The Risk Index is determined based off many factors including risk indicators and the number of risky users, devices, and apps accessed over time.
The Operations Dashboard app assesses your organization's risk index by categorizing risk factors and evaluating how specific indicators affect your network. For a more comprehensive risk assessment, configure more data sources.
Trend Vision One allows you to mitigate the risks found in your environment by providing remediation steps and preventative measures. For more information, see Risk Assessment.
The following tables provide detailed information about the risk factors that contribute to the Risk Index.
Risk Factor |
Indicator |
Description |
Data Sources |
Target |
---|---|---|---|---|
Account compromise |
Leaked account |
The detection of a user's account on the dark web |
|
|
Suspicious user activity |
Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity |
|
|
|
Targeted user account |
The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period |
|
|
|
Vulnerabilities |
OS vulnerability |
The detection of exploitable operating system vulnerabilities on the endpoint |
|
|
Application vulnerability |
The detection of exploitable application vulnerabilities on the endpoint |
|||
Activity and behaviors |
Web activity |
Anomalous or malicious network activity |
|
|
Storage usage |
Cloud storage usage (OneDrive/SharePoint/Outlook/Teams) by the account appears abnormal compared to the normal usage by other company accounts |
|
|
|
User activity |
Abnormal user behavior patterns and preferences |
|
|
|
Device activity |
Abnormal device behavior patterns and preferences |
|
|
|
Cloud app activity |
Cloud App Reputation score |
Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge |
|
|
XDR detection |
Workbench alerts |
Detection of events by XDR sensors that may be malicious or indicate risk |
|
|
Targeted Attack Detection |
Detection of early attack indicators by scanning of your Smart Protection Network data |
|
|
|
Threat detection |
Web threats |
The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic |
|
|
Email threats |
Detection of malicious or anomalous email activity |
|
|
|
Network threats |
Detection of malicious activity in monitored endpoint traffic |
|
|
|
Endpoint threats |
Detection of events on endpoints that may be malicious |
|
|
|
Mobile device threats |
Detection of events on mobile devices that may be malicious |
|
|
|
Connected app activity |
Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious |
|
|
|
System configuration |
Internet-facing asset configuration |
Detection of misconfigured settings on Internet-facing domains and IPs which could lead to elevated risks |
|
Internet-facing asset |
Cloud infrastructure configuration |
Detection of misconfigured settings on cloud workloads which could lead to elevated risks |
|
Cloud workload |
|
Identity and access configuration |
Detection of misconfigured settings on IAM services which could lead to elevated risks |
|
IAM service |
|
Cloud service configuration |
Detection of misconfigured settings on cloud services which could lead to elevated risks |
|
Cloud service |
|
Endpoint configuration |
Detection of misconfigured settings on endpoints which could lead to elevated risks |
|
Device |
Risk Factor |
Indicator |
Description |
Data Sources |
Target |
---|---|---|---|---|
XDR detection |
Workbench alerts |
Detection of events by XDR sensors that may be malicious or indicate risk |
|
|
Targeted Attack Detection |
Detection of early attack indicators by scanning of your Smart Protection Network data |
|
|
|
Threat detection |
Web threats |
The Web Reputation score of the URLs the user visited or the detection of malicious activity within network traffic |
|
|
Email threats |
Detection of malicious or anomalous email activity |
|
|
|
Network threats |
Detection of malicious activity in monitored endpoint traffic |
|
|
|
Endpoint threats |
Detection of events on endpoints that may be malicious |
|
|
|
Mobile device threats |
Detection of events on mobile devices that may be malicious |
|
|
|
Connected app activity |
Detection of events on Office 365 apps (Teams, SharePoint, OneDrive) that may be malicious |
|
|
Risk Factor |
Indicator |
Description |
Data Sources |
Target |
---|---|---|---|---|
Endpoint security |
Apex One as a Service license and protection status |
Detection of agent and sensor deployment, key feature adoption, license health, and agent versions. |
|
|