVEs and how you compare to global averages.

To better assist you in determining and responding to your company's vulnerabilities, Trend Micro designed certain metrics to complement each other for greater clarity.

The Highly-Exploitable CVE Density and Vulnerable Endpoint Percentage work together to help you tailor your response to vulnerable endpoint threats. The Vulnerable Container Cluster Percentage adds context regarding your exposure to CVEs in containers.

Metric

Description

Example

Highly-Exploitable CVE Density

Calculated from the total number of detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment)

Highly-Exploitable CVE Density calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total endpoint count: 3

Endpoint 1: 2 CVEs
Endpoint 2: 4 CVEs
Endpoint 3: 0 CVEs

Highly-exploitable CVE density (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment):

(2+4+0) / 3 = 2.0

Vulnerable Endpoint Percentage

Calculated from the total number of endpoints with detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100).

Vulnerable Endpoint Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of endpoints with detected highly-exploitable CVEs: 5
Total Vulnerability Assessment-enabled endpoints: 25

Vulnerable Endpoint Percentage (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100):

5 / 25 * 100 = 20%

Vulnerable Container Cluster Percentage

Calculated by dividing the total number of container clusters with detected highly-exploitable CVEs by the total number of container clusters with Vulnerability Assessment enabled (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100).

Note

The vulnerability assessment scope is limited to supported operating systems.

Vulnerable Container Cluster Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of container clusters with detected highly-exploitable CVEs: 13
Total Vulnerability Assessment-enabled container clusters: 37

Vulnerable Container Cluster Percentage (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100):

13 / 37 * 100 = 35%

Vulnerable Cloud VM Percentage

Calculated by dividing the total number of cloud VMs with detected highly-exploitable CVEs by the total number of cloud VMs with Vulnerability Assessment enabled (Total cloud VMs with vulnerabilities / Total cloud VMs with Vulnerability Assessment * 100).

Note

The vulnerability assessment scope is limited to supported operating systems.

Vulnerable Cloud VM Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of cloud VMs with detected highly-exploitable CVEs: 20
Total Vulnerability Assessment-enabled cloud VMs: 100

Vulnerable Cloud VM Percentage (Total cloud VMs with vulnerabilities / Total cloud VMs with Vulnerability Assessment * 100):

20 / 100 * 100 = 20%

Vulnerable Image Percentage

Calculated by dividing the total number of container images with detected highly-exploitable CVEs by the total number of container images with Vulnerability Assessment enabled (Total container images with vulnerabilities / Total container images with Vulnerability Assessment * 100).

Total number of container images with detected highly-exploitable CVEs: 25
Total Vulnerability Assessment-enabled container images: 100

Vulnerable Image Percentage (Total container images with vulnerabilities / Total container images with Vulnerability Assessment * 100):

25 / 100 * 100 = 25%

Important

CVE counts only include Highly-Exploitable CVEs based on global exploit activity and Trend Micro threat expert evaluations.
CVE counts include all Highly-Exploitable CVEs regardless of patch availability.
Only supported on Windows desktop platforms starting from Windows 10.

Example Scenario

Company A	Company B
CVE Density: 10.2 Vulnerable Endpoint Percentage: 5%	CVE Density: 10.2 Vulnerable Endpoint Percentage: 40%
Even though the CVE Density values for both companies are the same (10.2), the risk profiles are very different. Company A has a small number of endpoints (5%) with a large number of critical CVEs, which could indicate that the company regularly applies patches and only a limited subset of endpoints have not yet received the latest update. Company B has a large number of endpoints (20%) with a large number of CVEs, which could indicate that the company has a delayed policy in patching endpoints, possibly due to internal testing requirements. Examining both metrics can help a company determine the best method to reduce the CVE vulnerability.