Cloud Services

Compliance and Security Operations

Compliance and Security Operations dashboard
Published On Aug 22, 2024 - 11:34 AM

Compliance and Security Operations dashboard

Survey your IT assets, scoring their security and compliance ratings in the context of governing jurisdiction and business policy regimes, observing recent history and trends.
The dashboard contains a matrix of color-coded graphs and charts that monitor and score both regulatory and business policy compliance for rapid assessment of your hybrid IT estate.
During implementation, the dashboard is configured to include all organizations and accounts to discover all assets, and to test them against government regulations and security policies set by the organizations owner. All organizations and accounts will also be pre-configured. User configuration is required on the part of your administrator. For more information, see Users and roles management.

Navigating to the dashboard

Below the main Compliance and Security Operations main menu, are three options:
  • Dashboard (default)
  • Query Builder (search): Provides a page for searching for specific types of vulnerabilities.
  • Configuration: Provides links to data collection engine for detailed data analysis.
Select Dashboard. The Compliance and Security Operations dashboard presents the following displays:

Sunrise report

The report contains two risk score displays (
Drift in Security Risks
and
Critical & High Risks introduced by Asset Changes
) and a compliance score display (
Top two affected Compliance Regimes
). In all three displays, the application compares the current scores to the previous day's scores.
The report displays the change from the previous day, coupled with an up or down arrow color coded as red or green. Arrows pointing up indicate increased risk or more compliance violations (less compliant), and are therefore coded red, accompanied by a number representing the number of increased risks or violations than the previous day. Arrows pointing down indicate decreased risk or fewer compliance violations (more compliant), and are therefore coded green, accompanied by a number representing the number of fewer risks and or violations than the previous day.
If your estate uses more than two regimes, you can see additional regimes on the Top two affected Compliance Regimes display by clicking the forward arrow on the right end of the display; the array will scroll to the next two standards. The display then presents a back arrow on the left of the display.
Each display provides a detailed report option. The blue details icon on the upper right corner of each display presents total risks each day for the past seven days.
Report explanation
Each display provides specific risk and compliance data:
  • Drift in Security Risks:
    Transient risks that occur as a result of changes in the environment. As services are onboarded and offboarded, and administrators stand up and stand down other resources, security risks occur and abate. This tile tracks and reports these risks.
  • Critical & High Risks introduced by Asset Changes:
    These are risks associated with specific assets, which are added and removed.
  • Top two affected Compliance Regimes:
    These are the two regulations, standards, and policies with which your estate is least compliant. The compliance change score represents how much your estate reduced its compliance with the named regime from the previous day. It does not represent overall change from the previous day.
Whether Security Risk or Compliance score, the elements composing the scores are rated by severity and color coded for quick reference as follows:
  • Critical (red)
  • High (orange)
  • Medium (yellow)
  • Low (mint)
  • Passed (security risk) or Compliant (security posture) (green)
Click the View Details icon located in the upper right corner to see a count of risks/compliance over time in the last seven days.
The compliance score is a metric used for assessing and quantifying adherence to regulatory standards, internal policies, and industry best practices.

Overall risk distribution

The Overall Risk Distribution display provides a summary of asset risk, how the risks are distributed, and your most at risk organizations and applications (assets). The Overall Risk Distribution display is a vertical bar graph that breaks down the distribution of risk among your assets along how critical your assets are in terms of business value:
  • Critical (red)
  • High (orange)
  • Medium (yellow)
  • Low (mint)
These values were configured at implementation and the graph provides a sense of all the assets of greatest concern, enabling you to prioritize remediation. Click the View Details icon at the top right corner to see a detailed count of each risk class.

Maximizing remediation impact

The Maximizing remediation impact display is a horizontal bar graph that indicates all risk and what percentage of risk is remedied by eliminating risk in the top four quintile of all risks. For example, 35% of all risk is remedied by eliminating the top 20% of risks. Click the View Details icon located in the upper right corner to see a descending count of risks by importance and severity.

Overall compliance scores

The Overall compliance scores display enables an at-a-glance understanding of how compliant your hybrid IT estate is with specific regimes such as FISCAM and GDPR. Select a regime, and the graphic immediately displays a bar graph and a numerical value that is a result of tested compliance algorithms, and informs you whether there is improvement or decline in estate compliance in the last 24.
Details are available by clicking the View Details icon in the upper right corner.This display is a convenient summary of estate compliance. The graphic contains two segments divided left and right:
  • Regime selection (left)
  • Compliance score for that regime (right)
Refer to subsequent sections for the operation of each.
Regime selection
The Regime selection segment lists all regimes in alphabetical order, three at a time.
  • Selection defaults to the first regime by name alphabetically.
  • The graphic displays a dot array below the regime list, one dot for every three regimes.
  • The dot representing the current three regimes is highlighted in black. Dots representing all other regimes are grey.
  • Click any grey dot to navigate to the three regimes associated with that dot.
  • Click the right chevron located at the far right of the segment to navigate to the next three regimes by alphabetical order.
  • Click any displayed regime on the left segment to display its compliance score in the right segment.
Compliance score
The compliance score segment represents the level of IT estate compliance with the selected regime. The scale is 0 to 10, 0 being most compliant. There is no internal calculation other than a comparison of each resource to the regime specification. The score displays compliance as follows:
  • Digital score, scale of 0 to 10
  • Change from previous day:
    • Digital change
    • Down green arrow if more compliant
    • Up red arrow if less compliant
  • A horizontal bar graph displaying the proportion of assets at each level of compliance:
    • Critical (red)
    • High (orange)
    • Medium (yellow)
    • Low (mint)
    • Compliant (green)
Click the View Details icon in the upper right corner to see the list of regimes with individual scores. A link to Caveonix for greater detail is available at the lower left corner of the detail report.

Top applications at risk

The Top applications at risk display indicates where risk mitigations should focus. It presents a list of the eight most at-risk applications in order of risk from highest to lowest in descending order, broken down by the business vaue of the asset as Critical, High, Medium, or Low. If fewer than eight applications are registered, then the list displays all registered applications. Click the View Details icon located in the upper right corner to see a count of risks by for each application and the severity.

Top assets at risk

The Top assets at risk display indicates those assets in your IT estate at greatest risk. It presents a list of the most at-risk applications in order of risk from highest to lowest in descending order, broken down by the business value of the asset as Critical, High, Medium, or Low. Click the View Detail icon located in the upper right corner to see a count of risks by asset and severity.

Distribution of cloud assets

The Distribution widget displays a total count of assets, and enables an at-a-glance view of how those assets are distributed within the context of your organizations. With a simple mouse hover, immediately understand, for example, the number of applications and how many instances of each or the number of accounts and how many assets are assigned to each. The widget is divided into two segments:
  • Distribution class selection: A pick list of three distribution classes:
    • Organizations: The total number of organizations within your estate.
    • Applications: The total number of applications and the number of instances of each.
    • Accounts: The total number of accounts and the Account ID of each.
  • Donut chart graphic
These two segments are interactive with the user and present the same data in different forms. Picking a class causes the donut chart to display the number of items in that class. For example, picking the Applications class causes the donut chart to display the number of applications in your estate on the donut chart, which also color codes the donut chart into segments of sizes proportional to the number of instances of each application.
Hover over any segment of the donut chart to see the application name and the current number of instances of that application. Click the View Details icon in the upper right corner to see a tabular distribution list for organizations, applications, and accounts.

MITRE ATT&CK matrix

The MITRE ATT&CK matrix indicates the most prevalent MITRE tactics against your IT estate assets. It depicts the standard tactics and the corresponding techniques under each tactic available from the MITRE Organization.
The MITRE ATT&CK matrix is a vertical bar graph that displays the number of attacks on the estate broken down by MITRE category. Click the View Details icon located in the upper right corner to see a count of tactics and details associated with with each.
Do you have two minutes for a quick survey?
Take Survey