What is a Risk Meter?
A Risk Meter is a group of assets based on search or filter criteria. Each Risk Meter has its own Risk Score, which is a measure of the security risk a group of assets poses to the organization. The Cisco Vulnerability Management proprietary algorithm to determine the group’s risk is based on the following and more:
Adjusted CVSS: We adjust the scores with an algorithm which ensures that CVSS is a better indicator of the probability of a breach.
Exploit Intelligence: Does the vulnerability have known exploits or breaches, and have they been or are they being observed in the wild. Is this vulnerability a Popular Target?
Threat Intelligence: Does the vulnerability have any associated malware like trojan horses, worms, or ransomware?
Asset Priority: How critical is the asset to your infrastructure? (You can modify this priority in bulk, or on individual assets.)
The Risk Meter offers an at-a-glance look at your risk within a specific group of assets. Risk Meters for all groups can be viewed on the Dashboard or from within the Explore page where scores are dynamically updated if you change your search criteria.
This Risk Meter above gives insight into any windows devices within your organization’s environment including both servers and workstations.
Types of Risk Meters:
Risk Meters are highly flexible and can be used to slice and dice assets into any view the organization may want. There are three overall types of Risk Meters, or three way Risk Meters can be utilized within your environment:
Risk Remediation Risk Meters -
These are Risk Meters that are specifically targeted to operational groups that apply patches and allow these teams to have a more succinct view of actionable items via Top Fixes. By creating Risk Meters specific to OS maintenance teams, desktop teams, or network teams, these departments are able to cut through the noise and focus on the vulnerabilities they are responsible for remediating, starting with the most risky vulnerabilities and moving into less risky vulnerabilities.
Reporting Risk Meters -
These are Risk Meters that are built to support Reporting requirements from Management, Executives, or the Board. Each Risk Meter that is created comes with its own set of pre-built reports. In order to report against a group of assets using those pre-built reports, a Risk Meter for that group must exist.
Executives don’t always want reports that only look at a specific server group or networking team. Creating Risk Meters that have a higher level view like one per datacenter, or Risk Meters for each type of device (All Desktops, All Servers, All Switches) gives the high level view of risk in the overall Environment.
SLA based Risk Meters -
If your organization is leveraging Service Level Agreements for patching/remediation, you can track SLA groups via Risk Meters. Creating a Risk Meter for “Out of Compliance” or “Overdue” vulnerabilities requires a simple search within Cisco Vulnerability Management, and gives insight into vulnerabilities that are not yet patched, even if they are past their due date.
Users are also able to create views into vulnerabilities that are coming due as well. Whether an organization wants that group is defined as all Vulnerabilities due in the next 7 days, or all Vulnerabilities due in the next 90 days, the timing can be controlled via the search parameters.
The Risk Meter is an integral part of the Cisco Vulnerability Management platform, as it is the basis for all asset groups an organization wishes to create. RMs can be created based on almost any criteria: IP Range, Tags, OS, asset priority, and more.
Creating Risk Meters:
Creating a Risk Meter is a relatively simple process. If you want to create a Parent (a risk meter that will have children via Hierarchical Risk Meters) or stand alone Risk Meter simply navigate to the explore page via the VM dropdown in the upper left hand corner of your Cisco Vulnerability Management instance.
Once in the explore page, you will want to manage the asset and vulnerability filters to segment the data in the view until you’re satisfied with the result, and then you can save the search as a new Risk Meter.
Updating Risk Meters:
If you need to update a Risk Meter or modify the query, from the Explore page select the Risk Meter you wish to modify via the Risk Meter dropdown list. Once you’ve selected the Risk Meter, hover over the Risk Meter name and to the right 3 icons will appear: a pencil (edit), a trash can (delete), and a green plus sign (add a child Risk Meter).
To edit, click the pencil and make the necessary edits to your filters. Once you’re done modifying the filters and search parameters, re-save the group.
Deleting a Risk Meter:
To delete a risk meter, click the trash can. NOTE: This action cannot be undone. A warning will appear in the UX asking you to confirm the deletion.
Adding a Child Risk Meter:
For more detailed explanations on how to create, edit, and delete a Risk Meter, please see the Help Page here.
For information on Hierarchical Risk Meters, please see this Help Page here.
To learn about Risk Meter Scoring, see this Help Page. Link