Zero Trust Risk Index

The Risk Index is determined based off many factors including risk indicators and the number of risky users, devices, and apps accessed over time.

The Zero Trust Risk Insights app assesses your organization's risk index by categorizing risk factors and evaluating how specific indicators affect your network. For a more comprehensive risk assessment, configure more data sources.

Trend Micro Vision One allows you to mitigate the risks found in your environment by providing remediation steps and preventative measures. For more information, see Lowering the Risk Index.

Risk Factor

Indicator

Description

Data Source

Target

Account compromise

Leaked account

The detection of a user's account on the dark web

  • Azure AD

  • Okta

  • Email Sensor

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Suspicious user activity

Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity

  • Azure AD

  • Okta

  • Email Sensor

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Targeted user account

The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period

  • Email Sensor

  • User

Vulnerability detection

OS vulnerability

The detection of exploitable operating system vulnerabilities on the endpoint

  • Trend Micro Vision One Endpoint Sensor

  • Device

Application vulnerability

The detection of exploitable application vulnerabilities on the endpoint

Anomaly detection

Web activity

Anomalous or malicious network activity

  • Web Sensor

  • User

  • Device

Storage usage

Cloud storage usage (OneDrive/SharePoint/Outlook/Teams) by the account appears abnormal compared to the normal usage by other company accounts

  • Office 365

  • User

User activity

Abnormal user behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • User

Device activity

Abnormal device behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Device

Cloud app activity

Cloud App Reputation score

Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge

  • Azure AD

  • Connected Endpoint Product Agent

  • Trend Micro Vision One Endpoint Sensor

  • Mobile Sensor

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Web Sensor

  • Cloud app

XDR detection

Workbench alerts

Detection of events by XDR sensors that may be malicious or indicate risk

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Network Sensor

  • Device

  • User

Early warning

Detection of early attack indicators by scanning of your Smart Protection Network data

  • Connected Endpoint Product Agent

  • Device

Threat detection

Web threats

The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Cloud app

  • Device

  • User

Email threats

Detection of malicious or anomalous email activity

  • Email Sensor

  • User

Network threats

Detection of malicious activity in monitored endpoint traffic

  • Network Sensor

  • User

Endpoint threats

Detection of events on endpoints that may be malicious

  • Connected Endpoint Product Agent

  • Device

  • User

Mobile device threats

Detection of events on mobile devices that may be malicious

  • Mobile Sensor

  • Device

  • User

Connected app activity

Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious

  • Office 365
  • User