NopSec Unified VRM Highlight: My Risk
- Oct 31, 2017
- Guest Author
IT Security and Risk teams in every organization have one common goal: to protect the company’s data from breaches by strengthening its security posture.
Each member of the team has different goals (that work towards the common goal) depending on their roles. While the Engineers and Analysts are more focused on the day to day remediation of vulnerabilities, CISOs and upper level management are more concerned with the overall strategic role of cybersecurity within the organization’s goals.
NopSec’s flagship threat and vulnerability management and attack path simulation platform, Unified VRM(Vulnerability Risk Management), enables CISOs to have global visibility of their security posture by attack vector and helps them monitor their operational metrics. This post focuses on some of the insights found in Unified VRM that are driven towards the needs and requirements of CISOs and other upper level management professionals, which can be found under the “My Risk” functionality of the platform. Let’s get started.
Figure 1: Global Risk View
As you can see in Figure 1, Unified VRM provides a global view of your overall environment, assigning each one with a letter score. You are graded between A to F (falls within ranges, based on our risk scoring system), which gives you quick insight on which networks need more attention and resources. It also provides global insight down to the asset group level. In this example, you will see that the Web Application is secure, while the Internal and External networks need more help.
Figure 2: Policy Recommendation View
A robust cybersecurity policy is also a strong determining factor on the effectiveness of your cybersecurity program. Unified VRM provides recommendations and insights into which policies need to be fixed that will provide the most positive impact in the organization. In Figure 2 you will see that for this particular organization, the top five policy issues are listed, including information exposure, memory buffer issues, and more. If you hover over each one, you will see the Risk Reduction impact when remediated. Bonus: If you click on any of the bars associated with a policy issue, you will be taken to a page that gives you a prioritized list of all the vulnerabilities in your environment that have this issue.
Figure 3: Remediation Trends
Your vulnerability risk management program is ultimately assessed on results. How quickly are we closing tickets and how we compare to the industry rate (as a benchmark)? This capability allows you to inspect the trends and direction of the open and closed tickets over time, both from a monthly and quarterly roll up. As scanning occurs more frequently, the rate of open tickets and closed tickets change as new vulnerabilities are discovered and tickets are opened, and the system will automatically close tickets as they are verified in the scan process. As you can see in Figure 3, this IT Security Team has some catching up to do!
There are so much more to see, and this is but a glimpse of what NopSec Unified VRM can do for you and your organization. We invite to find out more about the platform by requesting a demo.