Views:

View detailed information about your company's Risk Index and the contributing Risk Factors in Operations Dashboard.

The Risk Index is the risk score for your organization derived from a comprehensive assessment of a variety of risk categories and factors. The all-encompassing index incorporates risk events that impact a wide range of assets, including users, devices, applications, publicly accessible domains and IP addresses, and cloud-based assets. Risk assessment relies on connected data sources to assess how risk factors affect your specific environment and to calculate your organization's total Risk Index. For a more comprehensive risk assessment, configure more data sources.
The Risk Index automatically updates every four hours. Changes to the status of risk events are reflected in the Risk Index after up to one hour. You may also manually recalculate the Risk Index by clicking the Recalculate button. Manual recalculations take up to one hour to display.
Important
Important
  • The Risk Index is calculated using all data received from your business without applying asset visibility scope limits.
  • For customers that have updated to the Foundation Services release, the event counts of risk factors are only visible for users with full asset visibility scope.
You may remediate or dismiss detected risk events in order to lower your overall Risk Index. For Vulnerability risk events, you may apply available attack prevention/detection rules to mitigate the vulnerability. You may also accept the risk from risk events you are unable to remediate. To see the total points currently contributed by risk events within each risk factor, hover over the corresponding section of the radar chart in Operations Dashboard.
Important
Important
  • Because the Risk Index is rounded up to the nearest whole number, the point contributions from each risk factor may add up to less than the total Risk Index.
  • Points contributed to the Risk Index by accepted risk cannot be subtracted from the Risk Index until accepted risk events are remediated or dismissed.
The following tables offer examples of the risk factors that contribute to the Risk Index, organized by category: Exposure, Attack, and Security Configuration.

Exposure Risk Factors

Risk Factor
Indicator
Description
Leaked account
The detection of a user's account on the dark web
Suspicious user activity
Activity that may indicate the malicious intent of a user purposefully creating anomalous activity
Targeted user account
The most at-risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period
OS vulnerability
The detection of exploitable operating system vulnerabilities on the endpoint
Application vulnerability
The detection of exploitable application vulnerabilities on the endpoint
Cloud VM vulnerability
The detection of exploitable operating system and application vulnerabilities in a cloud VM
Network activity
Anomalous or malicious network activity
Storage activity
Cloud storage use by the account appears abnormal compared to use by other company accounts
User activity
Abnormal user behavior patterns or preferences
Device activity
Abnormal device behavior patterns or preferences
Cloud app reputation
Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge
Internet-facing asset configuration
Misconfigured settings on publicly-facing domains and IP addresses
Cloud infrastructure configuration
Misconfigured settings on cloud infrastructure, such as cloud instances and platforms
Identity and access configuration
Misconfigured settings on IAM services
Cloud service configuration
Misconfigured settings on cloud-based applications, software, and services
Endpoint configuration
Misconfigured security settings on endpoint devices

Attack Risk Factors

Risk Factor
Indicator
Description
Workbench alerts
Detection of malicious or risky events events by XDR sensors
Targeted Attack Detection
Detection of early attack indicators through the scanning of Smart Protection Network data
Web threats
The web reputation score of the URLs the user visited or the detection of malicious activity within network traffic
Email threats
Detection of malicious or anomalous email activity
Network threats
Detection of malicious activity in monitored endpoint traffic
Endpoint threats
Detection of events on endpoints that may be malicious
Mobile device threats
Detection of possible malicious events on mobile devices
Connected app activity
Detection of possibly malicious events on Office 365 apps (Teams, SharePoint, OneDrive)

Security Configuration Risk Factors

Risk Factor
Indicator
Description
Endpoint security
Detection of agent and sensor deployment, key feature adoption, license health, and agent versions.
Email security
Coming soon
Network security
Coming soon