Vulnerability percentages and Vulnerability density

Views:

Evaluate your organization's exposure to Vulnerabilities to help tailor your mitigation efforts.

To better assist you in determining and responding to your organization's vulnerabilities, TrendAI™ designed certain metrics to complement each other for greater clarity.

The Vulnerability Percentages and Vulnerability Density widgets work together to help you tailor your response to vulnerabilities. Click on the entry for the Vulnerability density or percentage of a particular type of asset to view a list of affected assets.

Metric

Description

Example

Vulnerability Density

Calculated from the total number of detected vulnerabilities divided by the total number of managed assets with Vulnerability Assessment (Total vulnerabilities / Total managed assets with Vulnerability Assessment)

Vulnerability density calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total asset count: 3

Asset 1: 2 vulnerabilities
Asset 2: 4 vulnerabilities
Asset 3: 0 vulnerabilities

Vulnerability density (Total vulnerabilities / Total assets with Vulnerability Assessment):

(2+4+0) / 3 = 2.0

Vulnerability Percentages

Calculated from the total number of a specific asset type with detected vulnerabilities divided by the total number of the specific type of asset with Vulnerability Assessment (Total assets with vulnerabilities / Total assets with Vulnerability Assessment * 100).

Note

Vulnerability assessment scope is limited to supported operating systems.

Managed assets with available vulnerability percentage calculations include:

Internal assets
Hosts
Container clusters
Container images
Cloud VMs
Serverless functions

Vulnerability percentage calculations occur daily. Weekly and monthly averages use a simple average calculation based off the daily values.

Total number of assets with detected vulnerabilities: 5
Total assets with Vulnerability Assessment: 25

Vulnerability Percentage (Total assets with vulnerabilities / Total assets with Vulnerability Assessment * 100):

5 / 25 * 100 = 20%

Important

Vulnerability counts for hosts only include high-impact and medium-impact vulnerabilities based on global exploit activity and TrendAI™ threat expert evaluations.
Vulnerability Assessment is only supported on Windows desktop platforms starting from Windows 10 and select Linux platforms. For more information, see Vulnerability Assessment supported operating systems.

Using Vulnerability density and vulnerability percentages together helps you obtain a more accurate picture of your organization's risk profile.

Example Scenario

Company A	Company B
Vulnerability Density: 10.2 Vulnerable Internal Asset Percentage: 5%	Vulnerability Density: 10.2 Vulnerable Internal Asset Percentage: 40%
Even though the Vulnerability density values for both companies are the same (10.2), the risk profiles are very different. Company A has a small number of internal assets with a large number of vulnerabilities, which could indicate the company regularly applies patches and only a limited subset of endpoints have not received the latest update. Company B has a large number of internal assets with a large number of vulnerabilities, which could indicate that the company delays patching endpoints, possibly due to internal testing requirements. Examining both metrics can help determine the best method to reduce vulnerabilities.