Views:

Learn about the widgets available on the Exposure Overview tab.

The Exposure Index displays your company's average exposure risk over the last 30 days. The Exposure Index score is calculated based on numerous factors including unpatched vulnerabilities and the likelihood of attack.
The Exposure Index is calculated using all data received from your business without applying asset visibility scope limits.
For customers with Vulnerability Assessment enabled, the Vulnerabilities section of the Exposure Overview tab displays time-critical security alerts related to detected vulnerabilities that might indicate an ongoing zero-day attack. Trend Micro only issues security alerts for zero-day vulnerabilities with available mitigation options.
Time-critical security alerts also display for high-profile N-day vulnerabilities that Trend Micro recommends you address immediately to bolster your security posture. If Vulnerability Assessment is enabled, you can see a summary of the number of assessed devices in your environment, how many are affected by the vulnerability, and how many endpoints have been the target of exploit attempts. To learn more about a highlighted vulnerability, available attack prevention and detection rules, and recommended mitigation or remediation options, click View details in the security alert.
The primary criteria for issuing a security alert for a time-critical CVE include the potential impact, whether the vulnerability is actively or highly likely to be exploited, and whether exploit code is publicly available.
The following tables outline the widgets available in the three tabs below the Exposure Index.

Vulnerabilities Widgets (Internal Assets)

Widget
Description
Vulnerability Assessment Coverage (Windows and Linux Endpoints)
The percentage of endpoints on your network running a supported operating system with endpoint sensors, Server & Workload Protection, or a third-party device data gathering service enabled, compared to the total estimated number of endpoints in your organization
Tip
Tip
Increase your deployment of endpoint sensors to at least 80% for better results.
  • Click Extend Assessment Scope to configure endpoint data sources.
  • Click View Devices to identify devices with no assessment visibility and troubleshoot issues.
Highly Exploitable Unique CVEs
The number of unique highly exploitable CVEs detected in your environment
A highly exploitable CVE is a critical vulnerability that is highly likely (or has been proven) to be exploited if not remediated.
Click View Details to view detailed information about CVEs detected in your environment and actionable information such as the CVE impact score, impact scope, and exploit attempts in Operations Dashboard.
Mean Time to Patch (MTTP)
The average time taken to apply critical patches on all managed endpoints running a supported Windows operating system
The Mean Time to Patch (MTTP) widget applies only to supported Windows platforms and major patch releases. You should carefully examine the MTTP data in conjunction with the Averaged Unpatched Time data to better mitigate highly exploitable vulnerabilities on your network.
Click View Details to view detailed information about devices with MTTP data in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time.
Average Unpatched Time
The average length of time that endpoints with highly exploitable CVEs remain unpatched to the current date.
The Average Unpatched Time widget applies only to supported Windows platforms and major patch releases. You should carefully examine the MTTP data in conjunction with the Averaged Unpatched Time data to better mitigate highly exploitable vulnerabilities on your network.
Click View Details to view detailed information about device average unpatched time in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time.
Vulnerable Endpoint Percentage
The percentage of endpoints with highly exploitable CVEs
The Vulnerable Endpoint Percentage widget applies to all endpoints with Vulnerability Assessment enabled. The Highly Exploitable CVE Density and Vulnerable Endpoint Percentage widgets work together to help you tailor your response to vulnerable endpoint risks.
Click View Details to view detailed information about vulnerable endpoints in Operations Dashboard.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
Highly Exploitable CVE Density
The total number of detected highly exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled
The density calculation includes operating system and application CVEs.
Click View Details to view detailed information about CVE density in Operations Dashboard.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
Devices With Legacy Windows Systems
Devices that run versions of the Windows operating system that have already reached End of Service (EOS) are more vulnerable to attack as no new security patches are available for newly identified CVEs.
Click View Details to view detailed information about devices with legacy Windows systems in Operations Dashboard.
For more information, check the Microsoft website.
Important
Important
For customers that have updated to the Foundation Services release, widgets in the Internal Assets tab of the Vulnerabilities section only show data for endpoints within the asset visibility scope of the current user.

Vulnerabilities Widgets (Internet-facing Assets)

Widget
Description
Highly Exploitable Unique CVEs on Hosts
The number of unique highly exploitable CVEs detected in your internet-facing assets
A highly exploitable CVE is a critical vulnerability that is highly likely (or has been proven) to be exploited if not remediated.
Vulnerable Host Percentage
The percentage of hosts with highly exploitable CVEs
The Vulnerable Host Percentage is calculated from the total number of hosts with highly exploitable CVEs divided by the total number of supported hosts. The Highly Exploitable CVE Density of Hosts and Vulnerable Host Percentage widgets work together to help you tailor your response to vulnerable hosts.
Highly Exploitable CVE Density of Hosts
The total number of detected highly exploitable CVEs divided by the total number of hosts with Vulnerability Assessment enabled
The Highly Exploitable CVE Density of Hosts widget is calculated from the total number of detected highly exploitable CVEs divided by the total number of hosts (Total CVEs / Total hosts). The density calculation includes application CVEs.

Vulnerabilities Widgets (Containers)

Widget
Description
Highly Exploitable Unique CVEs in Container Clusters
The number of highly exploitable CVEs detected in your container clusters
A highly exploitable CVE is a critical vulnerability that is highly likely (or has been proven) to be exploited if not remediated.
Tip
Tip
Click Extend Assessment Scope and add Kubernetes clusters with Runtime Scanning enabled or cloud accounts with Agentless Vulnerability & Threat Detection enabled in order to get better visibility into container asset vulnerabilities.
Vulnerable Container Cluster Percentage
The percentage of container clusters with highly exploitable CVEs
The Vulnerable Container Cluster Percentage widget is calculated by dividing the total number of container clusters with highly exploitable CVEs by the total number of supported container clusters. The Vulnerable Container Cluster Percentage widget helps you tailor your response to vulnerable containers.
Highly Exploitable Unique CVEs in Container Images
The number of highly exploitable CVEs detected in your container images
A highly exploitable CVE is a critical vulnerability that is highly likely (or has been proven) to be exploited if not remediated.
Vulnerable Container Image Percentage
The percentage of container images with highly exploitable CVEs
The Vulnerable Container Image Percentage widget is calculated by dividing the total number of container images with highly exploitable CVEs by the total number of supported container images. The Vulnerable Container Image Percentage widget helps you tailor your response to vulnerable container images.
Important
Important
For customers that have updated to the Foundation Services release, widgets in the Containers tab of the Vulnerabilities section only show data for containers within the asset visibility scope of the current user.

Vulnerabilities Widgets (Cloud VMs)

Widget
Description
Highly Exploitable Unique CVEs in Cloud VMs
The number of highly exploitable CVEs detected in your cloud VMs
A highly exploitable CVE is a critical vulnerability that is highly likely (or has been proven) to be exploited if not remediated.
Vulnerable Cloud VMs Percentage
The percentage of cloud VMs with highly exploitable CVEs
The Vulnerable Cloud VMs Percentage widget is calculated by dividing the total number of cloud VMs with highly exploitable CVEs by the total number of assessed cloud VMs. The Vulnerable Cloud VMs Percentage widget helps you tailor your response to vulnerable cloud VMs.

System Configuration Widgets

Widget
Description
Cloud Asset Misconfiguration Risks
Cloud infrastructure misconfigurations found in your AWS, Microsoft Azure, and Google Cloud environments.
Click View Details to view detailed information about your cloud assets with misconfiguration risks in Operations Dashboard.
Cloud Asset Compliance Violations
Cloud infrastructure compliance violations found in your AWS, Microsoft Azure, and Google Cloud environments.
Click View Details to view detailed information about your cloud assets with compliance violations in Operations Dashboard.
Unexpected Internet-Facing Services/Ports
An unexpected internet-facing service/port is a service or port that should not be exposed to the internet. Threat actors might be able to exploit the service/port to gain unauthorized access to your environment.
Examples include: insecure file sharing/exchange services and unencrypted sign-in services.
Click View Details to view detailed information about unexpected internet-facing services and ports in Operations Dashboard.
Hosts With Insecure Connection Issues
Insecure connection issues might result in data leaking during data transmission.
Examples include: invalid or expired certificates and insecure/deprecated encryption protocols.
Click View Details to view detailed information about hosts with insecure connections in Operations Dashboard.
Accounts With Weak Authentication
Causes of weak authentication might include the following items.
Microsoft Entra ID:
  • No multi-factor authentication (MFA)
  • No password expiration
  • No strong password requirement
  • No password required
Active Directory:
  • No password expiration
  • Legacy authentication method
Click View Details to view detailed information about accounts with weak authentication in Operations Dashboard.
For more information, see Accounts with weak authentication.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Accounts That Increase Attack Surface Risk
Account attack surface risks might include the following items.
  • Synced admin accounts: Highly authorized Microsoft Entra ID and Active Directory admin accounts should not be synced with admin or non-admin accounts.
  • Extra admin accounts: Companies should not have more than 5 Global/Company admin accounts.
  • Stale accounts: Accounts that remain inactive for more than 180 days should be removed or disabled.
Click View Details to view detailed information about accounts that increase attack surface risk in Operations Dashboard.
For more information, see Accounts that increase attack surface risk.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Accounts With Excessive Privilege
Excessive account privilege can include the following types.
  • Service account misconfiguration: Service accounts should only have the minimum permissions required to perform their tasks.
  • Highly authorized disabled accounts: Disabled accounts should not be assigned to highly authorized roles or groups.
Click View Details to view detailed information about accounts with excessive privilege in Operations Dashboard.
For more information, see Accounts with excessive privilege.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Legacy Authentication Protocol With Log On Activity
Legacy authentication is a term that refers to an authentication request made by:
  • Older Microsoft Office clients that do not use modern authentication (for example, the Microsoft Office 2010 client)
  • Any client that uses legacy mail protocols such as IMAP/SMTP/POP3
Note
Note
Legacy authentication does not support multi-factor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can authenticate using a legacy protocol and bypass MFA.
Click View Details to view detailed information about legacy authentication protocol with log on activity in Operations Dashboard.
Note
Note
For customers that have updated to the Foundation Services release, this widget is only available for users with the Accounts asset visibility scope.
Related information