Executive Dashboard: Overview

Summary: A high-level overview of the latest Executive Dashboard.

Overview

The Executive Dashboard provides an overview of your organization’s risk posture. At a high level, Ivanti RS³ provides a single numeric indicator of your organization’s cybersecurity hygiene; a higher score corresponds to a better security posture. Understanding why your score has increased or decreased from any point in time has never been easier with the interactive Ivanti RS³ Timeline chart. Select the start date and end date to observe exact differences in finding and asset counts and the changes in RS³ between those two dates.

Gain a profound impact of open findings by interacting with the Weaponization Funnel and Findings Prioritization charts. Within each successive stage of these horizontal funnel diagrams, we apply successively more narrow filters, making it easier to identify the most prominent threats to your organization within the context of your entire set of findings. The Findings Prioritization funnel shows a breakdown of findings in each category by risk level. The Weaponization Funnel provides the same information in formats some audiences might find more meaningful. This funnel shows the total unique count of plugins, threats, and CVEs and points you toward fixes on the Patches page.

From technicians to the C-suite⁠, any user can focus the dashboard on their areas of interest. You can quickly configure the dashboard through the Quick Interactions menu to view data for one type of asset or switch the scoring metric for findings between VRR and Severity. This dashboard also filters by network, group name, and tag.

Key elements of the dashboard, such as the RS³ dial and trend line, depend heavily on the currently active filters. Note that for this reason, different users may see a different overall RS³, depending on their roles and group permissions.

Quick Interactions

The Quick Interactions menu allows you to set the Asset Type and Scoring Metrics settings for all widgets at once. This menu shows the number of widgets on the dashboard that support each setting. To apply new settings, click Apply.

If you prefer a dashboard version with different default settings on load, you need to save currently applied settings as a custom dashboard. To accomplish this, open the Settings menu and select Copy Dashboard.

Widgets

This section discusses each of the widgets in greater detail.

KPIs

Except for the final KPI, you can configure these KPIs to show data for hosts, applications, or a summary for both. The widget configuration allows you to switch between KPIs quickly.

Depending on your group access and the filters you have applied, the metrics you see on the dashboard may vary. Total assets shows the total number of assets in your groups that match applied filters. You can see how many of those assets are vulnerable to threats in Assets with weaponized findings. The current number of open findings on the assets appears in the KPI Total open findings.

If your organization has to meet SLAs for remediating findings, you may find the KPI Mean time to remediate useful. Apply filters to isolate results to a particular set of findings. The final KPI, Total fixes, shows the number of available patches for open findings.

Ivanti RS³

RS³ represents your organization’s cybersecurity posture, which measures the risk posed by existing vulnerabilities and potential threats. Ivanti Neurons uses several factors like Vulnerability Risk Rating (VRR), asset business criticality, threat intelligence, and probability of breach to calculate this score.

This widget shows the overall RS³ for all assets that match active filters. In addition to showing the overall RS³, the widget also shows the average RS³ for hosts and average RS³ applications that contribute to the overall score. The widget also shows what each RS³ would be if the client had no approved Risk Acceptance workflows present.

The Asset Type configuration controls whether the widget shows all three types of RS³ or just the RS³ for a single type of asset. Note that if dashboard filters include tags, this widget will only show data for tags applied to assets.

Filter Overview

This widget allows you to select any system filters based on a curated list of vulnerabilities. The number of "CVEs in the wild" corresponds to the number of CVEs in the system filter. Underneath the number of CVEs in the wild, the widget shows metrics for the assets and open findings returned by the system filter. (Note that the “no-filter” icon indicates that the count of CVEs in the wild is a static value and has no relationship to your groups, tags, or networks.) These metrics include the breakdown of assets by address type and the distribution of open findings by SLA status. The bottom of the widget shows the counts of recently added assets and findings.

The widget has two settings. “Asset Type” configures whether the widget shows data for hosts, applications, or both. “Timeline” defines the date range for "New Ingested".

Ivanti RS³ Timeline

This widget displays your organization’s RS³ (or the aggregated RS³ of the actively filtered selection of assets) over the last 12 months. The red line represents the RS³ across all assets, while the blue line shows RS³ omitting all instances of Risk Acceptance. This widget also displays the RS³ for all hosts (the green line) and the RS³ for all applications (the orange line). If you change the Asset Type to Host or App, you can view the RS³ for either just hosts or applications. Both the Host mode and App mode also show RS³ omitting instances of Risk Acceptance for that asset type.

You can compare factors contributing to your organization’s RS³ on any two dates directly, including the count of assets and the distribution of open findings by VRR. Select the date range that the widget should show by changing the start and end date. The “Deltas” section on the right displays differences between contributing factors recorded on the start date and end date.

Users can set the time range for any time in the past year (relative to the current date). The number of points shown depends on how frequently an organization triggers RS³ calculations for its assets. In some cases, the chart may show a start date later than the selected start date due to a lack of data.

Note that if dashboard filters include tags, this chart will only show data for tags applied to assets.

Weaponization Funnel

This chart organizes open findings according to how much risk is posed by associated threats. As successive sets of threat filters are considered, risk increases from left to right. Each funnel section shows the number of open findings that match the threat filters and the number of assets impacted. From left to right, the funnel shows metrics based on

All open findings (“Total Findings”)
Open findings related to threats (“Weaponized”)
Open findings related to Remote Code Execution or Privilege Escalation exploits (“RCE/PE”)
Open findings associated with vulnerabilities and threats in active discussion and use in the wild (“Trending”)

If any open findings have manual exploits, the section “Manual Exploit” also becomes visible.

This funnel further breaks down the finding distribution by the level of risk. You can change whether the widget uses VRR or Severity to measure risk by configuring the Scoring Metric setting.

Exploitable Assets by Criticality

This widget shows a distribution of assets associated with threats. Assets are distributed by asset criticality and RS³. Note that if dashboard filters include tags, this chart will only show data for tags applied to assets.

Top 50 High-Impact Unique Findings

This widget displays the top 50 unique findings based on one of two different sorts. You can choose to sort the top 50 unique findings based on risk level (Scoring Metric) or the number of occurrences across the currently filtered selection of assets (Finding Footprint). The option that you do not select becomes the secondary sort.

The widget displays the title, plugin ID, risk level, finding footprint, and earliest CVE publication date for each unique finding. Each reported unique finding has at least one CVE mapped to it.