Trend Vision One decides the risk level of an event based on two factors:
-
Likelihood of a successful attackUsing global data, Trend Vision One assesses how often events are part of an attack compared to how often they are part of regular situations. A higher malicious activity usually results in a higher risk level.
-
Potential impactTrend Vision One considers the potential damage of an event. The associated risk level is higher when an event is close to causing disruption or incurring costs.For example, in lateral movement events, attackers already control at least one of your endpoints and are trying to move through your environment. In contrast, in initial access events, attackers try to get inside your environment.
By analyzing these factors and others specific to the threat assessment framework,
Trend Vision One determines the appropriate risk level associated to a security event.