Risk Index

The Risk Index is determined based off many factors including risk indicators and the number of risky users, devices, and apps accessed over time.

The Operations Dashboard app assesses your organization's risk index by categorizing risk factors and evaluating how specific indicators affect your network. For a more comprehensive risk assessment, configure more data sources.

Trend Vision One allows you to mitigate the risks found in your environment by providing remediation steps and preventative measures. For more information, see Risk Assessment.

The following tables provide detailed information about the risk factors that contribute to the Risk Index.

Table 1. Exposure Risk Factors

Risk Factor

Indicator

Description

Data Sources

Target

Account compromise

Leaked account

The detection of a user's account on the dark web

  • Azure AD

  • Okta

  • Trend Vision One Email Sensor

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Suspicious user activity

Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity

  • Azure AD

  • Okta

  • Trend Vision One Email Sensor

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Targeted user account

The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period

  • Trend Vision One Email Sensor

  • User

Vulnerabilities

OS vulnerability

The detection of exploitable operating system vulnerabilities on the endpoint

  • Trend Vision One Endpoint Sensor

  • Device

Application vulnerability

The detection of exploitable application vulnerabilities on the endpoint

Activity and behaviors

Web activity

Anomalous or malicious network activity

  • Web Sensor

  • User

  • Device

Storage usage

Cloud storage usage (OneDrive/SharePoint/Outlook/Teams) by the account appears abnormal compared to the normal usage by other company accounts

  • Office 365

  • User

User activity

Abnormal user behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • User

Device activity

Abnormal device behavior patterns and preferences

  • Azure AD

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Device

Cloud app activity

Cloud App Reputation score

Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge

  • Azure AD

  • Connected Endpoint Product Agent

  • Trend Vision One Endpoint Sensor

  • Mobile Sensor

  • Okta

  • Splunk - Network Firewall / Web Gateway Logs

  • Web Sensor

  • Cloud app

XDR detection

Workbench alerts

Detection of events by XDR sensors that may be malicious or indicate risk

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Trend Vision One Network Sensor

  • Device

  • User

Targeted Attack Detection

Detection of early attack indicators by scanning of your Smart Protection Network data

  • Connected Endpoint Product Agent

  • Device

Threat detection

Web threats

The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Cloud app

  • Device

  • User

Email threats

Detection of malicious or anomalous email activity

  • Trend Vision One Email Sensor

  • User

Network threats

Detection of malicious activity in monitored endpoint traffic

  • Trend Vision One Network Sensor

  • User

Endpoint threats

Detection of events on endpoints that may be malicious

  • Connected Endpoint Product Agent

  • Device

  • User

Mobile device threats

Detection of events on mobile devices that may be malicious

  • Mobile Sensor

  • Device

  • User

Connected app activity

Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious

  • Office 365
  • User

System configuration

Internet-facing asset configuration

Detection of misconfigured settings on Internet-facing domains and IPs which could lead to elevated risks

  • Trend Micro External Attack Surface Management (ASM)

Internet-facing asset

Cloud infrastructure configuration

Detection of misconfigured settings on cloud workloads which could lead to elevated risks

  • Trend Cloud One - Conformity

  • Trend Cloud One - Network Security

Cloud workload

Identity and access configuration

Detection of misconfigured settings on IAM services which could lead to elevated risks

  • Azure AD

  • Active Directory (on-premises)

IAM service

Cloud service configuration

Detection of misconfigured settings on cloud services which could lead to elevated risks

  • Azure AD

  • Office 365

Cloud service

Endpoint configuration

Detection of misconfigured settings on endpoints which could lead to elevated risks

  • Trend Vision One Endpoint Sensor

Device

Table 2. Attack Risk Factors

Risk Factor

Indicator

Description

Data Sources

Target

XDR detection

Workbench alerts

Detection of events by XDR sensors that may be malicious or indicate risk

  • Trend Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • Trend Vision One Network Sensor

  • Device

  • User

Targeted Attack Detection

Detection of early attack indicators by scanning of your Smart Protection Network data

  • Connected Endpoint Product Agent

  • Device

Threat detection

Web threats

The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic

  • Connected Endpoint Product Agent

  • Mobile Sensor

  • Web Sensor

  • Cloud app

  • Device

  • User

Email threats

Detection of malicious or anomalous email activity

  • Trend Vision One Email Sensor

  • User

Network threats

Detection of malicious activity in monitored endpoint traffic

  • Trend Vision One Network Sensor

  • User

Endpoint threats

Detection of events on endpoints that may be malicious

  • Connected Endpoint Product Agent

  • Device

  • User

Mobile device threats

Detection of events on mobile devices that may be malicious

  • Mobile Sensor

  • Device

  • User

Connected app activity

Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious

  • Office 365
  • User

Table 3. Security Configuration Risk Factors

Risk Factor

Indicator

Description

Data Sources

Target

Endpoint security

Apex One as a Service license and protection status

Detection of agent and sensor deployment, key feature adoption, license health, and agent versions.

  • Connected Endpoint Product Agent

  • Device