Assess your organization's risk and compliance
The Summary page provides a high-level overview of risk and compliance as it applies to your unique organization. The Summary page opens by default when you first log in and is available from the main navigation. Summary is split into two views:
- Risk Overview - Use this tab to quickly find the most exploitable resources in your organization, hunt active and severe vulnerabilities, and prompt remediation efforts.
- Compliance Overview - Use this tab to determine your effective compliance as it relates to Insights and Compliance Packs and view general statistics about your onboarded cloud accounts.
Tracking risk and compliance for Kubernetes clusters
Risk and compliance for Kubernetes clusters are now included as part of the cloud accounts that contain Kubernetes clusters (also known as remote or cloud-managed clusters), so you cannot filter by Kubernetes for Cloud Account or Cloud Type. Local Kubernetes clusters are not factored into risk and compliance.
Risk Overview
The Risk Overview tab diagnoses two of the most important facets of your cloud footprint: risk and vulnerabilities.
Risk
Risk in InsightCloudSec is diagnosed in Layered Context and is represented as a score from 0-1000. The higher the score, the more risk the resource has. Scores are split into five categories (severities): Low (0-399), Medium (400-699), High (700-899), Critical (900+). This score is a proprietary calculation based on several factors:
Factor | Description |
---|---|
Public Accessibility | The resource has been identified as publicly accessible. Public accessibility has a multiplier effect when found on a resource with other risk factors to ensure these resources get higher risk scores. |
Business Criticality | Applications can be defined as business critical, which heightens the importance of the resources within that application. Business criticality has a multiplier effect when found on a resource with other risk factors to ensure resources within business critical applications get higher risk scores. |
Attack Paths | If a resource is on an attack path, this will increase the risk score. The risk score will increase even more if the resource is on multiple attack paths. |
Vulnerabilities | Active Risk score (from InsightVM) is used to determine the severity of a vulnerability. Active Risk uses the latest CVSS score with intelligence from threat feeds like AttackerKB, Metasploit, ExploitDB, Project Lorelei, CISA KEV list, and other third-party dark web sources to provide security teams with a threat-aware vulnerability risk score. Vulnerabilities with an active risk score above 700 have the most impact on the risk score assigned to the resource. |
Insights (Misconfigurations) | If a resource has misconfigurations (based on best practice Insights curated by InsightCloudSec), its risk score increases. Critical and High severity Insights adds the most risk. |
Critical IaM Insights | Critical Identity and Management (IaM) Insight failures (or misconfigurations) contribute to an increased risk score. |
Threat Findings | InsightCloudSec Threat Findings is a multi-cloud capability that curates runtime threat detections from your resources, any threat findings found on a resource increases risk score. High and Medium severity threats add the most risk. |
Resources with multiple risk factors are effectively compounding their risk and exploitability, so InsightCloudSec refers to these resources as having toxic combinations.
The Risk tab focuses on the following areas to empower you to eliminate or remediate as much risk as possible as quickly as possible:
- Finding resources with toxic combinations
- Investigating how prevalent a given risk factor is in your environment
- Visualizing resources with the most critical risk
Vulnerabilities
Vulnerabilities, also known as Common Vulnerabilities and Exposures (CVEs), are publicly-disclosed cybersecurity issues from the MITRE Corporation. After you have configured the Host Vulnerability Assessment and Container Vulnerability Assessment features, InsightCloudSec begins assessing your hosts and containers for vulnerabilities. The most exploitable vulnerabilities are split into two categories:
- CVEs actively exploited in the wild - There is reliable evidence that the CVE has been actively exploited by a bad actor on a real host or container
- CVEs with known exploits - A CVE with exploits that have been researched by experts or that has a proof of concept (PoC) for a real exploitation
The Risk tab focuses on these vulnerabilities to empower you to eliminate or remediate them as quickly as possible. Review Vulnerabilities for more information on the full capability.
Compliance Overview
The Compliance Overview tab provides a daily summary of your compliance against a particular Insight Pack as well as general statistics about your organization's cloud footprint, like your top clouds by billable instance or resource, trending compliance score, and trending Insight findings. All of the data on this page is generated from Insights, Cloud Accounts, and the Compliance Scorecard. Use the filters to adjust the compliance calculations for a given Insight Pack, Cloud Type, Badge, or Cloud Account or Kubernetes Cluster. Check out the Frequently Asked Questions (FAQ) for details on the Compliance Score, Findings, and Viewing Latest Results. This tab also provides easy access to your favorite Insights.
Frequently Asked Questions (FAQ)
The FAQ offers overview information about content offered on the Summary page. If you have questions or concerns we don't address here, contact support.
When is the data collected?
The data that displays is collected at the end of the previous day.
For example, your Daily Summary may say "Daily Summary (end of day - Tuesday, May 11 2021)" to indicate that the data you are viewing is data collected on the 11th of May, 2021.
What is my Compliance Score? How is that calculated?
The Compliance Score is calculated by the number of resources scanned, relative to the number of applicable checks (or Insights) in the Insight Pack. There is no weighting associated with the checks, and they are all treated as equal, relative to the calculation of the score.
The percentage (e.g., 47%) is based on the data from yesterday compared to the day before yesterday, for a day-to-day data comparison.
The Compliance Score will update to reflect the Insight Pack/Query Filters you select.
Example Compliance Score calculation You have 100 S3 buckets and the selected Insight Pack has ten checks that focus on S3. Of those checks, there are 10 buckets failing three of the ten checks:
- The number of checks that would be executed during the scan would be 1,000 (100 * 10)
- The number of failed checks would be 30 (3 * 10)
- The Compliance Score for the daily run would be 97% ([1000-30]/100)
This logic extends across multiple resource types so that checks in the pack only count as successful or unsuccessful depending on whether the resource type exists.
What is a Finding?
The term "finding" indicates a single Insight check against a resource. If the resource matches any Query Filter included in the Insight, it is counted as a "finding". A single resource may be valid for multiple Insights, and as a result, may have multiple "findings".
How do I view the latest results? What happens when I select "View Latest Results"?
Selecting the View Latest Results option under the Overall Compliance section navigates to the Compliance Scorecard using the Filters applied on the Summary page.
Selecting the View Latest Results option under an individual Severity navigates to the Compliance Scorecard using the filters applied on the Summary and filtered for the selected severity (e.g., Critical, Severe, etc.)