High-level overview of the Executive Dashboard.
The Executive Dashboard provides an overview of your organization’s risk posture. At a high level, the Overall RiskSense Security Score (RS³) dial provides a single numeric summary indicator of your organization’s cybersecurity hygiene; a higher score corresponds to a better security posture. At a more granular level, the Open Host Findings by VRR chart provides a precise breakdown of all host findings according to how much risk they pose.
The Weaponization Funnel provides a deeper understanding of the findings across your network. Within each successive stage of this horizontal funnel diagram, we apply successively more narrow filters or finding categories, making it easier to identify the most prominent threats to your organization within the context of your entire set of host findings. Hosts give additional information on the hosts associated with threats.
Understanding why your score has increased or decreased from any point in time has never been easier with the interactive RiskSense Security Score (RS³) Timeline chart. Select the start date and end date to observe exact differences in finding and asset counts and the changes in RS³ between those two dates. In addition, the Top 50 High-Impact Unique Findings chart assists you with understanding score changes over time by showing the addition of CVE vulnerabilities by date, according to how many hosts that they affect.
This predesigned dashboard allows users to filter by network, group name, and tag. Any user—from technicians to the C-suite—can focus the dashboard on their areas of interest. Key elements of the dashboard, such as the RS³ dial and trend line or the Exploitable Hosts by Business Impact table, depend heavily on the currently active filters. Note that for this reason, different users may see a different overall RS³, depending on their roles and group permissions.
This section discusses each of the widgets in greater detail.
Hosts contrasts the total host count with the number of hosts that have open weaponized findings. A weaponized finding is associated with at least one threat. Note that if dashboard filters include tags, the widget will only show data for tags applied to assets.
From left to right, the widget displays
- The total host count
- The number of hosts with open weaponized findings
- The number of hosts with open findings discovered 90 or more days ago
Open Host Findings by VRR
This chart shows the number of open host findings classified as Critical, High, Medium, Low, or Info based on Vulnerability Risk Rating (VRR).
Overall RiskSense Security Score (RS³)
RS³ represents your organization’s cybersecurity posture, measuring risk posed by existing vulnerabilities and current potential threats. RiskSense uses several factors like its custom VRR, asset business criticality, threat intelligence, and probability of breach to calculate this score. The score shown here respects the current filtered selection of hosts and applications. Note that if dashboard filters include tags, this chart will only show data for tags applied to assets.
RiskSense Security Score (RS³) Timeline
This chart displays your organization’s RS³ (or the aggregated RS³ of the actively filtered selection of hosts and applications) over the last 12 months. The purple line represents RS³, while the green line shows RS³ omitting all instances of Risk Acceptance. This chart allows you to compare factors contributing to your RS³ on any two dates directly, including counts of findings and assets. The Deltas section on the right displays differences between contributing factors recorded on the start date and end date.
As the chart shows historical data, limitations apply to some features. First, the chart only shows the change in the finding breakdown by priority (Critical, High, Medium, Low, and Info) if the date range begins on or after September 25, 2020. Second, the chart only fully supports Network and Group dashboard filters. The chart will only show data for dashboard Tag filters if the tags selected are applied to assets.
This chart organizes open host findings according to how much risk is posed by associated threats or trending vulnerabilities. Risk increases from left to right, as successive sets of threat or trending filters are considered. Each section of the funnel shows the number of open findings that match the filters and the number of assets impacted. From left to right, the funnel shows metrics based on
- All open findings (“Total Findings”)
- Open findings related to threats (“Weaponized”)
- Open findings related to Remote Code Execution or Privilege Escalation exploits (“RCE/PE”)
- Open findings associated with vulnerabilities and threats in active discussion and use in the wild (“Trending”)
If any open findings have manual exploits, the section “ME” also becomes visible.
This widget has two modes: VRR Prioritized and Summary. VRR Prioritized shows open findings and assets distributed by Vulnerability Risk Rating (VRR). VRR determines the five risk levels for findings: Critical, High, Medium, Low, and Info. Summary shows the relationship between open findings and other key metrics. Each section of the funnel displays the count of open findings, the unique number of threats on the open findings, the assets impacted, and the number of available fixes (patches). The number of unique threats includes any type of threat on the open findings.
The screenshots below show a closer view of the weaponization funnel, with the first screenshot showing the left side of the funnel and the second showing the right side.
You can choose to see the number of unique findings (plugins) or unique CVEs instead of the number of open findings. The Weaponization Funnel below shows the number of unique CVEs associated with each set of filters. Regardless of the settings that you select, the top number and the count of threats take you to the Host Findings page when clicked.
The screenshots below show a closer view of the weaponization funnel by unique CVE, with the first screenshot showing the left side of the funnel and the second showing the right side.
Exploitable Hosts by Business Impact
This table displays the number of hosts containing at least one open host finding associated with threats, according to each host’s defined asset criticality and its RS³. Note that if dashboard filters include tags, this chart will only show data for tags applied to assets.
Top 50 High-Impact Unique Findings
This widget displays the top 50 unique host findings based on two different sorts. VRR orders unique findings by highest VRR and then by the number of occurrences across the filtered selection of hosts (displayed in the widget as “finding footprint”). Footprint orders unique findings by finding footprint and then by VRR.
You can view the unique findings as a scatter plot or a table. The scatter plot positions a circle for each unique finding across two axes: the finding footprint size and the earliest publication date among CVEs associated with the finding. VRR determines the color of each circle. As a table (shown below), the widget displays the finding title, plugin ID, VRR, finding footprint, and earliest CVE publication date for each unique finding.