Risk Overview

by Josef Weiss
July 25, 2014

When analyzing risk, security professionals must understand threats, vulnerabilities and exploits. This dashboard provides analysts with information needed to determine where the greater risk may exist.

Risk is comprised of multiple elements. Threats can be defined as an agent attempting to cause harm to the target organization. Vulnerabilities are flaws in the network that an attacker could use to gain entry or exfiltrate sensitive information. Finally, exploits are the method an attacker can use to leverage vulnerability to cause damage to a target network. Combining all of those elements, risk is defined as the potential that a given threat will exploit vulnerabilities discovered with in the network and gain unauthorized access to sensitive information.

Risk contains elements of a threatening circumstance, such as a vulnerability. During the risk analysis process, security professionals calculate the elements of probability and business impact. The probability of an attack is largely affected by the specific vulnerability and the motivation of the actor. External factors should also be applied when calculating risk probability. For this reason, the probability of a risk should always be considered as distinct from the “threat” itself. This dashboard brings many of these elements together to determine risk and aid analysts in calculating business impact.

SecurityCenter Continuous View (SC CV) provides security analysts the most comprehensive and integrated view into risk analysis available to organizations. With native ability to detect more vulnerabilities than the competition, SC CV has the ability to analyze risk across many systems such as operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure.

The dashboard is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard can be easily located in the SecurityCenter Feed by selecting category Threat Detection and Vulnerability Assessments, and then selecting tags risk assessment. The dashboard requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.7

The following Risk Overview Dashboard contains the following components:

  • Most Prevalent Issues - This table provides details on the most prevalent issues found to exist within the environment. Vulnerability data is sorted by the count of existing vulnerabilities within the environment.
  • Most Severe Issues - This table provides details on the top 10 most severe issues found to exist within the environment. Vulnerability data is sorted by the severity of existing vulnerabilities within the environment.
  • Risk by Host Top 10 - This table presents an IP Summary of all known vulnerabilities, sorted by total number of vulnerabilities per each device. SC CV is able to present the analyst with a table that displays the most potentially vulnerable hosts and displays individual at greatest risk. The table is filtered using severity.
  • Risk by Host Top 10 Exploitable - This table presents an IP Summary of all known vulnerabilities, sorted by total number of exploitable vulnerabilities per each device. SC CV is able to present the analyst with a table that displays the most potentially vulnerable hosts and displays individual at most risk. The table filters on severity, and if known exploits are available.
  • Risk by Asset Group - This table presents an Asset Summary of all known vulnerabilities, sorted by total number of vulnerabilities per asset. SC CV is able to present the analyst with a table that displays the most potentially vulnerable hosts and displays individual at most risk. The table displays the most at risk assets, filtering on severity.
  • Risk By Asset Group Exploitable - This table presents an Asset Summary of all known vulnerabilities, sorted by total number of exploitable vulnerabilities per asset. SC CV is able to present the analyst with a table that displays the most potentially vulnerable hosts and displays individual at most risk. The table displays most at risk assets, filtering on severity, and if known exploits are available.
  • Risk Summary by Severity - This pie chart provides a visual depiction of current vulnerabilities across the environment so that an analyst can rapidly identify the percentage of Critical, High, Medium, and Low vulnerabilities that are active in the database.
  • Risk Age and Summary - This bar graph contains age related data as well as total host counts. The percentages of overall hosts that are vulnerable to exploits, have default credentials, or vulnerabilities that have existed over 90, 180 or 365 days is displayed. Also, any patches that are over 180 are displayed. Host counts are provided with all charts as well, allowing the analyst to quickly view what vulnerabilities exist in the environment, how long they have been active in the environment, and how successful the current patching policy is by reporting missed or missing patches over 180 days old.
  • Risk Reduction Opportunities - This table provides details on actions that can be taken as risk reduction opportunities within the environment. The percentage of risk reduction, number of hosts affected, total number of vulnerabilities, and vulnerability percentage if implemented are displayed.