Risk Reduction Measures | Trend Micro Service Central

Views:

View information about high-impact risk events and remediation steps that you must complete to achieve specific risk reduction goals.

Risk Reduction Measures provides a structured and targeted approach to reducing your Risk Index. After you select a risk reduction goal, the widget displays the risk events with the highest impact on the Risk Index, the assets most affected by these events, and the recommended remediation steps. To access the widget, go to Operations Dashboard → Risk Factors → Risk Reduction Measures.

Note

Updating the Risk Index after remediation might take up to 24 hours to complete, depending on the connected data sources.

The following table outlines the actions you can perform on the widget.

Action

Description

Select a risk reduction goal

Click Select a Goal to choose an available risk reduction goal or specify your own goal.

View a summary of the risk events that you must remediate to achieve the selected goal

The widget shows information about risk events with the highest impact on your Risk Index, including the following:

Type and quantity of assets most impacted by the risk event
Real-time impact of remediation on the Risk Index

Recommended remediation steps

Note

Following these recommendations might automatically adjust the Risk Index, depending on the risk event remediated.

Data in the summary table is updated every 4 hours while changes to asset details take effect immediately. Any inconsistencies might be resolved whenever the summary table is updated.

View information about the assets that were most impacted by each risk event

Click any risk event to view the list of most impacted assets with available remediation actions. Attack Surface Risk Management recommends prioritizing these assets so you can achieve the selected risk reduction goal.

The list only includes assets with risk events that are marked "New" and "In progress".

Important

For customers that have updated to the Foundation Services release, additional details are only available for devices within the asset visibility scope of the current user.

Change the status of risk events.

To track your remediation progress, you can change the status of risk events. Changing the status of risk events affects individual asset risk scores and ultimately your organization's Risk Index.

Risk events for six of the eight risk factors can be marked as one of the five following statuses:

New: Newly reported events requiring processing. New events affect individual risk scores and the Risk Index.
In progress: Events that are undergoing processing. In progress events affect individual risk scores and the Risk Index.
Remediated: Events that have been properly handled. Remediated events do not affect the Risk Index until a new instance of the event is reported.
Dismissed: Events that have been manually marked as posing no risk to your organization. Dismissed events do not affect the Risk Index until a new instance of the event is reported or an event rule for the risk event is created.
Accepted: Events that have been marked as too difficult or expensive to address. Accepted events continue to affect the Risk Index until they are remediated or dismissed. When marking a risk event as Accepted, you may create an event rule to mark current and future instances of the event as Accepted for a specified time period.

Note

The Risk Index might take up to 30 minutes to update after changing the status of a risk event.

When marking a risk event as Dismissed, you may create an event rule so that future instances of the event are not reported and do not contribute to your Risk Index.

In the Mark as Dismissed or Mark as Accepted dialog, select Create event rule for the selected risk event.
Click Event rule settings.
Select the scope for the new event rule under Apply to.

To view and remove previously created event rules, go to Event Rule Management.

For vulnerability-related risk events, the Remediated, Dismissed, and Accepted statuses are not currently available. Instead, use the Closed status to prevent risk events from affecting the Risk Index.

The status of XDR detection-related risk events that have an assigned workbench alert can only be changed in the Workbench app.

View information about all actionable risk events.

Click All risk events to view the list of all risk events identified in the last 30 days with available remediation actions. You can also view information about all assets impacted by each risk event.

Displays the overall Risk Index overview for your organization over the last 7 days and the specific risk categories that contribute to the score.

The Risk Reduction Measures widget lists risk events and related assets with the highest impact on your Risk Index and suggests effective remediation steps based on your selected risk reduction goal. Click Select a Goal to change the risk reduction goal.

To view a list of users and devices that pose the greatest risk to your organization, click At-Risk Users/Devices (deprecated).