Learn about the widgets available on the Exposure Overview tab.
The Exposure Index displays your company's average exposure risk over
the last 30 days. The Exposure Index score is calculated based on numerous
factors including unpatched vulnerabilities and the likelihood of attack.
The Exposure Index is calculated using all data received from your
business without applying asset visibility scope limits.
For customers with Vulnerability Assessment enabled, the Vulnerabilities section of
the Exposure Overview tab displays time-critical security alerts related to
detected vulnerabilities that might indicate an ongoing zero-day attack. Trend Micro only issues security alerts for zero-day vulnerabilities
with available mitigation options.
Time-critical security alerts also display for high-profile N-day vulnerabilities
that Trend Micro recommends you address immediately to bolster your security
posture. If Vulnerability Assessment is enabled, you can see a summary of the number of assessed
devices in your environment, how many are affected by the vulnerability, and how many
endpoints
have been the target of exploit attempts. To learn more about a highlighted vulnerability,
available attack prevention and detection rules, and recommended mitigation or remediation
options, click View details in the security alert.
The primary criteria for issuing a security alert for a time-critical CVE include
the
potential impact, whether the vulnerability is actively or highly likely to be exploited,
and
whether exploit code is publicly available.
The following tables outline the widgets available in the three tabs below the Exposure
Index.
Vulnerabilities Widgets (Internal Assets)
Widget
|
Description
|
||
Vulnerability Assessment Coverage (Windows and Linux Endpoints)
|
The percentage of endpoints on your network running a supported operating system with
endpoint sensors, Server & Workload Protection, or a third-party device data
gathering service enabled, compared to the total estimated number of endpoints in
your
organization
|
||
Highly Exploitable Unique CVEs
|
The number of unique highly exploitable CVEs detected in your environment
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
Click View Details to view detailed information about CVEs detected
in your environment and actionable information such as the CVE impact score, impact scope, and exploit attempts in
Operations Dashboard.
|
||
Mean Time to Patch (MTTP)
|
The average time taken to apply critical patches on all managed endpoints running
a
supported Windows operating system
The Mean Time to Patch (MTTP) widget applies only to supported
Windows platforms and major patch releases. You should carefully examine the MTTP
data in
conjunction with the Averaged Unpatched Time data to better mitigate highly exploitable
vulnerabilities on your network.
Click View Details to view detailed information about devices with
MTTP data in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time.
|
||
Average Unpatched Time
|
The average length of time that endpoints with highly exploitable CVEs remain unpatched
to
the current date.
The Average Unpatched Time widget applies only to supported Windows
platforms and major patch releases. You should carefully examine the MTTP data in
conjunction with the Averaged Unpatched Time data to better mitigate
highly exploitable vulnerabilities on your network.
Click View Details to view detailed information about device
average unpatched time in Operations Dashboard.
For more information, see Mean time to patch (MTTP) and average unpatched time.
|
||
Vulnerable Endpoint Percentage
|
The percentage of endpoints with highly exploitable CVEs
The Vulnerable Endpoint Percentage widget applies to all endpoints
with Vulnerability Assessment enabled. The Highly Exploitable CVE
Density and Vulnerable Endpoint Percentage widgets work
together to help you tailor your response to vulnerable endpoint risks.
Click View Details to view detailed information about vulnerable
endpoints in Operations Dashboard.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
|
||
Highly Exploitable CVE Density
|
The total number of detected highly exploitable CVEs divided by the total number of
endpoints with Vulnerability Assessment enabled
The density calculation includes operating system and application CVEs.
Click View Details to view detailed information about CVE density
in Operations Dashboard.
For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.
|
||
Devices With Legacy Windows Systems
|
Devices that run versions of the Windows operating system that have already reached
End of
Service (EOS) are more vulnerable to attack as no new security patches are available
for
newly identified CVEs.
Click View Details to view detailed information about devices with
legacy Windows systems in Operations Dashboard.
For more information, check the Microsoft website.
|
![]() |
ImportantFor customers that have updated to the Foundation Services
release, widgets in the Internal Assets tab of the
Vulnerabilities section only show data for endpoints within the asset
visibility scope of the current user.
|
Vulnerabilities Widgets (Internet-facing Assets)
Widget
|
Description
|
Highly Exploitable Unique CVEs on Hosts
|
The number of unique highly exploitable CVEs detected in your internet-facing assets
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
Vulnerable Host Percentage
|
The percentage of hosts with highly exploitable CVEs
The Vulnerable Host Percentage is calculated from the total number of
hosts with highly exploitable CVEs divided by the total number of supported hosts.
The
Highly Exploitable CVE Density of Hosts and Vulnerable Host
Percentage widgets work together to help you tailor your response to vulnerable
hosts.
|
Highly Exploitable CVE Density of Hosts
|
The total number of detected highly exploitable CVEs divided by the total number of
hosts
with Vulnerability Assessment enabled
The Highly Exploitable CVE Density of Hosts widget is calculated from
the total number of detected highly exploitable CVEs divided by the total number of
hosts
(Total CVEs / Total hosts). The density calculation includes application CVEs.
|
Vulnerabilities Widgets (Containers)
Widget
|
Description
|
||
Highly Exploitable Unique CVEs in Container Clusters
|
The number of highly exploitable CVEs detected in your container clusters
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
||
Vulnerable Container Cluster Percentage
|
The percentage of container clusters with highly exploitable CVEs
The Vulnerable Container Cluster Percentage widget is calculated by
dividing the total number of container clusters with highly exploitable CVEs by the
total
number of supported container clusters. The Vulnerable Container Cluster
Percentage widget helps you tailor your response to vulnerable containers.
|
||
Highly Exploitable Unique CVEs in Container Images
|
The number of highly exploitable CVEs detected in your container images
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
||
Vulnerable Container Image Percentage
|
The percentage of container images with highly exploitable CVEs
The Vulnerable Container Image Percentage widget is calculated by
dividing the total number of container images with highly exploitable CVEs by the
total
number of supported container images. The Vulnerable Container Image
Percentage widget helps you tailor your response to vulnerable container
images.
|
![]() |
ImportantFor customers that have updated to the Foundation Services
release, widgets in the Containers tab of the
Vulnerabilities section only show data for containers within the asset
visibility scope of the current user.
|
Vulnerabilities Widgets (Cloud VMs)
Widget
|
Description
|
Highly Exploitable Unique CVEs in Cloud VMs
|
The number of highly exploitable CVEs detected in your cloud VMs
A highly exploitable CVE is a critical vulnerability that is highly likely (or has
been
proven) to be exploited if not remediated.
|
Vulnerable Cloud VMs Percentage
|
The percentage of cloud VMs with highly exploitable CVEs
The Vulnerable Cloud VMs Percentage widget is calculated by dividing
the total number of cloud VMs with highly exploitable CVEs by the total number of
assessed
cloud VMs. The Vulnerable Cloud VMs Percentage widget helps you tailor
your response to vulnerable cloud VMs.
|
System Configuration Widgets
Widget
|
Description
|
||||
Cloud Asset Misconfiguration Risks
|
Cloud infrastructure misconfigurations found in your AWS, Microsoft Azure, and Google
Cloud environments.
Click View Details to view detailed information about your cloud
assets with misconfiguration risks in Operations Dashboard.
|
||||
Cloud infrastructure compliance violations found in your AWS, Microsoft Azure, and
Google
Cloud environments.
Click View Details to view detailed information about your cloud
assets with compliance violations in Operations Dashboard.
|
|||||
Unexpected Internet-Facing Services/Ports
|
An unexpected internet-facing service/port is a service or port that should not be
exposed
to the internet. Threat actors might be able to exploit the service/port to gain
unauthorized access to your environment.
Examples include: insecure file sharing/exchange services and unencrypted sign-in
services.
Click View Details to view detailed information about unexpected
internet-facing services and ports in Operations Dashboard.
|
||||
Hosts With Insecure Connection Issues
|
Insecure connection issues might result in data leaking during data transmission.
Examples include: invalid or expired certificates and insecure/deprecated encryption
protocols.
Click View Details to view detailed information about hosts with
insecure connections in Operations Dashboard.
|
||||
Accounts With Weak Authentication
|
Causes of weak authentication might include the following items.
Microsoft Entra ID:
Active Directory:
Click View Details to view detailed information about accounts with
weak authentication in Operations Dashboard.
For more information, see Accounts with weak authentication.
|
||||
Accounts That Increase Attack Surface Risk
|
Account attack surface risks might include the following items.
Click View Details to view detailed information about accounts that
increase attack surface risk in Operations Dashboard.
For more information, see Accounts that increase attack surface risk.
|
||||
Accounts With Excessive Privilege
|
Excessive account privilege can include the following types.
Click View Details to view detailed information about accounts with
excessive privilege in Operations Dashboard.
For more information, see Accounts with excessive privilege.
|
||||
Legacy Authentication Protocol With Log On Activity
|
Legacy authentication is a term that refers to an authentication request made by:
Click View Details to view detailed information about legacy
authentication protocol with log on activity in Operations Dashboard.
|