Risk Index overview | Trend Micro Service Central

Views:

View detailed information about your company's Risk Index and the contributing Risk Factors in Operations Dashboard.

The Risk Index is the risk score for your organization derived from a comprehensive assessment of a variety of risk categories and factors. The all-encompassing index incorporates risk events that impact a wide range of assets, including users, devices, applications, publicly accessible domains and IP addresses, and cloud-based assets. Risk assessment relies on connected data sources to assess how risk factors affect your specific environment and to calculate your organization's total Risk Index. For a more comprehensive risk assessment, configure more data sources.

Important

The Risk Index is calculated using all data received from your business without applying asset visibility scope limits.
For customers that have updated to the Foundation Services release, the event counts of risk factors are only visible for users with full asset visibility scope.

You may remediate or dismiss detected risk events in order to lower your overall Risk Index. For Vulnerability risk events, you may apply available attack prevention/detection rules to mitigate the vulnerability. You may also accept the risk from risk events you are unable to remediate. To see the total points currently contributed by risk events within each risk factor, hover over the corresponding section of the radar chart in Operations Dashboard.

Important

Because the Risk Index is rounded up to the nearest whole number, the point contributions from each risk factor may add up to less than the total Risk Index.
Points contributed to the Risk Index by accepted risk cannot be subtracted from the Risk Index until accepted risk events are remediated or dismissed.

The following tables offer examples of the risk factors that contribute to the Risk Index, organized by category: Exposure, Attack, and Security Configuration.

Exposure Risk Factors

Risk Factor	Indicator	Description
Account compromise	Leaked account	The detection of a user's account on the dark web
	Suspicious user activity	Activity that may indicate the malicious intent of a user purposefully creating anomalous activity
	Targeted user account	The most at-risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period
Vulnerabilities	OS vulnerability	The detection of exploitable operating system vulnerabilities on the endpoint
	Application vulnerability	The detection of exploitable application vulnerabilities on the endpoint
	Cloud VM vulnerability	The detection of exploitable operating system and application vulnerabilities in a cloud VM
Activity and behaviors	Network activity	Anomalous or malicious network activity
	Storage activity	Cloud storage use by the account appears abnormal compared to use by other company accounts
	User activity	Abnormal user behavior patterns or preferences
	Device activity	Abnormal device behavior patterns or preferences
Cloud app activity	Cloud app reputation	Calculated by Trend Micro threat experts based on historical app data, known security features, and community knowledge
System Configuration	Internet-facing asset configuration	Misconfigured settings on publicly-facing domains and IP addresses
	Cloud infrastructure configuration	Misconfigured settings on cloud infrastructure, such as cloud instances and platforms
	Identity and access configuration	Misconfigured settings on IAM services
	Cloud service configuration	Misconfigured settings on cloud-based applications, software, and services
	Endpoint configuration	Misconfigured security settings on endpoint devices

Attack Risk Factors

Risk Factor	Indicator	Description
XDR detection	Workbench alerts	Detection of malicious or risky events events by XDR sensors
XDR detection	Targeted Attack Detection	Detection of early attack indicators through the scanning of Smart Protection Network data
Threat detection	Web threats	The web reputation score of the URLs the user visited or the detection of malicious activity within network traffic
	Email threats	Detection of malicious or anomalous email activity
	Network threats	Detection of malicious activity in monitored endpoint traffic
	Endpoint threats	Detection of events on endpoints that may be malicious
	Mobile device threats	Detection of possible malicious events on mobile devices
	Connected app activity	Detection of possibly malicious events on Office 365 apps (Teams, SharePoint, OneDrive)

Security Configuration Risk Factors

Risk Factor	Indicator	Description
Security Configuration	Endpoint security	Detection of agent and sensor deployment, key feature adoption, license health, and agent versions.
	Email security	Coming soon
	Network security	Coming soon