Highly-Exploitable CVE Density and Vulnerable Endpoint Percentage

Evaluate your company's exposure to CVEs and how you compare to global averages.

To better assist you in determining and responding to your company's vulnerabilities, Trend Micro designed certain metrics to complement each other for greater clarity.

The Highly-Exploitable CVE Density and Vulnerable Endpoint Percentage work together to help you tailor your response to vulnerable endpoint threats. The Vulnerable Container Cluster Percentage adds context regarding your exposure to CVEs in containers.

Metric	Description	Example
Highly-Exploitable CVE Density	Calculated from the total number of detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment) Highly-Exploitable CVE Density calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.	Total endpoint count: 3 Endpoint 1: 2 CVEs Endpoint 2: 4 CVEs Endpoint 3: 0 CVEs Highly-exploitable CVE density (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment): (2+4+0) / 3 = 2.0
Vulnerable Endpoint Percentage	Calculated from the total number of endpoints with detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100). Vulnerable Endpoint Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.	Total number of endpoints with detected highly-exploitable CVEs: 5 Total Vulnerability Assessment-enabled endpoints: 25 Vulnerable Endpoint Percentage (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100): 5 / 25 * 100 = 20%
Vulnerable Container Cluster Percentage	Calculated by dividing the total number of container clusters with detected highly-exploitable CVEs by the total number of container clusters with Vulnerability Assessment enabled (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100). Note: The vulnerability assessment scope is limited to supported operating systems. Vulnerable Container Cluster Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.	Total number of container clusters with detected highly-exploitable CVEs: 13 Total Vulnerability Assessment-enabled container clusters: 37 Vulnerable Container Cluster Percentage (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100): 13 / 37 * 100 = 35%

Metric

Description

Example

Highly-Exploitable CVE Density

Calculated from the total number of detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment)

Highly-Exploitable CVE Density calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total endpoint count: 3

Endpoint 1: 2 CVEs
Endpoint 2: 4 CVEs
Endpoint 3: 0 CVEs

Highly-exploitable CVE density (Total highly-exploitable CVEs / Total endpoints with Vulnerability Assessment):

(2+4+0) / 3 = 2.0

Vulnerable Endpoint Percentage

Calculated from the total number of endpoints with detected highly-exploitable CVEs divided by the total number of endpoints with Vulnerability Assessment enabled (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100).

Vulnerable Endpoint Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of endpoints with detected highly-exploitable CVEs: 5
Total Vulnerability Assessment-enabled endpoints: 25

Vulnerable Endpoint Percentage (Total endpoints with vulnerabilities / Total endpoints with Vulnerability Assessment * 100):

5 / 25 * 100 = 20%

Vulnerable Container Cluster Percentage

Calculated by dividing the total number of container clusters with detected highly-exploitable CVEs by the total number of container clusters with Vulnerability Assessment enabled (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100).

Note:

The vulnerability assessment scope is limited to supported operating systems.

Vulnerable Container Cluster Percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of container clusters with detected highly-exploitable CVEs: 13
Total Vulnerability Assessment-enabled container clusters: 37

Vulnerable Container Cluster Percentage (Total container clusters with vulnerabilities / Total container clusters with Vulnerability Assessment * 100):

13 / 37 * 100 = 35%

Important:

CVE counts only include Highly-Exploitable CVEs based on global exploit activity and Trend Micro threat expert evaluations.
CVE counts include all Highly-Exploitable CVEs regardless of patch availability.
Only supported on Windows desktop platforms starting from Windows 10.

Table 1. Example Scenario
Company A	Company B
CVE Density: 10.2 Vulnerable Endpoint Percentage: 5%	CVE Density: 10.2 Vulnerable Endpoint Percentage: 40%
Even though the CVE Density values for both companies are the same (10.2), the risk profiles are very different. Company A has a small number of endpoints (5%) with a large number of critical CVEs, which could indicate that the company regularly applies patches and only a limited subset of endpoints have not yet received the latest update. Company B has a large number of endpoints (20%) with a large number of CVEs, which could indicate that the company has a delayed policy in patching endpoints, possibly due to internal testing requirements. Examining both metrics can help a company determine the best method to reduce the CVE vulnerability.