Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Overview

Use the Criticality & Vulnerability visualization to view a roll-up of your vulnerability scan results.

The setup process for ISA, which is driven by an analyst is necessary to produce the visualizations and matrices described

About Criticality & Vulnerability

The Criticality & Vulnerability visualization connects to your open source/commercial threat intelligence feeds, as well as your organization's asset database, in order to display detected CVEs (common vulnerabilities and exposures) and IOCs (indicator of compromise). The visualization rolls up this critical information in one convenient location, and enables threat response management, including level of effort assignment, patch difficulty and cost estimates.

 

 

Using the Criticality & Vulnerability Visualization

Making the best use of the Criticality & Vulnerability visualization is a snap. Your network scan and vulnerability information will come pre-populated during the setup process. So network scan / asset information will be adjoined with your threat intelligence of choice in order to provide the most updated information surrounding threats. Using four manual inputs, the C&V visualization helps your enterprise identify the affected hosts by vendor / product by CVE, with an opportunity to assign expected costs (initial estimate), patch difficulty, level of effort and anticipated risk level. Then, once all of this information in assigned, it can be saved for easy reference later.  

Threat Response Management

Once the necessary data has been co-related, the detected CVEs and IOCs are displayed in the Vulnerability Table.  

The following activities can be performed from the vulnerability table

  • Assign Level of Effort and Patch Difficulty
  • Manage Cost Estimation
  • Assign Anticipated Risk Level

Level of Effort

It is important to categorize CVEs by level of effort, to manage time and resources optimally.

To assign level of effort

  1. From the visualization, scroll to the CVE of interest
  2. Use the dropdown to assign Level of Effort (Low, Medium, High).

Once you have organized your CVEs using Level of Effort you can use this assignment to filter the list of CVEs accordingly.

Patch Difficulty

You can categorize CVEs by Patch Difficulty, to manage time and resources optimally.

To assign Patch Difficulty

  1. From the visualization, scroll to the CVE of interest.
  2. Use the dropdown to assign Patch Difficulty (Low, Medium, High).

Once you have organized your CVEs using Patch Difficulty you can use this assignment to filter the list of CVEs accordingly.

Cost Estimates

The Cost Estimate column enables you to indicate the amount of full-time employees (FTE) and the associated cost per employee.  This enables initial estimation of costs associated with threat response management.

To provide the initial estimate

  1. From the visualization, scroll to the CVE of interest.
  2. Use the dropdown to assign amount of FTE and cost per employee.

After entering the required data points, the cost calculation is performed for you automatically.

Anticipated Risk Level

You can categorize CVEs by Anticipated Risk Level to manage risk optimally.

To assign Risk Level

  1. From the visualization, scroll to the CVE of interest.
  2. Use the dropdown to assign Risk Level (Low, Medium, High).

Once you have organized your CVEs using Risk Level you can use this assignment to filter the list of CVEs accordingly.

Filtering

You can use any of the assigned categorizations above to filter the list of CVEs.  You can also filter using the global filter box and free-form filter boxes located above many of the columns.

To use free-form filtering

  • Enter a text string into one of the free-form filter boxes above a column. eg. Vendor

The list of CVEs is filtered accordingly.

To filter globally

  • Enter a text string into the global filter box eg. Jan (January)

The list of CVEs is filtered accordingly.

Summary Information

You can view a summary of CVEs and IOCs per threat feed using the Threat Intelligence Feed Comparison.

To view the summary

  • Navigate to the Criticality & Vulnerability visualization.

All of the connected threat feeds (eg. iSight, SYMC, Phishme, and aggregate open source feeds) are displayed with associated CVE and IOC counts.

 

 

  • No labels