Evaluate Your Cloud Posture

The Cloud Posture page for Exposure Command diagnoses two of the most important facets of your cloud footprint: risk and vulnerabilities.

Risk

Cloud-based Risk is diagnosed in the Layered Context feature within InsightCloudSec and is represented as a score from 0-1000. The higher the score, the more risk the resource has. Scores are split into five categories (severities): Low (0-399), Medium (400-699), High (700-899), Critical (900+). This score is a proprietary calculation based on several factors:

FactorDescription
Public AccessibilityThe resource has been identified as publicly accessible. Public accessibility has a multiplier effect when found on a resource with other risk factors to ensure these resources get higher risk scores.
Business CriticalityApplications can be defined as business critical, which heightens the importance of the resources within that application. Business criticality has a multiplier effect when found on a resource with other risk factors to ensure resources within business critical applications get higher risk scores.
Attack PathsIf a resource is on an attack path, this will increase the risk score. The risk score will increase even more if the resource is on multiple attack paths.
VulnerabilitiesActive Risk score (from InsightVM) is used to determine the severity of a vulnerability. Active Risk uses the latest CVSS score with intelligence from threat feeds like AttackerKB, Metasploit, ExploitDB, Project Lorelei, CISA KEV list, and other third-party dark web sources to provide security teams with a threat-aware vulnerability risk score. Vulnerabilities with an active risk score above 700 have the most impact on the risk score assigned to the resource.
Insights (Misconfigurations)If a resource has misconfigurations (based on best practice Insights curated by InsightCloudSec), its risk score increases. Critical and High severity Insights adds the most risk.
Critical IaM InsightsCritical Identity and Management (IaM) Insight failures (or misconfigurations) contribute to an increased risk score.
Threat FindingsInsightCloudSec Threat Findings is a multi-cloud capability that curates runtime threat detections from your resources, any threat findings found on a resource increases risk score. High and Medium severity threats add the most risk.

Resources with multiple risk factors are effectively compounding their risk and exploitability, so InsightCloudSec refers to these resources as having toxic combinations.

The Risk tab focuses on the following areas to empower you to eliminate or remediate as much risk as possible as quickly as possible:

  1. Finding resources with toxic combinations
  2. Investigating how prevalent a given risk factor is in your environment
  3. Visualizing resources with the most critical risk

Vulnerabilities

Vulnerabilities, also known as Common Vulnerabilities and Exposures (CVEs), are publicly-disclosed cybersecurity issues from the MITRE Corporation. After you have configured theHost Vulnerability Assessment and Container Vulnerability Assessment features within InsightCloudSec, we assess your hosts and containers for vulnerabilities. The most exploitable vulnerabilities are split into two categories:

  • CVEs actively exploited in the wild - There is reliable evidence that the CVE has been actively exploited by a bad actor on a real host or container
  • CVEs with known exploits - A CVE with exploits that have been researched by experts or that has a proof of concept (PoC) for a real exploitation

Cloud Posture focuses on these vulnerabilities to empower you to eliminate or remediate them as quickly as possible. Review Vulnerabilities for more information on the full capability.