A Risk Meter is a group of assets based on search or filter criteria. Each Risk Meter has its own risk score, which is a measure of the security risk a group of assets poses to the organization. The Cisco Vulnerability Management proprietary algorithm to determine the group’s risk is based on the following and more:
-
Adjusted CVSS: Cisco Vulnerability Management adjusts the scores with an algorithm which ensures that CVSS is a better indicator of the probability of a breach.
-
Exploit Intelligence: Does the vulnerability have known exploits or breaches, and have they been or are they being observed in the wild. Is this vulnerability a Popular Target?
-
Threat Intelligence: Does the vulnerability have any associated malware like trojan horses, worms, or ransomware?
-
Asset Priority: How critical is the asset to your infrastructure? (You can modify this priority in bulk, or on individual assets.)
The Risk Meter offers an at-a-glance look at your risk within a specific group of assets. You can view Risk Meters for all groups on the Dashboard or from the Vulnerability Management Explore page where scores are dynamically updated if you change your search criteria.
This Risk Meter above gives insight into any windows devices within your organization’s environment including both servers and workstations.
Types of Risk Meters
Risk Meters are highly flexible. You can use them to filter assets into any view your organization might want. There are three overall types of Risk Meters that you can use in your environment:
-
Risk Remediation Risk Meters
These are risk meters that are specifically targeted to operational groups that apply patches and allow these teams to have a more succinct view of actionable items through Top Fixes. By creating risk meters specific to OS maintenance teams, desktop teams, or network teams, these departments can cut through the noise and focus on the vulnerabilities they are responsible for remediating, starting with the most risky vulnerabilities and moving into less risky vulnerabilities. -
Reporting Risk Meters
These are risk meters that are built to support Reporting requirements from Management, Executives, or the Board. Each risk meter that is created comes with its own set of pre-built reports. To report against a group of assets using those pre-built reports, a Risk Meter for that group must exist.
Executives don’t always want reports that only look at a specific server group or networking team. Creating risk meters that have a higher level view like one per datacenter, or risk meters for each type of device (All Desktops, All Servers, All Switches) gives the high level view of risk in the overall Environment. -
SLA based Risk Meters
If your organization is leveraging Service Level Agreements for patching/remediation, you can track SLA groups using risk meters. Creating a risk meter for “Out of Compliance” or “Overdue” vulnerabilities requires a simple search in Cisco Vulnerability Management, and gives insight into vulnerabilities that are not yet patched, even if they are past their due date.
Users can also create views into vulnerabilities that are coming due as well. Whether an organization wants that group is defined as all Vulnerabilities due in the next seven days, or all Vulnerabilities due in the next 90 days, the timing can be controlled using the search parameters.
The risk meter is an integral part of Cisco Vulnerability Management because it is the basis for all asset groups an organization wants to create. You can create Risk Meters based on almost any criteria such as IP Range, Tags, OS, and asset priority.
Create Risk Meters
Creating a risk meter is a simple process. If you want to create a Parent (a risk meter that will have children through Hierarchical Risk Meters) or a stand alone risk meter, navigate to the Vulnerability Management Explore page using the Vulnerability Management drop-down list in the upper left-hand corner of your Cisco Vulnerability Management instance.
Once on the Vulnerability Management Explore page, you will want to manage the asset and vulnerability filters to segment the data in the view until you’re satisfied with the result, and then you can save the search as a new risk meter.
Update Risk Meters
If you need to update a risk meter or modify the query, from the Vulnerability Management Explore page select the Risk Meter you want to modify using the risk meter drop-down list. Once you’ve selected the Risk Meter, hover over the risk meter name and to the right three icons will appear: a pencil (edit), a trash can (delete), and a green plus sign (add a child risk meter).
To edit, click the pencil and make the necessary edits to your filters. Once you’re done modifying the filters and search parameters, re-save the group.
Delete a Risk Meter
To delete a risk meter, click the trash can. Note: This action cannot be undone. A warning will appear in the UI asking you to confirm the deletion.
Add a Child Risk Meter
For more detailed explanations on how to create, edit, and delete a Risk Meter, refer to the information here.
For information on Hierarchical Risk Meters, refer to the information here.
To learn about Risk Meter Scoring, refer to the information here.
Comments
Please sign in to leave a comment.