Remediation Analytics and Scoring

Note: Remediation Score is a Cisco Vulnerability Management - Premier feature.

The Remediation Score provides a way for security and remediation teams to measure their progress in reducing risk, which is more useful and meaningful metric than simply counting closed vulnerabilities.

The Remediation Analytics and Score is aimed at helping organizations measure their remediation performance; how effective are their teams at remediating the vulnerabilities that matter most which drives down organizational risk?

The composite score is comprised of four metrics - coverage, efficiency, velocity, and capacity. These are combined to provide an overall score. On the Home page, when you click on the score, you can view the sub-scores for each metric.  

 

86b3bb28-d1bd-47b4-b305-7d18ae6a76c7_1_.PNG

 

Coverage 

Coverage measures the completeness of your remediation. It asks the question, “Of all vulnerabilities that should be remediated (the ones that are truly high risk), what percentage was correctly identified for remediation?” It assesses if you’re fixing the vulnerabilities that really matter.   

How coverage is calculated: 

[Number of closed vulnerabilities with an active internet breach or easily exploitable vulnerability definition] / [Total of all vulnerabilities with an active internet breach or easily exploitable vulnerability definition] * 100

 

Efficiency

Efficiency measures the percentage of remediations that address high-risk vulnerabilities. This metric helps you gauge if you’re spending your resources on the right things. 

How efficiency is calculated: 

[Number of remediations that have at least one Active Internet Breach or Easily Exploitable categorization] / [Total of all remediations] * 100

 

Velocity

Velocity measures the speed and progress of remediation. Velocity asks, “How quickly are issues addressed and how long do they persist within or across assets?​” 

How velocity is calculated: 

Minimum(365, Number of days between vulnerability close date and vulnerability creation date) else Minimum(365, Number of days between current date and vulnerability creation date)

 

Capacity

Capacity measures the average proportion of open vulnerabilities closed in a given time period.  

How capacity is calculated: 

[Number of vulnerabilities open on all assets at beginning of month] / [Number of vulnerabilities closed on all assets in the past 30 days of that month] (calculated for each month) / number of months on all asset’s life (capped at 12 months)

 

For guidance on how to better your remediation score and sub-scores, contact your customer success or sales representative. 

You can also read the following research reports from Cisco and the Cyentia Institute to learn more:

Prioritization to Prediction—Volume 2: Getting Real About Remediation

Prioritization to Prediction—Volume 3: Winning the Remediation Race

Prioritization to Prediction—Volume 4: Measuring What Matters

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.