Views:

View information about the Vulnerabilities risk factor, which is determined by CVEs detected on your managed assets.

Trend Micro uses global activity data, CVE information, and local detection activity to analyze your environment and produce customized vulnerability assessment scores for each asset. The Vulnerabilities risk factor contributes to the Exposure Index.
Trend Micro sources CVE information from the National Vulnerability Database (NVD) and security advisories issued by major software vendors, such as Microsoft and Red Hat. The NVD sometimes publishes information later than the vendors of affected products, which might result in delayed CVE assessment results in Trend Vision One.
The Vulnerability Assessment service scans endpoints for vulnerabilities related to the operating system, applications on Windows devices, ECR container images, cloud VMs, and serverless functions. For more information about the specific operating systems supported by Vulnerability Assessment, see Vulnerability Assessment supported operating systems. For more information about supported language packages used in ECR container images, see Vulnerability Assessment supported language packages.
On Windows devices, Vulnerability Assessment updates between 10 minutes and 1 hour after an operating system vulnerability is patched. Applications are scanned every ten minutes. On Linux devices, Vulnerability Assessment scans for vulnerabilities once per day.
The following table outlines the widgets available in the Vulnerabilities section.
Widget
Description
Vulnerability Management Metrics
View information about CVEs and operating system vulnerabilities affecting your organization.
  • The Patch Management section displays the average number of days your organization takes to patch CVEs and the average number of days that CVEs remain unpatched.
    For more information, see Mean time to patch (MTTP) and average unpatched time (AUT).
    Important
    Important
    For customers that have updated to the Foundation Services release, Patch Management is only visible for users with full asset visibility scope.
  • The Vulnerability Percentages and CVE Density sections display information about the amount of CVEs affecting your devices, hosts, container clusters, container images, cloud VMs, and serverless functions.
    For more information, see Vulnerability percentages and CVE density.
    Important
    Important
    For customers that have updated to the Foundation Services release, the percentages of container clusters and cloud VMs containing highly exploitable CVEs are calculated using only the data of assets within the asset visibility scope of the current user.
  • The Legacy Operating Systems section displays the number of endpoints in your organization still running legacy Windows operating systems.
Detected Vulnerabilities
Lists devices, internet-facing assets, containers, cloud VMs, and serverless functions with CVEs.
The tabs of the Detected Vulnerabilities widget display CVEs detected on your internal and internet-facing assets, containers, cloud VMs, and serverless functions. Mitigating the vulnerabilities with the highest CVE impact scores, global exploit activity, or CVSS scores is an effective way to reduce the Risk Index.
  • Click Import Third-Party Data to configure data sources for CVE information.
  • Click Configure CVE Coverage to select whether to assess for all CVEs or high-impact and medium-impact CVEs only.
    • Note
      Note
      This feature is not available in all regions.
  • Click a vulnerability ID to view detailed information on the CVE profiles screen.
  • Click the number in the Attack prevention/detection rules column to view available attack prevention/detection rules from Trend Micro products and see how to apply the rules to mitigate the vulnerability.
  • Select a vulnerability to change the status. Status changes that affect the Risk Index may take up to one hour to show impact.
    • In progress: The vulnerability is being addressed.
    • Remediated: The vulnerability has been remediated either by Trend Micro recommendations or a third-party solution. Remediated vulnerabilities no longer contribute to the Risk Index, but future instances may still occur and will be reported.
    • Dismissed: The vulnerability is not applicable to associated assets or your environment. Dismissed vulnerabilities no longer contribute to the risk index, but future instances may still occur and will be reported unless you create an event rule for the vulnerability type.
    • Accepted: The vulnerability is unable to be remediated at this time. Accepted vulnerabilities continue to contribute to the Risk Index until they are remediated or dismissed. Future instances may still occur and will be reported unless you create an event rule for the vulnerability type. Event rules for accepted vulnerabilities are only valid for a specified time period.
Important
Important
For customers that have updated to the Foundation Services release, additional details are only available for assets within the asset visibility scope of the current user.
The following table describes the risk indicators associated with the Vulnerabilities risk factor.
Indicator
Description
Data Sources
Target
OS vulnerability
The detection of exploitable operating system vulnerabilities on the endpoint
  • Trend Micro™ Endpoint Sensor
  • Trend Vision One™ - Container Security
  • Trend Vision One™ - Endpoint Security
  • Nessus Pro
  • Rapid7 - InsightVM
  • Rapid7 - Nexpose
  • Tanium Comply
  • Tenable Vulnerability Management
  • Qualys
  • Device
Application vulnerability
The detection of exploitable application vulnerabilities on the endpoint
  • Trend Micro™ Endpoint Sensor
  • Trend Vision One™ - Container Security
  • Trend Vision One™ - Endpoint Security
  • Nessus Pro
  • Rapid7 - InsightVM
  • Rapid7 - Nexpose
  • Tanium Comply
  • Tenable Vulnerability Management
  • Qualys
  • Device
Zero-day vulnerability
The detection of exploitable zero-day vulnerabilities on the endpoint
  • Trend Micro™ Endpoint Sensor
  • Device
Related information