View Risk Across Cloud and On-Prem Environments

If you have both InsightCloudSec and InsightVM, you can benefit from a shared view of risk across cloud and on-premises environments using the Executive Risk View.

Use the Executive Risk View to understand the risk in your cloud and on-premises environments.

What is the Executive Risk View?

The Executive Risk View (ERV) provides security leaders with a unified view of their vulnerability risk across cloud and on-premises (on-prem) environments. By combining data from InsightCloudSec CloudVM and InsightVM, leaders can understand remediation progress and make decisions to drive their security programs.

This dashboard provides the following sections to help you understand the risk data from your environments:

  • Key Performance Indicators help you understand your risk posture at a glance by displaying the latest metric, how it has changed over time, and link to details.
  • Risk overview tracks vulnerability risk trends across cloud and on-premises environments.
  • Remediation progress provides data to evaluate the efficiency and effectiveness of your remediation activities at reducing vulnerability risk.
  • Environment trends displays data for changes in your cloud and on-prem environments that impact the vulnerability risk score.
  • Accepted risk monitors how much on-prem risk has been accepted through vulnerability exceptions.
  • Accountability identifies potential gaps in ownership of assets to drive remediation.

How is risk calculated?

The Executive Risk View uses normalized risk scoring to make it easier to consume and communicate risk to your stakeholders. Normalized risk scoring aggregates the total risk of all vulnerabilities and assets within the scope defined by the filters, taking into account the following vulnerability and asset attributes, and normalizes to a range of 0 to 1000.

Vulnerability attributes
AttributeDescription
CVSS scoreThe Common Vulnerability Scoring System (CVSS) standard assesses individual vulnerabilities on a scale of 0.0 to 10.0 using a variety of metrics.

By default, ERV uses v3 scores where available, otherwise v2 scores are used instead. For zero day scenarios where a CVSS score has not yet been assigned but exploitation in the wild has been observed, the CVSS score is not considered.
ExploitabilityIf an exploit or exploit kit exists for a vulnerability. Sources: Metasploit and ExploitDB.

“Exploitation” is a cybersecurity term for the ability to leverage an attack on a vulnerability by hackers. Read our blog for more information.
Exploited in the WildIf a vulnerability has been actively targeted by attackers in the real world. Sources: Rapid7 Research, CISA KEV, and 3rd Party Feeds.

“Exploited in The Wild” is a cybersecurity term for malware that is actively being used by attackers (“exploited”) and can be found on devices belonging to ordinary users (“in-the-Wild”).
AttackerKBAn expert assessment for how valuable a vulnerability is to an attacker and how easily exploitable is a vulnerability in real environments.
ExceptionsIf a vulnerability exception has been applied in InsightVM.

An exception is accepted risk for a vulnerability.
Asset attributes
AttributeDescription
CriticalityWhether an asset has been tagged with a criticality tag in InsightVM.
AccessibilityWhether an asset is determined to be publicly accessible in InsightCloudSec.
Attack surfaceNumber of assets and potential attack paths within the scope.
Vulnerability reoccurrenceThe diminishing effect of multiple instances of the same vulnerability found on an asset.

Displaying data in Executive Risk View

The Executive Risk View is available from the Insight Platform navigation menu. To display and view data in Executive Risk View, connect InsightCloudSec and InsightVM to the same Insight Platform org and verify that you have assigned the correct access permissions. To get meaningful insight into your environment, you can refine the view using filters.

InsightVM and InsightCloudSec must be deployed to the same platform organization.

Connect data

For data to display in Executive Risk View, InsightCloudSec CloudVM and/or InsightVM must be set up and connected to the Insight Platform. Depending on your product setup, the following data displays:

  • If InsightCloudSec CloudVM and InsightVM have not been set up, you are prompted to set up the missing data source.
  • If one of the products has been set up, the ERV will load with the available data, and you are prompted to set up the missing product.
  • When both products have been set up you will have a complete view of vulnerability risk across your cloud and on-prem environments.

Verify permissions

Specific permissions are required for Insight Platform, InsightCloudSec, and InsightVM to view the Executive Risk View. To view Executive Risk View and both cloud and on-prem data, ensure you have the following permissions:

ProductRequired
Insight PlatformAdministrator (Shared)
InsightVMGlobal Administrator
InsightCloudSecOne of the following roles assigned:
  • InsightCloudSec Domain Admin
  • InsightCloudSec Domain Viewer
  • InsightCloudSec Organization Admin

Refining the view

You can refine the data in Executive Risk View by using filters for time range, cloud and/or on-prem data, operating system, vulnerability details, and product-specific data.

Apply filters

To update the Executive Risk View data, click Apply after selecting or removing filter selections. Global filters update the data displayed across all cards in the Executive Risk View. Cloud and on-prem specific filters only update the cloud (InsightCloudSec) or on-prem (InsightVM) data displayed.

Global filters

You can use the following global filters to refine your view.

FilterDescription
Time FrameControls the date range for the Executive Risk View.
Options: last month,last 2 months, last 3 months, last 6 months (default), last year.
Resource TypeFilter by resource type.
Options: On-Premises Asset, Cloud Instance.
Platform / OSFilter assets shown on the Executive Risk View by platform or operating system.
Options: Linux, Windows, MacOS
Vulnerability Filters: CVSS v3 SeverityFilter by the CVSS v3 Severity.
Options: Critical, high, medium, low, informational
Vulnerability Filters: ThreatsFilter by Threat type.

Options:

  • Exploitable. An exploit or exploit kit exists for the CVE. Sources: Metasploit, ExploitDB
  • Exploited In The Wild. A vulnerability is actively being targeted by attackers in the real-world. Sources: Rapid7 Research, CISA Kev, 3rd Party Feeds.

Specific CVEList of emergent threat CVEs.
An emergent threat is a vulnerability supported by InsightCloudSec CloudVM capability or InSightVM, has a CVSS v3 critical severity rating, and is a vulnerability that is or is likely to be broadly exploited in the wild.
Cloud filters

Cloud filters only update the cloud (InsightCloudSec) data displayed and not to the on-prem data displayed on the ERV.

FilterDescription
Account BadgeAccount badges group related cloud accounts.
Application NameApplications group related resources to applications.
Application Business CriticalFilter data to business critical applications.
Options: True, false
Cloud ProviderFilter data by cloud provider.
Options: Alibaba Cloud, Amazon Web Services, Google Cloud, Microsoft Azure, Oracle Cloud.
On-prem filters

On-prem filters only update the on-prem (InsightVM) data displayed and not to the cloud data displayed on the ERV.

FilterDescription
Criticality TagFilter by the criticality tag.
Options: Very High, High, Medium, Low, Very low
TagsFilter by Tags.
Options: Owner: dropdown, Location, or Custom

Reports

You can create reports from the Executive Risk View, with all filters that are applied on the ERV returned in the report.

Create Report

Create report

  1. Click Reports > Create Report.
  2. Select Executive Risk View as the report template.
  3. Provide a name, a description, and select at least one format: PDF and HTML are allowed.
  4. Set the date range for the report.
  5. You can create a report once, or you can click + Add Schedule to set up a recurring schedule:
    1. Specify a frequency (in days, weeks, or months).
    2. Provide a date range for the report.
    3. Specify the users or email addresses that you want to share the reports with.
    4. Click Add Schedule.
  6. Click Create Report.

Name and description

We recommend using a name and description that reflects the filters applied.

View Report

View report

Once you have created a report, you can view it in View Reports.

Reports are listed in the order they were generated (most recent first) or you can search for a report by report name or date generated. You can view reports (HTML report format) or download them (PDF format).

Understanding risk

Use the Executive Risk View dashboard cards to help you understand specific information about your cloud and on-premise risk. By understanding the risk across your cloud and on-premise environments, you can take a data-driven approach to decision making, capacity planning, and driving accountability for risk reduction across the business.

Do you want descriptions and a listing of all dashboard cards?

For a consolidated view of the dashboard cards that power this view, review Executive Risk View: Dashboard Cards in the product documentation.

Summary KPIs

The Summary KPIs help you understand your risk posture at a glance. You can see the latest metric, how it has changed over time and a link that will take you to the section in the ERV where you will find visualizations providing further details about the data supporting that metric.

Detailed descriptions of Summary KPI dashboard cards
Dashboard cardDescription
Total Risk ScoreTotal risk score across cloud and on-premises environments. The range for vulnerability risk scores is 0 - 1000.
Total VulnerabilitiesAll unique vulnerability findings per asset across cloud and on-premises assets.
Remediated VulnerabilitiesThe total number of remediated vulnerabilities across cloud and on-premises. Arrows indicate change in remediation progress.
Mean Time to RemediateThe mean time to remediation in days. This is the average time from first finding the vulnerability to remediation.
Total AssetsThe total number of cloud and on-prem assets that were assessed for vulnerabilities. The arrow indicates the percentage of change in the number of assets over the past month.
Total Accepted VulnerabilitiesThe number of all vulnerabilities with accepted risk. The arrow indicates the change in the percentage of accepted vulnerabilities compared to the number of all vulnerabilities.
Tagged AssetsThe percentage of assessed assets that have at least one tag applied. The arrow indicates the change in the percent of tagged assets compared to all assets.

Risk Overview

By understanding trends in your risk across cloud and on-prem environments related to the number and severity of vulnerabilities, you can provide meaningful risk data to stakeholders. This data may also help identify potential changes needed to your security program to lower the risk.

Detailed descriptions of Risk Overview dashboard cards
Dashboard cardDescription
Total Risk ScoreThe combined risk score for all cloud and on-premises vulnerabilities. The range for vulnerability risk scores is 0 - 1000. The arrows indicate a change in the vulnerability risk score.
Total Vulnerabilities and Vulnerability Risk Over TimeTotal number of vulnerabilities discovered in each environment and the resulting impact on risk score. The trend is determined by the level of risk for cloud and on-premises vulnerabilities. The percentage of risk indicates an increase or decrease in risk score in the selected time range.
Total Assets Over Time by Vulnerability SeverityThe trend of how many assets are in cloud and on-premises environments over a selected time period, as organized by vulnerability severity. The percentage indicates a decrease or increase in assets in the time range.
Top 5 Vulnerabilities by Risk Score Cloud vs. On-PremHighest scoring vulnerabilities and the number of assets affected on Cloud and On-premises environments.
Vulnerabilities Actively Exploited In The WildThe percentage of vulnerabilities actively being targeted by attackers in the real-world. This information is sourced from Rapid7 Research, CISA Kev, and 3rd Party Feeds.

“Exploited in The Wild” is a cybersecurity term for malware that is actively being used by attackers (“exploited”) and can be found on devices belonging to ordinary users (“in-the-Wild”).
Exploitable VulnerabilitiesThe percentage of vulnerabilities in cloud and on-premises environments that are at risk of exploitation. This information is sourced from Metasploit and ExploitDB.

“Exploitation” is a cybersecurity term for the ability to leverage an attack on a vulnerability by hackers. Read our blog for more information.

Remediation Progress

Remediation progress data helps you evaluate the efficiency and effectiveness of the remediation activities in your security program. Depending on the effectiveness at reducing vulnerability risk, you can adjust processes to reduce the time to remediation.

Detailed descriptions of Remediation Progress dashboard cards
Dashboard cardDescription
Remediated VulnerabilitiesThe number of vulnerabilities that are remediated. The card also shows the percentage of vulnerabilities that have not been remediated.
New and Remediated Vulnerabilities vs. Vulnerability Risk Over TimeThe trend of new and remediated vulnerabilities over a selected time, compared to the change in the number of backlog vulnerabilities that are remediated.
The risk trend is determined by the percentage of new vulnerabilities compared to the percentage of remediated vulnerabilities, which is then compared to the percentage of change in backlog remediation.
Mean Time To Remediate (Cloud vs. On-Prem)The average time from first finding the vulnerability to remediation for cloud compared to on-prem.
Mean Time To Remediate by Vulnerability SeverityThe MTTR trend by vulnerability severity.

Understanding trends in your attack surface coverage related to the number and severity of vulnerabilities enables you to make data-driven decisions for improved cloud and on-prem asset security.

Detailed descriptions of Environment Trend dashboard cards
Dashboard cardDescription
Total Cloud Assets vs On-Premises assets over timeThe total number of Cloud vs On-Premises assets over the specified time range.
Total Assets vs Vulnerability Risk Over TimeThe trend in the number of assets across all environments and the impact to the overall vulnerability risk.
Median Asset Risk (Cloud)The median risk score for all cloud assets. This does not include on-premises assets. The risk score range is 0 - 1000.
Median Asset Risk (On-prem)The median risk score for all on-premises assets. This does not include cloud assets. The risk score range is 0 - 1000.

Accepted Risk

For a more secure on-prem environment, understanding how much of your on-prem risk is accepted through vulnerability exceptions. Depending on the impact to your environment, you can determine whether changes are needed to the criteria for vulnerability exceptions. Support for cloud exceptions is planned.

Detailed descriptions of Accepted Risk dashboard cards
Dashboard cardDescription
Total Accepted RiskTotal risk score that is accepted.
Top 5 Exceptions by Risk ScoreThe on-prem assets with exceptions making the biggest reduction in risk score.
Total Exceptions vs Accepted Risk over timeTotal number of on-prem exceptions and the resulting impact on accepted risk score over time.

Accountability

By understanding potential gaps in asset ownership, you can determine where to assign owners to drive remediation efforts and create a more secure environment by providing accountability for asset security.

Detailed descriptions of Accountability dashboard cards
Dashboard cardDescription
Assets Tagged Over TimeThe total number of assets tagged per environment.
On-Prem Assets Tagged By CriticalityDetailed view of the criticality of on-premises assets.
On-Prem Assets Tagged By OwnerThe percentage of on-prem assets that are tagged by owner.
On-Prem Assets Tagged By LocationThe percentage of on-prem assets that are tagged by location.
Cloud Assets Tagged with an ApplicationThe percentage of cloud assets that are tagged with an application.