Views:

Identify applications with potential security vulnerabilities that are in use within your organization.

Attack Surface Discovery detects all local applications, connected SaaS applications, and public cloud applications that have been accessed by your organization's users and devices. Trend Vision One categorizes and assigns a reputation score or asset risk score to each application. The consolidated visibility of all apps in your environment helps you to identify potential vulnerabilities, continuously assess and prioritize risk, and strengthen your security posture.
The following table describes the tabs available in the Applications section of Attack Surface Discovery.
Tab
Description
Public cloud apps
Displays all public cloud apps accessed by your organization's users and devices
  • Search for public cloud apps by name.
  • Click Filter to filter cloud apps by Category, Reputation, Sanctioned state, Warnings, or Last detected time.
    • Lower public cloud app reputation scores indicate a better overall reputation.
  • Click Export to generate a report for the apps currently displayed on the list.
  • Click any public cloud app name to view details in the Public cloud app profile.
  • Select one or more public cloud apps and click Change Sanctioned/Unsanctioned to set the sanctioned status of the app.
  • Select one or more cloud apps and click Assign Secure Access Rule to control users' access to the selected public cloud apps. Options from Zero Trust Secure Access include:
    • Assign the selected public cloud apps to a new custom cloud app category and assign the apps to a new Internet Access rule
    • Add the selected public cloud apps to an existing cloud app category with Internet Access or Risk Control rules already applied.
  • Select one or more public cloud apps and click Manage Tags to view, add, or remove tags assigned to the selected apps.
Note
Note
For customers that have updated to the Foundation Services release, drilling down from the Users column and the User name column (drilled from the Visits column) is only available for users with the Accounts asset visibility scope.
Connected SaaS apps
Displays all connected SaaS apps managed by your organization and provides insight into your organization's SaaS security posture
  • View the connection status of the supported SaaS data sources, including Salesforce and Office 365.
  • Search for connected SaaS apps by name.
  • Click Filter to filter SaaS apps by Asset risk score, Category, Custom tags, or Last detected time.
  • Click any SaaS app name to view details in the Connected SaaS app profile.
  • Select one or more SaaS apps and click Manage Tags to view, add, or remove tags assigned to the selected apps.
Local Apps
Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
Displays all local apps detected on devices in your environment by the Trend Vision One Agent or Trend Micro Mobile Security
The Local app list displays the number of CVEs that affect each app. The app risk score equals the score of the highest-impact CVE for the application.
  • Search for local apps by name.
  • Click Filter to filter local apps by Operating system, App risk score, Vendor, First seen, or Last detected.
  • Click Export to generate a report for the local apps currently displayed on the list.
  • Click any column header to sort the list by that column.
  • Click any local app name to view details on the Local App Profile.
  • Click the number of devices in the entry for an app for a list of the devices on which the app has been detected.
  • Click the number of detected CVEs for an app for details on the CVEs that affect the app.
Select View by executable file in the dropdown menu to see a list of executable files related to detected local apps.
Note
Note
This feature is not available in all regions.
  • Search for executable files by file name.
  • Click Filter to filter executable files by Product name, Permission status, First seen, or Last detected.
  • Click on any executable file name to view details on the Executable File Profile.
  • Click the number of devices in the entry for an executable file for a list of the devices on which the file has been detected.
  • Select an executable file to change the file permission status to Allowed or Blocked.
    Important
    Important
    The default permission status of an executable file is Not configured.