View Risk Across Cloud and On-Prem Environments
If you have both InsightVM and InsightCloudSec, you can benefit from a shared view of risk across on-premises and cloud environments using the Executive Risk View.
Use the Executive Risk View to understand the risk in your cloud and on-premises environments.
What is the Executive Risk View?
The Executive Risk View (ERV) provides security leaders with a unified view of their vulnerability risk across cloud and on-premises (on-prem) environments. By combining data from InsightCloudSec CloudVM and InsightVM, leaders can understand remediation progress and make decisions to drive their security programs.
This dashboard provides the following sections to help you understand the risk data from your environments:
- Key Performance Indicators help you understand your risk posture at a glance by displaying the latest metric, how it has changed over time, and link to details.
- Risk overview tracks vulnerability risk trends across cloud and on-premises environments.
- Remediation progress provides data to evaluate the efficiency and effectiveness of your remediation activities at reducing vulnerability risk.
- Environment trends displays data for changes in your cloud and on-prem environments that impact the vulnerability risk score.
- Accepted risk monitors how much on-prem risk has been accepted through vulnerability exceptions.
- Accountability identifies potential gaps in ownership of assets to drive remediation.
How is risk calculated?
The Executive Risk View uses normalized risk scoring to make it easier to consume and communicate risk to your stakeholders. Normalized risk scoring aggregates the total risk of all vulnerabilities and assets within the scope defined by the filters, taking into account the following vulnerability and asset attributes, and normalizes to a range of 0 to 1000.
Vulnerability attributes
| Attribute | Description |
|---|---|
| CVSS score | The Common Vulnerability Scoring System (CVSS) standard assesses individual vulnerabilities on a scale of 0.0 to 10.0 using a variety of metrics. By default, ERV uses v3 scores where available, otherwise v2 scores are used instead. For zero day scenarios where a CVSS score has not yet been assigned but exploitation in the wild has been observed, the CVSS score is not considered. |
| Exploitability | If an exploit or exploit kit exists for a vulnerability. Sources: Metasploit and ExploitDB. “Exploitation” is a cybersecurity term for the ability to leverage an attack on a vulnerability by hackers. Read our blog for more information. |
| Exploited in the Wild | If a vulnerability has been actively targeted by attackers in the real world. Sources: Rapid7 Research, CISA KEV, and 3rd Party Feeds. “Exploited in The Wild” is a cybersecurity term for malware that is actively being used by attackers (“exploited”) and can be found on devices belonging to ordinary users (“in-the-Wild”). |
| AttackerKB | An expert assessment for how valuable a vulnerability is to an attacker and how easily exploitable is a vulnerability in real environments. |
| Exceptions | If a vulnerability exception has been applied in InsightVM. An exception is accepted risk for a vulnerability. |
Asset attributes
| Attribute | Description |
|---|---|
| Criticality | Whether an asset has been tagged with a criticality tag in InsightVM. |
| Accessibility | Whether an asset is determined to be publicly accessible in InsightCloudSec. |
| Attack surface | Number of assets and potential attack paths within the scope. |
| Vulnerability reoccurrence | The diminishing effect of multiple instances of the same vulnerability found on an asset. |
Displaying data in Executive Risk View
The Executive Risk View is available from the Insight Platform navigation menu. To display and view data in Executive Risk View, connect InsightCloudSec and InsightVM to the same Insight Platform org and verify that you have assigned the correct access permissions. To get meaningful insight into your environment, you can refine the view using filters.
InsightVM and InsightCloudSec must be deployed to the same platform organization.
Connect data
For data to display in Executive Risk View, InsightCloudSec CloudVM and/or InsightVM must be set up and connected to the Insight Platform. Depending on your product setup, the following data displays:
- If InsightCloudSec CloudVM and InsightVM have not been set up, you are prompted to set up the missing data source.
- If one of the products has been set up, the ERV will load with the available data, and you are prompted to set up the missing product.
- When both products have been set up you will have a complete view of vulnerability risk across your cloud and on-prem environments.
Verify permissions
Specific permissions are required for Insight Platform, InsightCloudSec, and InsightVM to view the Executive Risk View. To view Executive Risk View and both cloud and on-prem data, ensure you have the following permissions:
| Product | Required |
|---|---|
| Insight Platform | Administrator (Shared) |
| InsightVM | Global Administrator |
| InsightCloudSec | One of the following roles assigned:
|
Refining the view
You can refine the data in Executive Risk View by using filters for time range, cloud and/or on-prem data, operating system, vulnerability details, and product-specific data.
Apply filters
To update the Executive Risk View data, click Apply after selecting or removing filter selections. Global filters update the data displayed across all cards in the Executive Risk View. Cloud and on-prem specific filters only update the cloud (InsightCloudSec) or on-prem (InsightVM) data displayed.
Global filters
You can use the following global filters to refine your view.
| Filter | Description |
|---|---|
| Time Frame | Controls the date range for the Executive Risk View. Options: last month,last 2 months, last 3 months, last 6 months (default), last year. |
| Resource Type | Filter by resource type. Options: On-Premises Asset, Cloud Instance. |
| Platform / OS | Filter assets shown on the Executive Risk View by platform or operating system. Options: Linux, Windows, MacOS |
| Vulnerability Filters: CVSS v3 Severity | Filter by the CVSS v3 Severity. Options: Critical, high, medium, low, informational |
| Vulnerability Filters: Threats | Filter by Threat type. Options:
|
| Specific CVE | List of emergent threat CVEs. An emergent threat is a vulnerability supported by InsightCloudSec CloudVM capability or InSightVM, has a CVSS v3 critical severity rating, and is a vulnerability that is or is likely to be broadly exploited in the wild. |
Cloud filters
Cloud filters only update the cloud (InsightCloudSec) data displayed and not to the on-prem data displayed on the ERV.
| Filter | Description |
|---|---|
| Account Badge | Account badges group related cloud accounts. |
| Application Name | Applications group related resources to applications. |
| Application Business Critical | Filter data to business critical applications. Options: True, false |
| Cloud Provider | Filter data by cloud provider. Options: Alibaba Cloud, Amazon Web Services, Google Cloud, Microsoft Azure, Oracle Cloud. |
On-prem filters
On-prem filters only update the on-prem (InsightVM) data displayed and not to the cloud data displayed on the ERV.
| Filter | Description |
|---|---|
| Criticality Tag | Filter by the criticality tag. Options: Very High, High, Medium, Low, Very low |
| Tags | Filter by Tags. Options: Owner: dropdown, Location, or Custom |
Reports
You can create reports from the Executive Risk View, with all filters that are applied on the ERV returned in the report.
Create Report
- Click Reports > Create Report.
- Select Executive Risk View as the report template.
- Provide a name, a description, and select at least one format: PDF and HTML are allowed.
- Set the date range for the report.
- You can create a report once, or you can click + Add Schedule to set up a recurring schedule:
- Specify a frequency (in days, weeks, or months).
- Provide a date range for the report.
- Specify the users or email addresses that you want to share the reports with.
- Click Add Schedule.
- Click Create Report.
Name and description
We recommend using a name and description that reflects the filters applied.
View Report
Once you have created a report, you can view it in View Reports.
Reports are listed in the order they were generated (most recent first) or you can search for a report by report name or date generated. You can view reports (HTML report format) or download them (PDF format).
Understanding risk
Use the Executive Risk View dashboard cards to help you understand specific information about your cloud and on-premise risk. By understanding the risk across your cloud and on-premise environments, you can take a data-driven approach to decision making, capacity planning, and driving accountability for risk reduction across the business.
Do you want descriptions and a listing of all dashboard cards?
For a consolidated view of the dashboard cards that power this view, review Executive Risk View: Dashboard Cards in the product documentation.
Summary KPIs
The Summary KPIs help you understand your risk posture at a glance. You can see the latest metric, how it has changed over time and a link that will take you to the section in the ERV where you will find visualizations providing further details about the data supporting that metric.
Detailed descriptions of Summary KPI dashboard cards
| Dashboard card | Description |
|---|---|
| Total Risk Score | Total risk score across cloud and on-premises environments. The range for vulnerability risk scores is 0 - 1000. |
| Total Vulnerabilities | All unique vulnerability findings per asset across cloud and on-premises assets. |
| Remediated Vulnerabilities | The total number of remediated vulnerabilities across cloud and on-premises. Arrows indicate change in remediation progress. |
| Mean Time to Remediate | The mean time to remediation in days. This is the average time from first finding the vulnerability to remediation. |
| Total Assets | The total number of cloud and on-prem assets that were assessed for vulnerabilities. The arrow indicates the percentage of change in the number of assets over the past month. |
| Total Accepted Vulnerabilities | The number of all vulnerabilities with accepted risk. The arrow indicates the change in the percentage of accepted vulnerabilities compared to the number of all vulnerabilities. |
| Tagged Assets | The percentage of assessed assets that have at least one tag applied. The arrow indicates the change in the percent of tagged assets compared to all assets. |
Risk Overview
By understanding trends in your risk across cloud and on-prem environments related to the number and severity of vulnerabilities, you can provide meaningful risk data to stakeholders. This data may also help identify potential changes needed to your security program to lower the risk.
Detailed descriptions of Risk Overview dashboard cards
| Dashboard card | Description |
|---|---|
| Total Risk Score | The combined risk score for all cloud and on-premises vulnerabilities. The range for vulnerability risk scores is 0 - 1000. The arrows indicate a change in the vulnerability risk score. |
| Total Vulnerabilities and Vulnerability Risk Over Time | Total number of vulnerabilities discovered in each environment and the resulting impact on risk score. The trend is determined by the level of risk for cloud and on-premises vulnerabilities. The percentage of risk indicates an increase or decrease in risk score in the selected time range. |
| Total Assets Over Time by Vulnerability Severity | The trend of how many assets are in cloud and on-premises environments over a selected time period, as organized by vulnerability severity. The percentage indicates a decrease or increase in assets in the time range. |
| Top 5 Vulnerabilities by Risk Score Cloud vs. On-Prem | Highest scoring vulnerabilities and the number of assets affected on Cloud and On-premises environments. |
| Vulnerabilities Actively Exploited In The Wild | The percentage of vulnerabilities actively being targeted by attackers in the real-world. This information is sourced from Rapid7 Research, CISA Kev, and 3rd Party Feeds. “Exploited in The Wild” is a cybersecurity term for malware that is actively being used by attackers (“exploited”) and can be found on devices belonging to ordinary users (“in-the-Wild”). |
| Exploitable Vulnerabilities | The percentage of vulnerabilities in cloud and on-premises environments that are at risk of exploitation. This information is sourced from Metasploit and ExploitDB. “Exploitation” is a cybersecurity term for the ability to leverage an attack on a vulnerability by hackers. Read our blog for more information. |
Remediation Progress
Remediation progress data helps you evaluate the efficiency and effectiveness of the remediation activities in your security program. Depending on the effectiveness at reducing vulnerability risk, you can adjust processes to reduce the time to remediation.
Detailed descriptions of Remediation Progress dashboard cards
| Dashboard card | Description |
|---|---|
| Remediated Vulnerabilities | The number of vulnerabilities that are remediated. The card also shows the percentage of vulnerabilities that have not been remediated. |
| New and Remediated Vulnerabilities vs. Vulnerability Risk Over Time | The trend of new and remediated vulnerabilities over a selected time, compared to the change in the number of backlog vulnerabilities that are remediated. The risk trend is determined by the percentage of new vulnerabilities compared to the percentage of remediated vulnerabilities, which is then compared to the percentage of change in backlog remediation. |
| Mean Time To Remediate (Cloud vs. On-Prem) | The average time from first finding the vulnerability to remediation for cloud compared to on-prem. |
| Mean Time To Remediate by Vulnerability Severity | The MTTR trend by vulnerability severity. |
Environment Trends
Understanding trends in your attack surface coverage related to the number and severity of vulnerabilities enables you to make data-driven decisions for improved cloud and on-prem asset security.
Detailed descriptions of Environment Trend dashboard cards
| Dashboard card | Description |
|---|---|
| Total Cloud Assets vs On-Premises assets over time | The total number of Cloud vs On-Premises assets over the specified time range. |
| Total Assets vs Vulnerability Risk Over Time | The trend in the number of assets across all environments and the impact to the overall vulnerability risk. |
| Median Asset Risk (Cloud) | The median risk score for all cloud assets. This does not include on-premises assets. The risk score range is 0 - 1000. |
| Median Asset Risk (On-prem) | The median risk score for all on-premises assets. This does not include cloud assets. The risk score range is 0 - 1000. |
Accepted Risk
For a more secure on-prem environment, understanding how much of your on-prem risk is accepted through vulnerability exceptions. Depending on the impact to your environment, you can determine whether changes are needed to the criteria for vulnerability exceptions. Support for cloud exceptions is planned.
Detailed descriptions of Accepted Risk dashboard cards
| Dashboard card | Description |
|---|---|
| Total Accepted Risk | Total risk score that is accepted. |
| Top 5 Exceptions by Risk Score | The on-prem assets with exceptions making the biggest reduction in risk score. |
| Total Exceptions vs Accepted Risk over time | Total number of on-prem exceptions and the resulting impact on accepted risk score over time. |
Accountability
By understanding potential gaps in asset ownership, you can determine where to assign owners to drive remediation efforts and create a more secure environment by providing accountability for asset security.
Detailed descriptions of Accountability dashboard cards
| Dashboard card | Description |
|---|---|
| Assets Tagged Over Time | The total number of assets tagged per environment. |
| On-Prem Assets Tagged By Criticality | Detailed view of the criticality of on-premises assets. |
| On-Prem Assets Tagged By Owner | The percentage of on-prem assets that are tagged by owner. |
| On-Prem Assets Tagged By Location | The percentage of on-prem assets that are tagged by location. |
| Cloud Assets Tagged with an Application | The percentage of cloud assets that are tagged with an application. |