Views:

View information about the Vulnerabilities risk factor, which is determined by highly exploitable CVEs detected on your managed assets.

Trend Micro analyzes your environment to identify any high-priority vulnerabilities in your organization using global activity data, CVE information, and local detection activity to produce customized vulnerability assessment scores for each asset. The Vulnerabilities risk factor contributes to the Exposure Index.
Trend Micro sources CVE information from the National Vulnerability Database (NVD) and security advisories issued by major software vendors, such as Microsoft and Red Hat. The NVD sometimes publishes information later than the vendors of affected products, which might result in delayed CVE assessment results in Trend Vision One.
The Vulnerability Assessment service scans endpoints for vulnerabilities related to the operating system, applications on Windows devices, and ECR container images. For more information about the specific operating systems supported by Vulnerability Assessment, see Vulnerability Assessment supported operating systems. For more information about supported language packages used in ECR container images, see Vulnerability Assessment supported language packages
On Windows devices, Vulnerability Assessment updates between 10 minutes and 1 hour after an operating system vulnerability is patched and applications are scanned once per day. On Linux devices, Vulnerability Assessment scans for vulnerabilities once per day.
The following table outlines the widgets available in the Vulnerabilities section.
Widget
Description
Vulnerability Management Metrics
View information about CVEs and operating system vulnerabilities effecting your organization.
  • The Patch Management section displays the average number of days it takes your organization to patch highly exploitable CVEs and average days that highly exploitable CVEs remain unpatched.
    Important
    Important
    For customers that have updated to the Foundation Services release, Patch Management is only visible for users with full asset visibility scope.
  • The Highly Exploitable CVEs section displays information about the amount of highly exploitable CVEs effecting your devices, hosts, container clusters, cloud VMs, and cloud storage.
    Important
    Important
    For customers that have updated to the Foundation Services release, the percentages of container clusters and cloud VMs containing highly exploitable CVEs are calculated using only the data of assets within the asset visibility scope of the current user.
  • The Legacy Operating Systems section displays the number of endpoints in your organization still running legacy Windows operating systems.
Highly Exploitable Unique CVEs
Lists devices, hosts, containers, and cloud VMs with highly exploitable CVEs.
The tabs of the Highly-Exploitable Unique CVEs widget display CVEs detected on your internal and internet-facing assets, as well as containers and cloud VMs. Mitigating the vulnerabilities with the highest CVE impact score, global exploit activity, or CVSS score is an effective way to reduce the Risk Index.
  • Click Data sources or Import Third-Party Data to configure data sources for CVE information.
  • Click a vulnerability ID to view detailed information on the CVE profiles screen.
Important
Important
For customers that have updated to the Foundation Services release, additional details are only available for assets within the asset visibility scope of the current user.
The following table describes the risk indicators associated with the Vulnerabilities risk factor.
Indicator
Description
Data Sources
Target
OS vulnerability
The detection of exploitable operating system vulnerabilities on the endpoint
  • Endpoint Sensor
  • Trend Vision One Container Security
  • Trend Cloud One - Endpoint & Workload Security
  • Nessus Pro
  • Rapid7 - InsightVM
  • Rapid7 - Nexpose
  • Tanium Comply
  • Tenable Vulnerability Management
  • Qualys
  • Device
Application vulnerability
The detection of exploitable application vulnerabilities on the endpoint
  • Endpoint Sensor
  • Trend Vision One Container Security
  • Trend Cloud One - Endpoint & Workload Security
  • Nessus Pro
  • Rapid7 - InsightVM
  • Rapid7 - Nexpose
  • Tanium Comply
  • Tenable Vulnerability Management
  • Qualys
  • Device
Zero-day vulnerability
The detection of exploitable zero-day vulnerabilities on the endpoint
  • Endpoint Sensor
  • Device