Our Fixes feature was originally created to help prioritize specific vulnerabilities and their affected assets, grouped by the greatest risk reduction that could be made if all associated CVEs are remediated on all affected assets:
Each Fix contains all of the related CVEs and each of the assets affected by those CVEs. We also include diagnosis (a brief description of the vulnerability), consequence (what a successful exploit could result in or allow an attacker to do), and solution (how, specifically, to remediate the vulnerability), based on vendor data.
By remediating all of the listed vulnerabilities on all of the affected assets, a Fix will ideally result in a reduction in the total Risk Score for those assets. This gives you a direct actionable list of vulnerabilities to tackle first.
To provide even better visibility of how remediation work can be most effective in reducing risk, we are introducing "Fixed Groups":
A Fix Group is composed of up to 3 different Fixes available to a single Risk Meter group. By grouping a few unrelated Fixes together, it is possible to generate larger risk reduction scores for a Risk Meter, as many assets can have unrelated vulnerabilities with the same risk - in those situations, it can be difficult to determine the best risk reduction for a set of assets by looking at individual Fixes.
Top Fix Groups
Within each Kenna Risk Meter group report, we've added a "View Top Fixes" link, which contains a list of the 10 largest risk reduction Fix Groups for that Risk Meter:
The Top Fix Groups view for a Risk Meter contains its current Risk Score, along with the lower score that the Risk Meter would move to after remediating all vulnerabilities in a specific Fix Group. These are sorted by largest risk reduction, left to right, with a button on the right side to move to the second page of Top Fixes:
In the example above, remediating the vulnerabilities for all 3 listed Fixes will reduce the current risk score of 680 by 11 points, down to a new score of 669.
All of the Top Fix Groups (not just the one currently displayed) can be exported in this view by clicking the "Export CSV" button to the right.
(exporting via email and ticketing integrations are coming soon!)