As no. of assets in organizations are growing, vulnerability management solutions have also started gathering overwhelming amount of data(vulnerabilities). And as a result security analysts are coming under pressure to prioritize remediation efforts. Hence tools like Kenna and RiskIQ have started to gain importance.
Kenna uses the following scores to calculate the final asset score:
Component 1: Vulnerability Scoring
Within Kenna, vulnerabilities from various scanning vendors are brought in during connector runs and normalized based on the CVE ID, CWE ID or the WASC identifier.
For network vulnerabilities, Kenna will look at the CVSS base score for the CVE. It then look at the 20+ threat and exploit feeds. It has to understand the volume and velocity of attacks against that CVE, if there is malware available, if it is easy to exploit, whether it is actively being exploited in the wild, etc. All of these details help derive the Kenna Vulnerability Score.
Vulnerabilities get a score from 0-100 and are broken out into thirds: Green 0-33, Amber 34-66, Red 67-100
Component 2: Asset Scoring
An asset is as at risk as its highest vulnerability. Hence, it is highest scored vulnerability present on the asset.
Assets get a score from 0-1000 and are broken out into thirds rounded to the nearest 10:Green 0-330, Amber 340-660, Red 670-1000
Component 3: Risk Meter Score
This score is calculated by taking the average of all of the active, non-zero scored assets within the group
Risk Meters can get a score between 0-1000 and are broken out into thirds rounded to the nearest 10: Green 0-330, Amber 340-660, Red 670-1000
Final Asset Score = Highest Vuln Score * Asset Priority (If External IP then raise the score by 200 points)
Please find the below link for more information on scoring methodology:
Please find the below link for more information on asset prioritization methodology:
https://help.kennasecurity.com/hc/en-us/articles/360000862303-Asset-Prioritization-In-Kenna
Happy Learning !!
No comments:
Post a Comment