Vulnerabilities | Trend Micro Service Central

Views:

View information about the Vulnerabilities risk factor, which is determined by highly exploitable CVEs detected on your managed assets.

Trend Micro analyzes your environment to identify any high-priority vulnerabilities in your organization using global activity data, CVE information, and local detection activity to produce customized vulnerability assessment scores for each asset. The Vulnerabilities risk factor contributes to the Exposure Index.

Trend Micro sources CVE information from the National Vulnerability Database (NVD) and security advisories issued by major software vendors, such as Microsoft and Red Hat. The NVD sometimes publishes information later than the vendors of affected products, which might result in delayed CVE assessment results in Trend Vision One.

The Vulnerability Assessment service scans endpoints for vulnerabilities related to the operating system, applications on Windows devices, and ECR container images. For more information about the specific operating systems supported by Vulnerability Assessment, see Vulnerability Assessment supported operating systems. For more information about supported language packages used in ECR container images, see Vulnerability Assessment supported language packages

On Windows devices, Vulnerability Assessment updates between 10 minutes and 1 hour after an operating system vulnerability is patched and applications are scanned once per day. On Linux devices, Vulnerability Assessment scans for vulnerabilities once per day.

The following table outlines the widgets available in the Vulnerabilities section.

Widget

Description

Vulnerability Management Metrics

View information about CVEs and operating system vulnerabilities effecting your organization.

The Patch Management section displays the average number of days it takes your organization to patch highly exploitable CVEs and average days that highly exploitable CVEs remain unpatched.

For more information, see Mean time to patch (MTTP) and average unpatched time.

Important

For customers that have updated to the Foundation Services release, Patch Management is only visible for users with full asset visibility scope.

The Highly Exploitable CVEs section displays information about the amount of highly exploitable CVEs effecting your devices, hosts, container clusters, cloud VMs, and cloud storage.

For more information, see Highly exploitable CVE density and vulnerable endpoint percentage.

Important

For customers that have updated to the Foundation Services release, the percentages of container clusters and cloud VMs containing highly exploitable CVEs are calculated using only the data of assets within the asset visibility scope of the current user.

The Legacy Operating Systems section displays the number of endpoints in your organization still running legacy Windows operating systems.

Highly Exploitable Unique CVEs

Lists devices, hosts, containers, and cloud VMs with highly exploitable CVEs.

The tabs of the Highly-Exploitable Unique CVEs widget display CVEs detected on your internal and internet-facing assets, as well as containers and cloud VMs. Mitigating the vulnerabilities with the highest CVE impact score, global exploit activity, or CVSS score is an effective way to reduce the Risk Index.

Click Data sources or Import Third-Party Data to configure data sources for CVE information.
Click a vulnerability ID to view detailed information on the CVE profiles screen.

Important

For customers that have updated to the Foundation Services release, additional details are only available for assets within the asset visibility scope of the current user.

The following table describes the risk indicators associated with the Vulnerabilities risk factor.

Indicator	Description	Data Sources	Target
OS vulnerability	The detection of exploitable operating system vulnerabilities on the endpoint	Endpoint Sensor Nessus Pro Rapid7 - InsightVM Rapid7 - Nexpose Tanium Comply Tenable Vulnerability Management Qualys	Device
Application vulnerability	The detection of exploitable application vulnerabilities on the endpoint	Endpoint Sensor Nessus Pro Rapid7 - InsightVM Rapid7 - Nexpose Tanium Comply Tenable Vulnerability Management Qualys	Device
Zero-day vulnerability	The detection of exploitable zero-day vulnerabilities on the endpoint	Endpoint Sensor	Device