The summary tab is the most important view within the [secure] portal. It comprises of 3 sections, Overall Risk, 7 Key Areas of Cyber Security and finally Compliance.
This is your overall risk rating. This risk rating is calculated by analysing the normalized scored to the seven industry accepted areas of exposure (which are conveniently in the section below).
The rating is graded A through C and every business should aim for an overall risk rating of A. While this does not mean you have total security, it does mean you have reached an overall acceptable level of cyber security for your publicly connected systems.
The seven key areas are:
Vulnerability Management is all about the number of vulnerabilities and their associated CVE scores. Common Vulnerabilities and Exposures (CVE) is measured by adding the values of CVSS -Common Vulnerability Scoring System of the combinations of products and versions detected (cve_score).
For example, if an IP address has multiple combinations of products and versions with low CVSS values or a few combinations but high CVSS values, then the vulnerability scoring for this parameter is going to be high.
The more vulnerabilities and the higher the CVSS score, the further in the Red the score will be.
The attack surface looks at the number of exposed services you have across your entire environment. The more exposed services you have, the further in the Red the score will be.
This is where we look at the types of services that are exposed and whether they are encrypted by design. The use of unencrypted services, use of algorithms that are not recommended by security guidelines are only a few examples of what contributes to increase the vulnerability level of an IP address when it comes to encryption.
When it comes to encryption, if an IP address is using Debian Weak Keys, has any of the vulnerabilities listed for SSL, has weak email configurations, uses FTP instead of FTPS or lacks HTTPS across all services, then its level of exposure is classified as extreme. For all the other parameters analysed in this category, the level of exposure of an IP address will increase with the number of times one of those is present.
The more clear text, unencrypted, services that are present, the further in the Red the score will be.
This is very simply the number of exposed remote managed services. Specifically, we are looking for:
If an IP address is using telnet instead of SSH or has RDP, VNC and X11 without the correct configurations (proper firewalling of authentication for instance), one can consider that the level of exposure (rms_score) of that IP address is extreme.
With storage we are looking for exposed storage technologies. Service such as:
We’ve selected 10 storage technologies that could expose data if not properly configured. Therefore, if an IP address has one of these technologies without authentication, its level of exposure (storage_score) is automatically considered extreme.
Web looks at how well the exposed web services are secured. In particular, we look for the lack of security headers in web services:
The lack of at least one security header represents an extreme level of exposure (web_score).
And finally torrents. If an IP address is downloading torrents, the risk level (torrents_score) is considered extreme.