TrustedSite Security recently rolled out risk scores to help businesses better predict the likelihood of a breach while more effectively allocating resources and remediation efforts.
Often overwhelmed by quantities of vulnerabilities, security teams commonly measure their security posture by the quantity of vulnerabilities resolved rather than by the reduction of their risk to a breach.
Risk scores, and risk-based vulnerability management more generally, give you a way to prioritize the where over the what. By showing you your most vulnerable assets, you can assign resources to secure those first and easily measure your progress across your entire attack surface. This approach to attack surface security has proven so effective that Gartner predicts that by 2022 organizations using a risk-based vulnerability management method will suffer 80% fewer breaches.
Watch this video to learn how TrustedSite Security risk scores work with our senior security engineer Brandon Rodgers.
How TrustedSite Security helps you prioritize attack surface security efforts with risk scores
TrustedSite Security uses a predictable, time-based scoring system to help you see the likelihood that you’ll experience a perimeter breach by combining detected weaknesses on your cloud with the duration of exposure.
Every asset (websites & IP addresses) in your account is given its own risk score. The highest risk score in your account becomes your company-level risk score, which you can view on your account dashboard to quickly see where your attack surface is most vulnerable. We also provide risk scores for grouped assets (which you can create by tagging assets).
Once you know which of your assets are at the greatest risk, you can focus your remediation efforts on those assets first, instead of vulnerabilities that don’t pose as much of a threat.
With up-to-date risk scores at your fingertips, you’re able to more easily show your team and stakeholders the work you're doing to secure your attack surface. By focusing them on a simple, numeric indicator of your security posture, you can prioritize, predict and align your business toward shared objectives that you can easily measure over time.
How TrustedSite Security calculates your risk scores
Risk scores are calculated daily based on the following factors to provide a comprehensive analysis of your account.
- Detected vulnerabilities
We rate detected vulnerabilities using a 1-5 severity level scale. Risk points are assigned for each severity level.
- Open ports
An attack is more likely to happen when your perimeter has more open ports than the average organization.
- Vulnerability days
The longer a vulnerability exists, the more likely it is to be exploited. When an asset has any active vulnerabilities
- Last scan days
Scanning frequently enables you to stay ahead of new issues. The longer you go without scanning, the higher the likelihood of an issue not being accounted for.
With our predictable model, you can see how inaction over time will affect the risk of your business and individual assets.
Use the risk score calculator in your account to get a better understanding of potential risk and how that might impact you. Input custom values into the calculator to explore different risk situations and quickly see the expected risk score projection.
How to interpret your risk scores
Risk scores range from 0-1000. The higher your risk score, the greater the chance that your perimeter could be breached.
There are 3 phases of the risk score, indicating varying levels of health.
- Green (0-299)
A healthy risk score indicating that you have a low chance of experiencing a perimeter breach.
- Yellow (300-599)
A deteriorating risk score that indicates action may be needed to secure your perimeter.
- Red (600+)
An unhealthy score indicating action should be taken to improve your perimeter security.
By keeping your company-level risk score below the red level, you can earn the Secure Cloud certification and display the Secure Cloud trustmark.
Get started with risk scores
You can view your risk scores at any time in your TrustedSite Security account. Your dashboard shows your company-level risk score along with a projection of what it will be in 1, 30, 60, 90, and 200 days if you do not resolve current vulnerabilities.
We’ll keep you up to date on changes to your risk scores by sending a weekly TrustedSite Security summary email.
Get started with TrustedSite Security to see your current risk scores and understand how to better protect your perimeter. With tools like discovery scanning, server scanning, and firewall scanning available in one user-friendly dashboard, TrustedSite Security makes cloud security easy and intuitive. Schedule a demo to learn more.