View detailed information about your company's Risk Index and the contributing Risk Factors in Operations Dashboard.
The Risk Index is the risk score for your organization derived from a comprehensive assessment of
a variety of risk categories and factors. The all-encompassing index incorporates
risk events that impact a wide range of assets, including users, devices, applications,
publicly accessible domains and IP addresses, and cloud-based assets. Risk assessment relies on connected data sources to assess how risk factors affect your specific
environment and to calculate your organization's total Risk Index. For a more comprehensive
risk assessment, configure more data sources.
The Risk Index automatically updates every four hours. Changes to the status of risk
events are reflected in the Risk Index after up to one hour. You may also manually
recalculate the Risk Index by clicking the Recalculate button. Manual recalculations take up to one hour to display.
Important
|
You may remediate or dismiss detected risk events in order to lower your overall Risk
Index. For Vulnerability risk events, you may apply available attack prevention/detection rules to mitigate the vulnerability. You may also accept the risk from risk events you
are unable to remediate. To see the total points currently contributed by risk events
within each risk factor, hover over the corresponding section of the radar chart in
Operations Dashboard.
Important
|
The following tables offer examples of the risk factors that contribute to the Risk
Index, organized by category: Exposure, Attack, and Security Configuration.
Exposure Risk Factors
Risk Factor
|
Indicator
|
Description
|
Leaked account
|
The detection of a user's account on the dark web
|
|
Suspicious user activity
|
Activity that may indicate the malicious intent of
a user purposefully creating anomalous activity
|
|
Targeted user account
|
The most at-risk user accounts that exhibited high
risk anomalous activities or were specifically targeted by malicious email campaigns
during
the evaluation period
|
|
OS vulnerability
|
The detection of exploitable operating system
vulnerabilities on the endpoint
|
|
Application vulnerability
|
The detection of exploitable application vulnerabilities
on the endpoint
|
|
Cloud VM vulnerability
|
The detection of exploitable operating system and
application vulnerabilities in a cloud VM
|
|
Network activity
|
Anomalous or malicious network activity
|
|
Storage activity
|
Cloud storage use by the account appears abnormal compared to
use by other company accounts
|
|
User activity
|
Abnormal user behavior patterns or preferences
|
|
Device activity
|
Abnormal device behavior patterns or preferences
|
|
Cloud app reputation
|
Calculated by Trend Micro threat experts based on
historical app data, known security features, and community knowledge
|
|
Internet-facing asset configuration
|
Misconfigured settings on publicly-facing domains and IP addresses
|
|
Cloud infrastructure configuration
|
Misconfigured settings on cloud infrastructure, such as cloud instances and
platforms
|
|
Identity and access configuration
|
Misconfigured settings on IAM services
|
|
Cloud service configuration
|
Misconfigured settings on cloud-based applications, software, and
services
|
|
Endpoint configuration
|
Misconfigured security settings on endpoint devices
|
Attack Risk Factors
Risk Factor
|
Indicator
|
Description
|
Workbench alerts
|
Detection of malicious or risky events events by XDR
sensors
|
|
Targeted Attack Detection
|
Detection of early attack indicators through the scanning of
Smart Protection Network data
|
|
Web threats
|
The web reputation score of the URLs the user visited or the
detection of malicious activity within network traffic
|
|
Email threats
|
Detection of malicious or anomalous email activity
|
|
Network threats
|
Detection of malicious activity in monitored endpoint
traffic
|
|
Endpoint threats
|
Detection of events on endpoints that may be malicious
|
|
Mobile device threats
|
Detection of possible malicious events on mobile
devices
|
|
Connected app activity
|
Detection of possibly malicious events on Office 365
apps (Teams, SharePoint, OneDrive)
|
Security Configuration Risk Factors
Risk Factor
|
Indicator
|
Description
|
Endpoint security
|
Detection of agent and sensor deployment, key feature adoption,
license health, and agent versions.
|
|
Email security
|
Coming soon
|
|
Network security
|
Coming soon
|