Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Vulnerability Detection in Trend Micro Vision One's Identity & Risk Insights App

    • Updated:
    • 26 Apr 2021
    • Product/Version:
    • Trend Micro Endpoint Sensor
    • Trend Micro Vision One
    • Platform:
Summary

Vulnerability Detection is a risk factor of Identity & Risk Insights app which can identify critical vulnerabilities correlated with active threat attacks that are happening in the environment. The Identity & Risk Insights app assesses your company's risk index by categorizing risk factors and evaluating how specific indicators affect your network.

 
The Identity & Risk Insights App is a “Pre-release” feature and is not considered an official release. Please review the Pre-release Disclaimer before using the feature. Meanwhile, Vulnerability Detection function is only available to selected users during the pre-release phase.
 
Details
Public

Identity & Risk Insights App Features

  • Enable Vulnerability Detection

    This feature requires customers turn on Data upload permission to upload vulnerability information which will be correlated with Global vulnerability intelligence (DVLab, ZDI) to identify critical vulnerabilities.

    To turn on Data upload permission:

    1. On the upper right corner of the Identity & Risk Insights App, click on the system wheel icon to configure the data source.

      Click the system wheel icon

    2. Under the Source column, click on Endpoint Sensor. The Data Source window appears.
    3. In the Data Source window, under Data upload permission, toggle the switch to On.

      Enable Vulnerability Detection

     
    • DVLab: CVE/CVSS score, actively being exploited in the wild
    • ZDI: Early insight of undisclosed vulnerabilities
    • Current version of detection information provides Windows OS vulnerability but does not cover Application vulnerability
     
  • At Risk Vulnerabilities

    Trend Micro lab experts constantly identify new vulnerabilities and monitor vulnerabilities that are actively exploited globally. Using the global data, Trend Micro helps prioritize the "at risk" vulnerabilities across your corporate environment.

    At Risk Vulnerabilities

  • Exploit attempts

    After identifying a vulnerability, Trend Micro checks your IPS detection logs and tells you how often an attacker has attempted to exploit a vulnerability. Provide an overview of vulnerabilities identified across the network and the impact scope.

    Exploit attempts

  • Device List

    To search for vulnerable devices, go to Devices and select Vulnerability ID from the second dropdown list.

    select Vulnerability ID

    Click the listed Device name to go to the Device Profile page. Here, you will get detailed information of the device which includes vulnerability summary, risk score, device activity and so on.

    Device Profile page

Availability and Recommendations

  • The required data source configuration options will be ready soon.
  • Exploit attempts displays the count of IPS detections based on the corresponding CVE ID, which may indicate that your organization is being actively attacked.
  • The following information will be available in coming release which allow you to take action:

    • Event logs and action results
    • Affected IP addresses
 
This functionality is part of the Zero Trust Risk Insights app which is free to use during the preview period. The app will be available for purchase later in 2021.
 
Premium
Internal
Partner
Rating:
Category:
Configure; SPEC
Solution Id:
000286302
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.