A Risk Meter is an asset-based measure of the security risk a group of assets poses to an organization. Our proprietary algorithm is based on the following signals:
- Adjusted CVSS: We adjust the scores with an algorithm which ensures that CVSS is a better indicator of the probability of a breach.
- Exploit Analytics: Does a vulnerability have known exploits or breaches and are they being observed in the wild? Is this vulnerability a popular target?
- Asset Priority: How critical is the asset to your infrastructure? You can modify this priority in bulk or individually.
The Risk Meter offers an at-a-glance look at your risk across a select group of assets. Risk Meters for all groups can be viewed on the Dashboard or from within the Explore page where is will be dynamically updated as search criteria changes.
Types of Risk Meters - Risk Meters (also called Asset Groups) are used for several different purposes within the Kenna platform.
- Understand your Risk Posture - Using the Dashboard, Risk Meters provide a way to easily view the state of various areas or your business and how they compare to your risk appetite. What is your overall risk posture? Should PCI applicable assets be amber? DMZ assets? Creating risk meters for these areas will give you an easy way to view risk using the Dashboard.
- Prioritize remediation efforts - Creating risk meters that are specifically targeted to operational groups that apply patches allows for more succinct views of actionable items using User Roles and Top Fixes. By creating Risk Meters specific to OS maintenance teams, desktop team or networking teams, views of the Dashboard can be created that only show those teams the Risk Meters that apply to them. The will allow those teams to quickly and easily see the actions they can take to reduce risk under their areas of responsibility. See RBAC and Top Fix Groups for more information.
- Report on Risk Reduction Progress - The creation of a Risk Meter initiates reporting for that group of assets which will show the progress of risk remediation against those assets over time. From the Dashboard, click on the graph icon in the bottom left corner under the Risk Meter. For more on reporting click here.
Updating Risk Meters - Risk Meter names can be edited by hovering over the name in the Dashboard and clicking on the pencil icon. Risk Meter asset group searches can be modified and enhanced from the Explore page by hovering over the name in the Groups sections of the right hand search pane and clicking on the pencil icon.
While you are in edit mode, a banner will remain visible at the top of the page.
Once you have executed the query and confirmed the changes are as desired, click "save" next to the meter name.
Click here to learn more about how a risk meter score is determined.