Understanding Trulens Home Page
The landing page provides a comprehensive, industry-tailored snapshot of the threat landscape most relevant to the you. It combines summarized intelligence, trending activity, and peer comparisons into a single, easy-to-navigate view. The page is divided into four major sections namely Industry-Related Adversaries Important to You, Trending Threats, Peer & Performance Benchmarking, and Top 5 Threat Categories in Your Industry each designed to answer a key question about the customer’s risk and threat environment.
Industry-Related Adversaries Important to You
This section outlines the adversaries and risks most relevant to your industry and operating environment. It addresses the current threats and risks that are most significant to the industry and organization.
What you see here:
- Industry-Specific Adversaries: Count of threat actors most active in targeting your industry.
- Business Entities Impacted: Number of organizations or business units affected by these threats.
- Impacted Assets: Breakdown of exposed assets, including internet-facing systems, high-value externally accessible assets, and legacy EOL systems.
- Risk Exposures: Summary of key exposure areas such as critical CVEs affecting your environment and critical vulnerabilities that can be remediated using Qualys Patch solutions.
- Assets impacted by the Top 10 Trending CVEs: Shows the count of assets affected by the most actively observed and rapidly emerging vulnerabilities.
Trending Threats
This section highlights active and high-urgency threats that Qualys identifies as currently trending across the global threat landscape. It provides information about what is currently being actively exploited and assesses the severity of the situation.
What you see here:
Card-based display of Actively Exploited CVEs. Each CVE card includes labels such as:
- Ransomware association: Indicates whether the CVE is linked to known ransomware campaigns.
- Malware activity: Shows if active malware families are exploiting this vulnerability.
- Threat actor involvement: Highlights whether specific threat groups are known to target the CVE.
- CISA KEV exposure: Flags if the vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
- Patch availability: Specifies whether a vendor-issued fix is available for remediation.
Clicking any CVE card takes you to a detailed CVE page, showing deeper intelligence and any associated impact.
Peer & Performance Benchmarking
This section demonstrates how to compare against peers within your industry. This section provides an overview of your performance in comparison to others in the industry.
For each metric, the visualization includes three benchmark points:
- Your organization’s performance
- Industry average performance
- Top performers in the industry
Key metrics shown:
- MTTR for Critical Threats: Average time taken to remediate vulnerabilities classified as critical threats.
- Ransomware-Related Vulnerabilities: Count of vulnerabilities associated with known ransomware activities.
- EOL/EOS Critical Vulnerabilities: Number of critical vulnerabilities found on end-of-life or end-of-support assets.
- MTTR for CISA KEV items: Average remediation time for vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog.
Top 5 Threat Categories in Your Industry
This section highlights the top threat themes driving risk in your industry. This section addresses the various types of threats that are influencing the risk landscape for organizations similar to your organization.
Categories include:
- Ransomware-as-a-Service (RaaS): Threat actors leveraging subscription-based ransomware kits to launch scalable attacks.
- Supply Chain Compromise: Attacks executed by exploiting vulnerabilities in third-party vendors or software dependencies.
- Data Exfiltration Malware: Malware designed to stealthily extract sensitive data from compromised systems.
- Business Email Compromise (BEC): Social engineering attacks that manipulate email channels to fraudulently access funds or information
- Targeted Espionage Actors: Advanced threat groups conducting focused, long-term campaigns to steal strategic or confidential data.
