Identifying Risks
Risk and Warnings are generated using Policies and Requirements located in the Policy Manager. NP policies and requirements are automatically assigned to all devices when they are imported and run when network device configuration changes are identified.
The following default policies are provided for all Compliance modules:
- Default Parser Risk Policy – triggers from device configuration file parser log.
- Default Access Rules Risk Policy – triggers from access rules report
CiS Benchmarks are provides as part of the Best Practices Module
- CiS Benchmark for Check Point
- CiS Benchmark for Cisco
- CiS Benchmark for Juniper
- CiS Benchmark for Palo Alto
Policy Management
Each policy is broken down into a set of requirements that are used to identify potential network risks. Review the details of the Policy Manager in this section.
Risk Assessment Grading
At any given time, a monitored device can have one or more open risks or warnings. This information is used by our Grading algorithm to provide each device with a letter grade. The quantity, criticality and type of open risks and warnings go into the calculation.
This grade informs the users which devices have the highest security or compliance risks. The lower the letter grade, the higher the risk.
The grade for each monitored device can be seen by clicking on a device on the topology map and reviewing the Risk Assessment Grading on the device menu. Clicking on the menu item displays the details that went into the grade.
An depiction of the data flow is as follows:
Calculating Device Risk Grade
The Device Risk Grade is calculated using the following weights:
- High = 5
- Medium = 3
- Low = 1
The Device Risk Grade is calculated using a simple equation, for example: (5 high * 5) + (1 low * 1) = 26 -> 100 – 26 = 74 -> C
- 90 -> 100 = A
- 80 -> 89 = B
- 70 -> 79 = C
- 60 -> 69 = D
- Else F
Issue Status is used to exclude both Resolved and Fixed issues from the calculation.
