Attack Surface Discovery | Trend Micro Service Central

Views:

Discover your organizational assets that might be exposed to attack, including devices, internet-facing assets, accounts, applications, and cloud assets.

Attack Surface Discovery allows you to locate corporate assets that threat actors might be able to use to attack your organization. Each section of the Attack Surface Discovery app provides insights into an asset type within your organization.

Important

You must allocate credits to Cyber Risk Exposure Management to fully access Attack Surface Discovery. Customers with XDR sensor entitlements that have not allocated credits to Cyber Risk Exposure Management have limited access to the asset profile screens related to their XDR sensors. For more information, see Credit requirements for Trend Vision One solutions, capabilities, and services.

Note

The data available for a user to view and drill down depends on the asset visibility scope of the current user. For more information about the asset visibility scope, see Asset Visibility Management.

The following table describes the sections of Attack Surface Discovery.

Section

Description

Devices

Displays all devices visible within your organization

Search for devices by name.
Click Filter to add a filter.
Click Export to generate a report for the devices currently displayed on the device list.
Click Exception List to see and remove devices on the exception list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.

Note

Data for mobile devices that are discovered by Trend Vision One - Mobile Security is only available for users with the Mobile devices asset visibility scope.
Click any device name to view details on the device profile screen.
Select devices and click Add to Exception List to add the devices to the exception list.
Select devices and click Manage Tags to assign or remove custom tags from the devices. For more information, see custom asset tags.
To manually modify the criticality of a highly critical asset, hover over the critical icon () and click Modify Criticality.
Quickly identify devices with high-severity vulnerabilities that are directly exposed to the internet, which are highlighted with the direct internet exposure icon ().

Note

The Devices section only shows data for devices within the asset visibility scope of the current user, and drilling down from the Last user column is only available for users with the Accounts asset visibility scope.
Attack Surface Discovery cannot assess all discovered devices. Devices visible through third-party data sources might not provide enough data for thorough analysis.

Internet-Facing Assets

Displays all discovered IP and domain assets that are visible from external internet locations and allows you to view detailed IP profile risk assessments

Search for internet-facing assets by name.
Click Filter to add a search filter.
Add your organization's domains by clicking + Add and adding your domain. Trend Micro uses the provided domain to perform external asset searches for related exposed host names.
Click Export to generate a report for the internet-facing assets currently displayed on the list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.
Select assets and click Manage Tags to assign or remove custom tags from the devices. For more information, see custom asset tags.
Click any root domain or public IP to view details on the internet-facing asset profile screen.
To manually modify the criticality of a highly critical asset, hover over the highly critical icon () and click Modify Criticality.

Note

For customers that have updated to the Foundation Services release, the Internet-Facing Assets section is only available for users with the Internet-Facing Assets asset visibility scope.
Processing new corporate domain information takes a maximum of 10 days to complete.

Accounts

Displays all visible domain and service accounts, identifies highly-authorized accounts, and allows you to view detailed risk profiles

Search for accounts by name.
Click Filter to add a filter.
Click Export to generate a report for the accounts currently displayed on the list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.
Click any user name to view details on the account profile screen.
To manually modify the criticality of a highly critical asset, hover over the highly critical icon () and click Modify Criticality.
Select accounts and click Manage Tags to assign or remove custom tags from the devices. For more information, see custom asset tags.

To create a Security Awareness training campaign for a specific user, click the associated actions icon ( options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png

options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png

) and then click Create Training Campaign.

Important

This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.

Applications

Displays all apps accessed by your organization's users and devices

Search for apps by name.
Click Filter to add a filter.
Click Export to generate a report for the apps currently displayed on the list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.
Click any app name to view additional details on the app profile screen.
Change the sanctioned status of cloud apps.
Assign secure access rules to control users' access to cloud apps.

Note

For customers that have updated to the Foundation Services release, the Applications section is only available for users with the Applications asset visibility scope.

Cloud Assets

Displays detected cloud workloads within your organization, enabling you to rapidly identify compliance and security best practice violations on your public cloud infrastructure and across your cloud service platforms

Search for cloud assets by name.
Click Filter to add a filter.
Depending on your region, you can click Graph View for a graphical representation of your organization's cloud assets.
Click Export to generate a report for the cloud assets currently displayed on the list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.
Select assets and click Manage Tags to assign or remove custom tags from the devices. For more information, see custom asset tags.
Click any category to display only assets of the selected category in the cloud asset list.
Click any cloud asset name to view additional details on the cloud asset profile screen.

Note

For customers that have updated to the Foundation Services release:

The Cloud Assets section only shows individual data for assets within the asset visibility scope of the current user.
Users that have containers but no cloud accounts within asset visibility scope cannot view Graph View.
Users with no containers or cloud accounts within asset visibility scope cannot view the Cloud Assets section.

APIs

Displays REST and HTTP-based API collections detected in your API gateways and assesses the vulnerability of individual API endpoints.

Search for API collections by name.
Click Filter to add a filter.
Click Export to generate a report for the cloud assets currently displayed on the list.
Click the customize columns icon () to customize the table columns and the order in which they are displayed.
Click any API collection name to view additional details on the API collection profile screen.
Expand any API collection for an overview of the individual API endpoints contained in the collection.

Note

For customers that have updated to the Foundation Services release, the API Security section only shows data for assets within the asset visibility scope of the current user.