Learn about the information available in Exposure Overview within Executive Dashboard.
Exposure Overview displays your company's average exposure risk level and corresponding risk score
for the category over the last 30 days. The exposure score is calculated using the
weight of each exposure-related risk factor and the corresponding risk events in your
environment along with the potential impact if the detected issues are exploited.
Time-critical vulnerabilities are given greater weight in the calculation.
![]() |
ImportantThe exposure risk level is calculated using all data received from your business without
applying asset visibility scope limits.
|
For customers with Vulnerability Assessment enabled, the Vulnerabilities tab in Exposure Overview tab displays:
-
Time-critical security alerts: Alerts related to detected vulnerabilities that might indicate an ongoing zero-day attack or high-profile N-day vulnerabilities that Trend Micro recommends you address immediately to bolster your security posture. The primary criteria for issuing a time-critical security alert include the potential impact, whether the vulnerability is highly likely to be exploited, and whether exploit code is publicly available.To learn more about a highlighted vulnerability, including available attack prevention and detection rules and recommended mitigation or remediation options, click View details in the security alert. Trend Micro only issues time-critical security alerts for vulnerabilities with available mitigation options.For high-profile N-day vulnerabilities, you can view a summary including:
-
The number of assessed devices in your environment
-
How many assessed devices are affected by the vulnerability
-
How many endpoints have been the target of exploit attempts related to the vulnerability
-
-
Vulnerabilities widgets: Widgets displaying metrics about your current exposure risk and vulnerability management status as they relate to different asset types in your organization. Vulnerability widgets are available for the following supported asset types:
-
Internal assets
-
Internet-facing assets
-
Containers
-
Cloud VMs
-
The following tables detail the vulnerabilities widgets available on the tab corresponding
to each asset type.
Internal Assets
Widget
|
Description
|
||
Vulnerability Assessment Coverage (Windows and Linux Endpoints)
|
The percentage of endpoints on your network running a supported operating system that
have an endpoint agent, Server & Workload Protection, Standard Endpoint Protection, or a third-party device data gathering service enabled as compared to the total
estimated number of endpoints in your organization
|
||
Highly Exploitable Unique CVEs
|
The number of unique highly exploitable CVEs detected in your environment
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
Click View Details to go to CVE impact score, impact scope, and related exploit attempts.
and see detailed information about highly exploitable CVEs detected in your environment
as well as actionable information such as the |
||
Mean Time to Patch (MTTP)
|
The average time taken to apply critical patches on all managed endpoints running
a
supported Windows operating system
The Mean Time to Patch (MTTP) widget applies only to supported Windows platforms and major patch releases. You
should carefully examine the MTTP data in conjunction with the Averaged Unpatched
Time (AUT) data to better mitigate highly exploitable vulnerabilities on your network.
Click View Details to view detailed information about devices with MTTP data in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time (AUT).
|
||
Average Unpatched Time
|
The average length of time that endpoints with highly exploitable CVEs remain unpatched
to
the current date.
The Average Unpatched Time widget applies only to supported Windows platforms and major patch releases. You
should carefully examine the MTTP data in conjunction with the Averaged Unpatched Time data to better remediate highly exploitable vulnerabilities on your network.
Click View Details to view detailed information about device average unpatched time in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time (AUT).
|
||
Vulnerable Endpoint Percentage
|
The percentage of endpoints in your environment supporting Vulnerability Assessment
that contain highly exploitable CVEs
The Vulnerable Endpoint Percentage widget applies to all endpoints with Vulnerability Assessment enabled.
Click View Details to view detailed information about vulnerable endpoints in Operations Dashboard.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
|
||
Highly Exploitable CVE Density
|
The total number of detected highly exploitable CVEs divided by the total number of
endpoints with Vulnerability Assessment enabled
The density calculation includes operating system and application CVEs.
Click View Details to view detailed information about CVE density in Operations Dashboard.
The Highly Exploitable CVE Density and Vulnerable Endpoint Percentage widgets work together to help you tailor your response to endpoint vulnerabilities.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
|
||
Devices With Legacy Windows Systems
|
Devices that run versions of the Windows operating system that have already reached
End of Service (EOS)
Devices running legacy Windows systems are more vulnerable to attack as no new security
patches are available for newly identified CVEs.
Click View Details to view detailed information about devices with legacy Windows systems in Operations Dashboard.
For more information, check Microsoft's product lifecycle documentation.
|
![]() |
ImportantFor customers that have updated to the Foundation Services
release, widgets in the Internal Assets tab of the
Vulnerabilities section only show data for endpoints within the asset
visibility scope of the current user.
|
Internet-facing Assets
Widget
|
Description
|
Highly Exploitable Unique CVEs on Hosts
|
The number of unique highly exploitable CVEs detected in your internet-facing assets
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
Vulnerable Host Percentage
|
The percentage of hosts with highly exploitable CVEs
The Vulnerable Host Percentage is calculated from the total number of hosts with highly exploitable CVEs divided
by the total number of supported hosts.
|
Highly Exploitable CVE Density of Hosts
|
The total number of detected highly exploitable CVEs divided by the total number of
hosts
with Vulnerability Assessment enabled
The Highly Exploitable CVE Density of Hosts is calculated from the total number of detected highly exploitable CVEs divided by
the total number of hosts (Total CVEs / Total hosts). The density calculation includes
application CVEs.
The Highly Exploitable CVE Density of Hosts and Vulnerable Host Percentage work together to help you tailor your response to host vulnerabilities.
|
Containers
Widget
|
Description
|
||
Highly Exploitable Unique CVEs in Container Clusters
|
The number of highly exploitable CVEs detected in your container clusters
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
||
Vulnerable Container Cluster Percentage
|
The percentage of container clusters with highly exploitable CVEs
The Vulnerable Container Cluster Percentage widget is calculated by dividing the total number of container clusters with highly
exploitable CVEs by the total number of supported container clusters. The Vulnerable Container Cluster Percentage widget helps you tailor your response to container vulnerabilities.
|
||
Highly Exploitable Unique CVEs in Container Images
|
The number of highly exploitable CVEs detected in your container images
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
||
Vulnerable Container Image Percentage
|
The percentage of container images with highly exploitable CVEs
The Vulnerable Container Image Percentage widget is calculated by
dividing the total number of container images with highly exploitable CVEs by the
total
number of supported container images. The Vulnerable Container Image
Percentage widget helps you tailor your response to vulnerable container
images.
|
![]() |
ImportantFor customers that have updated to the Foundation Services
release, widgets in the Containers tab of the
Vulnerabilities section only show data for containers within the asset
visibility scope of the current user.
|
Cloud VMs
Widget
|
Description
|
Highly Exploitable Unique CVEs in Cloud VMs
|
The number of highly exploitable CVEs detected in your cloud VMs
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
Vulnerable Cloud VMs Percentage
|
The percentage of cloud VMs with highly exploitable CVEs
The Vulnerable Cloud VMs Percentage widget is calculated by dividing
the total number of cloud VMs with highly exploitable CVEs by the total number of
assessed
cloud VMs. The Vulnerable Cloud VMs Percentage widget helps you tailor
your response to vulnerable cloud VMs.
|
![]() |
ImportantThis is a pre-release sub-feature and is not part of the existing features of an official
commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
|
The System Configuration tab within Exposure Overview contains information on misconfigurations detected in your supported assets. The
following tables detail the widgets available in the Security Configuration tab.
Widget
|
Description
|
||||
Cloud Asset Misconfiguration Risks
|
Cloud infrastructure misconfigurations found in your AWS, Microsoft Azure, and Google
Cloud environments
Click View Details to view detailed information about your cloud assets with misconfiguration risks
in Operations Dashboard.
|
||||
Cloud infrastructure compliance violations found in your AWS, Microsoft Azure, and
Google Cloud environments
Click View Details to view detailed information about your cloud assets with compliance violations in
Operations Dashboard.
|
|||||
Unexpected Internet-Facing Services/Ports
|
Services or ports that are internet-facing but should not be exposed to the internet
along with affected public IPs
Threat actors can exploit exposed services and ports to gain unauthorized access to
your environment. Examples include insecure file sharing or exchange services and
unencrypted sign-in services.
Click View Details to view detailed information about unexpected internet-facing services and ports
in Operations Dashboard.
|
||||
Hosts With Insecure Connection Issues
|
Hosts with connection issues that might result in data leaking during transmission
Insecure connection issues include invalid or expired certificates and insecure or
deprecated encryption protocols.
Click View Details to view detailed information about hosts with insecure connections in Operations Dashboard.
|
||||
Accounts With Weak Authentication
|
Accounts with weak authentication broken down into high-profile, highly authorized,
and regular accounts as well as how safe your organization's accounts are compared
to other companies in your region
Causes of weak authentication include:
Click View Details to view detailed information about accounts with weak authentication in Operations Dashboard.
For more information, see Accounts with weak authentication.
|
||||
Accounts That Increase Attack Surface Risk
|
Accounts with configurations that increase your organization's attack surface risk
Account configuration risks include:
Click View Details to view detailed information about accounts that increase attack surface risk in
Operations Dashboard.
For more information, see Accounts that increase attack surface risk.
|
||||
Accounts With Excessive Privilege
|
Accounts with privileges beyond those required for daily operations
Excessive privilege indicators include:
Click View Details to view detailed information about accounts with excessive privilege in Operations Dashboard.
For more information, see Accounts with excessive privilege.
|
||||
Legacy Authentication Protocol With Log On Activity
|
Log on attempts made through legacy authentication protocols
Legacy authentication may be performed by:
Click View Details to view detailed information about legacy authentication protocol with log on activity
in Operations Dashboard.
|