Why Risk Based Scoring?

So many vulnerabilities, so little time. Sound familiar? This is something we hear from many of our customers. How do you possibly keep up with the ever-changing threat landscape in your environment and actually make progress? This is a prime use case for how Cisco Vulnerability Management can help to revamp your vulnerability management program. 

You can teach an old dog new tricks!

Shifting to a risk-based approach allows your teams to uncover the most critical vulnerabilities in your environment and focus on remediating the vulnerabilities that actually pose risk.

The example below displays how powerful shifting to a risk-based approach can be within your environment using search commands.

Many organizations prioritize vulnerabilities based on either the scanner score or the CVSS base score. In taking a look in a demo environment and using customers' common search criteria:

Prioritizing based on scanner score >3 (Using major scanner's score scale of 1-5):

Risk-Based-Scoring-1.png

As shown in the image above, a scanner score that is greater than three results in your team needing to remediate close to 300,000 vulnerabilities by applying 6,500 fixes. 

Understanding how many of the ~300,000 vulnerabilities pose a high risk to your environment is important. By adding the search parameter of ‘AND vulnerability_score:>66, you can see the number of high risk vulnerabilities are significantly lowered. By shifting to a risk-based approach, you would need to address just over 8,000 vulnerabilities by applying 300 fixes. This number is much more manageable and actually lowers the risk posture of your environment.

 

Risk-Based-Scoring-2.png

Here are some common search queries you can use to help communicate and educate your internal teams on the importance of prioritizing remediation efforts based on risk and the great impact it can have on your environment. 

To search for vulnerabilities that have a CVSS base score greater than 6 and are considered High in Cisco Vulnerability Management:

cvss_severity:>6 AND vulnerability_score:>66

To see which vulnerabilities have a lower scanner score or cvss base score than what your policy/procedure indicates you remediate but are considered high risk in Cisco Vulnerability Management, try the below search commands. This is an important exercise as there may be vulnerabilities in your environment that you de-prioritize that pose significant risk to your environment.

scanner_score:<4 AND vulnerability_score:>66

cvss_severity:<6 AND vulnerability_score:>66 

Shifting to a risk-based approach for vulnerability remediation is not an easy task and we recognize that. Reach out to your Customer Success Team to see how we can assist you in this effort.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.