Vulnerability Detection is a risk factor of Identity & Risk Insights app which can identify critical vulnerabilities correlated with active threat attacks that are happening in the environment. The Identity & Risk Insights app assesses your company's risk index by categorizing risk factors and evaluating how specific indicators affect your network.
Identity & Risk Insights App Features
Enable Vulnerability Detection
This feature requires customers turn on Data upload permission to upload vulnerability information which will be correlated with Global vulnerability intelligence (DVLab, ZDI) to identify critical vulnerabilities.
To turn on Data upload permission:
On the upper right corner of the Identity & Risk Insights App, click on the system wheel icon to configure the data source.
- Under the Source column, click on Endpoint Sensor. The Data Source window appears.
In the Data Source window, under Data upload permission, toggle the switch to On.
- DVLab: CVE/CVSS score, actively being exploited in the wild
- ZDI: Early insight of undisclosed vulnerabilities
- Current version of detection information provides Windows OS vulnerability but does not cover Application vulnerability
At Risk Vulnerabilities
Trend Micro lab experts constantly identify new vulnerabilities and monitor vulnerabilities that are actively exploited globally. Using the global data, Trend Micro helps prioritize the "at risk" vulnerabilities across your corporate environment.
After identifying a vulnerability, Trend Micro checks your IPS detection logs and tells you how often an attacker has attempted to exploit a vulnerability. Provide an overview of vulnerabilities identified across the network and the impact scope.
To search for vulnerable devices, go to Devices and select Vulnerability ID from the second dropdown list.
Click the listed Device name to go to the Device Profile page. Here, you will get detailed information of the device which includes vulnerability summary, risk score, device activity and so on.
Availability and Recommendations
- The required data source configuration options will be ready soon.
- Exploit attempts displays the count of IPS detections based on the corresponding CVE ID, which may indicate that your organization is being actively attacked.
The following information will be available in coming release which allow you to take action:
- Event logs and action results
- Affected IP addresses