Views:

Learn about the information available in Exposure Overview within Executive Dashboard.

Exposure Overview displays your company's average exposure risk level and corresponding risk score for the category over the last 30 days. The exposure score is calculated using the weight of each exposure-related risk factor and the corresponding risk events in your environment along with the potential impact if the detected issues are exploited. Time-critical vulnerabilities are given greater weight in the calculation.
Important
Important
The exposure risk level is calculated using all data received from your business without applying asset visibility scope limits.
For customers with Vulnerability Assessment enabled, the Vulnerabilities tab in Exposure Overview tab displays:
  • Time-critical security alerts: Alerts related to detected vulnerabilities on Windows or Linux devices that might indicate an ongoing zero-day attack, or high-profile N-day vulnerabilities that Trend Micro recommends you address immediately to bolster your security posture. The primary criteria for issuing a time-critical security alert include the potential impact, whether the vulnerability is highly likely to be exploited, and whether exploit code is publicly available.
    To learn more about a highlighted vulnerability, including affected operating systems, available attack prevention/detection rules, and recommended mitigation or remediation options, click View details in the security alert. Trend Micro only issues time-critical security alerts for vulnerabilities with available mitigation options. You may create a new case for the vulnerability or add the vulnerability to an existing case by clicking the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) in the vulnerability entry.
    Important
    Important
    Not all remediation or mitigation options are available for all supported operating systems. If automatic mitigation detection is unavailable, mitigated devices may still remain on the affected devices list after mitigation is complete.
    For high-profile N-day vulnerabilities, you can view a summary including:
    • The number of assessed devices in your environment
    • How many assessed devices are affected by the vulnerability
    • How many endpoints have been the target of exploit attempts related to the vulnerability
  • Vulnerabilities widgets: Widgets displaying metrics about your current exposure risk and vulnerability management status as they relate to different asset types in your organization. Vulnerability widgets are available for the following supported asset types:
    • Internal assets
    • Internet-facing assets
    • Containers
    • Cloud VMs
The following tables detail the vulnerabilities widgets available on the tab corresponding to each asset type.

Internal Assets

Widget
Description
Vulnerability Assessment Coverage (Windows and Linux Endpoints)
The percentage of endpoints on your network running a supported operating system that have an endpoint agent, Server & Workload Protection, Standard Endpoint Protection, or a third-party device data gathering service enabled as compared to the total estimated number of endpoints in your organization
Tip
Tip
Increase your deployment of endpoint agents to at least 80% for better results.
  • Click Extend Assessment Scope to configure endpoint data sources.
  • Click View Devices to identify devices with no assessment visibility and troubleshoot issues.
  • Click Configure CVE Coverage to select whether to assess for all CVEs or high-impact and medium-impact CVEs only.
    • Note
      Note
      This feature is not available in all regions.
Detected Vulnerabilities
The number of unique CVEs detected in your environment, organized by CVE impact score
  • High impact score: 70 to 100
  • Medium impact score: 31 to 69
  • Low impact score: 0 to 30
Click View Details to go to Operations DashboardVulnerabilities and see detailed information about CVEs detected in your environment, including individual CVE impact scores, impact scope, and related exploit attempts.
Mean Time to Patch (MTTP)
The average time taken to apply critical patches on all managed endpoints running a supported Windows operating system
The Mean Time to Patch (MTTP) widget applies only to supported Windows platforms and major patch releases. You should carefully examine the MTTP data in conjunction with the Averaged Unpatched Time (AUT) data to better mitigate vulnerabilities on your network.
Click View Details to view detailed information about devices with MTTP data in Operations Dashboard.
Tip
Tip
You can also add the MTTP widget to your custom dashboard in Security Dashboard.
Average Unpatched Time
The average length of time that endpoints with CVEs remain unpatched to the current date.
The Average Unpatched Time widget applies only to supported Windows platforms and major patch releases. You should carefully examine the MTTP data in conjunction with the Averaged Unpatched Time data to better remediate vulnerabilities on your network.
Click View Details to view detailed information about device average unpatched time in Operations Dashboard.
Tip
Tip
You can also add the AUT widget to your custom dashboard in Security Dashboard.
Vulnerable Endpoint Percentage
The percentage of endpoints in your environment supporting Vulnerability Assessment that contain CVEs
The Vulnerable Endpoint Percentage widget applies to all endpoints with Vulnerability Assessment.
Click View Details to view detailed information about vulnerable endpoints in Operations Dashboard.
CVE Density
The total number of detected CVEs divided by the total number of endpoints with Vulnerability Assessment
The density calculation includes operating system and application CVEs.
Click View Details to view detailed information about CVE density in Operations Dashboard.
The CVE Density and Vulnerable Endpoint Percentage widgets work together to help you tailor your response to endpoint vulnerabilities. For more information, see Vulnerability percentages and CVE density.
Devices With Legacy Windows Systems
Devices that run versions of the Windows operating system that have already reached End of Service (EOS)
Devices running legacy Windows systems are more vulnerable to attack as no new security patches are available for newly identified CVEs.
Click View Details to view detailed information about devices with legacy Windows systems in Operations Dashboard.
For more information, check Microsoft's product lifecycle documentation.
Important
Important
For customers that have updated to the Foundation Services release, widgets in the Internal Assets tab of the Vulnerabilities section only show data for endpoints within the asset visibility scope of the current user.

Internet-facing Assets

Widget
Description
Detected Vulnerabilities
The number of unique CVEs detected in your internet-facing assets
Host vulnerability metrics currently only include high-impact and medium-impact CVEs.
Vulnerable Host Percentage
The percentage of hosts with CVEs
The Vulnerable Host Percentage is calculated from the total number of hosts with CVEs divided by the total number of supported hosts.
CVE Density of Hosts
The total number of detected CVEs divided by the total number of hosts with Vulnerability Assessment
The CVE Density of Hosts is calculated from the total number of detected CVEs divided by the total number of hosts (Total CVEs / Total hosts). The density calculation includes application CVEs.
The CVE Density of Hosts and Vulnerable Host Percentage work together to help you tailor your response to host vulnerabilities.

Containers

Widget
Description
Detected Vulnerabilities in Container Clusters
The number of CVEs detected in your container clusters
Tip
Tip
Click Extend Assessment Scope and add Kubernetes clusters with Runtime Scanning enabled or cloud accounts with Agentless Vulnerability & Threat Detection enabled in order to get better visibility into container asset vulnerabilities.
Vulnerable Container Cluster Percentage
The percentage of container clusters with CVEs
The Vulnerable Container Cluster Percentage widget is calculated by dividing the total number of container clusters with CVEs by the total number of supported container clusters. The Vulnerable Container Cluster Percentage widget helps you tailor your response to container vulnerabilities.
Detected Vulnerabilities in Container Images
The number of CVEs detected in your container images
Vulnerable Container Image Percentage
The percentage of container images with CVEs
The Vulnerable Container Image Percentage widget is calculated by dividing the total number of container images with CVEs by the total number of supported container images. The Vulnerable Container Image Percentage widget helps you tailor your response to vulnerable container images.
Important
Important
For customers that have updated to the Foundation Services release, widgets in the Containers tab of the Vulnerabilities section only show data for containers within the asset visibility scope of the current user.

Cloud VMs

Widget
Description
Detected Vulnerabilities
The number of CVEs detected in your cloud VMs
Vulnerable Cloud VMs Percentage
The percentage of cloud VMs with CVEs
The Vulnerable Cloud VMs Percentage widget is calculated by dividing the total number of cloud VMs with CVEs by the total number of assessed cloud VMs. The Vulnerable Cloud VMs Percentage widget helps you tailor your response to vulnerable cloud VMs.
Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.

Serverless Functions

Widget
Description
Detected Vulnerabilities
The number of CVEs detected in your serverless functions
Vulnerable Serverless Function Percentage
The percentage of serverless functions with CVEs
The Vulnerable Serverless Function Percentage widget is calculated by dividing the total number of serverless functions with CVEs by the total number of assessed serverless functions. The Vulnerable Serverless Function Percentage widget helps you tailor your response to vulnerable serverless functions.
Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
The System Configuration tab within Exposure Overview contains information on misconfigurations detected in your supported assets. The following tables detail the widgets available in the Security Configuration tab.
Widget
Description
Cloud Asset Misconfiguration Risks
Cloud infrastructure misconfigurations found in your AWS, Microsoft Azure, and Google Cloud environments
Click View Details to view detailed information about your cloud assets with misconfiguration risks in Operations Dashboard.
Cloud Asset Compliance Violations
Cloud asset compliance violations found in your AWS, Microsoft Azure, and Google Cloud environments
To view detailed information about detected compliance violations, click View Details to access the Cloud Asset Compliance Violations screen in Operations Dashboard.
Unexpected Internet-Facing Services/Ports
Services or ports that are internet-facing but should not be exposed to the internet along with affected public IPs
Threat actors can exploit exposed services and ports to gain unauthorized access to your environment. Examples include insecure file sharing or exchange services and unencrypted sign-in services.
Click View Details to view detailed information about unexpected internet-facing services and ports in Operations Dashboard.
Hosts With Insecure Connection Issues
Hosts with connection issues that might result in data leaking during transmission
Insecure connection issues include invalid or expired certificates and insecure or deprecated encryption protocols.
Click View Details to view detailed information about hosts with insecure connections in Operations Dashboard.
Accounts With Weak Authentication
Accounts with weak authentication broken down into high-profile, highly authorized, and regular accounts as well as how safe your organization's accounts are compared to other companies in your region
Causes of weak authentication include:
  • Microsoft Entra ID:
    • No multi-factor authentication (MFA)
    • No password expiration
    • No strong password requirement
    • No password required
  • Active Directory:
    • No password expiration
    • Legacy authentication methods
Click View Details to view detailed information about accounts with weak authentication in Operations Dashboard.
For more information, see Accounts with weak authentication.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Accounts That Increase Attack Surface Risk
Accounts with configurations that increase your organization's attack surface risk
Account configuration risks include:
  • Synced admin accounts: Highly authorized Microsoft Entra ID and Active Directory admin accounts that should not be synced with admin or non-admin accounts
  • Extra admin accounts: Additional global or company admin accounts beyond those necessary for system administration
  • Stale accounts: Enabled accounts that have been inactive for more than 180 days
Click View Details to view detailed information about accounts that increase attack surface risk in Operations Dashboard.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Accounts With Excessive Privilege
Accounts with privileges beyond those required for daily operations
Excessive privilege indicators include:
  • Service account misconfiguration: Service accounts with permissions beyond those required to perform required tasks
  • Highly authorized disabled accounts: Disabled accounts assigned to highly authorized roles or groups
Click View Details to view detailed information about accounts with excessive privilege in Operations Dashboard.
For more information, see Accounts with excessive privilege.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Legacy Authentication Protocol With Log On Activity
Log on attempts made through legacy authentication protocols
Legacy authentication may be performed by:
  • Older Microsoft Office clients that do not use modern authentication (for example, the Microsoft Office 2010 client)
  • Any client that uses legacy mail protocols such as IMAP, SMTP, or POP3
Note
Note
Legacy authentication does not support multi-factor authentication (MFA). Even if you have an MFA policy enabled on your directory, a threat actor can bypass MFA and authenticate using available legacy protocols.
Click View Details to view detailed information about legacy authentication protocol with log on activity in Operations Dashboard.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
SaaS Application Misconfiguration Risks
SaaS application misconfigurations found in your environment
Click View Details to view detailed information about your SaaS applications with misconfiguration risks in Operations Dashboard.
SaaS Application Compliance Violations
SaaS application compliance violations found in your environment
Click View Details to view detailed information about your SaaS applications with compliance violations in Operations Dashboard.